hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1354: Add creation of basic/admin users to maxctrl

Browse Source 
The type of the created user can now be specified with the --type option.

Expanded tests that cover the user creation. Also added a test case that
checks that basic users are only allowed to read through the REST API.
This commit is contained in:
Markus Mäkelä
2017-08-16 11:16:38 +03:00
parent 9d24a63c10
commit 6ee7ed6a38
6 changed files with 85 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
maxctrl/lib/create.js
View File

@ -174,6 +174,13 @@ exports.builder = function(yargs) {
return doRequest(host, 'services/' + argv.service + '/listeners', null, {method: 'POST', body: listener}) return doRequest(host, 'services/' + argv.service + '/listeners', null, {method: 'POST', body: listener})
}) })
}) })
.group(['type'], 'Create user options:')
.option('type', {
describe: 'Type of user to create',
type: 'string',
default: 'basic',
choices: ['admin', 'basic']
})
.command('user <name> <password>', 'Create a new network user', {}, function(argv) { .command('user <name> <password>', 'Create a new network user', {}, function(argv) {
var user = { var user = {
@ -181,7 +188,8 @@ exports.builder = function(yargs) {
'id': argv.name, 'id': argv.name,
'type': 'inet', 'type': 'inet',
'attributes': { 'attributes': {
'password': argv.password 'password': argv.password,
'account': argv.type
} }
} }
} }

12
maxctrl/lib/enable.js
View File

@ -35,11 +35,21 @@ exports.builder = function(yargs) {
}) })
} }
}) })
.group(['type'], 'Enable account options:')
.option('type', {
describe: 'Type of user to create',
type: 'string',
default: 'basic',
choices: ['admin', 'basic']
})
.command('account <name>', 'Activate a Linux user account for administrative use', {}, function(argv) { .command('account <name>', 'Activate a Linux user account for administrative use', {}, function(argv) {
var req_body = { var req_body = {
data: { data: {
id: argv.name, id: argv.name,
type: 'unix' type: 'unix',
attributes: {
'account': argv.type
}
} }
} }
maxctrl(argv, function(host) { maxctrl(argv, function(host) {

32
maxctrl/test/createdestroy.js
View File

@ -131,14 +131,38 @@ describe("Create/Destroy Commands", function() {
}) })
it('create user', function() { it('create user', function() {
return verifyCommand('create user testuser test', return verifyCommand('create user testuser test', 'users/inet/testuser')
'users/inet/testuser')
.should.be.fulfilled
}) })
it('destroy user', function() { it('destroy user', function() {
return doCommand('destroy user testuser') return doCommand('destroy user testuser')
.should.be.fulfilled })
it('create admin user', function() {
return verifyCommand('create user testadmin test --type=admin', 'users/inet/testadmin')
.then((res) => {
res.data.attributes.account.should.equal('admin')
})
})
it('destroy admin user', function() {
return doCommand('destroy user testadmin')
})
it('create basic user', function() {
return verifyCommand('create user testbasic test --type=basic', 'users/inet/testbasic')
.then((res) => {
res.data.attributes.account.should.equal('basic')
})
})
it('destroy basic user', function() {
return doCommand('destroy user testbasic')
})
it('create user with bad type', function() {
return doCommand('create user testadmin test --type=superuser')
.should.be.rejected
}) })
after(stopMaxScale) after(stopMaxScale)

2
server/core/admin.cc
View File

@ -226,7 +226,7 @@ int handle_client(void *cls,
{ {
if (!do_auth(connection, url, method)) if (!do_auth(connection, url, method))
{ {
return MHD_YES; return MHD_NO;
} }
if (*con_cls == NULL) if (*con_cls == NULL)

37
server/core/test/rest-api/test/auth.js
View File

@ -25,7 +25,8 @@ describe("Authentication", function() {
id: "user1", id: "user1",
type: "inet", type: "inet",
attributes: { attributes: {
password: "pw1" password: "pw1",
account: "admin"
} }
} }
} }
@ -35,13 +36,26 @@ describe("Authentication", function() {
id: "user2", id: "user2",
type: "inet", type: "inet",
attributes: { attributes: {
password: "pw2" password: "pw2",
account: "admin"
}
}
}
var user3 = {
data: {
id: "user3",
type: "inet",
attributes: {
password: "pw3",
account: "basic"
} }
} }
} }
var auth1 = "http://" + user1.data.id + ":" + user1.data.attributes.password + "@" var auth1 = "http://" + user1.data.id + ":" + user1.data.attributes.password + "@"
var auth2 = "http://" + user2.data.id + ":" + user2.data.attributes.password + "@" var auth2 = "http://" + user2.data.id + ":" + user2.data.attributes.password + "@"
var auth3 = "http://" + user3.data.id + ":" + user3.data.attributes.password + "@"
it("unauthorized request without authentication", function() { it("unauthorized request without authentication", function() {
return request.get(base_url + "/maxscale") return request.get(base_url + "/maxscale")
@ -88,6 +102,25 @@ describe("Authentication", function() {
.should.be.fulfilled .should.be.fulfilled
}) })
it("create basic user", function() {
return request.post(auth2 + host + "/users/inet", { json: user3 })
.should.be.fulfilled
})
it("accept read request with basic user", function() {
return request.get(auth3 + host + "/servers/server1/")
.should.be.fulfilled
})
it("reject write request with basic user", function() {
return request.get(auth3 + host + "/servers/server1/")
.then(function(res) {
var obj = JSON.parse(res)
return request.patch(auth3 + host + "/servers/server1/", {json: obj})
.should.be.rejected
})
})
it("request with wrong user", function() { it("request with wrong user", function() {
return request.get(auth1 + host + "/maxscale") return request.get(auth1 + host + "/maxscale")
.should.be.rejected .should.be.rejected

1
server/core/test/rest-api/test/users.js
View File

@ -9,6 +9,7 @@ describe("Users", function() {
id: "user1", id: "user1",
type: "inet", type: "inet",
attributes: { attributes: {
account: "admin"
} }
} }
} }