You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/06/14 17:51:08 UTC
[GitHub] markusthoemmes closed pull request #3752: Move uuid into namespace
to decouple it from authkey
markusthoemmes closed pull request #3752: Move uuid into namespace to decouple it from authkey
URL: https://github.com/apache/incubator-openwhisk/pull/3752
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/common/scala/src/main/scala/whisk/core/containerpool/logging/DockerToActivationFileLogStore.scala b/common/scala/src/main/scala/whisk/core/containerpool/logging/DockerToActivationFileLogStore.scala
index 4be36a730a..3368d2a91b 100644
--- a/common/scala/src/main/scala/whisk/core/containerpool/logging/DockerToActivationFileLogStore.scala
+++ b/common/scala/src/main/scala/whisk/core/containerpool/logging/DockerToActivationFileLogStore.scala
@@ -101,7 +101,7 @@ class DockerToActivationFileLogStore(system: ActorSystem, destinationDirectory:
val logs = container.logs(action.limits.logs.asMegaBytes, action.exec.sentinelledLogs)(transid)
// Adding the userId field to every written record, so any background process can properly correlate.
- val userIdField = Map("namespaceId" -> user.authkey.uuid.toJson)
+ val userIdField = Map("namespaceId" -> user.namespace.uuid.toJson)
val additionalMetadata = Map(
"activationId" -> activation.activationId.asString.toJson,
diff --git a/common/scala/src/main/scala/whisk/core/containerpool/logging/ElasticSearchLogStore.scala b/common/scala/src/main/scala/whisk/core/containerpool/logging/ElasticSearchLogStore.scala
index 26f0cd3f30..33402043d2 100644
--- a/common/scala/src/main/scala/whisk/core/containerpool/logging/ElasticSearchLogStore.scala
+++ b/common/scala/src/main/scala/whisk/core/containerpool/logging/ElasticSearchLogStore.scala
@@ -97,7 +97,7 @@ class ElasticSearchLogStore(
EsQuery(queryString, Some(queryOrder))
}
- private def generatePath(user: Identity) = elasticSearchConfig.path.format(user.uuid.asString)
+ private def generatePath(user: Identity) = elasticSearchConfig.path.format(user.namespace.uuid.asString)
override def fetchLogs(user: Identity, activation: WhiskActivation, request: HttpRequest): Future[ActivationLogs] = {
val headers = extractRequiredHeaders(request.headers)
diff --git a/common/scala/src/main/scala/whisk/core/entity/EntityPath.scala b/common/scala/src/main/scala/whisk/core/entity/EntityPath.scala
index 0262f10cad..5bedddda94 100644
--- a/common/scala/src/main/scala/whisk/core/entity/EntityPath.scala
+++ b/common/scala/src/main/scala/whisk/core/entity/EntityPath.scala
@@ -78,6 +78,14 @@ protected[core] class EntityPath private (private val path: Seq[String]) extends
*/
def defaultPackage: Boolean = path.size == 1
+ /**
+ * Replaces root of this path with given namespace iff the root is
+ * the default namespace.
+ */
+ def resolveNamespace(newNamespace: Namespace): EntityPath = {
+ resolveNamespace(newNamespace.name)
+ }
+
/**
* Replaces root of this path with given namespace iff the root is
* the default namespace.
diff --git a/common/scala/src/main/scala/whisk/core/entity/Identity.scala b/common/scala/src/main/scala/whisk/core/entity/Identity.scala
index e1b2526dad..f5526f9017 100644
--- a/common/scala/src/main/scala/whisk/core/entity/Identity.scala
+++ b/common/scala/src/main/scala/whisk/core/entity/Identity.scala
@@ -19,7 +19,6 @@ package whisk.core.entity
import scala.concurrent.Future
import scala.util.Try
-
import spray.json._
import types.AuthStore
import whisk.common.Logging
@@ -38,13 +37,17 @@ object UserLimits extends DefaultJsonProtocol {
implicit val serdes = jsonFormat3(UserLimits.apply)
}
+protected[core] case class Namespace(name: EntityName, uuid: UUID)
+
+protected[core] object Namespace extends DefaultJsonProtocol {
+ implicit val serdes = jsonFormat2(Namespace.apply)
+}
+
protected[core] case class Identity(subject: Subject,
- namespace: EntityName,
+ namespace: Namespace,
authkey: AuthKey,
rights: Set[Privilege],
- limits: UserLimits = UserLimits()) {
- def uuid = authkey.uuid
-}
+ limits: UserLimits = UserLimits())
object Identity extends MultipleReadersSingleWriterCache[Identity, DocInfo] with DefaultJsonProtocol {
@@ -126,7 +129,12 @@ object Identity extends MultipleReadersSingleWriterCache[Identity, DocInfo] with
val JsString(uuid) = value("uuid")
val JsString(secret) = value("key")
val JsString(namespace) = value("namespace")
- Identity(subject, EntityName(namespace), AuthKey(UUID(uuid), Secret(secret)), Privilege.ALL, limits)
+ Identity(
+ subject,
+ Namespace(EntityName(namespace), UUID(uuid)),
+ AuthKey(UUID(uuid), Secret(secret)),
+ Privilege.ALL,
+ limits)
case _ =>
logger.error(this, s"$viewName[$key] has malformed view '${row.compactPrint}'")
throw new IllegalStateException("identities view malformed")
diff --git a/common/scala/src/main/scala/whisk/core/entity/WhiskAction.scala b/common/scala/src/main/scala/whisk/core/entity/WhiskAction.scala
index ac6b2d059e..3617ae098f 100644
--- a/common/scala/src/main/scala/whisk/core/entity/WhiskAction.scala
+++ b/common/scala/src/main/scala/whisk/core/entity/WhiskAction.scala
@@ -59,7 +59,7 @@ case class WhiskActionPut(exec: Option[Exec] = None,
/**
* Resolves sequence components if they contain default namespace.
*/
- protected[core] def resolve(userNamespace: EntityName): WhiskActionPut = {
+ protected[core] def resolve(userNamespace: Namespace): WhiskActionPut = {
exec map {
case SequenceExec(components) =>
val newExec = SequenceExec(components map { c =>
@@ -140,6 +140,13 @@ case class WhiskAction(namespace: EntityPath,
*/
def inherit(p: Parameters) = copy(parameters = p ++ parameters).revision[WhiskAction](rev)
+ /**
+ * Resolves sequence components if they contain default namespace.
+ */
+ protected[core] def resolve(userNamespace: Namespace): WhiskAction = {
+ resolve(userNamespace.name)
+ }
+
/**
* Resolves sequence components if they contain default namespace.
*/
@@ -202,11 +209,11 @@ case class WhiskActionMetaData(namespace: EntityPath,
/**
* Resolves sequence components if they contain default namespace.
*/
- protected[core] def resolve(userNamespace: EntityName): WhiskActionMetaData = {
+ protected[core] def resolve(userNamespace: Namespace): WhiskActionMetaData = {
exec match {
case SequenceExecMetaData(components) =>
val newExec = SequenceExecMetaData(components map { c =>
- FullyQualifiedEntityName(c.path.resolveNamespace(userNamespace), c.name)
+ FullyQualifiedEntityName(c.path.resolveNamespace(userNamespace.name), c.name)
})
copy(exec = newExec).revision[WhiskActionMetaData](rev)
case _ => this
diff --git a/common/scala/src/main/scala/whisk/core/entity/WhiskAuth.scala b/common/scala/src/main/scala/whisk/core/entity/WhiskAuth.scala
index be83471f50..2de9a865d3 100644
--- a/common/scala/src/main/scala/whisk/core/entity/WhiskAuth.scala
+++ b/common/scala/src/main/scala/whisk/core/entity/WhiskAuth.scala
@@ -25,18 +25,18 @@ import scala.util.Try
* database. Each namespace has its own key which is used to determine
* the {@ Identity} of the user calling.
*/
-protected[core] case class WhiskNamespace(name: EntityName, authkey: AuthKey)
+protected[core] case class WhiskNamespace(namespace: Namespace, authkey: AuthKey)
protected[core] object WhiskNamespace extends DefaultJsonProtocol {
implicit val serdes = new RootJsonFormat[WhiskNamespace] {
def write(w: WhiskNamespace) =
- JsObject("name" -> w.name.toJson, "uuid" -> w.authkey.uuid.toJson, "key" -> w.authkey.key.toJson)
+ JsObject("name" -> w.namespace.name.toJson, "uuid" -> w.namespace.uuid.toJson, "key" -> w.authkey.key.toJson)
def read(value: JsValue) =
Try {
value.asJsObject.getFields("name", "uuid", "key") match {
case Seq(JsString(n), JsString(u), JsString(k)) =>
- WhiskNamespace(EntityName(n), AuthKey(UUID(u), Secret(k)))
+ WhiskNamespace(Namespace(EntityName(n), UUID(u)), AuthKey(UUID(u), Secret(k)))
}
} getOrElse deserializationError("namespace record malformed")
}
diff --git a/core/controller/src/main/scala/whisk/core/controller/AuthorizedRouteDispatcher.scala b/core/controller/src/main/scala/whisk/core/controller/AuthorizedRouteDispatcher.scala
index 9288707732..2ed1a9428b 100644
--- a/core/controller/src/main/scala/whisk/core/controller/AuthorizedRouteDispatcher.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/AuthorizedRouteDispatcher.scala
@@ -114,7 +114,7 @@ trait BasicAuthorizedRouteProvider extends Directives {
} else {
Messages.namespaceIllegal
}
- }) & extract(_ => EntityPath(if (EntityPath(ns) == EntityPath.DEFAULT) user.namespace.asString else ns))
+ }) & extract(_ => EntityPath(if (EntityPath(ns) == EntityPath.DEFAULT) user.namespace.name.asString else ns))
}
/** Validates entity name from the matched path segment. */
diff --git a/core/controller/src/main/scala/whisk/core/controller/Namespaces.scala b/core/controller/src/main/scala/whisk/core/controller/Namespaces.scala
index 0afbb4037c..f40a9096c4 100644
--- a/core/controller/src/main/scala/whisk/core/controller/Namespaces.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/Namespaces.scala
@@ -42,7 +42,7 @@ trait WhiskNamespacesApi extends Directives with AuthenticatedRouteProvider {
*/
override def routes(user: Identity)(implicit transid: TransactionId) = {
(pathPrefix(collection.path) & collectionOps) {
- complete(OK, List(user.namespace))
+ complete(OK, List(user.namespace.name))
}
}
}
diff --git a/core/controller/src/main/scala/whisk/core/controller/Packages.scala b/core/controller/src/main/scala/whisk/core/controller/Packages.scala
index 509cc7623f..8cfbdcf008 100644
--- a/core/controller/src/main/scala/whisk/core/controller/Packages.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/Packages.scala
@@ -172,7 +172,7 @@ trait WhiskPackagesApi extends WhiskCollectionAPI with ReferencedEntities {
'skip.as[ListSkip] ? ListSkip(collection.defaultListSkip),
'limit.as[ListLimit] ? ListLimit(collection.defaultListLimit),
'count ? false) { (skip, limit, count) =>
- val viewName = if (user.namespace.toPath == namespace) WhiskPackage.view else WhiskPackage.publicPackagesView
+ val viewName = if (user.namespace.name.toPath == namespace) WhiskPackage.view else WhiskPackage.publicPackagesView
if (!count) {
listEntities {
WhiskPackage
diff --git a/core/controller/src/main/scala/whisk/core/controller/Triggers.scala b/core/controller/src/main/scala/whisk/core/controller/Triggers.scala
index 67c431c32e..88010d7c7c 100644
--- a/core/controller/src/main/scala/whisk/core/controller/Triggers.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/Triggers.scala
@@ -138,7 +138,7 @@ trait WhiskTriggersApi extends WhiskCollectionAPI {
val triggerActivationId = activationIdFactory.make()
logging.info(this, s"[POST] trigger activation id: ${triggerActivationId}")
val triggerActivation = WhiskActivation(
- namespace = user.namespace.toPath, // all activations should end up in the one space regardless trigger.namespace,
+ namespace = user.namespace.name.toPath, // all activations should end up in the one space regardless trigger.namespace,
entityName.name,
user.subject,
triggerActivationId,
diff --git a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
index d74815c293..2878c66f98 100644
--- a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
@@ -112,7 +112,7 @@ private case class Context(propertyMap: WebApiDirectives,
.toMap
.toJson,
propertyMap.path -> path.toJson) ++
- user.map(u => propertyMap.namespace -> u.namespace.asString.toJson)
+ user.map(u => propertyMap.namespace -> u.namespace.name.asString.toJson)
}
def toActionArgument(user: Option[Identity], boxQueryAndBody: Boolean): Map[String, JsValue] = {
diff --git a/core/controller/src/main/scala/whisk/core/controller/actions/PrimitiveActions.scala b/core/controller/src/main/scala/whisk/core/controller/actions/PrimitiveActions.scala
index 28dbedfc55..135bc48d88 100644
--- a/core/controller/src/main/scala/whisk/core/controller/actions/PrimitiveActions.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/actions/PrimitiveActions.scala
@@ -344,7 +344,7 @@ protected[actions] trait PrimitiveActions {
// no next action, end composition execution, return to caller
Future.successful(ActivationResponse(activation.response.statusCode, Some(params.getOrElse(result))))
case Some(next) =>
- FullyQualifiedEntityName.resolveName(next, user.namespace) match {
+ FullyQualifiedEntityName.resolveName(next, user.namespace.name) match {
case Some(fqn) if session.accounting.components < actionSequenceLimit =>
tryInvokeNext(user, fqn, params, session)
@@ -512,7 +512,7 @@ protected[actions] trait PrimitiveActions {
// create the whisk activation
val activation = WhiskActivation(
- namespace = user.namespace.toPath,
+ namespace = user.namespace.name.toPath,
name = session.action.name,
user.subject,
activationId = session.activationId,
@@ -552,7 +552,7 @@ protected[actions] trait PrimitiveActions {
implicit transid: TransactionId): Future[Either[ActivationId, WhiskActivation]] = {
val result = Promise[Either[ActivationId, WhiskActivation]]
- val docid = new DocId(WhiskEntity.qualifiedName(user.namespace.toPath, activationId))
+ val docid = new DocId(WhiskEntity.qualifiedName(user.namespace.name.toPath, activationId))
logging.debug(this, s"action activation will block for result upto $totalWaitTime")
// 1. Wait for the active-ack to happen. Either immediately resolve the promise or poll the database quickly
diff --git a/core/controller/src/main/scala/whisk/core/controller/actions/SequenceActions.scala b/core/controller/src/main/scala/whisk/core/controller/actions/SequenceActions.scala
index 4375ee872a..75ba2aca56 100644
--- a/core/controller/src/main/scala/whisk/core/controller/actions/SequenceActions.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/actions/SequenceActions.scala
@@ -196,7 +196,7 @@ protected[actions] trait SequenceActions {
// create the whisk activation
WhiskActivation(
- namespace = user.namespace.toPath,
+ namespace = user.namespace.name.toPath,
name = action.name,
user.subject,
activationId = activationId,
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/ActivationThrottler.scala b/core/controller/src/main/scala/whisk/core/entitlement/ActivationThrottler.scala
index b99385accc..92d54340c0 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/ActivationThrottler.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/ActivationThrottler.scala
@@ -42,11 +42,11 @@ class ActivationThrottler(loadBalancer: LoadBalancer, concurrencyLimit: Identity
* Checks whether the operation should be allowed to proceed.
*/
def check(user: Identity)(implicit tid: TransactionId): Future[RateLimit] = {
- loadBalancer.activeActivationsFor(user.uuid).map { concurrentActivations =>
+ loadBalancer.activeActivationsFor(user.namespace.uuid).map { concurrentActivations =>
val currentLimit = concurrencyLimit(user)
logging.debug(
this,
- s"namespace = ${user.uuid.asString}, concurrent activations = $concurrentActivations, below limit = $currentLimit")
+ s"namespace = ${user.namespace.uuid.asString}, concurrent activations = $concurrentActivations, below limit = $currentLimit")
ConcurrentRateLimit(concurrentActivations, currentLimit)
}
}
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
index 031c267032..eaf08e9f03 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
@@ -287,7 +287,7 @@ protected[core] abstract class EntitlementProvider(
protected def checkPrivilege(user: Identity, right: Privilege, resources: Set[Resource])(
implicit transid: TransactionId): Future[Set[(Resource, Boolean)]] = {
// check the default namespace first, bypassing additional checks if permitted
- val defaultNamespaces = Set(user.namespace.asString)
+ val defaultNamespaces = Set(user.namespace.name.asString)
implicit val es: EntitlementProvider = this
Future.sequence {
@@ -361,7 +361,7 @@ protected[core] abstract class EntitlementProvider(
private def checkThrottleOverload(throttle: Future[RateLimit], user: Identity)(
implicit transid: TransactionId): Future[Unit] = {
throttle.flatMap { limit =>
- val userId = user.authkey.uuid
+ val userId = user.namespace.uuid
if (limit.ok) {
limit match {
case c: ConcurrentRateLimit => {
@@ -373,7 +373,7 @@ protected[core] abstract class EntitlementProvider(
s"controller${controllerInstance.instance}",
metric,
user.subject,
- user.namespace.toString,
+ user.namespace.name.toString,
userId,
metric.typeName))
}
@@ -381,7 +381,7 @@ protected[core] abstract class EntitlementProvider(
}
Future.successful(())
} else {
- logging.info(this, s"'${user.namespace}' has exceeded its throttle limit, ${limit.errorMsg}")
+ logging.info(this, s"'${user.namespace.name}' has exceeded its throttle limit, ${limit.errorMsg}")
val metric = Metric(limit.limitName, 1)
UserEvents.send(
eventProducer,
@@ -389,7 +389,7 @@ protected[core] abstract class EntitlementProvider(
s"controller${controllerInstance.instance}",
metric,
user.subject,
- user.namespace.toString,
+ user.namespace.name.toString,
userId,
metric.typeName))
Future.failed(RejectRequest(TooManyRequests, limit.errorMsg))
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/RateThrottler.scala b/core/controller/src/main/scala/whisk/core/entitlement/RateThrottler.scala
index 9ce7216dea..527b6995f5 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/RateThrottler.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/RateThrottler.scala
@@ -45,7 +45,7 @@ class RateThrottler(description: String, maxPerMinute: Identity => Int)(implicit
* @return true iff subject namespace is below allowed limit
*/
def check(user: Identity)(implicit transid: TransactionId): RateLimit = {
- val uuid = user.uuid // this is namespace identifier
+ val uuid = user.namespace.uuid // this is namespace identifier
val throttle = rateMap.getOrElseUpdate(uuid, new RateInfo)
val limit = maxPerMinute(user)
val rate = TimedRateLimit(throttle.update(limit), limit)
diff --git a/core/controller/src/main/scala/whisk/core/loadBalancer/InvokerSupervision.scala b/core/controller/src/main/scala/whisk/core/loadBalancer/InvokerSupervision.scala
index e33845e897..152f555827 100644
--- a/core/controller/src/main/scala/whisk/core/loadBalancer/InvokerSupervision.scala
+++ b/core/controller/src/main/scala/whisk/core/loadBalancer/InvokerSupervision.scala
@@ -221,13 +221,14 @@ object InvokerPool {
/** A stub identity for invoking the test action. This does not need to be a valid identity. */
val healthActionIdentity = {
val whiskSystem = "whisk.system"
- Identity(Subject(whiskSystem), EntityName(whiskSystem), AuthKey(UUID(), Secret()), Set[Privilege]())
+ val uuid = UUID()
+ Identity(Subject(whiskSystem), Namespace(EntityName(whiskSystem), uuid), AuthKey(uuid, Secret()), Set[Privilege]())
}
/** An action to use for monitoring invoker health. */
def healthAction(i: InstanceId) = ExecManifest.runtimesManifest.resolveDefaultRuntime("nodejs:6").map { manifest =>
new WhiskAction(
- namespace = healthActionIdentity.namespace.toPath,
+ namespace = healthActionIdentity.namespace.name.toPath,
name = EntityName(s"invokerHealthTestAction${i.toInt}"),
exec = CodeExecAsString(manifest, """function main(params) { return params; }""", None))
}
diff --git a/core/controller/src/main/scala/whisk/core/loadBalancer/ShardingContainerPoolBalancer.scala b/core/controller/src/main/scala/whisk/core/loadBalancer/ShardingContainerPoolBalancer.scala
index 7e817e7411..eb95936460 100644
--- a/core/controller/src/main/scala/whisk/core/loadBalancer/ShardingContainerPoolBalancer.scala
+++ b/core/controller/src/main/scala/whisk/core/loadBalancer/ShardingContainerPoolBalancer.scala
@@ -138,7 +138,7 @@ class ShardingContainerPoolBalancer(config: WhiskConfig, controllerInstance: Ins
if (!action.exec.pull) (schedulingState.managedInvokers, schedulingState.managedStepSizes)
else (schedulingState.blackboxInvokers, schedulingState.blackboxStepSizes)
val chosen = if (invokersToUse.nonEmpty) {
- val hash = ShardingContainerPoolBalancer.generateHash(msg.user.namespace, action.fullyQualifiedName(false))
+ val hash = ShardingContainerPoolBalancer.generateHash(msg.user.namespace.name, action.fullyQualifiedName(false))
val homeInvoker = hash % invokersToUse.size
val stepSize = stepSizes(hash % stepSizes.size)
ShardingContainerPoolBalancer.schedule(invokersToUse, schedulingState.invokerSlots, homeInvoker, stepSize)
@@ -162,7 +162,7 @@ class ShardingContainerPoolBalancer(config: WhiskConfig, controllerInstance: Ins
instance: InstanceId): ActivationEntry = {
totalActivations.increment()
- activationsPerNamespace.getOrElseUpdate(msg.user.uuid, new LongAdder()).increment()
+ activationsPerNamespace.getOrElseUpdate(msg.user.namespace.uuid, new LongAdder()).increment()
val timeout = action.limits.timeout.duration.max(TimeLimit.STD_DURATION) + 1.minute
// Install a timeout handler for the catastrophic case where an active ack is not received at all
@@ -178,7 +178,7 @@ class ShardingContainerPoolBalancer(config: WhiskConfig, controllerInstance: Ins
// please note: timeoutHandler.cancel must be called on all non-timeout paths, e.g. Success
ActivationEntry(
msg.activationId,
- msg.user.uuid,
+ msg.user.namespace.uuid,
instance,
timeoutHandler,
Promise[Either[ActivationId, WhiskActivation]]())
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerPool.scala b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerPool.scala
index d26ebdc2f9..90f5d73456 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerPool.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerPool.scala
@@ -95,7 +95,7 @@ class ContainerPool(childFactory: ActorRefFactory => ActorRef,
// Schedule a job to a warm container
ContainerPool
- .schedule(r.action, r.msg.user.namespace, freePool)
+ .schedule(r.action, r.msg.user.namespace.name, freePool)
.map(container => {
(container, "warm")
})
@@ -141,7 +141,7 @@ class ContainerPool(childFactory: ActorRefFactory => ActorRef,
this,
s"Rescheduling Run message, too many message in the pool, freePoolSize: ${freePool.size}, " +
s"busyPoolSize: ${busyPool.size}, maxActiveContainers ${poolConfig.maxActiveContainers}, " +
- s"userNamespace: ${r.msg.user.namespace}, action: ${r.action}")(r.msg.transid)
+ s"userNamespace: ${r.msg.user.namespace.name}, action: ${r.action}")(r.msg.transid)
Some(logMessageInterval.fromNow)
} else {
r.retryLogDeadline
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
index b75ad72a7e..0a7c1aca29 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
@@ -132,7 +132,7 @@ class ContainerProxy(
// create a new container
val container = factory(
job.msg.transid,
- ContainerProxy.containerName(instance, job.msg.user.namespace.name, job.action.name.name),
+ ContainerProxy.containerName(instance, job.msg.user.namespace.name.asString, job.action.name.asString),
job.action.exec.image,
job.action.exec.pull,
job.action.limits.memory.megabytes.MB,
@@ -161,13 +161,18 @@ class ContainerProxy(
// implicitly via a FailureMessage which will be processed later when the state
// transitions to Running
val activation = ContainerProxy.constructWhiskActivation(job, None, Interval.zero, response)
- sendActiveAck(transid, activation, job.msg.blocking, job.msg.rootControllerIndex, job.msg.user.authkey.uuid)
+ sendActiveAck(
+ transid,
+ activation,
+ job.msg.blocking,
+ job.msg.rootControllerIndex,
+ job.msg.user.namespace.uuid)
storeActivation(transid, activation)
}
.flatMap { container =>
// now attempt to inject the user code and run the action
initializeAndRun(container, job)
- .map(_ => WarmedData(container, job.msg.user.namespace, job.action, Instant.now))
+ .map(_ => WarmedData(container, job.msg.user.namespace.name, job.action, Instant.now))
}
.pipeTo(self)
@@ -192,7 +197,7 @@ class ContainerProxy(
case Event(job: Run, data: PreWarmedData) =>
implicit val transid = job.msg.transid
initializeAndRun(data.container, job)
- .map(_ => WarmedData(data.container, job.msg.user.namespace, job.action, Instant.now))
+ .map(_ => WarmedData(data.container, job.msg.user.namespace.name, job.action, Instant.now))
.pipeTo(self)
goto(Running)
@@ -228,7 +233,7 @@ class ContainerProxy(
case Event(job: Run, data: WarmedData) =>
implicit val transid = job.msg.transid
initializeAndRun(data.container, job)
- .map(_ => WarmedData(data.container, job.msg.user.namespace, job.action, Instant.now))
+ .map(_ => WarmedData(data.container, job.msg.user.namespace.name, job.action, Instant.now))
.pipeTo(self)
goto(Running)
@@ -261,7 +266,7 @@ class ContainerProxy(
self ! job
}
.flatMap(_ => initializeAndRun(data.container, job))
- .map(_ => WarmedData(data.container, job.msg.user.namespace, job.action, Instant.now))
+ .map(_ => WarmedData(data.container, job.msg.user.namespace.name, job.action, Instant.now))
.pipeTo(self)
goto(Running)
@@ -351,7 +356,7 @@ class ContainerProxy(
val environment = JsObject(
"api_key" -> job.msg.user.authkey.compact.toJson,
- "namespace" -> job.msg.user.namespace.toJson,
+ "namespace" -> job.msg.user.namespace.name.toJson,
"action_name" -> job.msg.action.qualifiedNameWithLeadingSlash.toJson,
"activation_id" -> job.msg.activationId.toString.toJson,
// compute deadline on invoker side avoids discrepancies inside container
@@ -380,7 +385,8 @@ class ContainerProxy(
}
// Sending active ack. Entirely asynchronous and not waited upon.
- activation.foreach(sendActiveAck(tid, _, job.msg.blocking, job.msg.rootControllerIndex, job.msg.user.authkey.uuid))
+ activation.foreach(
+ sendActiveAck(tid, _, job.msg.blocking, job.msg.rootControllerIndex, job.msg.user.namespace.uuid))
// Adds logs to the raw activation.
val activationWithLogs: Future[Either[ActivationLogReadingError, WhiskActivation]] = activation
@@ -487,7 +493,7 @@ object ContainerProxy {
WhiskActivation(
activationId = job.msg.activationId,
- namespace = job.msg.user.namespace.toPath,
+ namespace = job.msg.user.namespace.name.toPath,
subject = job.msg.user.subject,
cause = job.msg.cause,
name = job.action.name,
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/kubernetes/KubernetesInvokerAgentLogStore.scala b/core/invoker/src/main/scala/whisk/core/containerpool/kubernetes/KubernetesInvokerAgentLogStore.scala
index 17f836336e..ec3d64587a 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/kubernetes/KubernetesInvokerAgentLogStore.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/kubernetes/KubernetesInvokerAgentLogStore.scala
@@ -51,7 +51,7 @@ class KubernetesInvokerAgentLogStore(system: ActorSystem) extends LogDriverLogSt
val sentinelledLogs = action.exec.sentinelledLogs
// Add the userId field to every written record, so any background process can properly correlate.
- val userIdField = Map("namespaceId" -> user.authkey.uuid.toJson)
+ val userIdField = Map("namespaceId" -> user.namespace.uuid.toJson)
val additionalMetadata = Map(
"activationId" -> activation.activationId.asString.toJson,
diff --git a/core/invoker/src/main/scala/whisk/core/invoker/InvokerReactive.scala b/core/invoker/src/main/scala/whisk/core/invoker/InvokerReactive.scala
index 4d283820da..4ad6bbf988 100644
--- a/core/invoker/src/main/scala/whisk/core/invoker/InvokerReactive.scala
+++ b/core/invoker/src/main/scala/whisk/core/invoker/InvokerReactive.scala
@@ -234,7 +234,7 @@ class InvokerReactive(
val activation = generateFallbackActivation(msg, response)
activationFeed ! MessageFeed.Processed
- ack(msg.transid, activation, msg.blocking, msg.rootControllerIndex, msg.user.authkey.uuid)
+ ack(msg.transid, activation, msg.blocking, msg.rootControllerIndex, msg.user.namespace.uuid)
store(msg.transid, activation)
Future.successful(())
}
@@ -244,8 +244,8 @@ class InvokerReactive(
activationFeed ! MessageFeed.Processed
val activation =
generateFallbackActivation(msg, ActivationResponse.applicationError(Messages.namespacesBlacklisted))
- ack(msg.transid, activation, false, msg.rootControllerIndex, msg.user.authkey.uuid)
- logging.warn(this, s"namespace ${msg.user.namespace} was blocked in invoker.")
+ ack(msg.transid, activation, false, msg.rootControllerIndex, msg.user.namespace.uuid)
+ logging.warn(this, s"namespace ${msg.user.namespace.name} was blocked in invoker.")
Future.successful(())
}
}
@@ -268,7 +268,7 @@ class InvokerReactive(
WhiskActivation(
activationId = msg.activationId,
- namespace = msg.user.namespace.toPath,
+ namespace = msg.user.namespace.name.toPath,
subject = msg.user.subject,
cause = msg.cause,
name = msg.action.name,
diff --git a/core/invoker/src/main/scala/whisk/core/invoker/NamespaceBlacklist.scala b/core/invoker/src/main/scala/whisk/core/invoker/NamespaceBlacklist.scala
index 4f4336e319..5da340720e 100644
--- a/core/invoker/src/main/scala/whisk/core/invoker/NamespaceBlacklist.scala
+++ b/core/invoker/src/main/scala/whisk/core/invoker/NamespaceBlacklist.scala
@@ -44,7 +44,7 @@ class NamespaceBlacklist(authStore: AuthStore) {
* @param identity which invoked the action.
* @return whether or not the current identity is considered blacklisted
*/
- def isBlacklisted(identity: Identity): Boolean = blacklist.contains(identity.namespace.name)
+ def isBlacklisted(identity: Identity): Boolean = blacklist.contains(identity.namespace.name.asString)
/** Refreshes the current blacklist from the database. */
def refreshBlacklist()(implicit ec: ExecutionContext, tid: TransactionId): Future[Set[String]] = {
diff --git a/tests/src/test/scala/whisk/core/containerpool/logging/ElasticSearchLogStoreTests.scala b/tests/src/test/scala/whisk/core/containerpool/logging/ElasticSearchLogStoreTests.scala
index ebd8c8c2c9..7ed39103ef 100644
--- a/tests/src/test/scala/whisk/core/containerpool/logging/ElasticSearchLogStoreTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/logging/ElasticSearchLogStoreTests.scala
@@ -52,7 +52,8 @@ class ElasticSearchLogStoreTests
implicit val ec: ExecutionContext = system.dispatcher
implicit val materializer: ActorMaterializer = ActorMaterializer()
- private val user = Identity(Subject(), EntityName("testSpace"), AuthKey(), Set())
+ private val uuid = UUID()
+ private val user = Identity(Subject(), Namespace(EntityName("testSpace"), uuid), AuthKey(uuid, Secret()), Set())
private val activationId = ActivationId.generate()
private val defaultLogSchema =
@@ -166,7 +167,7 @@ class ElasticSearchLogStoreTests
ElasticSearchLogStoreConfig("https", "host", 443, "/elasticsearch/logstash-%s*/_search", defaultLogSchema)
val httpRequest = HttpRequest(
POST,
- Uri(s"/elasticsearch/logstash-${user.uuid.asString}*/_search"),
+ Uri(s"/elasticsearch/logstash-${user.namespace.uuid.asString}*/_search"),
List(Accept(MediaTypes.`application/json`)),
HttpEntity(ContentTypes.`application/json`, defaultPayload))
val esLogStore = new ElasticSearchLogStore(
diff --git a/tests/src/test/scala/whisk/core/containerpool/logging/SplunkLogStoreTests.scala b/tests/src/test/scala/whisk/core/containerpool/logging/SplunkLogStoreTests.scala
index d77f6109dc..a087a86306 100644
--- a/tests/src/test/scala/whisk/core/containerpool/logging/SplunkLogStoreTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/logging/SplunkLogStoreTests.scala
@@ -68,7 +68,8 @@ class SplunkLogStoreTests
val startTime = "2007-12-03T10:15:30Z"
val endTime = "2007-12-03T10:15:45Z"
val endTimePlus5 = "2007-12-03T10:15:50Z" //queried end time range is endTime+5
- val user = Identity(Subject(), EntityName("testSpace"), AuthKey(), Set())
+ val uuid = UUID()
+ val user = Identity(Subject(), Namespace(EntityName("testSpace"), uuid), AuthKey(uuid, Secret()), Set())
val request = HttpRequest(
method = POST,
uri = "https://some.url",
diff --git a/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationFileLogStoreTests.scala b/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationFileLogStoreTests.scala
index 6f80a92beb..e539eeb6f6 100644
--- a/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationFileLogStoreTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationFileLogStoreTests.scala
@@ -57,7 +57,7 @@ class DockerToActivationFileLogStoreTests
}
def toLoggedActivation(activation: WhiskActivation): String = {
- JsObject(activation.toJson.fields ++ Map("namespaceId" -> user.authkey.uuid.asString.toJson)).compactPrint + "\n"
+ JsObject(activation.toJson.fields ++ Map("namespaceId" -> user.namespace.uuid.asString.toJson)).compactPrint + "\n"
}
behavior of "DockerCouchDbFileLogStore"
@@ -77,7 +77,7 @@ class DockerToActivationFileLogStoreTests
await(collected) shouldBe ActivationLogs(logs.map(_.toFormattedString).toVector)
logs.foreach { line =>
testActor.expectMsg(
- toLoggedEvent(line, user.authkey.uuid, activation.activationId, action.fullyQualifiedName(false)))
+ toLoggedEvent(line, user.namespace.uuid, activation.activationId, action.fullyQualifiedName(false)))
}
// Last message should be the full activation
diff --git a/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationLogStoreTests.scala b/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationLogStoreTests.scala
index ae5249e348..4df8bde02c 100644
--- a/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationLogStoreTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/logging/test/DockerToActivationLogStoreTests.scala
@@ -40,12 +40,13 @@ import scala.concurrent.duration._
class DockerToActivationLogStoreTests extends FlatSpec with Matchers with WskActorSystem with StreamLogging {
def await[T](future: Future[T]) = Await.result(future, 1.minute)
- val user = Identity(Subject(), EntityName("testSpace"), AuthKey(), Set())
+ val uuid = UUID()
+ val user = Identity(Subject(), Namespace(EntityName("testSpace"), uuid), AuthKey(uuid, Secret()), Set())
val exec = CodeExecAsString(RuntimeManifest("actionKind", ImageName("testImage")), "testCode", None)
- val action = ExecutableWhiskAction(user.namespace.toPath, EntityName("actionName"), exec)
+ val action = ExecutableWhiskAction(user.namespace.name.toPath, EntityName("actionName"), exec)
val activation =
WhiskActivation(
- user.namespace.toPath,
+ user.namespace.name.toPath,
action.name,
user.subject,
ActivationId.generate(),
diff --git a/tests/src/test/scala/whisk/core/containerpool/test/ContainerPoolTests.scala b/tests/src/test/scala/whisk/core/containerpool/test/ContainerPoolTests.scala
index 3fe12538fe..46f4559f82 100644
--- a/tests/src/test/scala/whisk/core/containerpool/test/ContainerPoolTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/test/ContainerPoolTests.scala
@@ -71,11 +71,12 @@ class ContainerPoolTests
/** Creates a `Run` message */
def createRunMessage(action: ExecutableWhiskAction, invocationNamespace: EntityName) = {
+ val uuid = UUID()
val message = ActivationMessage(
TransactionId.testing,
action.fullyQualifiedName(true),
action.rev,
- Identity(Subject(), invocationNamespace, AuthKey(), Set()),
+ Identity(Subject(), Namespace(invocationNamespace, uuid), AuthKey(uuid, Secret()), Set()),
ActivationId.generate(),
InstanceId(0),
blocking = false,
diff --git a/tests/src/test/scala/whisk/core/containerpool/test/ContainerProxyTests.scala b/tests/src/test/scala/whisk/core/containerpool/test/ContainerProxyTests.scala
index 205834ed40..8bbf80665a 100644
--- a/tests/src/test/scala/whisk/core/containerpool/test/ContainerProxyTests.scala
+++ b/tests/src/test/scala/whisk/core/containerpool/test/ContainerProxyTests.scala
@@ -79,11 +79,13 @@ class ContainerProxyTests
Interval(now, now.plusMillis(200))
}
+ val uuid = UUID()
+
val message = ActivationMessage(
messageTransId,
action.fullyQualifiedName(true),
action.rev,
- Identity(Subject(), invocationNamespace, AuthKey(), Set()),
+ Identity(Subject(), Namespace(invocationNamespace, uuid), AuthKey(uuid, Secret()), Set()),
ActivationId.generate(),
InstanceId(0),
blocking = false,
@@ -760,7 +762,7 @@ class ContainerProxyTests
implicit transid: TransactionId): Future[(Interval, ActivationResponse)] = {
runCount += 1
environment.fields("api_key") shouldBe message.user.authkey.toJson
- environment.fields("namespace") shouldBe invocationNamespace.toJson
+ environment.fields("namespace") shouldBe invocationNamespace.name.toJson
environment.fields("action_name") shouldBe message.action.qualifiedNameWithLeadingSlash.toJson
environment.fields("activation_id") shouldBe message.activationId.toJson
val deadline = Instant.ofEpochMilli(environment.fields("deadline").convertTo[String].toLong)
diff --git a/tests/src/test/scala/whisk/core/controller/test/AuthenticateTests.scala b/tests/src/test/scala/whisk/core/controller/test/AuthenticateTests.scala
index 3c4628b846..8a6d254ad5 100644
--- a/tests/src/test/scala/whisk/core/controller/test/AuthenticateTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/AuthenticateTests.scala
@@ -48,9 +48,12 @@ class AuthenticateTests extends ControllerTestCommon with Authenticate {
implicit val tid = transid()
val subject = Subject()
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+
val namespaces = Set(
- WhiskNamespace(MakeName.next("authenticatev_tests"), AuthKey()),
- WhiskNamespace(MakeName.next("authenticatev_tests"), AuthKey()))
+ WhiskNamespace(Namespace(MakeName.next("authenticatev_tests"), uuid1), AuthKey(uuid1, Secret())),
+ WhiskNamespace(Namespace(MakeName.next("authenticatev_tests"), uuid2), AuthKey(uuid2, Secret())))
val entry = WhiskAuth(subject, namespaces)
put(authStore, entry) // this test entry is reclaimed when the test completes
@@ -60,7 +63,7 @@ class AuthenticateTests extends ControllerTestCommon with Authenticate {
waitOnView(authStore, ns.authkey, 1) // wait for the view to be updated
val pass = BasicHttpCredentials(ns.authkey.uuid.asString, ns.authkey.key.asString)
val user = Await.result(validateCredentials(Some(pass)), dbOpTimeout)
- user.get shouldBe Identity(subject, ns.name, ns.authkey, Privilege.ALL)
+ user.get shouldBe Identity(subject, ns.namespace, ns.authkey, Privilege.ALL)
// first lookup should have been from datastore
stream.toString should include(s"serving from datastore: ${CacheKey(ns.authkey)}")
@@ -68,7 +71,7 @@ class AuthenticateTests extends ControllerTestCommon with Authenticate {
// repeat query, now should be served from cache
val cachedUser = Await.result(validateCredentials(Some(pass))(transid()), dbOpTimeout)
- cachedUser.get shouldBe Identity(subject, ns.name, ns.authkey, Privilege.ALL)
+ cachedUser.get shouldBe Identity(subject, ns.namespace, ns.authkey, Privilege.ALL)
stream.toString should include(s"serving from cache: ${CacheKey(ns.authkey)}")
stream.reset()
diff --git a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
index 65e810b673..f95c5c0437 100644
--- a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
@@ -58,7 +58,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "authorize a user to only read from their collection" in {
implicit val tid = transid()
val collections = Seq(ACTIONS, RULES, TRIGGERS, PACKAGES, ACTIVATIONS, NAMESPACES)
- val resources = collections map { Resource(someUser.namespace.toPath, _, None) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, None) }
resources foreach { r =>
Await.ready(entitlementProvider.check(someUser, READ, r), requestTimeout).eitherValue.get shouldBe Right({})
@@ -78,9 +78,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
val collections = Seq(ACTIONS, RULES, TRIGGERS, PACKAGES, ACTIVATIONS, NAMESPACES)
val resources = collections map { c: Collection =>
c match {
- case RULES => Resource(anotherUser.namespace.toPath, c, None)
- case NAMESPACES => Resource(anotherUser.namespace.toPath, c, None)
- case _ => Resource(someUser.namespace.toPath, c, None)
+ case RULES => Resource(anotherUser.namespace.name.toPath, c, None)
+ case NAMESPACES => Resource(anotherUser.namespace.name.toPath, c, None)
+ case _ => Resource(someUser.namespace.name.toPath, c, None)
}
}
@@ -92,8 +92,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
resourcesSet.map(r => resourcesList += r)
val resourceNames = resourcesList.map(r => r.fqname).sorted.toSet.mkString(", ")
val resourceOtherNames = Seq(
- Resource(anotherUser.namespace.toPath, RULES, None),
- Resource(anotherUser.namespace.toPath, NAMESPACES, None)).map(r => r.fqname).toSet.mkString(", ")
+ Resource(anotherUser.namespace.name.toPath, RULES, None),
+ Resource(anotherUser.namespace.name.toPath, NAMESPACES, None)).map(r => r.fqname).toSet.mkString(", ")
Await.ready(entitlementProvider.check(someUser, READ, resourcesSet), requestTimeout).eitherValue.get shouldBe Left(
RejectRequest(Forbidden, Messages.notAuthorizedtoAccessResource(resourceOtherNames)))
@@ -116,7 +116,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "not authorize a user to list someone else's collection or access it by other other right" in {
implicit val tid = transid()
val collections = Seq(ACTIONS, RULES, TRIGGERS, PACKAGES, ACTIVATIONS, NAMESPACES)
- val resources = collections map { Resource(someUser.namespace.toPath, _, None) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, None) }
resources foreach { r =>
// it is permissible to list packages in any namespace (provided they are either owned by
// the subject requesting access or the packages are public); that is, the entitlement is more
@@ -143,7 +143,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
// packages are tested separately
val collections = Seq(ACTIONS, RULES, TRIGGERS)
- val resources = collections map { Resource(someUser.namespace.toPath, _, Some("xyz")) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, Some("xyz")) }
resources foreach { r =>
Await.ready(entitlementProvider.check(someUser, READ, r), requestTimeout).eitherValue.get shouldBe Right({})
Await.ready(entitlementProvider.check(someUser, PUT, r), requestTimeout).eitherValue.get shouldBe Right({})
@@ -155,9 +155,11 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "not authorize a user to CRUD an entity in a collection if authkey has no CRUD rights" in {
implicit val tid = transid()
val subject = Subject()
- val someUser = Identity(subject, EntityName(subject.asString), AuthKey(), Set(Privilege.ACTIVATE))
+ val uuid = UUID()
+ val someUser =
+ Identity(subject, Namespace(EntityName(subject.asString), uuid), AuthKey(uuid, Secret()), Set(Privilege.ACTIVATE))
val collections = Seq(ACTIONS, RULES, TRIGGERS)
- val resources = collections map { Resource(someUser.namespace.toPath, _, Some("xyz")) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, Some("xyz")) }
resources foreach { r =>
Await.ready(entitlementProvider.check(someUser, READ, r), requestTimeout).eitherValue.get shouldBe Left(
RejectRequest(Forbidden, Messages.notAuthorizedtoAccessResource(r.fqname)))
@@ -172,7 +174,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "not authorize a user to CRUD or activate an entity in a collection that does not support CRUD or activate" in {
implicit val tid = transid()
val collections = Seq(NAMESPACES, ACTIVATIONS)
- val resources = collections map { Resource(someUser.namespace.toPath, _, Some("xyz")) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, Some("xyz")) }
resources foreach { r =>
Await.ready(entitlementProvider.check(someUser, READ, r), requestTimeout).eitherValue.get shouldBe Right({})
Await.ready(entitlementProvider.check(someUser, PUT, r), requestTimeout).eitherValue.get shouldBe Left(
@@ -187,7 +189,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "not authorize a user to CRUD or activate an entity in someone else's collection" in {
implicit val tid = transid()
val collections = Seq(ACTIONS, RULES, TRIGGERS, PACKAGES)
- val resources = collections map { Resource(someUser.namespace.toPath, _, Some("xyz")) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, Some("xyz")) }
resources foreach { r =>
Await.ready(entitlementProvider.check(guestUser, READ, r), requestTimeout).eitherValue.get shouldBe Left(
RejectRequest(Forbidden, Messages.notAuthorizedtoAccessResource(r.fqname)))
@@ -203,7 +205,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "authorize a user to list, create/update/delete a package" in {
implicit val tid = transid()
val collections = Seq(PACKAGES)
- val resources = collections map { Resource(someUser.namespace.toPath, _, Some("xyz")) }
+ val resources = collections map { Resource(someUser.namespace.name.toPath, _, Some("xyz")) }
resources foreach { r =>
// read should fail because the lookup for the package will fail
Await.ready(entitlementProvider.check(someUser, READ, r), requestTimeout).eitherValue.get shouldBe Left(
@@ -219,8 +221,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "grant access to entire collection to another user" in {
implicit val tid = transid()
- val all = Resource(someUser.namespace.toPath, ACTIONS, None)
- val one = Resource(someUser.namespace.toPath, ACTIONS, Some("xyz"))
+ val all = Resource(someUser.namespace.name.toPath, ACTIONS, None)
+ val one = Resource(someUser.namespace.name.toPath, ACTIONS, Some("xyz"))
Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get should not be Right({})
Await.result(entitlementProvider.grant(adminUser.subject, READ, all), requestTimeout) // granted
@@ -231,8 +233,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
it should "grant access to specific resource to a user" in {
implicit val tid = transid()
- val all = Resource(someUser.namespace.toPath, ACTIONS, None)
- val one = Resource(someUser.namespace.toPath, ACTIONS, Some("xyz"))
+ val all = Resource(someUser.namespace.name.toPath, ACTIONS, None)
+ val one = Resource(someUser.namespace.name.toPath, ACTIONS, Some("xyz"))
Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get should not be Right({})
Await
@@ -271,11 +273,11 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
// any user can list any namespace packages
// (because this performs a db view lookup which is later filtered)
- Resource(someUser.namespace.toPath, PACKAGES, None))
+ Resource(someUser.namespace.name.toPath, PACKAGES, None))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -300,9 +302,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(someUser.namespace.toPath, PACKAGES, Some("xyz")))
+ Resource(someUser.namespace.name.toPath, PACKAGES, Some("xyz")))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -324,15 +326,15 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
(REJECT, guestUser, Right(false)))
// this forces a doc mismatch error
- val action = WhiskAction(someUser.namespace.toPath, MakeName.next(), jsDefault(""))
+ val action = WhiskAction(someUser.namespace.name.toPath, MakeName.next(), jsDefault(""))
put(entityStore, action)
paths foreach {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(someUser.namespace.toPath, PACKAGES, Some(action.name.asString)))
+ Resource(someUser.namespace.name.toPath, PACKAGES, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -341,7 +343,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
implicit val ep = entitlementProvider
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next())
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next())
put(entityStore, provider)
val paths = Seq(
@@ -360,9 +362,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(someUser.namespace.toPath, PACKAGES, Some(provider.name.asString)))
+ Resource(someUser.namespace.name.toPath, PACKAGES, Some(provider.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -372,8 +374,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val ep = entitlementProvider
// simulate entitlement change on package for which binding was once entitled
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next())
- val binding = WhiskPackage(guestUser.namespace.toPath, MakeName.next(), provider.bind)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next())
+ val binding = WhiskPackage(guestUser.namespace.name.toPath, MakeName.next(), provider.bind)
put(entityStore, provider, false)
put(entityStore, binding)
@@ -393,9 +395,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(guestUser.namespace.toPath, PACKAGES, Some(binding.name.asString)))
+ Resource(guestUser.namespace.name.toPath, PACKAGES, Some(binding.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
@@ -405,9 +407,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(guestUser.namespace.toPath, PACKAGES, Some(binding.name.asString)))
+ Resource(guestUser.namespace.name.toPath, PACKAGES, Some(binding.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -417,8 +419,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val ep = entitlementProvider
// simulate entitlement change on package for which binding was once entitled
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = true)
- val binding = WhiskPackage(guestUser.namespace.toPath, MakeName.next(), provider.bind, publish = true)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = true)
+ val binding = WhiskPackage(guestUser.namespace.name.toPath, MakeName.next(), provider.bind, publish = true)
put(entityStore, provider)
put(entityStore, binding)
@@ -438,9 +440,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(guestUser.namespace.toPath, PACKAGES, Some(binding.name.asString)))
+ Resource(guestUser.namespace.name.toPath, PACKAGES, Some(binding.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -449,8 +451,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
implicit val ep = entitlementProvider
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = true)
- val binding = WhiskPackage(guestUser.namespace.toPath, MakeName.next(), provider.bind)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = true)
+ val binding = WhiskPackage(guestUser.namespace.name.toPath, MakeName.next(), provider.bind)
put(entityStore, provider)
put(entityStore, binding)
@@ -470,9 +472,9 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new PackageCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
- Resource(guestUser.namespace.toPath, PACKAGES, Some(binding.name.asString)))
+ Resource(guestUser.namespace.name.toPath, PACKAGES, Some(binding.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -499,11 +501,11 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
// any user can list any namespace packages
// (because this performs a db view lookup which is later filtered)
- Resource(someUser.namespace.toPath, ACTIONS, None))
+ Resource(someUser.namespace.name.toPath, ACTIONS, None))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
}
}
@@ -524,7 +526,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
(ACTIVATE, guestUser, Right(true)),
(REJECT, guestUser, Right(false)))
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = true)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = true)
val action = WhiskAction(provider.fullPath, MakeName.next(), jsDefault(""))
put(entityStore, provider)
put(entityStore, action)
@@ -533,7 +535,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
Resource(action.namespace, ACTIONS, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
@@ -544,7 +546,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
implicit val ep = entitlementProvider
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = false)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = false)
val action = WhiskAction(provider.fullPath, MakeName.next(), jsDefault(""))
put(entityStore, provider)
put(entityStore, action)
@@ -567,7 +569,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
Resource(action.namespace, ACTIONS, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
@@ -578,8 +580,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
implicit val ep = entitlementProvider
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = true)
- val binding = WhiskPackage(guestUser.namespace.toPath, MakeName.next(), provider.bind)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = true)
+ val binding = WhiskPackage(guestUser.namespace.name.toPath, MakeName.next(), provider.bind)
val action = WhiskAction(binding.fullPath, MakeName.next(), jsDefault(""))
put(entityStore, provider)
put(entityStore, binding)
@@ -603,7 +605,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
Resource(action.namespace, ACTIONS, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
@@ -614,8 +616,8 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
implicit val tid = transid()
implicit val ep = entitlementProvider
- val provider = WhiskPackage(someUser.namespace.toPath, MakeName.next(), None, publish = false)
- val binding = WhiskPackage(guestUser.namespace.toPath, MakeName.next(), provider.bind)
+ val provider = WhiskPackage(someUser.namespace.name.toPath, MakeName.next(), None, publish = false)
+ val binding = WhiskPackage(guestUser.namespace.name.toPath, MakeName.next(), provider.bind)
val action = WhiskAction(binding.fullPath, MakeName.next(), jsDefault(""))
put(entityStore, provider)
put(entityStore, binding)
@@ -639,7 +641,7 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
Resource(action.namespace, ACTIONS, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
@@ -662,14 +664,14 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
(ACTIVATE, guestUser, Right(false)),
(REJECT, guestUser, Right(false)))
- val action = WhiskAction(someUser.namespace.toPath, MakeName.next(), jsDefault(""))
+ val action = WhiskAction(someUser.namespace.name.toPath, MakeName.next(), jsDefault(""))
put(entityStore, action)
paths foreach {
case (priv, who, expected) =>
val check = new ActionCollection(entityStore).implicitRights(
who,
- Set(who.namespace.asString),
+ Set(who.namespace.name.asString),
priv,
Resource(action.namespace, ACTIONS, Some(action.name.asString)))
Await.ready(check, requestTimeout).eitherValue.get shouldBe expected
diff --git a/tests/src/test/scala/whisk/core/controller/test/PackagesApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/PackagesApiTests.scala
index 9e48eed760..890cee7656 100644
--- a/tests/src/test/scala/whisk/core/controller/test/PackagesApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/PackagesApiTests.scala
@@ -264,7 +264,7 @@ class PackagesApiTests extends ControllerTestCommon with WhiskPackagesApi {
waitOnView(entityStore, WhiskPackage, namespaces(0), 1)
waitOnView(entityStore, WhiskPackage, namespaces(1), 1)
waitOnView(entityStore, WhiskPackage, namespaces(2), 1)
- val expected = providers filter (_.namespace == creds.namespace.toPath)
+ val expected = providers filter (_.namespace == creds.namespace.name.toPath)
Get(s"$collectionPath?public=true") ~> Route.seal(routes(creds)) ~> check {
status should be(OK)
diff --git a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
index 7f8cde005e..c54797b663 100644
--- a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
@@ -121,9 +121,11 @@ class WebActionsApiTests extends FlatSpec with Matchers with WebActionsApiBaseTe
}
trait WebActionsApiBaseTests extends ControllerTestCommon with BeforeAndAfterEach with WhiskWebActionsApi {
+ val uuid = UUID()
val systemId = Subject()
- val systemKey = AuthKey()
- val systemIdentity = Future.successful(Identity(systemId, EntityName(systemId.asString), systemKey, Privilege.ALL))
+ val systemKey = AuthKey(uuid, Secret())
+ val systemIdentity =
+ Future.successful(Identity(systemId, Namespace(EntityName(systemId.asString), uuid), systemKey, Privilege.ALL))
override lazy val entitlementProvider = new TestingEntitlementProvider(whiskConfig, loadBalancer)
protected val testRoutePath = webInvokePathSegments.mkString("/", "/", "")
@@ -404,7 +406,10 @@ trait WebActionsApiBaseTests extends ControllerTestCommon with BeforeAndAfterEac
"pkg" -> s"$systemId/proxy".toJson,
"action" -> "export_auth".toJson,
"content" -> metaPayload(m.method.name.toLowerCase, JsObject(), creds, pkgName = "proxy"))
- response.fields("content").asJsObject.fields(webApiDirectives.namespace) shouldBe user.namespace.toJson
+ response
+ .fields("content")
+ .asJsObject
+ .fields(webApiDirectives.namespace) shouldBe user.namespace.name.toJson
}
} else {
m(s"$testRoutePath/${path}.json") ~> Route.seal(routes(creds)) ~> check {
@@ -429,7 +434,10 @@ trait WebActionsApiBaseTests extends ControllerTestCommon with BeforeAndAfterEac
creds,
pkgName = "proxy",
headers = List(RawHeader("X-Require-Whisk-Auth", requireAuthenticationKey))))
- response.fields("content").asJsObject.fields(webApiDirectives.namespace) shouldBe user.namespace.toJson
+ response
+ .fields("content")
+ .asJsObject
+ .fields(webApiDirectives.namespace) shouldBe user.namespace.name.toJson
}
// web action require-whisk-auth is set, but the header X-Require-Whisk-Auth value does not match
diff --git a/tests/src/test/scala/whisk/core/controller/test/WhiskAuthHelpers.scala b/tests/src/test/scala/whisk/core/controller/test/WhiskAuthHelpers.scala
index 1c356bf5a1..7d21aee008 100644
--- a/tests/src/test/scala/whisk/core/controller/test/WhiskAuthHelpers.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/WhiskAuthHelpers.scala
@@ -24,13 +24,14 @@ import whisk.core.entity.WhiskAuth
import whisk.core.entity.Subject
import whisk.core.entitlement.Privilege
import whisk.core.entity.Identity
+import whisk.core.entity.Namespace
object WhiskAuthHelpers {
def newAuth(s: Subject = Subject(), k: AuthKey = AuthKey()) = {
- WhiskAuth(s, Set(WhiskNamespace(EntityName(s.asString), k)))
+ WhiskAuth(s, Set(WhiskNamespace(Namespace(EntityName(s.asString), k.uuid), k)))
}
def newIdentity(s: Subject = Subject(), k: AuthKey = AuthKey()) = {
- Identity(s, EntityName(s.asString), k, Privilege.ALL)
+ Identity(s, Namespace(EntityName(s.asString), k.uuid), k, Privilege.ALL)
}
}
diff --git a/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreBehaviorBase.scala b/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreBehaviorBase.scala
index 239bbfc923..96824eacd5 100644
--- a/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreBehaviorBase.scala
+++ b/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreBehaviorBase.scala
@@ -108,7 +108,8 @@ trait ArtifactStoreBehaviorBase
}
protected def wskNS(name: String) = {
- WhiskNamespace(EntityName(name), AuthKey())
+ val uuid = UUID()
+ WhiskNamespace(Namespace(EntityName(name), uuid), AuthKey(uuid, Secret()))
}
private val exec = BlackBoxExec(ExecManifest.ImageName("image"), None, None, native = false)
diff --git a/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreSubjectQueryBehaviors.scala b/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreSubjectQueryBehaviors.scala
index ce78397926..ace195554a 100644
--- a/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreSubjectQueryBehaviors.scala
+++ b/tests/src/test/scala/whisk/core/database/test/behavior/ArtifactStoreSubjectQueryBehaviors.scala
@@ -33,10 +33,12 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
it should "find subject by namespace" in {
implicit val tid: TransactionId = transid()
- val ak1 = AuthKey()
- val ak2 = AuthKey()
- val ns1 = aname()
- val ns2 = aname()
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+ val ak1 = AuthKey(uuid1, Secret())
+ val ak2 = AuthKey(uuid2, Secret())
+ val ns1 = Namespace(aname(), uuid1)
+ val ns2 = Namespace(aname(), uuid2)
val subs =
Array(WhiskAuth(Subject(), Set(WhiskNamespace(ns1, ak1))), WhiskAuth(Subject(), Set(WhiskNamespace(ns2, ak2))))
subs foreach (put(authStore, _))
@@ -44,7 +46,7 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
waitOnView(authStore, ak1, 1)
waitOnView(authStore, ak2, 1)
- val s1 = Identity.get(authStore, ns1).futureValue
+ val s1 = Identity.get(authStore, ns1.name).futureValue
s1.subject shouldBe subs(0).subject
val s2 = Identity.get(authStore, ak2).futureValue
@@ -53,20 +55,23 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
it should "not get blocked subject" in {
implicit val tid: TransactionId = transid()
- val ns1 = aname()
+ val uuid1 = UUID()
+ val ns1 = Namespace(aname(), uuid1)
val ak1 = AuthKey()
val auth = new ExtendedAuth(Subject(), Set(WhiskNamespace(ns1, ak1)), blocked = true)
put(authStore, auth)
- Identity.get(authStore, ns1).failed.futureValue shouldBe a[NoDocumentException]
+ Identity.get(authStore, ns1.name).failed.futureValue shouldBe a[NoDocumentException]
}
it should "not find subject when authKey matches partially" in {
implicit val tid: TransactionId = transid()
- val ak1 = AuthKey()
- val ak2 = AuthKey()
- val ns1 = aname()
- val ns2 = aname()
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+ val ak1 = AuthKey(uuid1, Secret())
+ val ak2 = AuthKey(uuid2, Secret())
+ val ns1 = Namespace(aname(), uuid1)
+ val ns2 = Namespace(aname(), uuid2)
val auth = WhiskAuth(
Subject(),
@@ -80,10 +85,12 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
it should "find subject by namespace with limits" in {
implicit val tid: TransactionId = transid()
- val ak1 = AuthKey()
- val ak2 = AuthKey()
- val name1 = aname()
- val name2 = aname()
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+ val ak1 = AuthKey(uuid1, Secret())
+ val ak2 = AuthKey(uuid2, Secret())
+ val name1 = Namespace(aname(), uuid1)
+ val name2 = Namespace(aname(), uuid2)
val subs = Array(
WhiskAuth(Subject(), Set(WhiskNamespace(name1, ak1))),
WhiskAuth(Subject(), Set(WhiskNamespace(name2, ak2))))
@@ -93,9 +100,9 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
waitOnView(authStore, ak2, 1)
val limits = UserLimits(invocationsPerMinute = Some(7), firesPerMinute = Some(31))
- put(authStore, new LimitEntity(name1, limits))
+ put(authStore, new LimitEntity(name1.name, limits))
- val i = Identity.get(authStore, name1).futureValue
+ val i = Identity.get(authStore, name1.name).futureValue
i.subject shouldBe subs(0).subject
i.limits shouldBe limits
}
@@ -109,8 +116,10 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
val n4 = aname()
val n5 = aname()
- val ak1 = AuthKey()
- val ak2 = AuthKey()
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+ val ak1 = AuthKey(uuid1, Secret())
+ val ak2 = AuthKey(uuid2, Secret())
//Create 3 limits entry where one has limits > 0 thus non blacklisted
//And one blocked subject with 2 namespaces
@@ -118,7 +127,10 @@ trait ArtifactStoreSubjectQueryBehaviors extends ArtifactStoreBehaviorBase {
new LimitEntity(n1, UserLimits(invocationsPerMinute = Some(0))),
new LimitEntity(n2, UserLimits(concurrentInvocations = Some(0))),
new LimitEntity(n3, UserLimits(invocationsPerMinute = Some(7), concurrentInvocations = Some(7))),
- new ExtendedAuth(Subject(), Set(WhiskNamespace(n4, ak1), WhiskNamespace(n5, ak2)), blocked = true))
+ new ExtendedAuth(
+ Subject(),
+ Set(WhiskNamespace(Namespace(n4, uuid1), ak1), WhiskNamespace(Namespace(n5, uuid2), ak2)),
+ blocked = true))
limitsAndAuths foreach (put(authStore, _))
diff --git a/tests/src/test/scala/whisk/core/entity/test/SchemaTests.scala b/tests/src/test/scala/whisk/core/entity/test/SchemaTests.scala
index 6ee2b24d64..05e2f8d941 100644
--- a/tests/src/test/scala/whisk/core/entity/test/SchemaTests.scala
+++ b/tests/src/test/scala/whisk/core/entity/test/SchemaTests.scala
@@ -187,6 +187,9 @@ class SchemaTests extends FlatSpec with BeforeAndAfter with ExecHelpers with Mat
EntityPath.DEFAULT.resolveNamespace(EntityName("a")) shouldBe EntityPath("a")
EntityPath("a").resolveNamespace(EntityName("b")) shouldBe EntityPath("a")
+ EntityPath.DEFAULT.resolveNamespace(Namespace(EntityName("a"), UUID())) shouldBe EntityPath("a")
+ EntityPath("a").resolveNamespace(Namespace(EntityName("b"), UUID())) shouldBe EntityPath("a")
+
EntityPath("a").defaultPackage shouldBe true
EntityPath("a/b").defaultPackage shouldBe false
diff --git a/tests/src/test/scala/whisk/core/invoker/test/NamespaceBlacklistTests.scala b/tests/src/test/scala/whisk/core/invoker/test/NamespaceBlacklistTests.scala
index e3bfd85845..eb5f74dc15 100644
--- a/tests/src/test/scala/whisk/core/invoker/test/NamespaceBlacklistTests.scala
+++ b/tests/src/test/scala/whisk/core/invoker/test/NamespaceBlacklistTests.scala
@@ -62,32 +62,44 @@ class NamespaceBlacklistTests
dbConfig.databaseFor[WhiskAuth])
/* Identities needed for the first test */
+ val uuid1 = UUID()
+ val uuid2 = UUID()
+ val uuid3 = UUID()
val identities = Seq(
- Identity(Subject(), EntityName("testnamespace1"), AuthKey(), Set.empty, UserLimits(invocationsPerMinute = Some(0))),
Identity(
Subject(),
- EntityName("testnamespace2"),
- AuthKey(),
+ Namespace(EntityName("testnamespace1"), uuid1),
+ AuthKey(uuid1, Secret()),
+ Set.empty,
+ UserLimits(invocationsPerMinute = Some(0))),
+ Identity(
+ Subject(),
+ Namespace(EntityName("testnamespace2"), uuid2),
+ AuthKey(uuid2, Secret()),
Set.empty,
UserLimits(concurrentInvocations = Some(0))),
Identity(
Subject(),
- EntityName("testnamespace3"),
- AuthKey(),
+ Namespace(EntityName("testnamespace3"), uuid3),
+ AuthKey(uuid3, Secret()),
Set.empty,
UserLimits(invocationsPerMinute = Some(1), concurrentInvocations = Some(1))))
/* Subject document needed for the second test */
- val subject = WhiskAuth(
- Subject(),
- Set(WhiskNamespace(EntityName("different1"), AuthKey()), WhiskNamespace(EntityName("different2"), AuthKey())))
+ val uuid4 = UUID()
+ val uuid5 = UUID()
+ val ak4 = AuthKey(uuid4, Secret())
+ val ak5 = AuthKey(uuid5, Secret())
+ val ns4 = Namespace(EntityName("different1"), uuid4)
+ val ns5 = Namespace(EntityName("different2"), uuid5)
+ val subject = WhiskAuth(Subject(), Set(WhiskNamespace(ns4, ak4), WhiskNamespace(ns5, ak5)))
val blockedSubject = JsObject(subject.toJson.fields + ("blocked" -> true.toJson))
val blockedNamespacesCount = 2 + subject.namespaces.size
def authToIdentities(auth: WhiskAuth): Set[Identity] = {
auth.namespaces.map { ns =>
- Identity(auth.subject, ns.name, ns.authkey, Set(), UserLimits())
+ Identity(auth.subject, ns.namespace, ns.authkey, Set(), UserLimits())
}
}
diff --git a/tests/src/test/scala/whisk/core/limits/ActionLimitsTests.scala b/tests/src/test/scala/whisk/core/limits/ActionLimitsTests.scala
index aa3caf8bee..77999fbc99 100644
--- a/tests/src/test/scala/whisk/core/limits/ActionLimitsTests.scala
+++ b/tests/src/test/scala/whisk/core/limits/ActionLimitsTests.scala
@@ -245,7 +245,7 @@ class ActionLimitsTests extends TestHelpers with WskTestHelpers {
val allowedSize = ActivationEntityLimit.MAX_ACTIVATION_ENTITY_LIMIT.toBytes
// Needs some bytes grace since activation message is not only the payload.
- val args = Map("p" -> ("a" * (allowedSize - 700).toInt).toJson)
+ val args = Map("p" -> ("a" * (allowedSize - 750).toInt).toJson)
val rr = wsk.action.invoke(name, args, blocking = true, expectedExitCode = TestUtils.SUCCESS_EXIT)
val activation = wsk.parseJsonString(rr.respData).convertTo[ActivationResult]
diff --git a/tests/src/test/scala/whisk/core/loadBalancer/test/InvokerSupervisionTests.scala b/tests/src/test/scala/whisk/core/loadBalancer/test/InvokerSupervisionTests.scala
index 6f0d05ce42..bf0da86d2b 100644
--- a/tests/src/test/scala/whisk/core/loadBalancer/test/InvokerSupervisionTests.scala
+++ b/tests/src/test/scala/whisk/core/loadBalancer/test/InvokerSupervisionTests.scala
@@ -48,17 +48,7 @@ import whisk.core.WhiskConfig
import whisk.core.connector.ActivationMessage
import whisk.core.connector.PingMessage
import whisk.core.entity.ActivationId.ActivationIdGenerator
-import whisk.core.entity.AuthKey
-import whisk.core.entity.DocRevision
-import whisk.core.entity.EntityName
-import whisk.core.entity.EntityPath
-import whisk.core.entity.ExecManifest
-import whisk.core.entity.FullyQualifiedEntityName
-import whisk.core.entity.Identity
-import whisk.core.entity.InstanceId
-import whisk.core.entity.Secret
-import whisk.core.entity.Subject
-import whisk.core.entity.UUID
+import whisk.core.entity._
import whisk.core.loadBalancer.ActivationRequest
import whisk.core.loadBalancer.GetStatus
import whisk.core.loadBalancer.Healthy
@@ -189,14 +179,15 @@ class InvokerSupervisionTests
val supervisor = system.actorOf(InvokerPool.props(childFactory, sendActivationToInvoker, pC))
// Send ActivationMessage to InvokerPool
+ val uuid = UUID()
val activationMessage = ActivationMessage(
transid = TransactionId.invokerHealth,
action = FullyQualifiedEntityName(EntityPath("whisk.system/utils"), EntityName("date")),
revision = DocRevision.empty,
user = Identity(
Subject("unhealthyInvokerCheck"),
- EntityName("unhealthyInvokerCheck"),
- AuthKey(UUID(), Secret()),
+ Namespace(EntityName("unhealthyInvokerCheck"), uuid),
+ AuthKey(uuid, Secret()),
Set[Privilege]()),
activationId = new ActivationIdGenerator {}.make(),
rootControllerIndex = InstanceId(0),
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services