Skip to content

Commit

Permalink
Implement List Roles
Browse files Browse the repository at this point in the history
Implement query_all in rest role manager which is called to get
the list of roles
  • Loading branch information
n.fraison authored and geobeau committed Oct 27, 2021
1 parent 2904d07 commit 95a9604
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 4 deletions.
37 changes: 33 additions & 4 deletions auth/rest_role_manager.cc
Original file line number Diff line number Diff line change
Expand Up @@ -209,8 +209,12 @@ namespace auth {
}

future<bool> rest_role_manager::can_login(std::string_view role_name) const {
return require_record(_qp, role_name).then([](record r) {
return r.can_login;
return find_record(_qp, role_name).then([](std::optional <record> mr) {
if (mr) {
record r = *mr;
return r.can_login;
}
return false;
});
}

Expand Down Expand Up @@ -252,7 +256,32 @@ namespace auth {
}

future <role_set> rest_role_manager::query_all() const {
throw std::logic_error("Not Implemented");
}
static const sstring query = format("SELECT {},member_of from {}",
meta::roles_table::role_col_name,
meta::roles_table::qualified_name);

// To avoid many copies of a view.
static const auto role_col_name_string = sstring(meta::roles_table::role_col_name);
static const auto member_of_col_name_string = sstring("member_of");

return _qp.execute_internal(
query,
db::consistency_level::QUORUM,
internal_distributed_timeout_config()).then([](::shared_ptr <cql3::untyped_result_set> results) {
role_set roles;

std::for_each(
results->begin(),
results->end(),
[&roles](const cql3::untyped_result_set_row &row) {
roles.insert(row.get_as<sstring>(role_col_name_string));
if (row.has(member_of_col_name_string)) {
for (auto member : row.get_set<sstring>(member_of_col_name_string)) {
roles.insert(member);
}
}
});
return roles;
});
}
}
5 changes: 5 additions & 0 deletions docs/guides/rest_authc_authz.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,8 @@ Run Test client
$ ./tools/rest_authenticator_server/scylla_client.sh
```

## UnitTest

```bash
./tools/toolchain/dbuild ninja build/debug/test/boost/rest_authenticator_test && ./tools/toolchain/dbuild ./build/debug/test/boost/rest_authenticator_test
```
26 changes: 26 additions & 0 deletions test/boost/rest_authenticator_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -495,3 +495,29 @@ SEASTAR_TEST_CASE(update_superuser_password) {
BOOST_REQUIRE(is_superuser(qp, "cassandra").get());
});
}


SEASTAR_TEST_CASE(get_list_of_roles) {
return with_dummy_authentication_server([](cql_test_env &env) {
auto &a = env.local_auth_service().underlying_authenticator();
auto &rm = env.local_auth_service().underlying_role_manager();

auth::role_set roles;
roles.insert(sstring("tester"));

BOOST_REQUIRE_EQUAL(rm.query_all().get(), roles);

auto creds = auth::authenticator::credentials_map{
{auth::authenticator::USERNAME_KEY, sstring("alice")},
{auth::authenticator::PASSWORD_KEY, sstring("password")}
};

a.authenticate(creds).get();

roles.insert(sstring("scylla-rw"));
roles.insert(sstring("other"));
roles.insert(sstring("alice"));

BOOST_REQUIRE_EQUAL(rm.query_all().get(), roles);
});
}

0 comments on commit 95a9604

Please sign in to comment.