Skip to content

Commit

Permalink
Merge branch 'master' into dynamicConfig
Browse files Browse the repository at this point in the history
  • Loading branch information
tanmayja committed Apr 3, 2024
2 parents 46ce1ae + db15cd9 commit 53aa9ca
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 4 deletions.
10 changes: 10 additions & 0 deletions controllers/access_control.go
Original file line number Diff line number Diff line change
Expand Up @@ -576,6 +576,16 @@ func (roleCreate aerospikeRoleCreateUpdate) updateRole(
}
}

if role.ReadQuota != roleCreate.readQuota || role.WriteQuota != roleCreate.writeQuota {
if err := client.SetQuotas(
adminPolicy, roleCreate.name, roleCreate.readQuota, roleCreate.writeQuota,
); err != nil {
return fmt.Errorf(
"error setting quotas for role %s: %v", roleCreate.name, err,
)
}
}

logger.Info("Updated role", "role name", roleCreate.name)
recorder.Eventf(
aeroCluster, corev1.EventTypeNormal, "RoleUpdated",
Expand Down
84 changes: 80 additions & 4 deletions test/access_control_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1903,6 +1903,8 @@ var _ = Describe(
"read-write.test",
"read-write-udf.test.users",
},
ReadQuota: 2,
WriteQuota: 2,
},
{
Name: "roleToDrop",
Expand Down Expand Up @@ -1971,6 +1973,82 @@ var _ = Describe(
)
Expect(err).ToNot(HaveOccurred())

By("DisableQuota")

accessControl = asdbv1.AerospikeAccessControlSpec{
Roles: []asdbv1.AerospikeRoleSpec{
{
Name: "profiler",
Privileges: []string{
"read-write.test",
"read-write-udf.test.users",
},
},
{
Name: "roleToDrop",
Privileges: []string{
"read-write.test",
"read-write-udf.test.users",
},
Whitelist: []string{
"8.8.0.0/16",
},
},
},
Users: []asdbv1.AerospikeUserSpec{
{
Name: "admin",
SecretName: authSecretName,
Roles: []string{
"sys-admin",
"user-admin",
},
},

{
Name: "profileUser",
SecretName: authSecretName,
Roles: []string{
"profiler",
"sys-admin",
},
},

{
Name: "userToDrop",
SecretName: authSecretName,
Roles: []string{
"profiler",
},
},
},
}

aerospikeConfigSpec, err = NewAerospikeConfSpec(latestImage)
if err != nil {
Fail(
fmt.Sprintf(
"Invalid Aerospike Config Spec: %v",
err,
),
)
}
if err = aerospikeConfigSpec.setEnableSecurity(true); err != nil {
Expect(err).ToNot(HaveOccurred())
}
if err = aerospikeConfigSpec.setEnableQuotas(false); err != nil {
Expect(err).ToNot(HaveOccurred())
}

aeroCluster = getAerospikeClusterSpecWithAccessControl(
clusterNamespacedName, &accessControl,
aerospikeConfigSpec,
)
err = testAccessControlReconcile(
aeroCluster, ctx,
)
Expect(err).ToNot(HaveOccurred())

By("QuotaParamsSpecifiedButFlagIsOff")

accessControl = asdbv1.AerospikeAccessControlSpec{
Expand Down Expand Up @@ -2154,12 +2232,10 @@ func validateAccessControl(

err = validateRoles(clientP, &aeroCluster.Spec)
if err != nil {
return fmt.Errorf("error creating client: %v", err)
return fmt.Errorf("error validating roles: %v", err)
}

err = validateUsers(clientP, aeroCluster)

return err
return validateUsers(clientP, aeroCluster)
}

func getRole(
Expand Down

0 comments on commit 53aa9ca

Please sign in to comment.