rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-09-12 13:31:57 +00:00
Code Issues Projects Releases Wiki Activity

SQLite backed cache (#223)

Browse Source 
This uses SQLite-backed informers provided by Lasso with https://github.com/rancher/lasso/pull/65 to implement Steve API (/v1/) functionality.

This new functionality is available behind a feature flag to be specified at Steve startup

See https://confluence.suse.com/pages/viewpage.action?pageId=1359086083 

Co-authored-by: Ricardo Weir <ricardo.weir@suse.com>
Co-authored-by: Michael Bolot <michael.bolot@suse.com>
Co-authored-by: Silvio Moioli <silvio@moioli.net>
Signed-off-by: Silvio Moioli <silvio@moioli.net>
This commit is contained in:
Silvio Moioli
2024-06-05 16:17:12 +02:00
committed by GitHub
parent 4cf4e6b385
commit 7a84620e8b
30 changed files with 4826 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

263
pkg/stores/sqlpartition/partitioner_test.go Normal file
View File

@@ -0,0 +1,263 @@
package sqlpartition
import (
"testing"
"github.com/golang/mock/gomock"
"github.com/rancher/apiserver/pkg/types"
"github.com/rancher/lasso/pkg/cache/sql/partition"
"github.com/rancher/steve/pkg/accesscontrol"
"github.com/rancher/wrangler/v2/pkg/schemas"
"github.com/stretchr/testify/assert"
"k8s.io/apimachinery/pkg/util/sets"
)
func TestAll(t *testing.T) {
tests := []struct {
name string
apiOp *types.APIRequest
id string
schema *types.APISchema
wantPartitions []partition.Partition
}{
{
name: "all passthrough",
apiOp: &types.APIRequest{},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "*",
ResourceName: "*",
},
},
},
},
},
},
wantPartitions: passthroughPartitions,
},
{
name: "global access for global request",
apiOp: &types.APIRequest{},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "*",
ResourceName: "r1",
},
accesscontrol.Access{
Namespace: "*",
ResourceName: "r2",
},
},
},
},
},
},
wantPartitions: []partition.Partition{
{
Names: sets.New[string]("r1", "r2"),
},
},
},
{
name: "namespace access for global request",
apiOp: &types.APIRequest{},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"namespaced": true,
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "n1",
ResourceName: "*",
},
accesscontrol.Access{
Namespace: "n2",
ResourceName: "*",
},
},
},
},
},
},
wantPartitions: []partition.Partition{
{
Namespace: "n1",
All: true,
},
{
Namespace: "n2",
All: true,
},
},
},
{
name: "namespace access for namespaced request",
apiOp: &types.APIRequest{
Namespace: "n1",
},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"namespaced": true,
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "n1",
ResourceName: "*",
},
},
},
},
},
},
wantPartitions: passthroughPartitions,
},
{
// we still get a partition even if there is no access to it, it will be rejected by the API server later
name: "namespace access for invalid namespaced request",
apiOp: &types.APIRequest{
Namespace: "n2",
},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"namespaced": true,
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "n1",
ResourceName: "*",
},
},
},
},
},
},
wantPartitions: []partition.Partition{
{
Namespace: "n2",
},
},
},
{
name: "by names access for global request",
apiOp: &types.APIRequest{},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"namespaced": true,
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "n1",
ResourceName: "r1",
},
accesscontrol.Access{
Namespace: "n1",
ResourceName: "r2",
},
accesscontrol.Access{
Namespace: "n2",
ResourceName: "r1",
},
},
},
},
},
},
wantPartitions: []partition.Partition{
{
Namespace: "n1",
Names: sets.New[string]("r1", "r2"),
},
{
Namespace: "n2",
Names: sets.New[string]("r1"),
},
},
},
{
name: "by names access for namespaced request",
apiOp: &types.APIRequest{
Namespace: "n1",
},
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
Attributes: map[string]interface{}{
"namespaced": true,
"access": accesscontrol.AccessListByVerb{
"list": accesscontrol.AccessList{
accesscontrol.Access{
Namespace: "n1",
ResourceName: "r1",
},
accesscontrol.Access{
Namespace: "n2",
ResourceName: "r1",
},
},
},
},
},
},
wantPartitions: []partition.Partition{
{
Namespace: "n1",
Names: sets.New[string]("r1"),
},
},
},
{
name: "by id",
apiOp: &types.APIRequest{},
id: "n1/r1",
schema: &types.APISchema{
Schema: &schemas.Schema{
ID: "foo",
},
},
wantPartitions: []partition.Partition{
{
Namespace: "n1",
Names: sets.New[string]("r1"),
},
},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
partitioner := rbacPartitioner{}
verb := "list"
gotPartitions, gotErr := partitioner.All(test.apiOp, test.schema, verb, test.id)
assert.Nil(t, gotErr)
assert.Equal(t, test.wantPartitions, gotPartitions)
})
}
}
func TestStore(t *testing.T) {
expectedStore := NewMockUnstructuredStore(gomock.NewController(t))
rp := rbacPartitioner{
proxyStore: expectedStore,
}
store := rp.Store()
assert.Equal(t, expectedStore, store)
}