diff --git a/integration/Jenkinsfile b/integration/Jenkinsfile index caf6e8d25..375d643b6 100644 --- a/integration/Jenkinsfile +++ b/integration/Jenkinsfile @@ -301,6 +301,7 @@ def void setupWorkspace() { git clone --single-branch --branch $BRANCH https://github.com/NetApp/harvest.git cp /u/mpeg/harvest/harvest_cert.yml $WORKSPACE/harvest/integration/test/ cp /u/mpeg/harvest/harvest.yml $WORKSPACE/harvest/integration/test/ + cp /u/mpeg/harvest/harvest_admin.yml $WORKSPACE/harvest/integration/test/ ls -ltr $WORKSPACE/harvest/integration/test/ ''' } diff --git a/integration/go.mod b/integration/go.mod index 846c08c1a..f8f8327f3 100644 --- a/integration/go.mod +++ b/integration/go.mod @@ -7,9 +7,9 @@ toolchain go1.23.0 replace github.com/netapp/harvest/v2 => ../ require ( - github.com/carlmjohnson/requests v0.24.2 - github.com/netapp/harvest/v2 v2.0.0-20241001142758-f137ab714dd8 - golang.org/x/text v0.20.0 + github.com/carlmjohnson/requests v0.24.3 + github.com/netapp/harvest/v2 v2.0.0-20241209123857-e401e50ef260 + golang.org/x/text v0.21.0 ) require ( @@ -31,11 +31,11 @@ require ( github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tklauser/go-sysconf v0.3.14 // indirect - github.com/tklauser/numcpus v0.8.0 // indirect + github.com/tklauser/numcpus v0.9.0 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect - golang.org/x/net v0.29.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect + golang.org/x/net v0.32.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/integration/go.sum b/integration/go.sum index 08404c137..e654d8144 100644 --- a/integration/go.sum +++ b/integration/go.sum @@ -1,5 +1,5 @@ -github.com/carlmjohnson/requests v0.24.2 h1:JDakhAmTIKL/qL/1P7Kkc2INGBJIkIFP6xUeUmPzLso= -github.com/carlmjohnson/requests v0.24.2/go.mod h1:duYA/jDnyZ6f3xbcF5PpZ9N8clgopubP2nK5i6MVMhU= +github.com/carlmjohnson/requests v0.24.3 h1:LYcM/jVIVPkioigMjEAnBACXl2vb42TVqiC8EYNoaXQ= +github.com/carlmjohnson/requests v0.24.3/go.mod h1:duYA/jDnyZ6f3xbcF5PpZ9N8clgopubP2nK5i6MVMhU= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -53,21 +53,21 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tklauser/go-sysconf v0.3.14 h1:g5vzr9iPFFz24v2KZXs/pvpvh8/V9Fw6vQK5ZZb78yU= github.com/tklauser/go-sysconf v0.3.14/go.mod h1:1ym4lWMLUOhuBOPGtRcJm7tEGX4SCYNEEEtghGG/8uY= -github.com/tklauser/numcpus v0.8.0 h1:Mx4Wwe/FjZLeQsK/6kt2EOepwwSl7SmJrK5bV/dXYgY= -github.com/tklauser/numcpus v0.8.0/go.mod h1:ZJZlAY+dmR4eut8epnzf0u/VwodKmryxR8txiloSqBE= +github.com/tklauser/numcpus v0.9.0 h1:lmyCHtANi8aRUgkckBgoDk1nHCux3n2cgkJLXdQGPDo= +github.com/tklauser/numcpus v0.9.0/go.mod h1:SN6Nq1O3VychhC1npsWostA+oW+VOQTxZrS604NSRyI= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/integration/test/counter_test.go b/integration/test/counter_test.go index d9ba8dec6..6730d5937 100644 --- a/integration/test/counter_test.go +++ b/integration/test/counter_test.go @@ -47,14 +47,16 @@ func TestCounters(t *testing.T) { var ( poller *conf.Poller client *rest2.Client + err error ) utils.SkipIfMissing(t, utils.Regression) - _, err := conf.LoadHarvestConfig(installer.HarvestConfigFile) + err = validateRolePermissions() if err != nil { - slog.Error("Unable to load harvest config", slogx.Err(err)) + slog.Error("role permission validation failed", slogx.Err(err)) os.Exit(1) } + conf.TestLoadHarvestConfig(installer.HarvestConfigFile) pollerName := "dc1" if poller, err = conf.PollerNamed(pollerName); err != nil { @@ -89,6 +91,55 @@ func TestCounters(t *testing.T) { } +func validateRolePermissions() error { + var ( + adminPoller *conf.Poller + adminClient *rest2.Client + err error + ) + + // Load the admin poller from harvest_admin.yml + conf.TestLoadHarvestConfig(installer.HarvestAdminConfigFile) + + pollerName := "dc1-admin" + if adminPoller, err = conf.PollerNamed(pollerName); err != nil { + return fmt.Errorf("unable to find poller %s: %w", pollerName, err) + } + if adminPoller.Addr == "" { + return fmt.Errorf("admin poller address is empty for poller %s", pollerName) + } + + timeout, _ := time.ParseDuration(rest2.DefaultTimeout) + if adminClient, err = rest2.New(adminPoller, timeout, auth.NewCredentials(adminPoller, slog.Default())); err != nil { + return fmt.Errorf("error creating new admin client for poller %s: %w", pollerName, err) + } + + if err = adminClient.Init(5, conf.Remote{}); err != nil { + return fmt.Errorf("admin client init failed for poller %s: %w", pollerName, err) + } + + // Invoke the REST call to the specified endpoint + apiEndpoint := "api/private/cli/security/login/rest-role" + href := rest2.NewHrefBuilder(). + APIPath(apiEndpoint). + Filter([]string{"role=harvest-rest-role", "api=/api/private/cli"}). + Build() + + response, err := collectors.InvokeRestCall(adminClient, href) + if err != nil { + return fmt.Errorf("failed to invoke admin rest call to %s: %w", apiEndpoint, err) + } + + for _, instanceData := range response { + api := instanceData.Get("api") + if api.Exists() { + return fmt.Errorf("unexpected 'api' field found in the response data; permissions for /api/private/cli should not be present") + } + } + + return nil +} + func invokeRestCall(client *rest2.Client, counters map[string][]counterData) error { for _, countersDetail := range counters { for _, counterDetail := range countersDetail { diff --git a/integration/test/installer/installerFactory.go b/integration/test/installer/installerFactory.go index 93de7bf86..af394cd21 100644 --- a/integration/test/installer/installerFactory.go +++ b/integration/test/installer/installerFactory.go @@ -5,11 +5,12 @@ import ( ) const ( - RHEL = "rpm" - NATIVE = "tar" - HarvestConfigFile = "harvest.yml" - GRAFANA = "grafana" - PROMETHEUS = "prometheus" + RHEL = "rpm" + NATIVE = "tar" + HarvestConfigFile = "harvest.yml" + HarvestAdminConfigFile = "harvest_admin.yml" + GRAFANA = "grafana" + PROMETHEUS = "prometheus" ) func GetInstaller(installType string, path string) (Installer, error) {