mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default" Peername must be "local"
This commit is contained in:
parent
a011d8c944
commit
46816071df
@ -30,17 +30,17 @@ func TestDelete_InputValidation(t *testing.T) {
|
|||||||
"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
|
"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
|
||||||
"no name": func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
|
"no name": func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
|
||||||
// clone necessary to not pollute DefaultTenancy
|
// clone necessary to not pollute DefaultTenancy
|
||||||
"tenancy partition wildcard": func(req *pbresource.DeleteRequest) {
|
"tenancy partition not default": func(req *pbresource.DeleteRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.Partition = storage.Wildcard
|
req.Id.Tenancy.Partition = ""
|
||||||
},
|
},
|
||||||
"tenancy namespace wildcard": func(req *pbresource.DeleteRequest) {
|
"tenancy namespace not default": func(req *pbresource.DeleteRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.Namespace = storage.Wildcard
|
req.Id.Tenancy.Namespace = ""
|
||||||
},
|
},
|
||||||
"tenancy peername wildcard": func(req *pbresource.DeleteRequest) {
|
"tenancy peername not local": func(req *pbresource.DeleteRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.PeerName = storage.Wildcard
|
req.Id.Tenancy.PeerName = ""
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for desc, modFn := range testCases {
|
for desc, modFn := range testCases {
|
||||||
|
@ -33,17 +33,17 @@ func TestRead_InputValidation(t *testing.T) {
|
|||||||
"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
|
"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
|
||||||
"no name": func(req *pbresource.ReadRequest) { req.Id.Name = "" },
|
"no name": func(req *pbresource.ReadRequest) { req.Id.Name = "" },
|
||||||
// clone necessary to not pollute DefaultTenancy
|
// clone necessary to not pollute DefaultTenancy
|
||||||
"tenancy partition wildcard": func(req *pbresource.ReadRequest) {
|
"tenancy partition not default": func(req *pbresource.ReadRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.Partition = storage.Wildcard
|
req.Id.Tenancy.Partition = ""
|
||||||
},
|
},
|
||||||
"tenancy namespace wildcard": func(req *pbresource.ReadRequest) {
|
"tenancy namespace not default": func(req *pbresource.ReadRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.Namespace = storage.Wildcard
|
req.Id.Tenancy.Namespace = ""
|
||||||
},
|
},
|
||||||
"tenancy peername wildcard": func(req *pbresource.ReadRequest) {
|
"tenancy peername not local": func(req *pbresource.ReadRequest) {
|
||||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||||
req.Id.Tenancy.PeerName = storage.Wildcard
|
req.Id.Tenancy.PeerName = ""
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for desc, modFn := range testCases {
|
for desc, modFn := range testCases {
|
||||||
|
@ -131,17 +131,19 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
|
|||||||
return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
|
return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Revisit defaulting and non-namespaced resources post-1.16
|
||||||
|
var expected string
|
||||||
switch {
|
switch {
|
||||||
case id.Tenancy.Namespace == storage.Wildcard:
|
case id.Tenancy.Partition != "default":
|
||||||
field = "tenancy.namespace"
|
field, expected = "partition", "default"
|
||||||
case id.Tenancy.Partition == storage.Wildcard:
|
case id.Tenancy.Namespace != "default":
|
||||||
field = "tenancy.partition"
|
field, expected = "namespace", "default"
|
||||||
case id.Tenancy.PeerName == storage.Wildcard:
|
case id.Tenancy.PeerName != "local":
|
||||||
field = "tenancy.peername"
|
field, expected = "peername", "local"
|
||||||
}
|
}
|
||||||
|
|
||||||
if field != "" {
|
if field != "" {
|
||||||
return status.Errorf(codes.InvalidArgument, "%s.%s cannot be a wildcard", errorPrefix, field)
|
return status.Errorf(codes.InvalidArgument, "%s.tenancy.%s must be %s", errorPrefix, field, expected)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -119,10 +119,7 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
|
|||||||
return errUseWriteStatus
|
return errUseWriteStatus
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enforce same tenancy for owner
|
// TODO(spatel): Revisit owner<->resource tenancy rules post-1.16
|
||||||
if input.Owner != nil && !proto.Equal(input.Id.Tenancy, input.Owner.Tenancy) {
|
|
||||||
return status.Errorf(codes.InvalidArgument, "owner and resource tenancy must be the same")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update path.
|
// Update path.
|
||||||
case err == nil:
|
case err == nil:
|
||||||
|
@ -36,17 +36,17 @@ func TestWrite_InputValidation(t *testing.T) {
|
|||||||
"no name": func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
|
"no name": func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
|
||||||
"no data": func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
|
"no data": func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
|
||||||
// clone necessary to not pollute DefaultTenancy
|
// clone necessary to not pollute DefaultTenancy
|
||||||
"tenancy partition wildcard": func(req *pbresource.WriteRequest) {
|
"tenancy partition not default": func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||||
req.Resource.Id.Tenancy.Partition = storage.Wildcard
|
req.Resource.Id.Tenancy.Partition = ""
|
||||||
},
|
},
|
||||||
"tenancy namespace wildcard": func(req *pbresource.WriteRequest) {
|
"tenancy namespace not default": func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||||
req.Resource.Id.Tenancy.Namespace = storage.Wildcard
|
req.Resource.Id.Tenancy.Namespace = ""
|
||||||
},
|
},
|
||||||
"tenancy peername wildcard": func(req *pbresource.WriteRequest) {
|
"tenancy peername not local": func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||||
req.Resource.Id.Tenancy.PeerName = storage.Wildcard
|
req.Resource.Id.Tenancy.PeerName = ""
|
||||||
},
|
},
|
||||||
"wrong data type": func(req *pbresource.WriteRequest) {
|
"wrong data type": func(req *pbresource.WriteRequest) {
|
||||||
var err error
|
var err error
|
||||||
@ -99,24 +99,24 @@ func TestWrite_OwnerValidation(t *testing.T) {
|
|||||||
errorContains: "resource.owner.name",
|
errorContains: "resource.owner.name",
|
||||||
},
|
},
|
||||||
// clone necessary to not pollute DefaultTenancy
|
// clone necessary to not pollute DefaultTenancy
|
||||||
"owner tenancy partition wildcard": {
|
"owner tenancy partition not default": {
|
||||||
modReqFn: func(req *pbresource.WriteRequest) {
|
modReqFn: func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||||
req.Resource.Owner.Tenancy.Partition = storage.Wildcard
|
req.Resource.Owner.Tenancy.Partition = ""
|
||||||
},
|
},
|
||||||
errorContains: "resource.owner.tenancy.partition",
|
errorContains: "resource.owner.tenancy.partition",
|
||||||
},
|
},
|
||||||
"owner tenancy namespace wildcard": {
|
"owner tenancy namespace not default": {
|
||||||
modReqFn: func(req *pbresource.WriteRequest) {
|
modReqFn: func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||||
req.Resource.Owner.Tenancy.Namespace = storage.Wildcard
|
req.Resource.Owner.Tenancy.Namespace = ""
|
||||||
},
|
},
|
||||||
errorContains: "resource.owner.tenancy.namespace",
|
errorContains: "resource.owner.tenancy.namespace",
|
||||||
},
|
},
|
||||||
"owner tenancy peername wildcard": {
|
"owner tenancy peername not local": {
|
||||||
modReqFn: func(req *pbresource.WriteRequest) {
|
modReqFn: func(req *pbresource.WriteRequest) {
|
||||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||||
req.Resource.Owner.Tenancy.PeerName = storage.Wildcard
|
req.Resource.Owner.Tenancy.PeerName = ""
|
||||||
},
|
},
|
||||||
errorContains: "resource.owner.tenancy.peername",
|
errorContains: "resource.owner.tenancy.peername",
|
||||||
},
|
},
|
||||||
@ -491,33 +491,6 @@ func TestWrite_Owner_Immutable(t *testing.T) {
|
|||||||
require.ErrorContains(t, err, "owner cannot be changed")
|
require.ErrorContains(t, err, "owner cannot be changed")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestWrite_Owner_RequireSameTenancy(t *testing.T) {
|
|
||||||
server := testServer(t)
|
|
||||||
client := testClient(t, server)
|
|
||||||
|
|
||||||
demo.Register(server.Registry)
|
|
||||||
|
|
||||||
artist, err := demo.GenerateV2Artist()
|
|
||||||
require.NoError(t, err)
|
|
||||||
rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist})
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// change album tenancy to be different from artist tenancy
|
|
||||||
album, err := demo.GenerateV2Album(rsp1.Resource.Id)
|
|
||||||
require.NoError(t, err)
|
|
||||||
album.Owner.Tenancy = &pbresource.Tenancy{
|
|
||||||
Partition: "some",
|
|
||||||
Namespace: "other",
|
|
||||||
PeerName: "tenancy",
|
|
||||||
}
|
|
||||||
|
|
||||||
// verify create fails
|
|
||||||
_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: album})
|
|
||||||
require.Error(t, err)
|
|
||||||
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
|
|
||||||
require.ErrorContains(t, err, "tenancy must be the same")
|
|
||||||
}
|
|
||||||
|
|
||||||
type blockOnceBackend struct {
|
type blockOnceBackend struct {
|
||||||
storage.Backend
|
storage.Backend
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user