BugFix: Updating read and write quotas in cluster. (#281)

* Fixing role quotas update in the server * Fixing test cases
aerospike · Apr 2, 2024 · db15cd9 · db15cd9
1 parent 9d3edf7
commit db15cd9
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 4 deletions.
diff --git a/controllers/access_control.go b/controllers/access_control.go
@@ -576,6 +576,16 @@ func (roleCreate aerospikeRoleCreateUpdate) updateRole(
 		}
 	}
 
+	if role.ReadQuota != roleCreate.readQuota || role.WriteQuota != roleCreate.writeQuota {
+		if err := client.SetQuotas(
+			adminPolicy, roleCreate.name, roleCreate.readQuota, roleCreate.writeQuota,
+		); err != nil {
+			return fmt.Errorf(
+				"error setting quotas for role %s: %v", roleCreate.name, err,
+			)
+		}
+	}
+
 	logger.Info("Updated role", "role name", roleCreate.name)
 	recorder.Eventf(
 		aeroCluster, corev1.EventTypeNormal, "RoleUpdated",

diff --git a/test/access_control_test.go b/test/access_control_test.go
@@ -1903,6 +1903,8 @@ var _ = Describe(
 												"read-write.test",
 												"read-write-udf.test.users",
 											},
+											ReadQuota:  2,
+											WriteQuota: 2,
 										},
 										{
 											Name: "roleToDrop",
@@ -1971,6 +1973,82 @@ var _ = Describe(
 								)
 								Expect(err).ToNot(HaveOccurred())
 
+								By("DisableQuota")
+
+								accessControl = asdbv1.AerospikeAccessControlSpec{
+									Roles: []asdbv1.AerospikeRoleSpec{
+										{
+											Name: "profiler",
+											Privileges: []string{
+												"read-write.test",
+												"read-write-udf.test.users",
+											},
+										},
+										{
+											Name: "roleToDrop",
+											Privileges: []string{
+												"read-write.test",
+												"read-write-udf.test.users",
+											},
+											Whitelist: []string{
+												"8.8.0.0/16",
+											},
+										},
+									},
+									Users: []asdbv1.AerospikeUserSpec{
+										{
+											Name:       "admin",
+											SecretName: authSecretName,
+											Roles: []string{
+												"sys-admin",
+												"user-admin",
+											},
+										},
+
+										{
+											Name:       "profileUser",
+											SecretName: authSecretName,
+											Roles: []string{
+												"profiler",
+												"sys-admin",
+											},
+										},
+
+										{
+											Name:       "userToDrop",
+											SecretName: authSecretName,
+											Roles: []string{
+												"profiler",
+											},
+										},
+									},
+								}
+
+								aerospikeConfigSpec, err = NewAerospikeConfSpec(latestImage)
+								if err != nil {
+									Fail(
+										fmt.Sprintf(
+											"Invalid Aerospike Config Spec: %v",
+											err,
+										),
+									)
+								}
+								if err = aerospikeConfigSpec.setEnableSecurity(true); err != nil {
+									Expect(err).ToNot(HaveOccurred())
+								}
+								if err = aerospikeConfigSpec.setEnableQuotas(false); err != nil {
+									Expect(err).ToNot(HaveOccurred())
+								}
+
+								aeroCluster = getAerospikeClusterSpecWithAccessControl(
+									clusterNamespacedName, &accessControl,
+									aerospikeConfigSpec,
+								)
+								err = testAccessControlReconcile(
+									aeroCluster, ctx,
+								)
+								Expect(err).ToNot(HaveOccurred())
+
 								By("QuotaParamsSpecifiedButFlagIsOff")
 
 								accessControl = asdbv1.AerospikeAccessControlSpec{
@@ -2154,12 +2232,10 @@ func validateAccessControl(
 
 	err = validateRoles(clientP, &aeroCluster.Spec)
 	if err != nil {
-		return fmt.Errorf("error creating client: %v", err)
+		return fmt.Errorf("error validating roles: %v", err)
 	}
 
-	err = validateUsers(clientP, aeroCluster)
-
-	return err
+	return validateUsers(clientP, aeroCluster)
 }
 
 func getRole(