From e2094a5629054f9309209eed34d023f140083db1 Mon Sep 17 00:00:00 2001 From: shivaji-dgraph Date: Mon, 9 Sep 2024 14:43:02 +0530 Subject: [PATCH] fix ns login after drop data --- edgraph/server.go | 6 +- systest/multi-tenancy/login_test.go | 127 ++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+), 2 deletions(-) create mode 100644 systest/multi-tenancy/login_test.go diff --git a/edgraph/server.go b/edgraph/server.go index 121b998b7a5..08447a8a447 100644 --- a/edgraph/server.go +++ b/edgraph/server.go @@ -377,6 +377,7 @@ func (s *Server) Alter(ctx context.Context, op *api.Operation) (*api.Payload, er defer span.End() ctx = x.AttachJWTNamespace(ctx) + span.Annotatef(nil, "Alter operation: %+v", op) // Always print out Alter operations because they are important and rare. @@ -458,8 +459,9 @@ func (s *Server) Alter(ctx context.Context, op *api.Operation) (*api.Payload, er // just reinsert the GraphQL schema, no need to alter dgraph schema as this was drop_data _, err = UpdateGQLSchema(ctx, graphQLSchema, "") - // recreate the admin account after a drop data operation - InitializeAcl(nil) + + // Since all data has been dropped, we need to recreate the admin account in the respective namespace. + upsertGuardianAndGroot(nil, namespace) return empty, err } diff --git a/systest/multi-tenancy/login_test.go b/systest/multi-tenancy/login_test.go new file mode 100644 index 00000000000..5a7aabad948 --- /dev/null +++ b/systest/multi-tenancy/login_test.go @@ -0,0 +1,127 @@ +//go:build integration +// +build integration + +/* + * Copyright 2024 Dgraph Labs, Inc. and Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/dgraph-io/dgo/v240/protos/api" + "github.com/dgraph-io/dgraph/v24/dgraphapi" + "github.com/dgraph-io/dgraph/v24/x" +) + +func addData(t *testing.T, gc *dgraphapi.GrpcClient) { + require.NoError(t, gc.SetupSchema(`name: string .`)) + + rdfs := ` + _:a "alice" . + _:b "bob" . + _:c "sagar" . + _:d "ajay" .` + _, err := gc.Mutate(&api.Mutation{SetNquads: []byte(rdfs), CommitNow: true}) + require.NoError(t, err) +} + +func (msuite *MultitenancyTestSuite) TestLoggingIntoTheNSAfterDropDataFromTheNS() { + t := msuite.T() + gc, cleanup, err := msuite.dc.Client() + require.NoError(t, err) + defer cleanup() + + hc, err := msuite.dc.HTTPClient() + require.NoError(t, err) + + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + require.NoError(t, gc.DropAll()) + for i := 1; i < 5; i++ { + require.NoError(t, hc.LoginIntoNamespace(dgraphapi.DefaultUser, + dgraphapi.DefaultPassword, x.GalaxyNamespace)) + ns, err := hc.AddNamespace() + require.NoError(t, err) + require.NoError(t, hc.LoginIntoNamespace(dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + require.NoError(t, gc.LoginIntoNamespace(context.Background(), dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + + addData(t, gc) + + // Drop data from the namespace + require.NoError(t, gc.Alter(context.Background(), &api.Operation{DropOp: api.Operation_DATA})) + + // Login into the namespace + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + + require.NoError(t, hc.LoginIntoNamespace(dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + } +} + +func (msuite *MultitenancyTestSuite) TestLoggingIntoAllNamespacesAfterDropDataOperationFromDefaultNs() { + t := msuite.T() + gc, cleanup, err := msuite.dc.Client() + require.NoError(t, err) + defer cleanup() + + hc, err := msuite.dc.HTTPClient() + require.NoError(t, err) + + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + + require.NoError(t, gc.DropAll()) + nss := []uint64{} + for i := 1; i < 2; i++ { + require.NoError(t, hc.LoginIntoNamespace(dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + ns, err := hc.AddNamespace() + nss = append(nss, ns) + require.NoError(t, err) + require.NoError(t, hc.LoginIntoNamespace(dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + require.NoError(t, gc.LoginIntoNamespace(context.Background(), dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + + addData(t, gc) + } + + // Drop data from default namespace + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + + require.NoError(t, gc.Alter(context.Background(), &api.Operation{DropOp: api.Operation_DATA})) + + // verify here that login into the namespace should not fail + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, x.GalaxyNamespace)) + + for _, ns := range nss { + require.NoError(t, gc.LoginIntoNamespace(context.Background(), + dgraphapi.DefaultUser, dgraphapi.DefaultPassword, ns)) + query := `{ + q(func: has(name)) { + count(uid) + } + }` + resp, err := gc.Query(query) + require.NoError(t, err) + require.Contains(t, string(resp.Json), `"count":4`) + } +}