mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default" Peername must be "local"
This commit is contained in:
parent
a011d8c944
commit
46816071df
@ -30,17 +30,17 @@ func TestDelete_InputValidation(t *testing.T) {
|
||||
"no tenancy": func(req *pbresource.DeleteRequest) { req.Id.Tenancy = nil },
|
||||
"no name": func(req *pbresource.DeleteRequest) { req.Id.Name = "" },
|
||||
// clone necessary to not pollute DefaultTenancy
|
||||
"tenancy partition wildcard": func(req *pbresource.DeleteRequest) {
|
||||
"tenancy partition not default": func(req *pbresource.DeleteRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.Partition = storage.Wildcard
|
||||
req.Id.Tenancy.Partition = ""
|
||||
},
|
||||
"tenancy namespace wildcard": func(req *pbresource.DeleteRequest) {
|
||||
"tenancy namespace not default": func(req *pbresource.DeleteRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.Namespace = storage.Wildcard
|
||||
req.Id.Tenancy.Namespace = ""
|
||||
},
|
||||
"tenancy peername wildcard": func(req *pbresource.DeleteRequest) {
|
||||
"tenancy peername not local": func(req *pbresource.DeleteRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.PeerName = storage.Wildcard
|
||||
req.Id.Tenancy.PeerName = ""
|
||||
},
|
||||
}
|
||||
for desc, modFn := range testCases {
|
||||
|
@ -33,17 +33,17 @@ func TestRead_InputValidation(t *testing.T) {
|
||||
"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
|
||||
"no name": func(req *pbresource.ReadRequest) { req.Id.Name = "" },
|
||||
// clone necessary to not pollute DefaultTenancy
|
||||
"tenancy partition wildcard": func(req *pbresource.ReadRequest) {
|
||||
"tenancy partition not default": func(req *pbresource.ReadRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.Partition = storage.Wildcard
|
||||
req.Id.Tenancy.Partition = ""
|
||||
},
|
||||
"tenancy namespace wildcard": func(req *pbresource.ReadRequest) {
|
||||
"tenancy namespace not default": func(req *pbresource.ReadRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.Namespace = storage.Wildcard
|
||||
req.Id.Tenancy.Namespace = ""
|
||||
},
|
||||
"tenancy peername wildcard": func(req *pbresource.ReadRequest) {
|
||||
"tenancy peername not local": func(req *pbresource.ReadRequest) {
|
||||
req.Id.Tenancy = clone(req.Id.Tenancy)
|
||||
req.Id.Tenancy.PeerName = storage.Wildcard
|
||||
req.Id.Tenancy.PeerName = ""
|
||||
},
|
||||
}
|
||||
for desc, modFn := range testCases {
|
||||
|
@ -131,17 +131,19 @@ func validateId(id *pbresource.ID, errorPrefix string) error {
|
||||
return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field)
|
||||
}
|
||||
|
||||
// Revisit defaulting and non-namespaced resources post-1.16
|
||||
var expected string
|
||||
switch {
|
||||
case id.Tenancy.Namespace == storage.Wildcard:
|
||||
field = "tenancy.namespace"
|
||||
case id.Tenancy.Partition == storage.Wildcard:
|
||||
field = "tenancy.partition"
|
||||
case id.Tenancy.PeerName == storage.Wildcard:
|
||||
field = "tenancy.peername"
|
||||
case id.Tenancy.Partition != "default":
|
||||
field, expected = "partition", "default"
|
||||
case id.Tenancy.Namespace != "default":
|
||||
field, expected = "namespace", "default"
|
||||
case id.Tenancy.PeerName != "local":
|
||||
field, expected = "peername", "local"
|
||||
}
|
||||
|
||||
if field != "" {
|
||||
return status.Errorf(codes.InvalidArgument, "%s.%s cannot be a wildcard", errorPrefix, field)
|
||||
return status.Errorf(codes.InvalidArgument, "%s.tenancy.%s must be %s", errorPrefix, field, expected)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -119,10 +119,7 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre
|
||||
return errUseWriteStatus
|
||||
}
|
||||
|
||||
// Enforce same tenancy for owner
|
||||
if input.Owner != nil && !proto.Equal(input.Id.Tenancy, input.Owner.Tenancy) {
|
||||
return status.Errorf(codes.InvalidArgument, "owner and resource tenancy must be the same")
|
||||
}
|
||||
// TODO(spatel): Revisit owner<->resource tenancy rules post-1.16
|
||||
|
||||
// Update path.
|
||||
case err == nil:
|
||||
|
@ -36,17 +36,17 @@ func TestWrite_InputValidation(t *testing.T) {
|
||||
"no name": func(req *pbresource.WriteRequest) { req.Resource.Id.Name = "" },
|
||||
"no data": func(req *pbresource.WriteRequest) { req.Resource.Data = nil },
|
||||
// clone necessary to not pollute DefaultTenancy
|
||||
"tenancy partition wildcard": func(req *pbresource.WriteRequest) {
|
||||
"tenancy partition not default": func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||
req.Resource.Id.Tenancy.Partition = storage.Wildcard
|
||||
req.Resource.Id.Tenancy.Partition = ""
|
||||
},
|
||||
"tenancy namespace wildcard": func(req *pbresource.WriteRequest) {
|
||||
"tenancy namespace not default": func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||
req.Resource.Id.Tenancy.Namespace = storage.Wildcard
|
||||
req.Resource.Id.Tenancy.Namespace = ""
|
||||
},
|
||||
"tenancy peername wildcard": func(req *pbresource.WriteRequest) {
|
||||
"tenancy peername not local": func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Id.Tenancy = clone(req.Resource.Id.Tenancy)
|
||||
req.Resource.Id.Tenancy.PeerName = storage.Wildcard
|
||||
req.Resource.Id.Tenancy.PeerName = ""
|
||||
},
|
||||
"wrong data type": func(req *pbresource.WriteRequest) {
|
||||
var err error
|
||||
@ -99,24 +99,24 @@ func TestWrite_OwnerValidation(t *testing.T) {
|
||||
errorContains: "resource.owner.name",
|
||||
},
|
||||
// clone necessary to not pollute DefaultTenancy
|
||||
"owner tenancy partition wildcard": {
|
||||
"owner tenancy partition not default": {
|
||||
modReqFn: func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||
req.Resource.Owner.Tenancy.Partition = storage.Wildcard
|
||||
req.Resource.Owner.Tenancy.Partition = ""
|
||||
},
|
||||
errorContains: "resource.owner.tenancy.partition",
|
||||
},
|
||||
"owner tenancy namespace wildcard": {
|
||||
"owner tenancy namespace not default": {
|
||||
modReqFn: func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||
req.Resource.Owner.Tenancy.Namespace = storage.Wildcard
|
||||
req.Resource.Owner.Tenancy.Namespace = ""
|
||||
},
|
||||
errorContains: "resource.owner.tenancy.namespace",
|
||||
},
|
||||
"owner tenancy peername wildcard": {
|
||||
"owner tenancy peername not local": {
|
||||
modReqFn: func(req *pbresource.WriteRequest) {
|
||||
req.Resource.Owner.Tenancy = clone(req.Resource.Owner.Tenancy)
|
||||
req.Resource.Owner.Tenancy.PeerName = storage.Wildcard
|
||||
req.Resource.Owner.Tenancy.PeerName = ""
|
||||
},
|
||||
errorContains: "resource.owner.tenancy.peername",
|
||||
},
|
||||
@ -491,33 +491,6 @@ func TestWrite_Owner_Immutable(t *testing.T) {
|
||||
require.ErrorContains(t, err, "owner cannot be changed")
|
||||
}
|
||||
|
||||
func TestWrite_Owner_RequireSameTenancy(t *testing.T) {
|
||||
server := testServer(t)
|
||||
client := testClient(t, server)
|
||||
|
||||
demo.Register(server.Registry)
|
||||
|
||||
artist, err := demo.GenerateV2Artist()
|
||||
require.NoError(t, err)
|
||||
rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist})
|
||||
require.NoError(t, err)
|
||||
|
||||
// change album tenancy to be different from artist tenancy
|
||||
album, err := demo.GenerateV2Album(rsp1.Resource.Id)
|
||||
require.NoError(t, err)
|
||||
album.Owner.Tenancy = &pbresource.Tenancy{
|
||||
Partition: "some",
|
||||
Namespace: "other",
|
||||
PeerName: "tenancy",
|
||||
}
|
||||
|
||||
// verify create fails
|
||||
_, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: album})
|
||||
require.Error(t, err)
|
||||
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
|
||||
require.ErrorContains(t, err, "tenancy must be the same")
|
||||
}
|
||||
|
||||
type blockOnceBackend struct {
|
||||
storage.Backend
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user