PSUPCLPL-17184. Add monitor_main privileges for dml and ro users

basic/role.go

@@ -143,6 +143,7 @@ func (bp BaseProvider) CreateRoleWithDMLPermissions() error {
 		ClusterScrollClearPermission,
 		ClusterMonitorTaskGetPermission,
 		ClusterMonitorStatePermission,
+		ClusterMonitorMainPermission,
 	}
 	return bp.createRole(clusterPermissions, indexPermissions, []string{}, DmlRoleType)
 }
@@ -161,6 +162,7 @@ func (bp BaseProvider) CreateRoleWithReadOnlyPermissions() error {
 		strings.ToUpper(ClusterReadOnlyPermissions),
 		ClusterScrollClearPermission,
 		ClusterMonitorStatePermission,
+		ClusterMonitorMainPermission,
 	}
 	return bp.createRole(clusterPermissions, indexPermissions, []string{}, ReadOnlyRoleType)
 }

basic/user.go

@@ -101,20 +101,21 @@ func (bp BaseProvider) CreateUserHandler() func(w http.ResponseWriter, r *http.R
 }
 
 func (bp BaseProvider) ensureUser(username string, userCreateRequest dao.UserCreateRequest, ctx context.Context) (*CreatedUser, error) {
-	indexName := userCreateRequest.DbName
+	dbName := userCreateRequest.DbName
 	roleType := userCreateRequest.Role
 	if roleType == "" {
 		roleType = AdminRoleType
 	}
 	username, password, resources, err :=
-		bp.createOrUpdateUser(username, userCreateRequest.Password, indexName, roleType, ctx)
+		bp.createOrUpdateUser(username, userCreateRequest.Password, dbName, roleType, ctx)
 	if err != nil {
 		return nil, err
 	}
-	if indexName != "" {
-		resources = append(resources, dao.DbResource{Kind: common.IndexKind, Name: indexName})
+	if dbName != "" {
+		resources = append(resources, dao.DbResource{Kind: common.MetadataKind, Name: dbName})
+		resources = append(resources, dao.DbResource{Kind: common.ResourcePrefixKind, Name: dbName})
 	}
-	connectionProperties := bp.GetExtendedConnectionProperties(indexName, username, password, "", roleType)
+	connectionProperties := bp.GetExtendedConnectionProperties("", username, password, "", roleType)
 	user, err := bp.GetUser(username)
 	if err != nil {
 		return nil, err
@@ -125,7 +126,7 @@ func (bp BaseProvider) ensureUser(username string, userCreateRequest dao.UserCre
 
 	response := &CreatedUser{
 		ConnectionProperties: connectionProperties,
-		Name:                 indexName,
+		Name:                 dbName,
 		Resources:            resources,
 	}
 	return response, nil

basic/user_test.go

@@ -15,7 +15,6 @@
 package basic
 
 import (
-	"fmt"
 	"github.com/Netcracker/dbaas-opensearch-adapter/common"
 	"github.com/Netcracker/qubership-dbaas-adapter-core/pkg/dao"
 	"github.com/stretchr/testify/assert"
@@ -32,15 +31,16 @@ func TestUpdateUserWithDbNameAndPassword(t *testing.T) {
 	assert.Empty(t, err)
 	assert.Equal(t, username, response.ConnectionProperties.ResourcePrefix)
 	assert.Equal(t, userCreateRequest.DbName, response.Name)
-	assert.Equal(t, userCreateRequest.DbName, response.ConnectionProperties.DbName)
-	expectedUrl := fmt.Sprintf("http://localhost:9200/%s", userCreateRequest.DbName)
+	assert.Equal(t, "", response.ConnectionProperties.DbName)
+	expectedUrl := "http://localhost:9200/"
 	assert.Equal(t, expectedUrl, response.ConnectionProperties.Url)
 	assert.Equal(t, username, response.ConnectionProperties.Username)
 	assert.Equal(t, userCreateRequest.Password, response.ConnectionProperties.Password)
 	assert.Equal(t, AdminRoleType, response.ConnectionProperties.Role)
 	expectedResources := []dao.DbResource{
 		{Kind: common.UserKind, Name: username},
-		{Kind: common.IndexKind, Name: userCreateRequest.DbName},
+		{Kind: common.MetadataKind, Name: userCreateRequest.DbName},
+		{Kind: common.ResourcePrefixKind, Name: userCreateRequest.DbName},
 	}
 	assert.ElementsMatch(t, expectedResources, response.Resources)
 }
@@ -54,15 +54,16 @@ func TestCreateUserWithoutUsername(t *testing.T) {
 	assert.Empty(t, err)
 	assert.Empty(t, response.ConnectionProperties.ResourcePrefix)
 	assert.Equal(t, userCreateRequest.DbName, response.Name)
-	assert.Equal(t, userCreateRequest.DbName, response.ConnectionProperties.DbName)
-	expectedUrl := fmt.Sprintf("http://localhost:9200/%s", userCreateRequest.DbName)
+	assert.Equal(t, "", response.ConnectionProperties.DbName)
+	expectedUrl := "http://localhost:9200/"
 	assert.Equal(t, expectedUrl, response.ConnectionProperties.Url)
 	assert.Contains(t, response.ConnectionProperties.Username, "dbaas_")
 	assert.Equal(t, userCreateRequest.Password, response.ConnectionProperties.Password)
 	assert.Equal(t, AdminRoleType, response.ConnectionProperties.Role)
 	expectedResources := []dao.DbResource{
 		{Kind: common.UserKind, Name: response.ConnectionProperties.Username},
-		{Kind: common.IndexKind, Name: userCreateRequest.DbName},
+		{Kind: common.MetadataKind, Name: userCreateRequest.DbName},
+		{Kind: common.ResourcePrefixKind, Name: userCreateRequest.DbName},
 	}
 	assert.ElementsMatch(t, expectedResources, response.Resources)
 }
@@ -76,15 +77,16 @@ func TestUpdateUserWithDbName(t *testing.T) {
 	assert.Empty(t, err)
 	assert.Equal(t, username, response.ConnectionProperties.ResourcePrefix)
 	assert.Equal(t, userCreateRequest.DbName, response.Name)
-	assert.Equal(t, userCreateRequest.DbName, response.ConnectionProperties.DbName)
-	expectedUrl := fmt.Sprintf("http://localhost:9200/%s", userCreateRequest.DbName)
+	assert.Equal(t, "", response.ConnectionProperties.DbName)
+	expectedUrl := "http://localhost:9200/"
 	assert.Equal(t, expectedUrl, response.ConnectionProperties.Url)
 	assert.Equal(t, username, response.ConnectionProperties.Username)
 	assert.NotEmpty(t, response.ConnectionProperties.Password)
 	assert.Equal(t, AdminRoleType, response.ConnectionProperties.Role)
 	expectedResources := []dao.DbResource{
 		{Kind: common.UserKind, Name: username},
-		{Kind: common.IndexKind, Name: userCreateRequest.DbName},
+		{Kind: common.MetadataKind, Name: userCreateRequest.DbName},
+		{Kind: common.ResourcePrefixKind, Name: userCreateRequest.DbName},
 	}
 	assert.ElementsMatch(t, expectedResources, response.Resources)
 }