Merge branch 'main' into 1.29-releases

mcasimir · mcasimir · commit 0973d8d78907 · 2021-11-12T11:59:50.000+01:00
diff --git a/THIRD-PARTY-NOTICES.md b/THIRD-PARTY-NOTICES.md
@@ -1,5 +1,5 @@
 The following third-party software is used by and included in **compass**.
-This document was automatically generated on Thu Nov 11 2021.
+This document was automatically generated on Fri Nov 12 2021.
 
 ## List of dependencies
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/compass-connect/src/stores/index.js b/packages/compass-connect/src/stores/index.js
@@ -983,7 +983,12 @@ const Store = Reflux.createStore({
       hostname,
       authMechanism,
     } = this.state.connectionModel;
-    const { isAws, isAzure, isGcp } = await getCloudInfo(hostname);
+    const { isAws, isAzure, isGcp } = await getCloudInfo(hostname)
+      .catch((err) => {
+        debug('getCloudInfo failed', err);
+        return {};
+      });
+
     const isPublicCloud = isAws || isAzure || isGcp;
     const publicCloudName = isAws ? 'AWS' : isAzure ? 'Azure' : isGcp ? 'GCP' : '';
 
@@ -1042,7 +1047,9 @@ const Store = Reflux.createStore({
     // in another plugin.
     this.StatusActions.showIndeterminateProgressBar();
 
-    void this._trackConnectionInfo();
+    void this._trackConnectionInfo().catch((err) => {
+      debug('_trackConnectionInfo failed', err);
+    });
   },
 
   /**
diff --git a/packages/compass-e2e-tests/helpers/commands/open-tour-modal.js b/packages/compass-e2e-tests/helpers/commands/open-tour-modal.js
@@ -7,24 +7,7 @@ module.exports = function (app) {
     const { client } = app;
 
     await client.execute(() => {
-      const menu = require('electron').remote.Menu.getApplicationMenu();
-      let subMenu;
-      for (let i = 0; i < menu.getItemCount(); i++) {
-        if (menu.getLabelAt(i) === '&Help') {
-          subMenu = menu.items[i].submenu;
-          break;
-        }
-      }
-      if (!subMenu) {
-        throw new Error('Could not find Help submenu');
-      }
-      for (let i = 0; i < subMenu.getItemCount(); i++) {
-        if (subMenu.getLabelAt(i).endsWith('Overview')) {
-          subMenu.items[i].click();
-          return;
-        }
-      }
-      throw new Error('Could not find overview item to click');
+      require('electron').ipcRenderer.emit('window:show-compass-tour');
     });
 
     const featureTourModalElement = await client.$(Selectors.FeatureTourModal);
diff --git a/packages/data-service/src/instance-detail-helper.spec.ts b/packages/data-service/src/instance-detail-helper.spec.ts
@@ -253,6 +253,65 @@ describe('instance-detail-helper', function () {
       expect(dbs).to.have.nested.property('foo.bar').deep.eq([]);
     });
 
+    context('with known resources', function () {
+      it('ignores cluster privileges', function () {
+        const dbs = extractPrivilegesByDatabaseAndCollection([
+          { resource: { db: 'foo', collection: 'bar' }, actions: [] },
+          { resource: { db: 'buz', collection: 'bla' }, actions: [] },
+          { resource: { cluster: true }, actions: [] },
+        ]);
+
+        expect(dbs).to.deep.eq({
+          foo: {
+            bar: [],
+          },
+          buz: {
+            bla: [],
+          },
+        });
+      });
+
+      it('ignores anyResource privileges', function () {
+        const dbs = extractPrivilegesByDatabaseAndCollection([
+          { resource: { db: 'foo', collection: 'bar' }, actions: [] },
+          { resource: { db: 'buz', collection: 'bla' }, actions: [] },
+          { resource: { anyResource: true }, actions: [] },
+        ]);
+
+        expect(dbs).to.deep.eq({
+          foo: {
+            bar: [],
+          },
+          buz: {
+            bla: [],
+          },
+        });
+      });
+    });
+
+    context('with unknown resources', function () {
+      it("ignores everything that doesn't have database and collection in resource", function () {
+        const dbs = extractPrivilegesByDatabaseAndCollection([
+          { resource: { db: 'foo', collection: 'bar' }, actions: [] },
+          { resource: { db: 'buz', collection: 'bla' }, actions: [] },
+          { resource: { this: true }, actions: [] },
+          { resource: { is: true }, actions: [] },
+          { resource: { not: true }, actions: [] },
+          { resource: { valid: true }, actions: [] },
+          { resource: { resource: true }, actions: [] },
+        ] as any);
+
+        expect(dbs).to.deep.eq({
+          foo: {
+            bar: [],
+          },
+          buz: {
+            bla: [],
+          },
+        });
+      });
+    });
+
     it('keeps records for all collections in a database', function () {
       const dbs = extractPrivilegesByDatabaseAndCollection([
         { resource: { db: 'foo', collection: 'bar' }, actions: [] },
diff --git a/packages/data-service/src/instance-detail-helper.ts b/packages/data-service/src/instance-detail-helper.ts
@@ -176,14 +176,26 @@ export function extractPrivilegesByDatabaseAndCollection(
 
   const result: DatabaseCollectionPrivileges = {};
 
-  for (const {
-    resource: { db, collection },
-    actions,
-  } of filteredPrivileges) {
-    if (result[db]) {
-      Object.assign(result[db], { [collection]: actions });
-    } else {
-      result[db] = { [collection]: actions };
+  for (const { resource, actions } of filteredPrivileges) {
+    // Documented resources include roles for dbs/colls, cluster, or in rare cases
+    // anyResource, additionally there seem to be undocumented ones like
+    // system_buckets and who knows what else. To make sure we are only cover
+    // cases that we can meaningfully handle here, roles for the
+    // databases/collections, we are skipping all roles where these are
+    // undefined
+    //
+    // See: https://docs.mongodb.com/manual/reference/resource-document/#std-label-resource-document
+    if (
+      typeof resource.db !== 'undefined' &&
+      typeof resource.collection !== 'undefined'
+    ) {
+      const { db, collection } = resource;
+
+      if (result[db]) {
+        Object.assign(result[db], { [collection]: actions });
+      } else {
+        result[db] = { [collection]: actions };
+      }
     }
   }
 
@@ -216,14 +228,6 @@ function isNotAuthorized(err: AnyError) {
   return new RegExp('not (authorized|allowed)').test(msg);
 }
 
-function isMongosLocalException(err: AnyError) {
-  if (!err) {
-    return false;
-  }
-  const msg = err.message || JSON.stringify(err);
-  return new RegExp('database through mongos').test(msg);
-}
-
 function ignoreNotAuthorized<T>(fallback: T): (err: AnyError) => Promise<T> {
   return (err: AnyError) => {
     if (isNotAuthorized(err)) {
diff --git a/packages/data-service/src/run-command.ts b/packages/data-service/src/run-command.ts
@@ -11,7 +11,20 @@ export type ConnectionStatus = {
 export type ConnectionStatusWithPrivileges = ConnectionStatus & {
   authInfo: {
     authenticatedUserPrivileges: {
-      resource: { db: string; collection: string };
+      resource:
+        | { db?: never; collection?: never; cluster: true; anyResource?: never }
+        | {
+            db: string;
+            collection: string;
+            cluster?: never;
+            anyResource?: never;
+          }
+        | {
+            db?: never;
+            collection?: never;
+            cluster?: never;
+            anyResource: true;
+          };
       actions: string[];
     }[];
   };
