De-scope tenenacy requirements to OSS only for now. (#17087)

Partition and namespace must be "default"
Peername must be "local"
This commit is contained in:
Semir Patel 2023-04-24 08:14:51 -05:00 committed by GitHub
parent a011d8c944
commit 46816071df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 34 additions and 62 deletions

View File

@ -30,17 +30,17 @@ func TestDelete_InputValidation(t *testing.T) {
"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
"no name": func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
// clone necessary to not pollute DefaultTenancy
"tenancy partition wildcard": func(req *pbresource.DeleteRequest) {
"tenancy partition not default": func(req *pbresource.DeleteRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.Partition = storage.Wildcard
req.Id.Tenancy.Partition = ""
},
"tenancy namespace wildcard": func(req *pbresource.DeleteRequest) {
"tenancy namespace not default": func(req *pbresource.DeleteRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.Namespace = storage.Wildcard
req.Id.Tenancy.Namespace = ""
},
"tenancy peername wildcard": func(req *pbresource.DeleteRequest) {
"tenancy peername not local": func(req *pbresource.DeleteRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.PeerName = storage.Wildcard
req.Id.Tenancy.PeerName = ""
},
}
for desc, modFn := range testCases {

View File

@ -33,17 +33,17 @@ func TestRead_InputValidation(t *testing.T) {
"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
"no name": func(req *pbresource.ReadRequest) { req.Id.Name = "" },
// clone necessary to not pollute DefaultTenancy
"tenancy partition wildcard": func(req *pbresource.ReadRequest) {
"tenancy partition not default": func(req *pbresource.ReadRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.Partition = storage.Wildcard
req.Id.Tenancy.Partition = ""
},
"tenancy namespace wildcard": func(req *pbresource.ReadRequest) {
"tenancy namespace not default": func(req *pbresource.ReadRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.Namespace = storage.Wildcard
req.Id.Tenancy.Namespace = ""
},
"tenancy peername wildcard": func(req *pbresource.ReadRequest) {
"tenancy peername not local": func(req *pbresource.ReadRequest) {
req.Id.Tenancy = clone(req.Id.Tenancy)
req.Id.Tenancy.PeerName = storage.Wildcard
req.Id.Tenancy.PeerName = ""
},
}
for desc, modFn := range testCases {

View File

@ -131,17 +131,19 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
}
// Revisit defaulting and non-namespaced resources post-1.16
var expected string
switch {
case id.Tenancy.Namespace == storage.Wildcard:
field = "tenancy.namespace"
case id.Tenancy.Partition == storage.Wildcard:
field = "tenancy.partition"
case id.Tenancy.PeerName == storage.Wildcard:
field = "tenancy.peername"
case id.Tenancy.Partition != "default":
field, expected = "partition", "default"
case id.Tenancy.Namespace != "default":
field, expected = "namespace", "default"
case id.Tenancy.PeerName != "local":
field, expected = "peername", "local"
}
if field != "" {
return status.Errorf(codes.InvalidArgument, "%s.%s cannot be a wildcard", errorPrefix, field)
return status.Errorf(codes.InvalidArgument, "%s.tenancy.%s must be %s", errorPrefix, field, expected)
}
return nil
}

View File

@ -119,10 +119,7 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
return errUseWriteStatus
}
// Enforce same tenancy for owner
if input.Owner != nil && !proto.Equal(input.Id.Tenancy, input.Owner.Tenancy) {
return status.Errorf(codes.InvalidArgument, "owner and resource tenancy must be the same")
}
// TODO(spatel): Revisit owner<->resource tenancy rules post-1.16
// Update path.
case err == nil:

View File

@ -36,17 +36,17 @@ func TestWrite_InputValidation(t *testing.T) {
"no name": func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
"no data": func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
// clone necessary to not pollute DefaultTenancy
"tenancy partition wildcard": func(req *pbresource.WriteRequest) {
"tenancy partition not default": func(req *pbresource.WriteRequest) {
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
req.Resource.Id.Tenancy.Partition = storage.Wildcard
req.Resource.Id.Tenancy.Partition = ""
},
"tenancy namespace wildcard": func(req *pbresource.WriteRequest) {
"tenancy namespace not default": func(req *pbresource.WriteRequest) {
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
req.Resource.Id.Tenancy.Namespace = storage.Wildcard
req.Resource.Id.Tenancy.Namespace = ""
},
"tenancy peername wildcard": func(req *pbresource.WriteRequest) {
"tenancy peername not local": func(req *pbresource.WriteRequest) {
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
req.Resource.Id.Tenancy.PeerName = storage.Wildcard
req.Resource.Id.Tenancy.PeerName = ""
},
"wrong data type": func(req *pbresource.WriteRequest) {
var err error
@ -99,24 +99,24 @@ func TestWrite_OwnerValidation(t *testing.T) {
errorContains: "resource.owner.name",
},
// clone necessary to not pollute DefaultTenancy
"owner tenancy partition wildcard": {
"owner tenancy partition not default": {
modReqFn: func(req *pbresource.WriteRequest) {
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
req.Resource.Owner.Tenancy.Partition = storage.Wildcard
req.Resource.Owner.Tenancy.Partition = ""
},
errorContains: "resource.owner.tenancy.partition",
},
"owner tenancy namespace wildcard": {
"owner tenancy namespace not default": {
modReqFn: func(req *pbresource.WriteRequest) {
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
req.Resource.Owner.Tenancy.Namespace = storage.Wildcard
req.Resource.Owner.Tenancy.Namespace = ""
},
errorContains: "resource.owner.tenancy.namespace",
},
"owner tenancy peername wildcard": {
"owner tenancy peername not local": {
modReqFn: func(req *pbresource.WriteRequest) {
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
req.Resource.Owner.Tenancy.PeerName = storage.Wildcard
req.Resource.Owner.Tenancy.PeerName = ""
},
errorContains: "resource.owner.tenancy.peername",
},
@ -491,33 +491,6 @@ func TestWrite_Owner_Immutable(t *testing.T) {
require.ErrorContains(t, err, "owner cannot be changed")
}
func TestWrite_Owner_RequireSameTenancy(t *testing.T) {
server := testServer(t)
client := testClient(t, server)
demo.Register(server.Registry)
artist, err := demo.GenerateV2Artist()
require.NoError(t, err)
rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist})
require.NoError(t, err)
// change album tenancy to be different from artist tenancy
album, err := demo.GenerateV2Album(rsp1.Resource.Id)
require.NoError(t, err)
album.Owner.Tenancy = &pbresource.Tenancy{
Partition: "some",
Namespace: "other",
PeerName: "tenancy",
}
// verify create fails
_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: album})
require.Error(t, err)
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
require.ErrorContains(t, err, "tenancy must be the same")
}
type blockOnceBackend struct {
storage.Backend