Skip to content

Commit

Permalink
Update DOCTL to include new OpenSearch acl changes (#1575)
Browse files Browse the repository at this point in the history
* Upgrade godo to v1.123.0

* Databases: Add OpenSearch acl option to database user

---------

Co-authored-by: Rahul Bhardwaj <[email protected]>
  • Loading branch information
bhardwajRahul and Rahul Bhardwaj authored Sep 9, 2024
1 parent ff72840 commit e89f54c
Show file tree
Hide file tree
Showing 12 changed files with 139 additions and 25 deletions.
2 changes: 2 additions & 0 deletions args.go
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,8 @@ const (
ArgDatabasePrivateConnectionBool = "private"
// ArgDatabaseUserKafkaACLs will specify permissions on topics in kafka clsuter
ArgDatabaseUserKafkaACLs = "acl"
// ArgDatabaseUserOpenSearchACLs will specify permissions on indexes in opensearch clsuter
ArgDatabaseUserOpenSearchACLs = "opensearch-acl"

// ArgDatabaseTopicReplicationFactor is the replication factor of a kafka topic
ArgDatabaseTopicReplicationFactor = "replication-factor"
Expand Down
33 changes: 33 additions & 0 deletions commands/databases.go
Original file line number Diff line number Diff line change
Expand Up @@ -667,6 +667,7 @@ Database user accounts are scoped to one database cluster, to which they have fu
},
}
databaseKafkaACLsTxt := `A comma-separated list of kafka ACL rules, in ` + "`" + `topic:permission` + "`" + ` format.`
databaseOpenSearchACLsTxt := `A comma-separated list of OpenSearch ACL rules, in ` + "`" + `index:permission` + "`" + ` format.`
userDetailsDesc := `
- The username for the user
Expand Down Expand Up @@ -695,6 +696,7 @@ To retrieve a list of your databases and their IDs, call `+"`"+`doctl databases
AddStringFlag(cmdDatabaseUserCreate, doctl.ArgDatabaseUserMySQLAuthPlugin, "", "",
"Sets authorization plugin for a MySQL user. Possible values: `caching_sha2_password` or `mysql_native_password`")
AddStringSliceFlag(cmdDatabaseUserCreate, doctl.ArgDatabaseUserKafkaACLs, "", []string{}, databaseKafkaACLsTxt)
AddStringSliceFlag(cmdDatabaseUserCreate, doctl.ArgDatabaseUserOpenSearchACLs, "", []string{}, databaseOpenSearchACLsTxt)
cmdDatabaseUserCreate.Example = `The following example creates a new user with the username ` + "`" + `example-user` + "`" + ` for a database cluster with the ID ` + "`" + `ca9f591d-f38h-5555-a0ef-1c02d1d1e35` + "`" + `: doctl databases user create ca9f591d-f38h-5555-a0ef-1c02d1d1e35 example-user`

cmdDatabaseUserResetAuth := CmdBuilder(cmd, RunDatabaseUserResetAuth, "reset <database-cluster-id> <user-name> <new-auth-mode>",
Expand Down Expand Up @@ -781,6 +783,17 @@ func RunDatabaseUserCreate(c *CmdConfig) error {
}
}

openSearchACLs, err := buildDatabaseCreateOpenSearchUserACLs(c)
if err != nil {
return err
}

if len(openSearchACLs) != 0 {
req.Settings = &godo.DatabaseUserSettings{
OpenSearchACL: openSearchACLs,
}
}

user, err := c.Databases().CreateUser(databaseID, req)
if err != nil {
return err
Expand Down Expand Up @@ -809,6 +822,26 @@ func buildDatabaseCreateKafkaUserACls(c *CmdConfig) (kafkaACls []*godo.KafkaACL,
return kafkaACls, nil
}

func buildDatabaseCreateOpenSearchUserACLs(c *CmdConfig) (openSearchACLs []*godo.OpenSearchACL, err error) {
acls, err := c.Doit.GetStringSlice(c.NS, doctl.ArgDatabaseUserOpenSearchACLs)
if err != nil {
return nil, err
}
for _, acl := range acls {
pair := strings.SplitN(acl, ":", 2)
if len(pair) != 2 {
return nil, fmt.Errorf("unexpected input value [%v], must be a index:permission pair", pair)
}

openSearchACL := new(godo.OpenSearchACL)
openSearchACL.Index = pair[0]
openSearchACL.Permission = pair[1]

openSearchACLs = append(openSearchACLs, openSearchACL)
}
return openSearchACLs, nil
}

func RunDatabaseUserResetAuth(c *CmdConfig) error {
if len(c.Args) < 2 {
return doctl.NewMissingArgsErr(c.NS)
Expand Down
23 changes: 23 additions & 0 deletions commands/databases_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -962,6 +962,29 @@ func TestDatabaseUserCreate(t *testing.T) {
assert.NoError(t, err)
})

// Successful call with kafka acl set
withTestClient(t, func(config *CmdConfig, tm *tcMocks) {
r := &godo.DatabaseCreateUserRequest{
Name: testDBUser.Name,
Settings: &godo.DatabaseUserSettings{
OpenSearchACL: []*godo.OpenSearchACL{
{
Permission: "admin",
Index: "test",
},
},
},
}

tm.databases.EXPECT().CreateUser(testDBCluster.ID, r).Return(&testDBUser, nil)

config.Args = append(config.Args, testDBCluster.ID, testDBUser.Name)
config.Doit.Set(config.NS, doctl.ArgDatabaseUserOpenSearchACLs, "test:admin")

err := RunDatabaseUserCreate(config)
assert.NoError(t, err)
})

// Error
withTestClient(t, func(config *CmdConfig, tm *tcMocks) {
tm.databases.EXPECT().CreateUser(
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.22
require (
github.com/blang/semver v3.5.1+incompatible
github.com/creack/pty v1.1.21
github.com/digitalocean/godo v1.121.0
github.com/digitalocean/godo v1.123.0
github.com/docker/cli v24.0.5+incompatible
github.com/docker/docker v25.0.6+incompatible
github.com/docker/docker-credential-helpers v0.7.0 // indirect
Expand All @@ -30,7 +30,7 @@ require (
github.com/stretchr/testify v1.8.4
golang.org/x/crypto v0.22.0
golang.org/x/net v0.24.0 // indirect
golang.org/x/oauth2 v0.22.0
golang.org/x/oauth2 v0.23.0
golang.org/x/sys v0.20.0 // indirect
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.26.2
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/digitalocean/godo v1.121.0 h1:ilXiHuEnhbJs2fmFEPX0r/QQ6KfiOIMAhJN3f8NiCfI=
github.com/digitalocean/godo v1.121.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
github.com/digitalocean/godo v1.123.0 h1:EowFmnVevXIKn9svPDTz0NK4+f+eE3v5easKD9hjc1k=
github.com/digitalocean/godo v1.123.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
Expand Down Expand Up @@ -517,8 +517,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand Down
29 changes: 28 additions & 1 deletion integration/database_user_create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,25 @@ var _ = suite("database/user/create", func(t *testing.T, when spec.G, it spec.S)
expect.Equal(strings.TrimSpace(databaseUserCreateOutput), strings.TrimSpace(string(output)))
})
})

when("the opensearch acl flag is present", func() {
it("creates the database user", func() {
cmd := exec.Command(builtBinaryPath,
"-t", "some-magic-token",
"-u", server.URL,
"database",
"user",
"create",
"some-database-id",
"some-user-name",
"--opensearch-acl", "log-*:read",
)

output, err := cmd.CombinedOutput()
expect.NoError(err, fmt.Sprintf("received error output: %s", output))
expect.Equal(strings.TrimSpace(databaseUserCreateOutput), strings.TrimSpace(string(output)))
})
})
})

const (
Expand All @@ -118,7 +137,15 @@ some-user-name normal jge5lfxtzhx42iff
"name": "{{.Name}}",
"role": "normal",
"password": "jge5lfxtzhx42iff",
"mysql_settings": { "auth_plugin": "mysql_native_password" }
"mysql_settings": { "auth_plugin": "mysql_native_password" },
"settings": {
"opensearch_acl": [
{
"permission": "read",
"index": "log-*"
}
]
}
}
}
`
Expand Down
9 changes: 9 additions & 0 deletions vendor/github.com/digitalocean/godo/CHANGELOG.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions vendor/github.com/digitalocean/godo/apps.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

37 changes: 22 additions & 15 deletions vendor/github.com/digitalocean/godo/databases.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/github.com/digitalocean/godo/godo.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions vendor/golang.org/x/oauth2/token.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ github.com/creack/pty
# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
## explicit
github.com/davecgh/go-spew/spew
# github.com/digitalocean/godo v1.121.0
# github.com/digitalocean/godo v1.123.0
## explicit; go 1.20
github.com/digitalocean/godo
github.com/digitalocean/godo/metrics
Expand Down Expand Up @@ -439,7 +439,7 @@ golang.org/x/net/http2/hpack
golang.org/x/net/idna
golang.org/x/net/internal/socks
golang.org/x/net/proxy
# golang.org/x/oauth2 v0.22.0
# golang.org/x/oauth2 v0.23.0
## explicit; go 1.18
golang.org/x/oauth2
golang.org/x/oauth2/internal
Expand Down

0 comments on commit e89f54c

Please sign in to comment.