f3bcfc327d
Operator UI - Provide and store License key - New License section in Operator UI will allow user to provide the license key via input form - New License section in Operator UI will allow the user to fetch the license key using subnet credentials - Console backend has to verify provided license is valid - https://godoc.org/github.com/minio/minio/pkg/licverifier#example-package - Console backend has to store the license key in k8s secrets Operator UI - Set license to tenant during provisioning - Check if license key exists in k8s secret during tenant creation - If License is present attach the license-key jwt to the new console tenant via an environment variable Operator UI - Set license for an existing tenant - Tenant view will display information about the current status of the Tenant License - If Tenant doesn't have a License then Operator-UI will allow to attach new license by clicking the Add License button - Console backend will extract the license from the k8s secret and save the license-key jwt in the tenant console environment variable and redeploy
191 lines
3.5 KiB
Go
191 lines
3.5 KiB
Go
// This file is part of MinIO Orchestrator
|
|
// Copyright (c) 2020 MinIO, Inc.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package acl
|
|
|
|
import (
|
|
"reflect"
|
|
"testing"
|
|
|
|
iampolicy "github.com/minio/minio/pkg/iam/policy"
|
|
)
|
|
|
|
type args struct {
|
|
actions []string
|
|
}
|
|
|
|
type endpoint struct {
|
|
name string
|
|
args args
|
|
want int
|
|
}
|
|
|
|
func validateEndpoints(t *testing.T, configs []endpoint) {
|
|
for _, tt := range configs {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := GetAuthorizedEndpoints(tt.args.actions); !reflect.DeepEqual(len(got), tt.want) {
|
|
t.Errorf("GetAuthorizedEndpoints() = %v, want %v", len(got), tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestGetAuthorizedEndpoints(t *testing.T) {
|
|
tests := []endpoint{
|
|
{
|
|
name: "dashboard endpoint",
|
|
args: args{
|
|
[]string{"admin:ServerInfo"},
|
|
},
|
|
want: 6,
|
|
},
|
|
{
|
|
name: "policies endpoint",
|
|
args: args{
|
|
[]string{
|
|
"admin:CreatePolicy",
|
|
"admin:DeletePolicy",
|
|
"admin:GetPolicy",
|
|
"admin:AttachUserOrGroupPolicy",
|
|
"admin:ListUserPolicies",
|
|
},
|
|
},
|
|
want: 6,
|
|
},
|
|
{
|
|
name: "all admin endpoints",
|
|
args: args{
|
|
[]string{
|
|
"admin:*",
|
|
},
|
|
},
|
|
want: 17,
|
|
},
|
|
{
|
|
name: "all s3 endpoints",
|
|
args: args{
|
|
[]string{
|
|
"s3:*",
|
|
},
|
|
},
|
|
want: 7,
|
|
},
|
|
{
|
|
name: "all admin and s3 endpoints",
|
|
args: args{
|
|
[]string{
|
|
"admin:*",
|
|
"s3:*",
|
|
},
|
|
},
|
|
want: 19,
|
|
},
|
|
{
|
|
name: "Console User - default endpoints",
|
|
args: args{
|
|
[]string{},
|
|
},
|
|
want: 5,
|
|
},
|
|
}
|
|
|
|
validateEndpoints(t, tests)
|
|
}
|
|
|
|
func TestOperatorOnlyEndpoints(t *testing.T) {
|
|
operatorOnly = true
|
|
|
|
tests := []endpoint{
|
|
{
|
|
name: "Operator Only - all admin endpoints",
|
|
args: args{
|
|
[]string{
|
|
"admin:*",
|
|
},
|
|
},
|
|
want: 3,
|
|
},
|
|
{
|
|
name: "Operator Only - all s3 endpoints",
|
|
args: args{
|
|
[]string{
|
|
"s3:*",
|
|
},
|
|
},
|
|
want: 3,
|
|
},
|
|
{
|
|
name: "Operator Only - all admin and s3 endpoints",
|
|
args: args{
|
|
[]string{
|
|
"admin:*",
|
|
"s3:*",
|
|
},
|
|
},
|
|
want: 3,
|
|
},
|
|
{
|
|
name: "Operator Only - default endpoints",
|
|
args: args{
|
|
[]string{},
|
|
},
|
|
want: 3,
|
|
},
|
|
}
|
|
|
|
validateEndpoints(t, tests)
|
|
}
|
|
|
|
func TestGetActionsStringFromPolicy(t *testing.T) {
|
|
type args struct {
|
|
policy *iampolicy.Policy
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want int
|
|
}{
|
|
{
|
|
name: "parse ReadOnly policy",
|
|
args: args{
|
|
policy: &iampolicy.ReadOnly,
|
|
},
|
|
want: 2,
|
|
},
|
|
{
|
|
name: "parse WriteOnly policy",
|
|
args: args{
|
|
policy: &iampolicy.WriteOnly,
|
|
},
|
|
want: 1,
|
|
},
|
|
{
|
|
name: "parse AdminDiagnostics policy",
|
|
args: args{
|
|
policy: &iampolicy.AdminDiagnostics,
|
|
},
|
|
want: 7,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := GetActionsStringFromPolicy(tt.args.policy); !reflect.DeepEqual(len(got), tt.want) {
|
|
t.Errorf("GetActionsStringFromPolicy() = %v, want %v", len(got), tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|