mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-14 00:24:07 -08:00
cd08c8e4c6
Based on #7065 | Story: https://linear.app/n8n/issue/PAY-771 n8n on filesystem mode marks binary data to delete on manual execution deletion, on unsaved execution completion, and on every execution pruning cycle. We later prune binary data in a separate cycle via these marker files, based on the configured TTL. In the context of introducing an S3 client to manage binary data, the filesystem mode's mark-and-prune setup is too tightly coupled to the general binary data management client interface. This PR... - Ensures the deletion of an execution causes the deletion of any binary data associated to it. This does away with the need for binary data TTL and simplifies the filesystem mode's mark-and-prune setup. - Refactors all execution deletions (including pruning) to cause soft deletions, hard-deletes soft-deleted executions based on the existing pruning config, and adjusts execution endpoints to filter out soft-deleted executions. This reduces DB load, and keeps binary data around long enough for users to access it when building workflows with unsaved executions. - Moves all execution pruning work from an execution lifecycle hook to `execution.repository.ts`. This keeps related logic in a single place. - Removes all marking logic from the binary data manager. This simplifies the interface that the S3 client will meet. - Adds basic sanity-check tests to pruning logic and execution deletion. Out of scope: - Improving existing pruning logic. - Improving existing execution repository logic. - Adjusting dir structure for filesystem mode. --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
244 lines
5.7 KiB
TypeScript
244 lines
5.7 KiB
TypeScript
import { v4 as uuid } from 'uuid';
|
|
import * as Db from '@/Db';
|
|
import config from '@/config';
|
|
import { audit } from '@/audit';
|
|
import { CREDENTIALS_REPORT } from '@/audit/constants';
|
|
import { getRiskSection } from './utils';
|
|
import * as testDb from '../shared/testDb';
|
|
import { generateNanoId } from '@db/utils/generators';
|
|
|
|
import { LoggerProxy } from 'n8n-workflow';
|
|
import { getLogger } from '@/Logger';
|
|
|
|
LoggerProxy.init(getLogger());
|
|
|
|
beforeAll(async () => {
|
|
await testDb.init();
|
|
});
|
|
|
|
beforeEach(async () => {
|
|
await testDb.truncate(['Workflow', 'Credentials', 'Execution']);
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await testDb.terminate();
|
|
});
|
|
|
|
test('should report credentials not in any use', async () => {
|
|
const credentialDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Slack Credential',
|
|
data: 'U2FsdGVkX18WjITBG4IDqrGB1xE/uzVNjtwDAG3lP7E=',
|
|
type: 'slackApi',
|
|
nodesAccess: [{ nodeType: 'n8n-nodes-base.slack', date: '2022-12-21T11:23:00.561Z' }],
|
|
};
|
|
|
|
const workflowDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Test Workflow',
|
|
active: false,
|
|
connections: {},
|
|
nodeTypes: {},
|
|
nodes: [
|
|
{
|
|
id: uuid(),
|
|
name: 'My Node',
|
|
type: 'n8n-nodes-base.slack',
|
|
typeVersion: 1,
|
|
position: [0, 0] as [number, number],
|
|
},
|
|
],
|
|
};
|
|
|
|
await Promise.all([
|
|
Db.collections.Credentials.save(credentialDetails),
|
|
Db.collections.Workflow.save(workflowDetails),
|
|
]);
|
|
|
|
const testAudit = await audit(['credentials']);
|
|
|
|
const section = getRiskSection(
|
|
testAudit,
|
|
CREDENTIALS_REPORT.RISK,
|
|
CREDENTIALS_REPORT.SECTIONS.CREDS_NOT_IN_ANY_USE,
|
|
);
|
|
|
|
expect(section.location).toHaveLength(1);
|
|
expect(section.location[0]).toMatchObject({
|
|
id: credentialDetails.id,
|
|
name: 'My Slack Credential',
|
|
});
|
|
});
|
|
|
|
test('should report credentials not in active use', async () => {
|
|
const credentialDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Slack Credential',
|
|
data: 'U2FsdGVkX18WjITBG4IDqrGB1xE/uzVNjtwDAG3lP7E=',
|
|
type: 'slackApi',
|
|
nodesAccess: [{ nodeType: 'n8n-nodes-base.slack', date: '2022-12-21T11:23:00.561Z' }],
|
|
};
|
|
|
|
const credential = await Db.collections.Credentials.save(credentialDetails);
|
|
|
|
const workflowDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Test Workflow',
|
|
active: false,
|
|
connections: {},
|
|
nodeTypes: {},
|
|
nodes: [
|
|
{
|
|
id: uuid(),
|
|
name: 'My Node',
|
|
type: 'n8n-nodes-base.slack',
|
|
typeVersion: 1,
|
|
position: [0, 0] as [number, number],
|
|
},
|
|
],
|
|
};
|
|
|
|
await Db.collections.Workflow.save(workflowDetails);
|
|
|
|
const testAudit = await audit(['credentials']);
|
|
|
|
const section = getRiskSection(
|
|
testAudit,
|
|
CREDENTIALS_REPORT.RISK,
|
|
CREDENTIALS_REPORT.SECTIONS.CREDS_NOT_IN_ACTIVE_USE,
|
|
);
|
|
|
|
expect(section.location).toHaveLength(1);
|
|
expect(section.location[0]).toMatchObject({
|
|
id: credential.id,
|
|
name: 'My Slack Credential',
|
|
});
|
|
});
|
|
|
|
test('should report credential in not recently executed workflow', async () => {
|
|
const credentialDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Slack Credential',
|
|
data: 'U2FsdGVkX18WjITBG4IDqrGB1xE/uzVNjtwDAG3lP7E=',
|
|
type: 'slackApi',
|
|
nodesAccess: [{ nodeType: 'n8n-nodes-base.slack', date: '2022-12-21T11:23:00.561Z' }],
|
|
};
|
|
|
|
const credential = await Db.collections.Credentials.save(credentialDetails);
|
|
|
|
const workflowDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Test Workflow',
|
|
active: false,
|
|
connections: {},
|
|
nodeTypes: {},
|
|
nodes: [
|
|
{
|
|
id: uuid(),
|
|
name: 'My Node',
|
|
type: 'n8n-nodes-base.slack',
|
|
typeVersion: 1,
|
|
position: [0, 0] as [number, number],
|
|
credentials: {
|
|
slackApi: {
|
|
id: credential.id,
|
|
name: credential.name,
|
|
},
|
|
},
|
|
},
|
|
],
|
|
};
|
|
|
|
const workflow = await Db.collections.Workflow.save(workflowDetails);
|
|
|
|
const date = new Date();
|
|
date.setDate(date.getDate() - config.getEnv('security.audit.daysAbandonedWorkflow') - 1);
|
|
|
|
const savedExecution = await Db.collections.Execution.save({
|
|
finished: true,
|
|
mode: 'manual',
|
|
startedAt: date,
|
|
stoppedAt: date,
|
|
workflowId: workflow.id,
|
|
waitTill: null,
|
|
});
|
|
await Db.collections.ExecutionData.save({
|
|
execution: savedExecution,
|
|
data: '[]',
|
|
workflowData: workflow,
|
|
});
|
|
|
|
const testAudit = await audit(['credentials']);
|
|
|
|
const section = getRiskSection(
|
|
testAudit,
|
|
CREDENTIALS_REPORT.RISK,
|
|
CREDENTIALS_REPORT.SECTIONS.CREDS_NOT_RECENTLY_EXECUTED,
|
|
);
|
|
|
|
expect(section.location).toHaveLength(1);
|
|
expect(section.location[0]).toMatchObject({
|
|
id: credential.id,
|
|
name: credential.name,
|
|
});
|
|
});
|
|
|
|
test('should not report credentials in recently executed workflow', async () => {
|
|
const credentialDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Slack Credential',
|
|
data: 'U2FsdGVkX18WjITBG4IDqrGB1xE/uzVNjtwDAG3lP7E=',
|
|
type: 'slackApi',
|
|
nodesAccess: [{ nodeType: 'n8n-nodes-base.slack', date: '2022-12-21T11:23:00.561Z' }],
|
|
};
|
|
|
|
const credential = await Db.collections.Credentials.save(credentialDetails);
|
|
|
|
const workflowDetails = {
|
|
id: generateNanoId(),
|
|
name: 'My Test Workflow',
|
|
active: true,
|
|
connections: {},
|
|
nodeTypes: {},
|
|
nodes: [
|
|
{
|
|
id: uuid(),
|
|
name: 'My Node',
|
|
type: 'n8n-nodes-base.slack',
|
|
typeVersion: 1,
|
|
position: [0, 0] as [number, number],
|
|
credentials: {
|
|
slackApi: {
|
|
id: credential.id,
|
|
name: credential.name,
|
|
},
|
|
},
|
|
},
|
|
],
|
|
};
|
|
|
|
const workflow = await Db.collections.Workflow.save(workflowDetails);
|
|
|
|
const date = new Date();
|
|
date.setDate(date.getDate() - config.getEnv('security.audit.daysAbandonedWorkflow') + 1);
|
|
|
|
const savedExecution = await Db.collections.Execution.save({
|
|
finished: true,
|
|
mode: 'manual',
|
|
startedAt: date,
|
|
stoppedAt: date,
|
|
workflowId: workflow.id,
|
|
waitTill: null,
|
|
});
|
|
|
|
await Db.collections.ExecutionData.save({
|
|
execution: savedExecution,
|
|
data: '[]',
|
|
workflowData: workflow,
|
|
});
|
|
|
|
const testAudit = await audit(['credentials']);
|
|
|
|
expect(testAudit).toBeEmptyArray();
|
|
});
|