2020-04-06 21:58:15 +00:00
|
|
|
package tenant_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
2020-11-02 22:38:43 +00:00
|
|
|
"time"
|
2020-04-06 21:58:15 +00:00
|
|
|
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
"github.com/influxdata/influxdb/v2/pkg/testing/assert"
|
|
|
|
|
2020-09-10 17:59:11 +00:00
|
|
|
"github.com/google/go-cmp/cmp"
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2020-09-10 17:59:11 +00:00
|
|
|
|
2021-03-01 14:55:39 +00:00
|
|
|
"github.com/influxdata/influxdb/v2"
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
"github.com/influxdata/influxdb/v2/authorization"
|
2020-09-02 16:15:57 +00:00
|
|
|
icontext "github.com/influxdata/influxdb/v2/context"
|
2020-04-06 21:58:15 +00:00
|
|
|
"github.com/influxdata/influxdb/v2/kv"
|
|
|
|
"github.com/influxdata/influxdb/v2/tenant"
|
|
|
|
influxdbtesting "github.com/influxdata/influxdb/v2/testing"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestBoltOnboardingService(t *testing.T) {
|
|
|
|
influxdbtesting.OnboardInitialUser(initBoltOnboardingService, t)
|
|
|
|
}
|
|
|
|
|
|
|
|
func initBoltOnboardingService(f influxdbtesting.OnboardingFields, t *testing.T) (influxdb.OnboardingService, func()) {
|
|
|
|
s, closeStore, err := NewTestInmemStore(t)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("failed to create new bolt kv store: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
svc := initOnboardingService(s, f, t)
|
|
|
|
return svc, func() {
|
|
|
|
closeStore()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func initOnboardingService(s kv.Store, f influxdbtesting.OnboardingFields, t *testing.T) influxdb.OnboardingService {
|
2020-07-01 11:08:20 +00:00
|
|
|
storage := tenant.NewStore(s)
|
2020-04-06 21:58:15 +00:00
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
|
2020-04-06 21:58:15 +00:00
|
|
|
// we will need an auth service as well
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
2020-04-06 21:58:15 +00:00
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
|
|
|
|
t.Logf("Onboarding: %v", f.IsOnboarding)
|
|
|
|
if !f.IsOnboarding {
|
|
|
|
// create a dummy so so we can no longer onboard
|
|
|
|
err := ten.CreateUser(ctx, &influxdb.User{Name: "dummy", Status: influxdb.Active})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return svc
|
|
|
|
}
|
2020-09-02 16:15:57 +00:00
|
|
|
|
|
|
|
func TestOnboardURM(t *testing.T) {
|
|
|
|
s, _, _ := NewTestInmemStore(t)
|
|
|
|
storage := tenant.NewStore(s)
|
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
|
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
2020-09-02 16:15:57 +00:00
|
|
|
|
|
|
|
ctx := icontext.SetAuthorizer(context.Background(), &influxdb.Authorization{
|
|
|
|
UserID: 123,
|
|
|
|
})
|
|
|
|
|
|
|
|
onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{
|
|
|
|
User: "name",
|
|
|
|
Org: "name",
|
|
|
|
Bucket: "name",
|
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
urms, _, err := ten.FindUserResourceMappings(ctx, influxdb.UserResourceMappingFilter{ResourceID: onboard.Org.ID})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(urms) > 1 {
|
|
|
|
t.Fatal("additional URMs created")
|
|
|
|
}
|
|
|
|
if urms[0].UserID != onboard.User.ID {
|
|
|
|
t.Fatal("org assigned to the wrong user")
|
|
|
|
}
|
|
|
|
}
|
2020-09-10 17:59:11 +00:00
|
|
|
|
|
|
|
func TestOnboardAuth(t *testing.T) {
|
|
|
|
s, _, _ := NewTestInmemStore(t)
|
|
|
|
storage := tenant.NewStore(s)
|
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
|
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
2020-09-10 17:59:11 +00:00
|
|
|
|
|
|
|
ctx := icontext.SetAuthorizer(context.Background(), &influxdb.Authorization{
|
|
|
|
UserID: 123,
|
|
|
|
})
|
|
|
|
|
|
|
|
onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{
|
|
|
|
User: "name",
|
|
|
|
Org: "name",
|
|
|
|
Bucket: "name",
|
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
auth := onboard.Auth
|
|
|
|
expectedPerm := []influxdb.Permission{
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}},
|
|
|
|
{Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}},
|
|
|
|
{Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}},
|
2020-09-10 17:59:11 +00:00
|
|
|
}
|
|
|
|
if !cmp.Equal(auth.Permissions, expectedPerm) {
|
|
|
|
t.Fatalf("unequal permissions: \n %+v", cmp.Diff(auth.Permissions, expectedPerm))
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2020-11-02 22:38:43 +00:00
|
|
|
|
|
|
|
func TestOnboardService_RetentionPolicy(t *testing.T) {
|
|
|
|
s, _, _ := NewTestInmemStore(t)
|
|
|
|
storage := tenant.NewStore(s)
|
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
|
2020-11-02 22:38:43 +00:00
|
|
|
// we will need an auth service as well
|
refactor(kv): delete deprecated kv service code
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
2020-10-20 13:25:36 +00:00
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
2020-11-02 22:38:43 +00:00
|
|
|
|
|
|
|
ctx := icontext.SetAuthorizer(context.Background(), &influxdb.Authorization{
|
|
|
|
UserID: 123,
|
|
|
|
})
|
|
|
|
|
2021-03-01 14:55:39 +00:00
|
|
|
var retention int64 = 72 * 3600 // 72h
|
|
|
|
onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{
|
|
|
|
User: "name",
|
|
|
|
Org: "name",
|
|
|
|
Bucket: "name",
|
|
|
|
RetentionPeriodSeconds: retention,
|
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
assert.Equal(t, onboard.Bucket.RetentionPeriod, time.Duration(retention) * time.Second, "Retention policy should pass through")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestOnboardService_RetentionPolicyDeprecated(t *testing.T) {
|
|
|
|
s, _, _ := NewTestInmemStore(t)
|
|
|
|
storage := tenant.NewStore(s)
|
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
|
|
|
|
// we will need an auth service as well
|
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
|
|
|
|
|
|
|
ctx := icontext.SetAuthorizer(context.Background(), &influxdb.Authorization{
|
|
|
|
UserID: 123,
|
|
|
|
})
|
|
|
|
|
2020-11-02 22:38:43 +00:00
|
|
|
retention := 72 * time.Hour
|
|
|
|
onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{
|
2021-03-01 14:55:39 +00:00
|
|
|
User: "name",
|
|
|
|
Org: "name",
|
|
|
|
Bucket: "name",
|
|
|
|
RetentionPeriodDeprecated: retention,
|
2020-11-02 22:38:43 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
assert.Equal(t, onboard.Bucket.RetentionPeriod, retention, "Retention policy should pass through")
|
2020-11-03 14:47:36 +00:00
|
|
|
}
|
2020-12-16 14:43:43 +00:00
|
|
|
|
|
|
|
func TestOnboardService_WeakPassword(t *testing.T) {
|
|
|
|
s, _, _ := NewTestInmemStore(t)
|
|
|
|
storage := tenant.NewStore(s)
|
|
|
|
ten := tenant.NewService(storage)
|
|
|
|
|
|
|
|
authStore, err := authorization.NewStore(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
authSvc := authorization.NewService(authStore, ten)
|
|
|
|
svc := tenant.NewOnboardService(ten, authSvc)
|
|
|
|
|
|
|
|
ctx := icontext.SetAuthorizer(context.Background(), &influxdb.Authorization{
|
|
|
|
UserID: 123,
|
|
|
|
})
|
|
|
|
|
|
|
|
_, err = svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{
|
|
|
|
User: "name",
|
|
|
|
Password: "short",
|
|
|
|
Org: "name",
|
|
|
|
Bucket: "name",
|
|
|
|
})
|
|
|
|
assert.Equal(t, err, tenant.EShortPassword)
|
|
|
|
}
|