mirror of
https://github.com/trustgraph-ai/trustgraph.git
synced 2026-05-06 22:02:37 +02:00
Per-workspace queue routing for workspace-scoped services (#862)
Workspace identity is now determined by queue infrastructure instead of message body fields, closing a privilege-escalation vector where a caller could spoof workspace in the request payload. - Add WorkspaceProcessor base class: discovers workspaces from config at startup, creates per-workspace consumers (queue:workspace), and manages consumer lifecycle on workspace create/delete events - Roll out to librarian, flow-svc, knowledge cores, and config-svc - Config service gets a dual-queue regime: a system queue for cross-workspace ops (getvalues-all-ws, bootstrapper writes to __workspaces__) and per-workspace queues for tenant-scoped ops, with workspace discovery from its own Cassandra store - Remove workspace field from request schemas (FlowRequest, LibrarianRequest, KnowledgeRequest, CollectionManagementRequest) and from DocumentMetadata / ProcessingMetadata — table stores now accept workspace as an explicit parameter - Strip workspace encode/decode from all message translators and gateway serializers - Gateway enforces workspace existence: reject requests targeting non-existent workspaces instead of routing to queues with no consumer - Config service provisions new workspaces from __template__ on creation - Add workspace lifecycle hooks to AsyncProcessor so any processor can react to workspace create/delete without subclassing WorkspaceProcessor
This commit is contained in:
cybermaggedon
GitHub
parent
9be257ceee
commit
9f2bfbce0c
53 changed files with 1565 additions and 677 deletions
|
|
@ -34,7 +34,7 @@ class _Identity:
|
|||
self.source = "api-key"
|
||||
|
||||
|
||||
def _allow_auth(identity=None):
|
||||
def _allow_auth(identity=None, workspaces=None):
|
||||
"""Build an Auth double that authenticates to ``identity`` and
|
||||
allows every authorise() call."""
|
||||
auth = MagicMock()
|
||||
|
|
@ -42,16 +42,18 @@ def _allow_auth(identity=None):
|
|||
return_value=identity or _Identity(),
|
||||
)
|
||||
auth.authorise = AsyncMock(return_value=None)
|
||||
auth.known_workspaces = workspaces or {"default", "acme"}
|
||||
return auth
|
||||
|
||||
|
||||
def _deny_auth(identity=None):
|
||||
def _deny_auth(identity=None, workspaces=None):
|
||||
"""Build an Auth double that authenticates but denies authorise."""
|
||||
auth = MagicMock()
|
||||
auth.authenticate = AsyncMock(
|
||||
return_value=identity or _Identity(),
|
||||
)
|
||||
auth.authorise = AsyncMock(side_effect=access_denied())
|
||||
auth.known_workspaces = workspaces or {"default", "acme"}
|
||||
return auth
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ class TestDispatcherManager:
|
|||
params = {"kind": "test_kind"}
|
||||
result = await manager.process_global_service("data", "responder", params)
|
||||
|
||||
manager.invoke_global_service.assert_called_once_with("data", "responder", "test_kind")
|
||||
manager.invoke_global_service.assert_called_once_with("data", "responder", "test_kind", workspace=None)
|
||||
assert result == "global_result"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
|
@ -185,24 +185,24 @@ class TestDispatcherManager:
|
|||
mock_backend = Mock()
|
||||
mock_config_receiver = Mock()
|
||||
manager = DispatcherManager(mock_backend, mock_config_receiver, auth=Mock())
|
||||
|
||||
|
||||
# Pre-populate with existing dispatcher
|
||||
mock_dispatcher = Mock()
|
||||
mock_dispatcher.process = AsyncMock(return_value="cached_result")
|
||||
manager.dispatchers[(None, "config")] = mock_dispatcher
|
||||
|
||||
result = await manager.invoke_global_service("data", "responder", "config")
|
||||
|
||||
manager.dispatchers[(None, "iam")] = mock_dispatcher
|
||||
|
||||
result = await manager.invoke_global_service("data", "responder", "iam")
|
||||
|
||||
mock_dispatcher.process.assert_called_once_with("data", "responder")
|
||||
assert result == "cached_result"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_invoke_global_service_creates_new_dispatcher(self):
|
||||
"""Test invoke_global_service creates new dispatcher"""
|
||||
"""Test invoke_global_service creates new dispatcher for system service"""
|
||||
mock_backend = Mock()
|
||||
mock_config_receiver = Mock()
|
||||
manager = DispatcherManager(mock_backend, mock_config_receiver, auth=Mock())
|
||||
|
||||
|
||||
with patch('trustgraph.gateway.dispatch.manager.global_dispatchers') as mock_dispatchers:
|
||||
mock_dispatcher_class = Mock()
|
||||
mock_dispatcher = Mock()
|
||||
|
|
@ -210,25 +210,51 @@ class TestDispatcherManager:
|
|||
mock_dispatcher.process = AsyncMock(return_value="new_result")
|
||||
mock_dispatcher_class.return_value = mock_dispatcher
|
||||
mock_dispatchers.__getitem__.return_value = mock_dispatcher_class
|
||||
|
||||
result = await manager.invoke_global_service("data", "responder", "config")
|
||||
|
||||
# Verify dispatcher was created with correct parameters
|
||||
|
||||
result = await manager.invoke_global_service("data", "responder", "iam")
|
||||
|
||||
mock_dispatcher_class.assert_called_once_with(
|
||||
backend=mock_backend,
|
||||
timeout=120,
|
||||
consumer="api-gateway-config-request",
|
||||
subscriber="api-gateway-config-request",
|
||||
consumer="api-gateway-iam-request",
|
||||
subscriber="api-gateway-iam-request",
|
||||
request_queue=None,
|
||||
response_queue=None
|
||||
)
|
||||
mock_dispatcher.start.assert_called_once()
|
||||
mock_dispatcher.process.assert_called_once_with("data", "responder")
|
||||
|
||||
# Verify dispatcher was cached
|
||||
assert manager.dispatchers[(None, "config")] == mock_dispatcher
|
||||
|
||||
assert manager.dispatchers[(None, "iam")] == mock_dispatcher
|
||||
assert result == "new_result"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_invoke_global_service_workspace_required_for_workspace_dispatchers(self):
|
||||
"""Workspace dispatchers (config, flow, etc.) require a workspace"""
|
||||
mock_backend = Mock()
|
||||
mock_config_receiver = Mock()
|
||||
manager = DispatcherManager(mock_backend, mock_config_receiver, auth=Mock())
|
||||
|
||||
with pytest.raises(RuntimeError, match="Workspace is required for config"):
|
||||
await manager.invoke_global_service("data", "responder", "config")
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_invoke_global_service_workspace_dispatcher_with_workspace(self):
|
||||
"""Workspace dispatchers work when workspace is provided"""
|
||||
mock_backend = Mock()
|
||||
mock_config_receiver = Mock()
|
||||
manager = DispatcherManager(mock_backend, mock_config_receiver, auth=Mock())
|
||||
|
||||
mock_dispatcher = Mock()
|
||||
mock_dispatcher.process = AsyncMock(return_value="ws_result")
|
||||
manager.dispatchers[("alice", "config")] = mock_dispatcher
|
||||
|
||||
result = await manager.invoke_global_service(
|
||||
"data", "responder", "config", workspace="alice",
|
||||
)
|
||||
|
||||
mock_dispatcher.process.assert_called_once_with("data", "responder")
|
||||
assert result == "ws_result"
|
||||
|
||||
def test_dispatch_flow_import_returns_method(self):
|
||||
"""Test dispatch_flow_import returns correct method"""
|
||||
mock_backend = Mock()
|
||||
|
|
@ -610,7 +636,7 @@ class TestDispatcherManager:
|
|||
mock_dispatchers.__getitem__.return_value = mock_dispatcher_class
|
||||
|
||||
results = await asyncio.gather(*[
|
||||
manager.invoke_global_service("data", "responder", "config")
|
||||
manager.invoke_global_service("data", "responder", "iam")
|
||||
for _ in range(5)
|
||||
])
|
||||
|
||||
|
|
@ -618,7 +644,7 @@ class TestDispatcherManager:
|
|||
"Dispatcher class instantiated more than once — duplicate consumer bug"
|
||||
)
|
||||
assert mock_dispatcher.start.call_count == 1
|
||||
assert manager.dispatchers[(None, "config")] is mock_dispatcher
|
||||
assert manager.dispatchers[(None, "iam")] is mock_dispatcher
|
||||
assert all(r == "result" for r in results)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue