The gem still lives in the canvas-lms repo, but has separate tests, and
knows nothing about Canvas proper. Canvas' usage of the gem is through
Canvas::Cassandra::DatabaseBuilder (and Canvas::Cassandra::Migration).
Change-Id: I51878055647225755d54edc5595b8189b7bea3cc
Signed-off-by: Stephan Hagemann <stephan.hagemann@instructure.com>
Reviewed-on: https://gerrit.instructure.com/28632
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-390
stores and allows querying by user/account/pseudonym of login/logout
events.
test-plan:
[setup]
- set up an 'auditors' keyspace in cassandra and run migrations
- have shardX and shardY on one database server, and shardZ on a
different database server
- have accountW and accountX on shardX
- have accountY and accountZ on shardY and shardZ, respectively
- have userA on shardX with pseudonymAW in accountW and pseudonymAX in
accountX (cross-account, single-shard user)
- have userB on shardY with pseudonymBY in accountY and pseudonymBX in
accountX (cross-shard user)
- have userC on shardZ with pseudonymCZ in accountZ and pseudonymCX in
accountX (cross-db-server user)
- log in and out of each pseudonym above multiple times
[index isolation]
- /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should
include logins and logouts from pseudonymAX only
- /api/v1/audit/authentication/accounts/<accountX> should include
logins and logouts from pseudonymAX, pseudonymBX, and pseudonymCX
but not pseudonymAW
- /api/v1/audit/authentication/users/<userA> should include logins
and logouts from both pseudonymAW and pseudonymAX but not
pseudonymBX or pseudonymCX
[permission isolation]
(in each of these, either :view_statistics or :manage_user_logins on
an account qualifies as "having permission")
- /api/v1/audit/authentication/pseudonyms/<pseudonymAX> should be
unauthorized if the current user doesn't have permission on
accountX
- /api/v1/audit/authentication/accounts/<accountX> should be
unauthorized if the current user doesn't have permission on
accountX
- /api/v1/audit/authentication/users/<userA> should be unauthorized
if the current user doesn't have permission on either of accountW
or accountX
- /api/v1/audit/authentication/users/<userA> should include logins
and logouts from accountW but not from accountX if the current
user has permission on accountW but not on accountX
[sharding]
- /api/v1/audit/authentication/users/<userB> should include logins
and logouts from both pseudonymBY and pseudonymBX
- /api/v1/audit/authentication/users/<userB> should not include
duplicate logins and logouts from either pseudonymBY and
pseudonymBX (potential for bug due to both pseudonyms' shards
being on the same database server)
- /api/v1/audit/authentication/users/<userC> should include logins
and logouts from both pseudonymCZ and pseudonymCX
Change-Id: I74b1573b346935f733fe5b07919d2d450cf07592
Reviewed-on: https://gerrit.instructure.com/21829
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
This is meant to be a one-time run, when setting up a new cassandra
cluster for page views and you want to migrate all your current page
views sitting in your db to that cluster.
test plan: generate some db page views, then switch configuration to
cassandra page views. run rake db:migrate_pageviews_to_cassandra and the
existing db page views should now be in cassandra, including showing up
in the user's page view history.
Change-Id: Ib1b1aa4277c306c1c651e9ca587d3654ab0d00d3
Reviewed-on: https://gerrit.instructure.com/14687
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Duane Johnson <duane@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Adds a new back-end store for page_views, using a Cassandra cluster. All
the current page view queries are supported, many using denormalized
views on the data.
test plan:
first, canvas instances that are currently using AR page views
should function as before.
by Setting.set('enable_page_views', 'cassandra') and restarting, you will
switch to cassandra page views. a script to migrate the AR page views to
Cassandra is coming. all page view functionality should work as before.
note that the format of the pagination headers in the
/api/v1/users/X/page_views endpoint has changed.
Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4
Reviewed-on: https://gerrit.instructure.com/14258
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Brian Palmer