canvas-lms/spec/cassandra_spec_helper.rb

#
# Copyright (C) 2012 Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#

require File.expand_path(File.dirname(__FILE__) + '/spec_helper')

def truncate_cassandra(config)
  db = Canvas::Cassandra::DatabaseBuilder.from_config(config)
  tables = db.execute("SELECT columnfamily_name FROM system.schema_columnfamilies WHERE keyspace_name = '#{db.keyspace}'").map{|a| a["columnfamily_name"]}
  tables.each do |table|
    db.execute("TRUNCATE #{table}")
  end
end

shared_examples_for "cassandra page views" do
  before do
    if Canvas::Cassandra::DatabaseBuilder.configured?('page_views')
      Setting.set('enable_page_views', 'cassandra')
    else
      skip "needs cassandra page_views configuration"
    end
    truncate_cassandra(:page_views)
  end
end

shared_examples_for "cassandra audit logs" do
  before do
    unless Canvas::Cassandra::DatabaseBuilder.configured?('auditors')
      skip "needs cassandra auditors configuration"
    end
    truncate_cassandra(:auditors)
  end
end
cassandra store for page views Adds a new back-end store for page_views, using a Cassandra cluster. All the current page view queries are supported, many using denormalized views on the data. test plan: first, canvas instances that are currently using AR page views should function as before. by Setting.set('enable_page_views', 'cassandra') and restarting, you will switch to cassandra page views. a script to migrate the AR page views to Cassandra is coming. all page view functionality should work as before. note that the format of the pagination headers in the /api/v1/users/X/page_views endpoint has changed. Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4 Reviewed-on: https://gerrit.instructure.com/14258 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> 2012-09-25 04:05:43 +08:00			`#`
			`# Copyright (C) 2012 Instructure, Inc.`
			`#`
			`# This file is part of Canvas.`
			`#`
			`# Canvas is free software: you can redistribute it and/or modify it under`
			`# the terms of the GNU Affero General Public License as published by the Free`
			`# Software Foundation, version 3 of the License.`
			`#`
			`# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY`
			`# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR`
			`# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more`
			`# details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License along`
			`# with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

			`require File.expand_path(File.dirname(__FILE__) + '/spec_helper')`

spec: truncate cassandra tables before specs Change-Id: I5f51f5b371a26e645bef2863c43afca28933fccc Reviewed-on: https://gerrit.instructure.com/208791 Tested-by: Jenkins Reviewed-by: Cody Cutrer <cody@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> 2019-09-10 21:09:25 +08:00			`def truncate_cassandra(config)`
			`db = Canvas::Cassandra::DatabaseBuilder.from_config(config)`
			`tables = db.execute("SELECT columnfamily_name FROM system.schema_columnfamilies WHERE keyspace_name = '#{db.keyspace}'").map{\|a\| a["columnfamily_name"]}`
			`tables.each do \|table\|`
			`db.execute("TRUNCATE #{table}")`
			`end`
			`end`

cassandra store for page views Adds a new back-end store for page_views, using a Cassandra cluster. All the current page view queries are supported, many using denormalized views on the data. test plan: first, canvas instances that are currently using AR page views should function as before. by Setting.set('enable_page_views', 'cassandra') and restarting, you will switch to cassandra page views. a script to migrate the AR page views to Cassandra is coming. all page view functionality should work as before. note that the format of the pagination headers in the /api/v1/users/X/page_views endpoint has changed. Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4 Reviewed-on: https://gerrit.instructure.com/14258 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> 2012-09-25 04:05:43 +08:00			`shared_examples_for "cassandra page views" do`
			`before do`
extract canvas_cassandra gem The gem still lives in the canvas-lms repo, but has separate tests, and knows nothing about Canvas proper. Canvas' usage of the gem is through Canvas::Cassandra::DatabaseBuilder (and Canvas::Cassandra::Migration). Change-Id: I51878055647225755d54edc5595b8189b7bea3cc Signed-off-by: Stephan Hagemann <stephan.hagemann@instructure.com> Reviewed-on: https://gerrit.instructure.com/28632 Reviewed-by: Brian Palmer <brianp@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> Product-Review: Brian Palmer <brianp@instructure.com> 2014-01-16 05:03:44 +08:00			`if Canvas::Cassandra::DatabaseBuilder.configured?('page_views')`
cassandra store for page views Adds a new back-end store for page_views, using a Cassandra cluster. All the current page view queries are supported, many using denormalized views on the data. test plan: first, canvas instances that are currently using AR page views should function as before. by Setting.set('enable_page_views', 'cassandra') and restarting, you will switch to cassandra page views. a script to migrate the AR page views to Cassandra is coming. all page view functionality should work as before. note that the format of the pagination headers in the /api/v1/users/X/page_views endpoint has changed. Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4 Reviewed-on: https://gerrit.instructure.com/14258 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> 2012-09-25 04:05:43 +08:00			`Setting.set('enable_page_views', 'cassandra')`
			`else`
don't log errors for unconfigured auditors fixes gh-793 also switch cassandra specs to skip if cassandra isn't configured (instead of pend, which tries to run them anyway, and then fails if they pass) test plan: * don't have auditors in database.yml * log in to canvas * you shouldn't see an error about auditors being unavailable in the log Change-Id: Icc3e4376da21a71db8a3ec0020393e209c7eaa2e Reviewed-on: https://gerrit.instructure.com/75643 Tested-by: Jenkins Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> 2016-03-30 03:03:43 +08:00			`skip "needs cassandra page_views configuration"`
cassandra store for page views Adds a new back-end store for page_views, using a Cassandra cluster. All the current page view queries are supported, many using denormalized views on the data. test plan: first, canvas instances that are currently using AR page views should function as before. by Setting.set('enable_page_views', 'cassandra') and restarting, you will switch to cassandra page views. a script to migrate the AR page views to Cassandra is coming. all page view functionality should work as before. note that the format of the pagination headers in the /api/v1/users/X/page_views endpoint has changed. Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4 Reviewed-on: https://gerrit.instructure.com/14258 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> 2012-09-25 04:05:43 +08:00			`end`
spec: truncate cassandra tables before specs Change-Id: I5f51f5b371a26e645bef2863c43afca28933fccc Reviewed-on: https://gerrit.instructure.com/208791 Tested-by: Jenkins Reviewed-by: Cody Cutrer <cody@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> 2019-09-10 21:09:25 +08:00			`truncate_cassandra(:page_views)`
cassandra store for page views Adds a new back-end store for page_views, using a Cassandra cluster. All the current page view queries are supported, many using denormalized views on the data. test plan: first, canvas instances that are currently using AR page views should function as before. by Setting.set('enable_page_views', 'cassandra') and restarting, you will switch to cassandra page views. a script to migrate the AR page views to Cassandra is coming. all page view functionality should work as before. note that the format of the pagination headers in the /api/v1/users/X/page_views endpoint has changed. Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4 Reviewed-on: https://gerrit.instructure.com/14258 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> 2012-09-25 04:05:43 +08:00			`end`
			`end`
Auditors::Authentication fixes CNVS-390 stores and allows querying by user/account/pseudonym of login/logout events. test-plan: [setup] - set up an 'auditors' keyspace in cassandra and run migrations - have shardX and shardY on one database server, and shardZ on a different database server - have accountW and accountX on shardX - have accountY and accountZ on shardY and shardZ, respectively - have userA on shardX with pseudonymAW in accountW and pseudonymAX in accountX (cross-account, single-shard user) - have userB on shardY with pseudonymBY in accountY and pseudonymBX in accountX (cross-shard user) - have userC on shardZ with pseudonymCZ in accountZ and pseudonymCX in accountX (cross-db-server user) - log in and out of each pseudonym above multiple times [index isolation] - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should include logins and logouts from pseudonymAX only - /api/v1/audit/authentication/accounts/<accountX> should include logins and logouts from pseudonymAX, pseudonymBX, and pseudonymCX but not pseudonymAW - /api/v1/audit/authentication/users/<userA> should include logins and logouts from both pseudonymAW and pseudonymAX but not pseudonymBX or pseudonymCX [permission isolation] (in each of these, either :view_statistics or :manage_user_logins on an account qualifies as "having permission") - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/accounts/<accountX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/users/<userA> should be unauthorized if the current user doesn't have permission on either of accountW or accountX - /api/v1/audit/authentication/users/<userA> should include logins and logouts from accountW but not from accountX if the current user has permission on accountW but not on accountX [sharding] - /api/v1/audit/authentication/users/<userB> should include logins and logouts from both pseudonymBY and pseudonymBX - /api/v1/audit/authentication/users/<userB> should not include duplicate logins and logouts from either pseudonymBY and pseudonymBX (potential for bug due to both pseudonyms' shards being on the same database server) - /api/v1/audit/authentication/users/<userC> should include logins and logouts from both pseudonymCZ and pseudonymCX Change-Id: I74b1573b346935f733fe5b07919d2d450cf07592 Reviewed-on: https://gerrit.instructure.com/21829 Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Jacob Fugal <jacob@instructure.com> 2013-06-28 06:43:15 +08:00
			`shared_examples_for "cassandra audit logs" do`
			`before do`
extract canvas_cassandra gem The gem still lives in the canvas-lms repo, but has separate tests, and knows nothing about Canvas proper. Canvas' usage of the gem is through Canvas::Cassandra::DatabaseBuilder (and Canvas::Cassandra::Migration). Change-Id: I51878055647225755d54edc5595b8189b7bea3cc Signed-off-by: Stephan Hagemann <stephan.hagemann@instructure.com> Reviewed-on: https://gerrit.instructure.com/28632 Reviewed-by: Brian Palmer <brianp@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> Product-Review: Brian Palmer <brianp@instructure.com> 2014-01-16 05:03:44 +08:00			`unless Canvas::Cassandra::DatabaseBuilder.configured?('auditors')`
don't log errors for unconfigured auditors fixes gh-793 also switch cassandra specs to skip if cassandra isn't configured (instead of pend, which tries to run them anyway, and then fails if they pass) test plan: * don't have auditors in database.yml * log in to canvas * you shouldn't see an error about auditors being unavailable in the log Change-Id: Icc3e4376da21a71db8a3ec0020393e209c7eaa2e Reviewed-on: https://gerrit.instructure.com/75643 Tested-by: Jenkins Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> 2016-03-30 03:03:43 +08:00			`skip "needs cassandra auditors configuration"`
Auditors::Authentication fixes CNVS-390 stores and allows querying by user/account/pseudonym of login/logout events. test-plan: [setup] - set up an 'auditors' keyspace in cassandra and run migrations - have shardX and shardY on one database server, and shardZ on a different database server - have accountW and accountX on shardX - have accountY and accountZ on shardY and shardZ, respectively - have userA on shardX with pseudonymAW in accountW and pseudonymAX in accountX (cross-account, single-shard user) - have userB on shardY with pseudonymBY in accountY and pseudonymBX in accountX (cross-shard user) - have userC on shardZ with pseudonymCZ in accountZ and pseudonymCX in accountX (cross-db-server user) - log in and out of each pseudonym above multiple times [index isolation] - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should include logins and logouts from pseudonymAX only - /api/v1/audit/authentication/accounts/<accountX> should include logins and logouts from pseudonymAX, pseudonymBX, and pseudonymCX but not pseudonymAW - /api/v1/audit/authentication/users/<userA> should include logins and logouts from both pseudonymAW and pseudonymAX but not pseudonymBX or pseudonymCX [permission isolation] (in each of these, either :view_statistics or :manage_user_logins on an account qualifies as "having permission") - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/accounts/<accountX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/users/<userA> should be unauthorized if the current user doesn't have permission on either of accountW or accountX - /api/v1/audit/authentication/users/<userA> should include logins and logouts from accountW but not from accountX if the current user has permission on accountW but not on accountX [sharding] - /api/v1/audit/authentication/users/<userB> should include logins and logouts from both pseudonymBY and pseudonymBX - /api/v1/audit/authentication/users/<userB> should not include duplicate logins and logouts from either pseudonymBY and pseudonymBX (potential for bug due to both pseudonyms' shards being on the same database server) - /api/v1/audit/authentication/users/<userC> should include logins and logouts from both pseudonymCZ and pseudonymCX Change-Id: I74b1573b346935f733fe5b07919d2d450cf07592 Reviewed-on: https://gerrit.instructure.com/21829 Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Jacob Fugal <jacob@instructure.com> 2013-06-28 06:43:15 +08:00			`end`
spec: truncate cassandra tables before specs Change-Id: I5f51f5b371a26e645bef2863c43afca28933fccc Reviewed-on: https://gerrit.instructure.com/208791 Tested-by: Jenkins Reviewed-by: Cody Cutrer <cody@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> 2019-09-10 21:09:25 +08:00			`truncate_cassandra(:auditors)`
Auditors::Authentication fixes CNVS-390 stores and allows querying by user/account/pseudonym of login/logout events. test-plan: [setup] - set up an 'auditors' keyspace in cassandra and run migrations - have shardX and shardY on one database server, and shardZ on a different database server - have accountW and accountX on shardX - have accountY and accountZ on shardY and shardZ, respectively - have userA on shardX with pseudonymAW in accountW and pseudonymAX in accountX (cross-account, single-shard user) - have userB on shardY with pseudonymBY in accountY and pseudonymBX in accountX (cross-shard user) - have userC on shardZ with pseudonymCZ in accountZ and pseudonymCX in accountX (cross-db-server user) - log in and out of each pseudonym above multiple times [index isolation] - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should include logins and logouts from pseudonymAX only - /api/v1/audit/authentication/accounts/<accountX> should include logins and logouts from pseudonymAX, pseudonymBX, and pseudonymCX but not pseudonymAW - /api/v1/audit/authentication/users/<userA> should include logins and logouts from both pseudonymAW and pseudonymAX but not pseudonymBX or pseudonymCX [permission isolation] (in each of these, either :view_statistics or :manage_user_logins on an account qualifies as "having permission") - /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/accounts/<accountX> should be unauthorized if the current user doesn't have permission on accountX - /api/v1/audit/authentication/users/<userA> should be unauthorized if the current user doesn't have permission on either of accountW or accountX - /api/v1/audit/authentication/users/<userA> should include logins and logouts from accountW but not from accountX if the current user has permission on accountW but not on accountX [sharding] - /api/v1/audit/authentication/users/<userB> should include logins and logouts from both pseudonymBY and pseudonymBX - /api/v1/audit/authentication/users/<userB> should not include duplicate logins and logouts from either pseudonymBY and pseudonymBX (potential for bug due to both pseudonyms' shards being on the same database server) - /api/v1/audit/authentication/users/<userC> should include logins and logouts from both pseudonymCZ and pseudonymCX Change-Id: I74b1573b346935f733fe5b07919d2d450cf07592 Reviewed-on: https://gerrit.instructure.com/21829 Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Jacob Fugal <jacob@instructure.com> 2013-06-28 06:43:15 +08:00			`end`
			`end`