Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC End to End Integration Test #17219

Merged
merged 4 commits into from
Mar 27, 2024
Merged

RBAC End to End Integration Test #17219

merged 4 commits into from
Mar 27, 2024

Conversation

oleiman
Copy link
Member

@oleiman oleiman commented Mar 20, 2024

Closes https://github.com/redpanda-data/core-internal/issues/1110

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.3.x
  • v23.2.x

Release Notes

  • none

@oleiman oleiman self-assigned this Mar 20, 2024
@oleiman oleiman marked this pull request as ready for review March 22, 2024 18:50
@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Mar 22, 2024
edited

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46631#018e67b1-4665-48ac-8044-df02882851ea

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46631#018e67c2-f4ba-4ba0-b8c4-f1d95398fb12

dotnwat
dotnwat reviewed Mar 23, 2024
View reviewed changes
tests/rptest/tests/rbac_test.py Outdated
Comment on lines 548 to 552
try:
res = self.superuser_admin.list_role_members(role=role)
return user in RoleMemberList.from_response(res)
except:
return False
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi: you can avoid the try/except ceremony to return False by passing retry_on_exc=True to wait_until and it will treat exceptions as if the predicate returned False.

@oleiman
Copy link
Member Author

oleiman commented Mar 24, 2024

force push to prefer retry_on_exc on wait_until* and remove a bunch of try/except cruft

@oleiman oleiman changed the title Rbac/e2e RBAC End to End Integration Test Mar 24, 2024
@oleiman
Copy link
Member Author

oleiman commented Mar 24, 2024

/ci-repeat 1
skip-redpanda-build
skip-units
dt-repeat=25
tests/rptest/tests/rbac_test.py::RBACEndToEndTest

@oleiman oleiman requested a review from pgellert March 25, 2024 14:51
@oleiman
Copy link
Member Author

oleiman commented Mar 25, 2024

/cdt
num_nodes=5
dt-repeat=25
tests/rptest/tests/rbac_test.py

pgellert
pgellert previously approved these changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@pgellert pgellert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

tests/rptest/tests/rbac_test.py Outdated

def has_topics(self, client: RpkTool):
tps = client.list_topics()
return tps != [], [i for i in tps]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: second return value could just be tps or maybe list(tps)

Copy link
Member Author

@oleiman oleiman Mar 27, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

list(tps) works!

tests/rptest/tests/rbac_test.py Outdated
backoff_sec=1)
res = wait_until_result(
lambda:
(True, self.superuser_admin.list_role_members(role=self.role_name0)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question(non-blocking): do we need the True here or would this work without it as well? Do we just need it for wait_until_result to forward the result?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, I hadn't noticed that in the wait_until_result doc string. I thought the tuple-ness was required.

@oleiman oleiman marked this pull request as draft March 27, 2024 00:26
@oleiman
Copy link
Member Author

oleiman commented Mar 27, 2024

force push to rebase on dev

@oleiman
Copy link
Member Author

oleiman commented Mar 27, 2024

force push review suggestions

@oleiman oleiman marked this pull request as ready for review March 27, 2024 00:57
@oleiman
dt/rpk: Add sasl_deny_principal
9dc1faf 
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman
dt/admin: Add RoleMember.User helper
918f38e 
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman
dt/rbac: RBACEndToEndTest
3cac919 
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman
dt/rbac: Remove try/except cruft from waiter functions
3932376 
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
@oleiman
Copy link
Member Author

oleiman commented Mar 27, 2024

empty force push for signoffs

@oleiman oleiman mentioned this pull request Mar 27, 2024
Merged
6 tasks
michael-redpanda
michael-redpanda approved these changes Mar 27, 2024
View reviewed changes
Copy link
Contributor

@michael-redpanda michael-redpanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

tests/rptest/clients/rpk.py
Comment on lines +391 to +395
def sasl_allow_principal(self, *args, **kwargs):
self._sasl_set_principal_access(*args, **kwargs, deny=False)

def sasl_deny_principal(self, *args, **kwargs):
self._sasl_set_principal_access(*args, **kwargs, deny=True)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

praise: ❤️

@oleiman oleiman merged commit 5391b83 into redpanda-data:dev Mar 27, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-redpanda michael-redpanda michael-redpanda approved these changes

@graphcareful graphcareful Awaiting requested review from graphcareful

@pgellert pgellert Awaiting requested review from pgellert

@dotnwat dotnwat Awaiting requested review from dotnwat

Assignees

@oleiman oleiman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@oleiman @vbotbuildovich @dotnwat @pgellert @michael-redpanda