make v25 APIs work with no ACL (#9408)

mangalaman93 · web-flow · commit 0a99f615b551 · 2025-05-13T22:49:05.000+05:30
diff --git a/edgraph/alter.go b/edgraph/alter.go
@@ -108,7 +108,7 @@ func executeDropAllInNs(ctx context.Context, startTs uint64, req *apiv25.AlterRe
 	}
 
 	err = x.RetryUntilSuccess(10, 100*time.Millisecond, func() error {
-		return createGuardianAndGroot(x.AttachNamespace(ctx, nsID), nsID, "password")
+		return createGuardianAndGroot(x.AttachNamespace(ctx, nsID), "password")
 	})
 	if err != nil {
 		return errors.Wrapf(err, "Failed to create guardian and groot: ")
diff --git a/edgraph/multi_tenancy.go b/edgraph/multi_tenancy.go
@@ -105,18 +105,23 @@ func (s *Server) CreateNamespaceInternal(ctx context.Context, passwd string) (ui
 	}
 
 	err = x.RetryUntilSuccess(10, 100*time.Millisecond, func() error {
-		return createGuardianAndGroot(ctx, ids.StartId, passwd)
+		return createGuardianAndGroot(ctx, passwd)
 	})
 	if err != nil {
 		return 0, errors.Wrapf(err, "Failed to create guardian and groot: ")
 	}
+
 	glog.V(2).Infof("Created namespace: %d", ns)
 	return ns, nil
 }
 
 // This function is used while creating new namespace. New namespace creation is only allowed
 // by the guardians of the galaxy group.
-func createGuardianAndGroot(ctx context.Context, namespace uint64, passwd string) error {
+func createGuardianAndGroot(ctx context.Context, passwd string) error {
+	if !x.WorkerConfig.AclEnabled {
+		return nil
+	}
+
 	if err := upsertGuardian(ctx); err != nil {
 		return errors.Wrap(err, "While creating Guardian")
 	}
diff --git a/edgraph/ns_query_no_acl_test.go b/edgraph/ns_query_no_acl_test.go
@@ -0,0 +1,87 @@
+//go:build integration2
+
+/*
+ * SPDX-FileCopyrightText: © Hypermode Inc. <hello@hypermode.com>
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package edgraph
+
+import (
+	"context"
+	"testing"
+
+	"github.com/dgraph-io/dgo/v250"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hypermodeinc/dgraph/v25/dgraphtest"
+)
+
+func TestNamespaces(t *testing.T) {
+	conf := dgraphtest.NewClusterConfig().WithNumAlphas(1).WithNumZeros(1).WithReplicas(1)
+	c, err := dgraphtest.NewLocalCluster(conf)
+	require.NoError(t, err)
+	defer func() { c.Cleanup(t.Failed()) }()
+	require.NoError(t, c.Start())
+
+	// ensure that Open works with no ACL
+	alphaGrpcPort, err := c.GetAlphaGrpcPublicPort(0)
+	require.NoError(t, err)
+	_, err = dgo.Open("dgraph://localhost:" + alphaGrpcPort)
+	require.NoError(t, err)
+
+	client, cleanup, err := c.Client()
+	require.NoError(t, err)
+	defer cleanup()
+
+	// Drop all data
+	require.NoError(t, client.DropAll())
+
+	// Create two namespaces
+	ctx := context.Background()
+	require.NoError(t, client.CreateNamespace(ctx, "ns1"))
+	require.NoError(t, client.CreateNamespace(ctx, "ns2"))
+
+	// namespace 1
+	require.NoError(t, client.SetSchema(ctx, "ns1", `name: string @index(exact) .`))
+	resp, err := client.RunDQL(ctx, "ns1", `{ set {_:a <name> "Alice" .}}`)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resp.BlankUids))
+	resp, err = client.RunDQL(ctx, "ns1", `{ q(func: has(name)) { name } }`)
+	require.NoError(t, err)
+	require.JSONEq(t, `{"q":[{"name":"Alice"}]}`, string(resp.GetQueryResult()))
+
+	// namespace 2
+	require.NoError(t, client.SetSchema(ctx, "ns2", `name: string @index(exact) .`))
+	_, err = client.RunDQL(ctx, "ns2", `{ set {_:a <name> "Bob" .}}`)
+	require.NoError(t, err)
+	resp, err = client.RunDQL(ctx, "ns2", `{ q(func: has(name)) { name } }`)
+	require.NoError(t, err)
+	require.JSONEq(t, `{"q":[{"name":"Bob"}]}`, string(resp.GetQueryResult()))
+
+	// rename ns2 namespace
+	require.NoError(t, client.RenameNamespace(ctx, "ns2", "ns2-new"))
+
+	// check if the data is still there
+	resp, err = client.RunDQL(ctx, "ns2-new", `{ q(func: has(name)) { name } }`)
+	require.NoError(t, err)
+	require.JSONEq(t, `{"q":[{"name":"Bob"}]}`, string(resp.GetQueryResult()))
+
+	// List Namespaces
+	nsMaps, err := client.ListNamespaces(ctx)
+	require.NoError(t, err)
+	require.Len(t, nsMaps, 3)
+
+	// drop ns2-new namespace
+	require.NoError(t, client.DropNamespace(ctx, "ns2-new"))
+	_, err = client.RunDQL(ctx, "ns2-new", `{ q(func: has(name)) { name } }`)
+	require.ErrorContains(t, err, "namespace \"ns2-new\" not found")
+	nsMaps, err = client.ListNamespaces(ctx)
+	require.NoError(t, err)
+	require.Len(t, nsMaps, 2)
+
+	// drop ns1 namespace
+	require.NoError(t, client.DropNamespace(ctx, "ns1"))
+	_, err = client.RunDQL(ctx, "ns1", `{ q(func: has(name)) { name } }`)
+	require.ErrorContains(t, err, "namespace \"ns1\" not found")
+}
diff --git a/x/acl_enc_keys.go b/x/acl_enc_keys.go
@@ -139,7 +139,7 @@ func checkAclKeyLength(alg jwt.SigningMethod, key Sensitive) error {
 
 	// SHA length has to be smaller or equal to the key length
 	if sl > len(key)*8 {
-		return errors.Errorf("ACL key length [%v <= %v] bits for JWT algorithm [%v]", sl, len(key)*8, alg.Alg())
+		return errors.Errorf("ACL key length [%v <= %v] bits for JWT algorithm [%v]", len(key)*8, sl, alg.Alg())
 	}
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func executeDropAllInNs(ctx context.Context, startTs uint64, req *apiv25.AlterRe`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`err = x.RetryUntilSuccess(10, 100*time.Millisecond, func() error {`
`111`		`- return createGuardianAndGroot(x.AttachNamespace(ctx, nsID), nsID, "password")`
	`111`	`+ return createGuardianAndGroot(x.AttachNamespace(ctx, nsID), "password")`
`112`	`112`	`})`
`113`	`113`	`if err != nil {`
`114`	`114`	`return errors.Wrapf(err, "Failed to create guardian and groot: ")`
Original file line number	Diff line number	Diff line change
`@@ -105,18 +105,23 @@ func (s *Server) CreateNamespaceInternal(ctx context.Context, passwd string) (ui`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`err = x.RetryUntilSuccess(10, 100*time.Millisecond, func() error {`
`108`		`- return createGuardianAndGroot(ctx, ids.StartId, passwd)`
	`108`	`+ return createGuardianAndGroot(ctx, passwd)`
`109`	`109`	`})`
`110`	`110`	`if err != nil {`
`111`	`111`	`return 0, errors.Wrapf(err, "Failed to create guardian and groot: ")`
`112`	`112`	`}`
	`113`	`+`
`113`	`114`	`glog.V(2).Infof("Created namespace: %d", ns)`
`114`	`115`	`return ns, nil`
`115`	`116`	`}`
`116`	`117`
`117`	`118`	`// This function is used while creating new namespace. New namespace creation is only allowed`
`118`	`119`	`// by the guardians of the galaxy group.`
`119`		`-func createGuardianAndGroot(ctx context.Context, namespace uint64, passwd string) error {`
	`120`	`+func createGuardianAndGroot(ctx context.Context, passwd string) error {`
	`121`	`+ if !x.WorkerConfig.AclEnabled {`
	`122`	`+ return nil`
	`123`	`+ }`
	`124`	`+`
`120`	`125`	`if err := upsertGuardian(ctx); err != nil {`
`121`	`126`	`return errors.Wrap(err, "While creating Guardian")`
`122`	`127`	`}`
Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ func checkAclKeyLength(alg jwt.SigningMethod, key Sensitive) error {`
`139`	`139`
`140`	`140`	`// SHA length has to be smaller or equal to the key length`
`141`	`141`	`if sl > len(key)*8 {`
`142`		`- return errors.Errorf("ACL key length [%v <= %v] bits for JWT algorithm [%v]", sl, len(key)*8, alg.Alg())`
	`142`	`+ return errors.Errorf("ACL key length [%v <= %v] bits for JWT algorithm [%v]", len(key)*8, sl, alg.Alg())`
`143`	`143`	`}`
`144`	`144`	`return nil`
`145`	`145`	`}`