[vtadmin] Add infrastructure for generating authz tests for vtadmin

[ajm188]

Description

The lack of verifying authz checks are where they should be is one of the
most glaring issues in vtadmin (in my opinion; it's also my "fault" things
are this way). At the same time, writing all the code by hand to verify
every single endpoint would be a giant pain (which is the main reason
things are this way). So, let's codegen all the bits we don't care about!
The bonus here is that the config.json now can serve as authoritative on
what permissions are required for what endpoints.

The goal here is to have the config primarily specify the rules needed for
each endpoint, with as minimal "overhead" (currently specifying test cases
and mock data) as possible.

I want to separate the introduction of this setup from its complete
adoption, so I will submit a follow-up change that adds the rest of the
endpoint tests.

Outstanding questions

• What's the right spot for me to inject a make target to run go generate ./go/vt/vtadmin/... and go fmt ./go/vt/vtadmin ?

Related Issue(s)

Checklist

• "Backport me!" label has been added if this change should be backported
• Tests were added or are not required
• Documentation was added or is not required

Deployment Notes

[github-actions]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has the correct release notes label. release notes none should only be used for PRs that are so trivial that they need not be included.
• If a new flag is being introduced, review whether it is really needed. The flag names should be clear and intuitive (as far as possible), and the flag's help should be descriptive.

Bug fixes

• There should be at least one unit or end-to-end test.
• The Pull Request description should either include a link to an issue that describes the bug OR an actual description of the bug and how to reproduce, along with a description of the fix.

Non-trivial changes

• There should be some code comments as to why things are implemented the way they are.

New/Existing features

• Should be documented, either by modifying the existing documentation or creating new documentation.
• New features should have a link to a feature request issue or an RFC that documents the use cases, corner cases and test cases.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• vtctl command output order should be stable and awk-able.

[deepthi]

This is a great idea!

What's the right spot for me to inject a make target to run go generate ./go/vt/vtadmin/... and go fmt ./go/vt/vtadmin ?

The pattern we have followed is to create a separate (new) make target for code generation AND add a CI check to make sure generated files are up to date.

[ajm188]

The pattern we have followed is to create a separate (new) make target for code generation AND add a CI check to make sure generated files are up to date.

Done!!

@frouioui I will fully cop to admitting I just copied and modified the setup for make proto, can you give the CI bits a once-over just to double-check my work? It seems to work but I just want to be sure (especially) that I'm using your GitHub action correctly:

./tools/check_make_vtadmin_authz_testgen.sh
go/vt/vtadmin/api_authz_test.go
ERROR: Regenerated vtadmin_test files do not match the current version.
List of files containing differences:
0a1
>  M go/vt/vtadmin/api_authz_test.go

[frouioui]

It looks good to me, nothing to report on the CI part! :)

[frouioui]

This is a great idea!

Plus one on that 😃

[frouioui]

./tools/check_make_vtadmin_authz_testgen.sh
go/vt/vtadmin/api_authz_test.go
ERROR: Regenerated vtadmin_test files do not match the current version.
List of files containing differences:
0a1
>  M go/vt/vtadmin/api_authz_test.go

@ajm188, the above is fine in the case where we see a difference in api_authz_test.go

[ajm188]

./tools/check_make_vtadmin_authz_testgen.sh
go/vt/vtadmin/api_authz_test.go
ERROR: Regenerated vtadmin_test files do not match the current version.
List of files containing differences:
0a1
>  M go/vt/vtadmin/api_authz_test.go

@ajm188, the above is fine in the case where we see a difference in api_authz_test.go

oh, yeah 😅 i was just demonstrating (without, ya know, actually making that clear at all) that if i change the config but don't re-gen, the check fails (as desired)