Skip to content

Commit

Permalink
restucture code
Browse files Browse the repository at this point in the history
  • Loading branch information
shivaji-kharse committed Apr 13, 2023
1 parent ca0adfd commit a081131
Show file tree
Hide file tree
Showing 4 changed files with 309 additions and 270 deletions.
106 changes: 106 additions & 0 deletions dgraphtest/acl_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ type AclGrpRules struct {
Predicate string `json:"predicate"`
Permission int32 `json:"permission"`
}
type AclGroup struct {
Name string `json:"name"`
Rules []AclGrpRules `json:"rules"`
}

func (hc *HTTPClient) GetCurrentUser() (string, error) {
const query = `
Expand Down Expand Up @@ -230,3 +234,105 @@ func (hc *HTTPClient) RemoveUserFromGroup(userName, groupName string) error {
}
return nil
}

func (hc *HTTPClient) RemoveRuleFromGroup(group string, rulePredicate string) error {
removeRuleFromGroup := `mutation updateGroup($name: String!, $rules: [String!]!) {
updateGroup(input: {
filter: {
name: {
eq: $name
}
},
remove: {
rules: $rules
}
}) {
group {
name
rules {
predicate
permission
}
}
}
}`

params := GraphQLParams{
Query: removeRuleFromGroup,
Variables: map[string]interface{}{
"name": group,
"rules": []string{rulePredicate},
},
}
_, err := hc.RunGraphqlQuery(params, true)
if err != nil {
return err
}
return nil
}

func (hc *HTTPClient) DeleteGroup(name string) error {
delGroup := `
mutation deleteGroup($name: String!) {
deleteGroup(filter: {name: {eq: $name}}) {
msg
numUids
}
}`

params := GraphQLParams{
Query: delGroup,
Variables: map[string]interface{}{
"name": name,
},
}
_, err := hc.RunGraphqlQuery(params, true)
if err != nil {
return err
}
return nil
}

func (hc *HTTPClient) CreateGroupWithRules(name string, rules []AclGrpRules) (*AclGroup, error) {
queryParams := GraphQLParams{
Query: `
mutation addGroup($name: String!, $rules: [RuleRef]){
addGroup(input: [
{
name: $name
rules: $rules
}
]) {
group {
name
rules {
predicate
permission
}
}
}
}`,
Variables: map[string]interface{}{
"name": name,
"rules": rules,
},
}
resp, err := hc.RunGraphqlQuery(queryParams, true)
if err != nil {
return nil, err
}

var addGroupResp struct {
AddGroup struct {
Group []AclGroup
}
}
if err = json.Unmarshal(resp, &addGroupResp); err != nil {
return nil, err
}
if len(addGroupResp.AddGroup.Group) != 1 {
return nil, errors.New("group count is other than 1")
}

return &addGroupResp.AddGroup.Group[0], nil
}
41 changes: 22 additions & 19 deletions ee/acl/acl_curl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,39 +14,42 @@
package acl

import (
"context"
"fmt"
"testing"
"time"

"github.com/golang/glog"
"github.com/stretchr/testify/require"

"github.com/dgraph-io/dgraph/dgraphtest"
"github.com/dgraph-io/dgraph/testutil"
"github.com/dgraph-io/dgraph/x"
)

var adminEndpoint string

func TestCurlAuthorization(t *testing.T) {
func (suite *AclTestSuite) TestCurlAuthorization() {
t := suite.T()
ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second)
defer cancel()
if testing.Short() {
t.Skip("skipping because -short=true")
}

glog.Infof("testing with port %s", testutil.SockAddr)
dg, err := testutil.DgraphClientWithGroot(testutil.SockAddr)
if err != nil {
t.Fatalf("Error while getting a dgraph client: %v", err)
}
createAccountAndData(t, dg)
gc, cleanup, err := suite.dc.Client()
require.NoError(t, err)
defer cleanup()
require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0))
hc, err := suite.dc.HTTPClient()
require.NoError(t, err)
require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0))
createAccountAndData(t, gc, hc)

// test query through curl
token, err := testutil.HttpLogin(&testutil.LoginParams{
Endpoint: adminEndpoint,
UserID: userid,
Passwd: userpassword,
Namespace: x.GalaxyNamespace,
})
require.NoError(t, err, "login failed")

require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0))

// No ACL rules are specified, so query should return empty response,
// alter and mutate should fail.
Expand All @@ -55,7 +58,7 @@ func TestCurlAuthorization(t *testing.T) {
"-H", "Content-Type: application/dql",
"-d", query, testutil.SockAddrHttp + "/query"}
}
testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: false,
})

Expand All @@ -68,7 +71,7 @@ func TestCurlAuthorization(t *testing.T) {

}

testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: true,
DgraphErrMsg: "PermissionDenied",
})
Expand All @@ -77,7 +80,7 @@ func TestCurlAuthorization(t *testing.T) {
return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt),
"-d", fmt.Sprintf(`%s: int .`, predicateToAlter), testutil.SockAddrHttp + "/alter"}
}
testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: true,
DgraphErrMsg: "PermissionDenied",
})
Expand All @@ -87,15 +90,15 @@ func TestCurlAuthorization(t *testing.T) {
// JWT
glog.Infof("Sleeping for accessJwt to expire")
time.Sleep(expireJwtSleep)
testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: true,
DgraphErrMsg: "Token is expired",
})
testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: true,
DgraphErrMsg: "Token is expired",
})
testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{
testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{
ShouldFail: true,
DgraphErrMsg: "Token is expired",
})
Expand Down
Loading

0 comments on commit a081131

Please sign in to comment.