validateAlterOperation validates the given operation for alter. The structural checks (field set, health, drop consistency, mutations-allowed) always run; the admin-IP-whitelist and ACL authorization checks run only when doAuth is NeedAuthorize. doAuth is NoAuthorize for trusted in-process callers (
(ctx context.Context, op *api.Operation, doAuth AuthMode)
| 196 | // when doAuth is NeedAuthorize. doAuth is NoAuthorize for trusted in-process |
| 197 | // callers (see AlterNoAuth) that run with a context carrying no gRPC peer. |
| 198 | func validateAlterOperation(ctx context.Context, op *api.Operation, doAuth AuthMode) error { |
| 199 | // The following code block checks if the operation should run or not. |
| 200 | if op.Schema == "" && op.DropAttr == "" && !op.DropAll && op.DropOp == api.Operation_NONE { |
| 201 | // Must have at least one field set. This helps users if they attempt |
| 202 | // to set a field but use the wrong name (could be decoded from JSON). |
| 203 | return errors.Errorf("Operation must have at least one field set") |
| 204 | } |
| 205 | if err := x.HealthCheck(); err != nil { |
| 206 | return err |
| 207 | } |
| 208 | |
| 209 | if isDropAll(op) && op.DropOp == api.Operation_DATA { |
| 210 | return errors.Errorf("Only one of DropAll and DropData can be true") |
| 211 | } |
| 212 | |
| 213 | if !isMutationAllowed(ctx) { |
| 214 | return errors.Errorf("No mutations allowed by server.") |
| 215 | } |
| 216 | |
| 217 | if doAuth == NoAuthorize { |
| 218 | return nil |
| 219 | } |
| 220 | |
| 221 | if _, err := hasAdminAuth(ctx, "Alter"); err != nil { |
| 222 | glog.Warningf("Alter denied with error: %v\n", err) |
| 223 | return err |
| 224 | } |
| 225 | |
| 226 | if err := authorizeAlter(ctx, op); err != nil { |
| 227 | glog.Warningf("Alter denied with error: %v\n", err) |
| 228 | return err |
| 229 | } |
| 230 | |
| 231 | return nil |
| 232 | } |
| 233 | |
| 234 | // parseSchemaFromAlterOperation parses the string schema given in input operation to a Go |
| 235 | // struct, and performs some checks to make sure that the schema is valid. |