From a081131bfc1d9ef705369305fc4f409c13dc672f Mon Sep 17 00:00:00 2001 From: shivaji-dgraph Date: Thu, 13 Apr 2023 19:16:51 +0530 Subject: [PATCH] restucture code --- dgraphtest/acl_cluster.go | 106 ++++++++++ ee/acl/acl_curl_test.go | 41 ++-- ee/acl/acl_integration_test.go | 83 +++----- ee/acl/acl_test.go | 349 ++++++++++++++------------------- 4 files changed, 309 insertions(+), 270 deletions(-) diff --git a/dgraphtest/acl_cluster.go b/dgraphtest/acl_cluster.go index 9ee0187c714..ec56da0bbc5 100644 --- a/dgraphtest/acl_cluster.go +++ b/dgraphtest/acl_cluster.go @@ -26,6 +26,10 @@ type AclGrpRules struct { Predicate string `json:"predicate"` Permission int32 `json:"permission"` } +type AclGroup struct { + Name string `json:"name"` + Rules []AclGrpRules `json:"rules"` +} func (hc *HTTPClient) GetCurrentUser() (string, error) { const query = ` @@ -230,3 +234,105 @@ func (hc *HTTPClient) RemoveUserFromGroup(userName, groupName string) error { } return nil } + +func (hc *HTTPClient) RemoveRuleFromGroup(group string, rulePredicate string) error { + removeRuleFromGroup := `mutation updateGroup($name: String!, $rules: [String!]!) { + updateGroup(input: { + filter: { + name: { + eq: $name + } + }, + remove: { + rules: $rules + } + }) { + group { + name + rules { + predicate + permission + } + } + } + }` + + params := GraphQLParams{ + Query: removeRuleFromGroup, + Variables: map[string]interface{}{ + "name": group, + "rules": []string{rulePredicate}, + }, + } + _, err := hc.RunGraphqlQuery(params, true) + if err != nil { + return err + } + return nil +} + +func (hc *HTTPClient) DeleteGroup(name string) error { + delGroup := ` + mutation deleteGroup($name: String!) { + deleteGroup(filter: {name: {eq: $name}}) { + msg + numUids + } + }` + + params := GraphQLParams{ + Query: delGroup, + Variables: map[string]interface{}{ + "name": name, + }, + } + _, err := hc.RunGraphqlQuery(params, true) + if err != nil { + return err + } + return nil +} + +func (hc *HTTPClient) CreateGroupWithRules(name string, rules []AclGrpRules) (*AclGroup, error) { + queryParams := GraphQLParams{ + Query: ` + mutation addGroup($name: String!, $rules: [RuleRef]){ + addGroup(input: [ + { + name: $name + rules: $rules + } + ]) { + group { + name + rules { + predicate + permission + } + } + } + }`, + Variables: map[string]interface{}{ + "name": name, + "rules": rules, + }, + } + resp, err := hc.RunGraphqlQuery(queryParams, true) + if err != nil { + return nil, err + } + + var addGroupResp struct { + AddGroup struct { + Group []AclGroup + } + } + if err = json.Unmarshal(resp, &addGroupResp); err != nil { + return nil, err + } + if len(addGroupResp.AddGroup.Group) != 1 { + return nil, errors.New("group count is other than 1") + } + + return &addGroupResp.AddGroup.Group[0], nil +} diff --git a/ee/acl/acl_curl_test.go b/ee/acl/acl_curl_test.go index 46789e498b1..947d72f6b3e 100644 --- a/ee/acl/acl_curl_test.go +++ b/ee/acl/acl_curl_test.go @@ -14,6 +14,7 @@ package acl import ( + "context" "fmt" "testing" "time" @@ -21,32 +22,34 @@ import ( "github.com/golang/glog" "github.com/stretchr/testify/require" + "github.com/dgraph-io/dgraph/dgraphtest" "github.com/dgraph-io/dgraph/testutil" "github.com/dgraph-io/dgraph/x" ) var adminEndpoint string -func TestCurlAuthorization(t *testing.T) { +func (suite *AclTestSuite) TestCurlAuthorization() { + t := suite.T() + ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second) + defer cancel() if testing.Short() { t.Skip("skipping because -short=true") } glog.Infof("testing with port %s", testutil.SockAddr) - dg, err := testutil.DgraphClientWithGroot(testutil.SockAddr) - if err != nil { - t.Fatalf("Error while getting a dgraph client: %v", err) - } - createAccountAndData(t, dg) + gc, cleanup, err := suite.dc.Client() + require.NoError(t, err) + defer cleanup() + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + hc, err := suite.dc.HTTPClient() + require.NoError(t, err) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + createAccountAndData(t, gc, hc) // test query through curl - token, err := testutil.HttpLogin(&testutil.LoginParams{ - Endpoint: adminEndpoint, - UserID: userid, - Passwd: userpassword, - Namespace: x.GalaxyNamespace, - }) - require.NoError(t, err, "login failed") + + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) // No ACL rules are specified, so query should return empty response, // alter and mutate should fail. @@ -55,7 +58,7 @@ func TestCurlAuthorization(t *testing.T) { "-H", "Content-Type: application/dql", "-d", query, testutil.SockAddrHttp + "/query"} } - testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) @@ -68,7 +71,7 @@ func TestCurlAuthorization(t *testing.T) { } - testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) @@ -77,7 +80,7 @@ func TestCurlAuthorization(t *testing.T) { return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt), "-d", fmt.Sprintf(`%s: int .`, predicateToAlter), testutil.SockAddrHttp + "/alter"} } - testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) @@ -87,15 +90,15 @@ func TestCurlAuthorization(t *testing.T) { // JWT glog.Infof("Sleeping for accessJwt to expire") time.Sleep(expireJwtSleep) - testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) - testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) - testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) diff --git a/ee/acl/acl_integration_test.go b/ee/acl/acl_integration_test.go index d176a70578a..dee57a670d7 100644 --- a/ee/acl/acl_integration_test.go +++ b/ee/acl/acl_integration_test.go @@ -20,7 +20,6 @@ import ( "github.com/stretchr/testify/require" - "github.com/dgraph-io/dgo/v210/protos/api" "github.com/dgraph-io/dgraph/dgraphtest" "github.com/dgraph-io/dgraph/x" ) @@ -30,20 +29,20 @@ func (suite *AclTestSuite) TestInvalidGetUser() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) hc.HttpToken.AccessJwt = "invalid Token" - currentUser := getCurrentUser(t, hc) - require.Equal(t, `{"getCurrentUser":null}`, string(currentUser.Data)) + currentUser, err := hc.GetCurrentUser() + require.NoError(t, err) + require.Equal(t, "null", currentUser) require.Equal(t, x.GqlErrorList{{ Message: "couldn't rewrite query getCurrentUser because unable to parse jwt token: token" + " contains an invalid number of segments", Path: []interface{}{"getCurrentUser"}, - }}, currentUser.Errors) + }}, err) } func (suite *AclTestSuite) TestPasswordReturn() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - err = hc.LoginIntoNamespace("groot", "password", 0) - require.NoError(t, err, "login failed") + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) query := ` query { getCurrentUser { @@ -52,8 +51,9 @@ func (suite *AclTestSuite) TestPasswordReturn() { } }` - resp := makeRequestAndRefreshTokenIfNecessary(t, dgraphtest.GraphQLParams{Query: query}, hc) - require.Equal(t, resp.Errors, x.GqlErrorList{{ + _, err = hc.RunGraphqlQuery(dgraphtest.GraphQLParams{Query: query}, true) + makeRequestAndRefreshTokenIfNecessary(t, dgraphtest.GraphQLParams{Query: query}, hc) + require.Equal(t, err, x.GqlErrorList{{ Message: `Cannot query field "password" on type "User".`, Locations: []x.Location{{ Line: 5, @@ -66,9 +66,8 @@ func (suite *AclTestSuite) TestHealthForAcl() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - t.Fatal(err) - } + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + params := dgraphtest.GraphQLParams{ Query: ` query { @@ -88,11 +87,9 @@ func (suite *AclTestSuite) TestHealthForAcl() { assertNonGuardianFailure(t, "health", false, params, hc) // assert data for guardians - if err := hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - t.Fatal(err) - } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + + resp, err := hc.RunGraphqlQuery(dgraphtest.GraphQLParams{Query: query}, true) var guardianResp struct { Health []struct { Instance string @@ -104,7 +101,7 @@ func (suite *AclTestSuite) TestHealthForAcl() { Group string } } - err = json.Unmarshal(resp.Data, &guardianResp) + err = json.Unmarshal(resp, &guardianResp) require.NoError(t, err, "health request failed") // we have 9 instances of alphas/zeros in teamcity environment @@ -350,28 +347,24 @@ func (suite *AclTestSuite) TestGuardianOnlyAccessForAdminEndpoints() { params := dgraphtest.GraphQLParams{Query: tcase.query} hc, err := suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - require.NoError(t, err) - } + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) // assert ACL error for non-guardians assertNonGuardianFailure(t, tcase.queryName, !tcase.respIsArray, params, hc) // for guardians, assert non-ACL error or success if tcase.testGuardianAccess { - if err := hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - require.NoError(t, err) - } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + resp, err := hc.RunGraphqlQuery(params, true) if tcase.guardianErr == "" { - resp.RequireNoGraphQLErrors(t) + require.NoError(t, err) } else { - require.Len(t, resp.Errors, 1) - require.Contains(t, resp.Errors[0].Message, tcase.guardianErr) + require.Len(t, err, 1) + require.Contains(t, err.Error(), tcase.guardianErr) } if tcase.guardianData != "" { - require.JSONEq(t, tcase.guardianData, string(resp.Data)) + require.JSONEq(t, tcase.guardianData, string(resp)) } } }) @@ -386,33 +379,25 @@ func (suite *AclTestSuite) TestFailedLogin() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - if err := gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - require.NoError(t, err) - } + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + hc, err := suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - t.Fatal(err) - } + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - op := api.Operation{DropAll: true} - if err := gc.Alter(ctx, &op); err != nil { - t.Fatalf("Unable to cleanup db:%v", err) - } + require.NoError(t, gc.DropAll()) require.NoError(t, err) client, _, err := suite.dc.Client() require.NoError(t, err) // User is not present - err = client.LoginIntoNamespace(ctx, userid, "simplepassword", x.GalaxyNamespace) - require.Error(t, err) + require.Error(t, client.LoginIntoNamespace(ctx, userid, "simplepassword", x.GalaxyNamespace)) require.Contains(t, err.Error(), x.ErrorInvalidLogin.Error()) resetUser(t, hc) // User is present - err = client.LoginIntoNamespace(ctx, userid, "randomstring", x.GalaxyNamespace) - require.Error(t, err) + require.Error(t, client.LoginIntoNamespace(ctx, userid, "randomstring", x.GalaxyNamespace)) require.Contains(t, err.Error(), x.ErrorInvalidLogin.Error()) } @@ -424,9 +409,7 @@ func (suite *AclTestSuite) TestWrongPermission() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - if err := gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0); err != nil { - require.NoError(t, err) - } + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) ruleMutation := ` _:dev "dgraph.type.Group" . @@ -436,10 +419,7 @@ func (suite *AclTestSuite) TestWrongPermission() { _:rule1 "9" . ` - _, err = gc.NewTxn().Mutate(ctx, &api.Mutation{ - SetNquads: []byte(ruleMutation), - CommitNow: true, - }) + _, err = gc.Mutate(ruleMutation, true) require.Error(t, err, "Setting permission to 9 should have returned error") require.Contains(t, err.Error(), "Value for this predicate should be between 0 and 7") @@ -452,10 +432,7 @@ func (suite *AclTestSuite) TestWrongPermission() { _:rule1 "-1" . ` - _, err = gc.NewTxn().Mutate(ctx, &api.Mutation{ - SetNquads: []byte(ruleMutation), - CommitNow: true, - }) + _, err = gc.Mutate(ruleMutation, true) require.Error(t, err, "Setting permission to -1 should have returned error") require.Contains(t, err.Error(), "Value for this predicate should be between 0 and 7") diff --git a/ee/acl/acl_test.go b/ee/acl/acl_test.go index b390ee53e49..ec29e82592b 100644 --- a/ee/acl/acl_test.go +++ b/ee/acl/acl_test.go @@ -1570,9 +1570,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - if err := gc.Alter(context.Background(), &api.Operation{DropAll: true}); err != nil { - t.Fatal(err) - } + require.NoError(t, gc.DropAll()) op := api.Operation{Schema: ` name : string @index(exact) . @@ -1587,14 +1585,11 @@ func (suite *AclTestSuite) TestAllPredsPermission() { require.NoError(t, gc.Alter(ctx, &op)) resetUser(t, hc) - require.NoError(t, err, "login failed") require.NoError(t, hc.CreateGroup(devGroup)) require.NoError(t, hc.AddToGroup(userid, devGroup)) - txn := gc.NewTxn() - mutation := &api.Mutation{ - SetNquads: []byte(` + rdfs := ` _:a "RandomGuy" . _:a "23" . _:a "RG" . @@ -1603,10 +1598,8 @@ func (suite *AclTestSuite) TestAllPredsPermission() { _:b "25" . _:b "RG2" . _:b "TypeName" . - `), - CommitNow: true, - } - _, err = txn.Mutate(ctx, mutation) + ` + _, err = gc.Mutate(rdfs, true) require.NoError(t, err) query := `{q1(func: has(name)){ @@ -1619,7 +1612,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { }}` // Test that groot has access to all the predicates - resp, err := gc.NewReadOnlyTxn().Query(ctx, query) + resp, err := gc.Query(query) require.NoError(t, err, "Error while querying data") testutil.CompareJSON(t, `{"q1":[{"name":"RandomGuy","age":23},{"name":"RandomGuy2","age":25}],`+ @@ -1670,7 +1663,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { for _, tc := range tests { desc := tc.descriptionNoPerm t.Run(desc, func(t *testing.T) { - resp, err := userClient.NewTxn().Query(ctx, tc.input) + resp, err := userClient.Query(tc.input) require.NoError(t, err) testutil.CompareJSON(t, tc.outputNoPerm, string(resp.Json)) }) @@ -1682,37 +1675,32 @@ func (suite *AclTestSuite) TestAllPredsPermission() { require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) // Give read access of all predicates to dev - addRulesToGroup(t, hc, devGroup, []rule{{"dgraph.all", Read.Code}}) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"dgraph.all", Read.Code}})) time.Sleep(defaultTimeToSleep) for _, tc := range tests { desc := tc.descriptionNameAgePerm t.Run(desc, func(t *testing.T) { - resp, err := userClient.NewTxn().Query(ctx, tc.input) + resp, err := userClient.Query(tc.input) require.NoError(t, err) testutil.CompareJSON(t, tc.outputNameAgePerm, string(resp.Json)) }) } // Mutation shall fail. - mutation = &api.Mutation{ - SetNquads: []byte(` + rdfs = ` _:a "RandomGuy" . _:a "23" . _:a "TypeName" . - `), - CommitNow: true, - } - txn = userClient.NewTxn() - _, err = txn.Mutate(ctx, mutation) + ` + _, err = userClient.Mutate(rdfs, true) require.Error(t, err) require.Contains(t, err.Error(), "unauthorized to mutate") // Give write access of all predicates to dev. Now mutation should succeed. - addRulesToGroup(t, hc, devGroup, []rule{{"dgraph.all", Write.Code | Read.Code}}) - time.Sleep(defaultTimeToSleep) - txn = userClient.NewTxn() - _, err = txn.Mutate(ctx, mutation) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"dgraph.all", Write.Code | Read.Code}})) + + _, err = userClient.Mutate(rdfs, true) require.NoError(t, err) } @@ -1727,7 +1715,7 @@ func (suite *AclTestSuite) TestNewACLPredicates() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) userClient, _, err := suite.dc.Client() require.NoError(t, err) @@ -1858,7 +1846,7 @@ func (suite *AclTestSuite) TestDeleteRule() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - _ = addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) @@ -1870,28 +1858,27 @@ func (suite *AclTestSuite) TestDeleteRule() { require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) queryName := "{me(func: has(name)) {name}}" - resp, err := userClient.NewReadOnlyTxn().Query(ctx, queryName) + resp, err := userClient.Query(queryName) require.NoError(t, err, "Error while querying data") testutil.CompareJSON(t, `{"me":[{"name":"RandomGuy"},{"name":"RandomGuy2"}]}`, string(resp.GetJson())) - require.NoError(t, err, "login failed") - removeRuleFromGroup(t, hc, devGroup, "name") + require.NoError(t, hc.RemoveRuleFromGroup(devGroup, "name")) time.Sleep(defaultTimeToSleep) - resp, err = userClient.NewReadOnlyTxn().Query(ctx, queryName) + resp, err = userClient.Query(queryName) require.NoError(t, err, "Error while querying data") testutil.CompareJSON(t, string(resp.GetJson()), `{}`) } -func addDataAndRules(ctx context.Context, t *testing.T, dg *dgo.Dgraph, hc *dgraphtest.HTTPClient) map[string]string { - testutil.DropAll(t, dg) +func addDataAndRules(ctx context.Context, t *testing.T, gc *dgraphtest.GrpcClient, hc *dgraphtest.HTTPClient) { + require.NoError(t, gc.DropAll()) op := api.Operation{Schema: ` name : string @index(exact) . nickname : string @index(exact) . `} - require.NoError(t, dg.Alter(ctx, &op)) + require.NoError(t, gc.Alter(ctx, &op)) resetUser(t, hc) @@ -1913,10 +1900,7 @@ func addDataAndRules(ctx context.Context, t *testing.T, dg *dgo.Dgraph, hc *dgra _:r2 "nickname" . _:r2 "2" . ` - resp, err := dg.NewTxn().Mutate(ctx, &api.Mutation{ - SetNquads: []byte(devGroupMut), - CommitNow: true, - }) + _, err := gc.Mutate(devGroupMut, true) require.NoError(t, err, "Error adding group and permissions") idQuery := fmt.Sprintf(` @@ -1930,7 +1914,7 @@ func addDataAndRules(ctx context.Context, t *testing.T, dg *dgo.Dgraph, hc *dgra Predicate: "dgraph.user.group", ObjectId: "uid(gid)", } - _, err = dg.NewTxn().Do(ctx, &api.Request{ + _, err = gc.NewTxn().Do(ctx, &api.Request{ CommitNow: true, Query: idQuery, Mutations: []*api.Mutation{ @@ -1941,40 +1925,36 @@ func addDataAndRules(ctx context.Context, t *testing.T, dg *dgo.Dgraph, hc *dgra }) require.NoError(t, err, "Error adding user to dev group") - mutation := &api.Mutation{ - SetNquads: []byte(` + mutation := ` _:a "RandomGuy" . _:a "RG" . _:b "RandomGuy2" . _:b "25" . _:b "RG2" . - `), - CommitNow: true, - } - _, err = dg.NewTxn().Mutate(ctx, mutation) + ` + _, err = gc.Mutate(mutation, true) require.NoError(t, err) - return resp.GetUids() } -// func (suite *AclTestSuite) TestNonExistentGroup() { -// t := suite.T() -// t.Skip() -// // This test won't return an error anymore as if an update in a GraphQL mutation doesn't find -// // anything to update then it just returns an empty result. -// dg, err := testutil.DgraphClientWithGroot(testutil.SockAddr) -// require.NoError(t, err) +func (suite *AclTestSuite) TestNonExistentGroup() { + t := suite.T() + t.Skip() + ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second) + defer cancel() + // This test won't return an error anymore as if an update in a GraphQL mutation doesn't find + // anything to update then it just returns an empty result. -// testutil.DropAll(t, dg) + gc, cleanup, err := suite.dc.Client() + require.NoError(t, err) + defer cleanup() + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) -// token, err := testutil.HttpLogin(&testutil.LoginParams{ -// Endpoint: adminEndpoint, -// UserID: "groot", -// Passwd: "password", -// Namespace: x.GalaxyNamespace, -// }) -// require.NoError(t, err, "login failed") -// addRulesToGroup(t, token, devGroup, []rule{{"name", Read.Code}}) -// } + require.NoError(t, gc.DropAll()) + hc, err := suite.dc.HTTPClient() + require.NoError(t, err) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) +} func (suite *AclTestSuite) TestQueryUserInfo() { t := suite.T() @@ -1988,11 +1968,8 @@ func (suite *AclTestSuite) TestQueryUserInfo() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) - if err := hc.LoginIntoNamespace(userid, userpassword, 0); err != nil { - t.Fatal(err) - } - require.NoError(t, err, "login failed") + addDataAndRules(ctx, t, gc, hc) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) gqlQuery := ` query { @@ -2011,13 +1988,11 @@ func (suite *AclTestSuite) TestQueryUserInfo() { } } ` - params := dgraphtest.GraphQLParams{ Query: gqlQuery, } - gqlResp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - gqlResp.RequireNoGraphQLErrors(t) - + gqlResp, err := hc.RunGraphqlQuery(params, true) + require.NoError(t, err) testutil.CompareJSON(t, ` { "queryUser": [ @@ -2054,7 +2029,7 @@ func (suite *AclTestSuite) TestQueryUserInfo() { ] } ] - }`, string(gqlResp.Data)) + }`, string(gqlResp)) query := ` { @@ -2077,10 +2052,8 @@ func (suite *AclTestSuite) TestQueryUserInfo() { require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(userid, userpassword, 0); err != nil { - t.Fatal(err) - } - resp, err := userClient.NewReadOnlyTxn().Query(ctx, query) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + resp, err := userClient.Query(query) require.NoError(t, err, "Error while querying ACL") testutil.CompareJSON(t, `{"me":[]}`, string(resp.GetJson())) @@ -2103,8 +2076,8 @@ func (suite *AclTestSuite) TestQueryUserInfo() { params = dgraphtest.GraphQLParams{ Query: gqlQuery, } - gqlResp = makeRequestAndRefreshTokenIfNecessary(t, params, hc) - gqlResp.RequireNoGraphQLErrors(t) + gqlResp, err = hc.RunGraphqlQuery(params, true) + require.NoError(t, err) // The user should only be able to see their group dev and themselves as the user. testutil.CompareJSON(t, `{ "queryGroup": [ @@ -2137,7 +2110,7 @@ func (suite *AclTestSuite) TestQueryUserInfo() { } ] - }`, string(gqlResp.Data)) + }`, string(gqlResp)) gqlQuery = ` query { @@ -2157,9 +2130,9 @@ func (suite *AclTestSuite) TestQueryUserInfo() { params = dgraphtest.GraphQLParams{ Query: gqlQuery, } - gqlResp = makeRequestAndRefreshTokenIfNecessary(t, params, hc) - gqlResp.RequireNoGraphQLErrors(t) - testutil.CompareJSON(t, `{"getGroup": null}`, string(gqlResp.Data)) + gqlResp, err = hc.RunGraphqlQuery(params, true) + require.NoError(t, err) + testutil.CompareJSON(t, `{"getGroup": null}`, string(gqlResp)) } func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { @@ -2175,14 +2148,11 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) + require.NoError(t, gc.DropAll()) // Creates a user -- alice resetUser(t, hc) - txn := gc.NewTxn() - mutation := &api.Mutation{ - SetNquads: []byte(` + rdfs := ` _:a "RandomGuy" . _:a "23" . _:a "RG" . @@ -2191,17 +2161,16 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { _:b "25" . _:b "RG2" . _:b "TypeName" . - `), - CommitNow: true, - } - _, err = txn.Mutate(ctx, mutation) + ` + _, err = gc.Mutate(rdfs, true) require.NoError(t, err) require.NoError(t, hc.CreateGroup("alice")) - addToGroup(t, hc, userid, "alice") + require.NoError(t, hc.AddToGroup(userid, "alice")) // add rules to groups - addRulesToGroup(t, hc, "alice", []rule{{Predicate: "name", Permission: Read.Code}}) + require.NoError(t, hc.AddRulesToGroup("alice", + []dgraphtest.AclGrpRules{{Predicate: "name", Permission: Read.Code}})) query := ` { @@ -2213,9 +2182,8 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { ` suite.Upgrade(hc) dc, cleanup, err := suite.dc.Client() - if err := gc.LoginIntoNamespace(ctx, userid, userpassword, 0); err != nil { - t.Fatal(err) - } + require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, 0)) + testutil.PollTillPassOrTimeout(t, dc.Dgraph, query, `{"q":[{"name":"RandomGuy"},{"name":"RandomGuy2"}]}`, timeout) } @@ -2230,9 +2198,7 @@ func (suite *AclTestSuite) TestQueriesForNonGuardianUserWithoutGroup() { suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(userid, userpassword, 0); err != nil { - t.Fatal(err) - } + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) gqlQuery := ` query { @@ -2248,9 +2214,9 @@ func (suite *AclTestSuite) TestQueriesForNonGuardianUserWithoutGroup() { params := dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) - testutil.CompareJSON(t, `{"queryGroup": []}`, string(resp.Data)) + gqlResp, err := hc.RunGraphqlQuery(params, true) + require.NoError(t, err) + testutil.CompareJSON(t, `{"queryGroup": []}`, string(gqlResp)) gqlQuery = ` query { @@ -2266,9 +2232,9 @@ func (suite *AclTestSuite) TestQueriesForNonGuardianUserWithoutGroup() { params = dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp = makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) - testutil.CompareJSON(t, `{"queryUser": [{ "groups": [], "name": "alice"}]}`, string(resp.Data)) + gqlResp, err = hc.RunGraphqlQuery(params, true) + require.NoError(t, err) + testutil.CompareJSON(t, `{"queryUser": [{ "groups": [], "name": "alice"}]}`, string(gqlResp)) } func (suite *AclTestSuite) TestSchemaQueryWithACL() { @@ -2449,23 +2415,22 @@ func (suite *AclTestSuite) TestSchemaQueryWithACL() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) - resp, err := gc.NewReadOnlyTxn().Query(context.Background(), schemaQuery) + require.NoError(t, gc.DropAll()) + resp, err := gc.Query(schemaQuery) require.NoError(t, err) require.JSONEq(t, grootSchema, string(resp.GetJson())) // add another user and some data for that user with permissions on predicates resetUser(t, hc) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) time.Sleep(defaultTimeToSleep) // wait for ACL cache to refresh, otherwise it will be flaky test suite.Upgrade(hc) // the other user should be able to view only the part of schema for which it has read access gc, _, err = suite.dc.Client() require.NoError(t, err) require.NoError(t, gc.LoginIntoNamespace(context.Background(), userid, userpassword, x.GalaxyNamespace)) - resp, err = gc.NewReadOnlyTxn().Query(context.Background(), schemaQuery) + resp, err = gc.Query(schemaQuery) require.NoError(t, err) require.JSONEq(t, aliceSchema, string(resp.GetJson())) } @@ -2483,13 +2448,13 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) resetUser(t, hc) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - _ = deleteUser(t, hc, userid, true) + require.NoError(t, hc.DeleteUser(userid)) gqlQuery := ` query { @@ -2502,9 +2467,9 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { params := dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) - require.JSONEq(t, `{"queryUser":[{"name":"groot"}]}`, string(resp.Data)) + gqlResp, err := hc.RunGraphqlQuery(params, true) + require.NoError(t, err) + require.JSONEq(t, `{"queryUser":[{"name":"groot"}]}`, string(gqlResp)) // The user should also be deleted from the dev group. gqlQuery = ` @@ -2521,8 +2486,8 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { params = dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp = makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + gqlResp, err = hc.RunGraphqlQuery(params, true) + require.NoError(t, err) testutil.CompareJSON(t, `{ "queryGroup": [ { @@ -2546,7 +2511,7 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { "users": [] } ] - }`, string(resp.Data)) + }`, string(gqlResp)) } func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { @@ -2562,14 +2527,14 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) resetUser(t, hc) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - _ = deleteGroup(t, hc, "dev-a", true) + require.NoError(t, hc.DeleteGroup("dev-a")) gqlQuery := ` query { @@ -2582,8 +2547,8 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { params := dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + gqlResp, err := hc.RunGraphqlQuery(params, true) + require.NoError(t, err) testutil.CompareJSON(t, `{ "queryGroup": [ { @@ -2596,7 +2561,7 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { "name": "dev-b" } ] - }`, string(resp.Data)) + }`, string(gqlResp)) gqlQuery = ` query { @@ -2612,8 +2577,8 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { params = dgraphtest.GraphQLParams{ Query: gqlQuery, } - resp = makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + gqlResp, err = hc.RunGraphqlQuery(params, true) + require.NoError(t, err) testutil.CompareJSON(t, `{ "getUser": { "name": "alice", @@ -2623,29 +2588,27 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { } ] } - }`, string(resp.Data)) + }`, string(gqlResp)) } func assertNonGuardianFailure(t *testing.T, queryName string, respIsNull bool, params dgraphtest.GraphQLParams, hc *dgraphtest.HTTPClient) { resetUser(t, hc) - if err := hc.LoginIntoNamespace(userid, userpassword, 0); err != nil { - t.Fatal(err) - } - resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - - require.Len(t, resp.Errors, 1) - require.Contains(t, resp.Errors[0].Message, "rpc error: code = PermissionDenied") - require.Contains(t, resp.Errors[0].Message, fmt.Sprintf( + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + gqlResp, err := hc.RunGraphqlQuery(params, true) + require.NoError(t, err) + require.Len(t, err.Error(), 1) + require.Contains(t, err.Error(), "rpc error: code = PermissionDenied") + require.Contains(t, err.Error(), fmt.Sprintf( "Only guardians are allowed access. User '%s' is not a member of guardians group.", userid)) - if len(resp.Data) != 0 { + if len(gqlResp) != 0 { queryVal := "null" if !respIsNull { queryVal = "[]" } - require.JSONEq(t, fmt.Sprintf(`{"%s": %s}`, queryName, queryVal), string(resp.Data)) + require.JSONEq(t, fmt.Sprintf(`{"%s": %s}`, queryName, queryVal), string(gqlResp)) } } @@ -2719,7 +2682,7 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { require.ElementsMatch(t, []rule{updatedRules[0], updatedRules[2]}, updatedGroup1.Rules) // cleanup - _ = deleteGroup(t, hc, groupName, true) + require.NoError(t, hc.DeleteGroup(groupName)) } func (suite *AclTestSuite) TestAllowUIDAccess() { @@ -2734,8 +2697,7 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) + require.NoError(t, gc.DropAll()) op := api.Operation{Schema: ` name : string @index(exact) . `} @@ -2743,22 +2705,18 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { resetUser(t, hc) - require.NoError(t, err, "login failed") require.NoError(t, hc.CreateGroup(devGroup)) require.NoError(t, hc.AddToGroup(userid, devGroup)) require.NoError(t, suite.dc.AssignUids(gc.Dgraph, 101)) - mutation := &api.Mutation{ - SetNquads: []byte(` + rdf := ` <100> "100th User" . - `), - CommitNow: true, - } - _, err = gc.NewTxn().Mutate(ctx, mutation) + ` + _, err = gc.Mutate(rdf, true) require.NoError(t, err) // give read access of to alice - addRulesToGroup(t, hc, devGroup, []rule{{"name", Read.Code}}) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) suite.Upgrade(hc) userClient, cancel, err := suite.dc.Client() require.NoError(t, err) @@ -2776,7 +2734,7 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { } ` - resp, err := userClient.NewReadOnlyTxn().Query(ctx, uidQuery) + resp, err := userClient.Query(uidQuery) require.NoError(t, err) testutil.CompareJSON(t, `{"me":[{"name":"100th User", "uid": "0x64"}]}`, string(resp.GetJson())) } @@ -2794,8 +2752,7 @@ func (suite *AclTestSuite) TestAddNewPredicate() { require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) + require.NoError(t, gc.DropAll()) resetUser(t, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() @@ -2812,7 +2769,7 @@ func (suite *AclTestSuite) TestAddNewPredicate() { }) require.Error(t, err, "User can't create new predicate. Alter should have returned error.") - addToGroup(t, hc, userid, "guardians") + require.NoError(t, hc.AddToGroup(userid, "guardians")) time.Sleep(expireJwtSleep) // Alice is a guardian now, it can create new predicate. @@ -2835,8 +2792,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) + require.NoError(t, gc.DropAll()) err = gc.Alter(ctx, &api.Operation{ Schema: `newpred: string .`, @@ -2857,7 +2813,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { // create 8 users. for i := 0; i < 8; i++ { userIdx := strconv.Itoa(i) - createUser(t, hc, "user"+userIdx, "password"+userIdx) + require.NoError(t, hc.CreateUser("user"+userIdx, "password"+userIdx)) } // add users to groups. we create all possible combination @@ -2865,20 +2821,20 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { for i := 0; i < 8; i++ { userIdx := strconv.Itoa(i) if i&1 > 0 { - addToGroup(t, hc, "user"+userIdx, "alterer") + require.NoError(t, hc.AddToGroup("user"+userIdx, "alterer")) } if i&2 > 0 { - addToGroup(t, hc, "user"+userIdx, "writer") + require.NoError(t, hc.AddToGroup("user"+userIdx, "writer")) } if i&4 > 0 { - addToGroup(t, hc, "user"+userIdx, "reader") + require.NoError(t, hc.AddToGroup("user"+userIdx, "reader")) } } time.Sleep(defaultTimeToSleep) // operations - dgQuery := func(client *dgo.Dgraph, shouldFail bool, user string) { - _, err := client.NewTxn().Query(ctx, ` + dgQuery := func(client *dgraphtest.GrpcClient, shouldFail bool, user string) { + _, err := client.Query(` { me(func: has(newpred)) { newpred @@ -2888,7 +2844,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { require.True(t, (err != nil) == shouldFail, "Query test Failed for: "+user+", shouldFail: "+strconv.FormatBool(shouldFail)) } - dgMutation := func(client *dgo.Dgraph, shouldFail bool, user string) { + dgMutation := func(client *dgraphtest.GrpcClient, shouldFail bool, user string) { _, err := client.NewTxn().Mutate(ctx, &api.Mutation{ Set: []*api.NQuad{ { @@ -2902,7 +2858,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { require.True(t, (err != nil) == shouldFail, "Mutation test failed for: "+user+", shouldFail: "+strconv.FormatBool(shouldFail)) } - dgAlter := func(client *dgo.Dgraph, shouldFail bool, user string) { + dgAlter := func(client *dgraphtest.GrpcClient, shouldFail bool, user string) { err := client.Alter(ctx, &api.Operation{Schema: `newpred: string @index(exact) .`}) require.True(t, (err != nil) == shouldFail, "Alter test failed for: "+user+", shouldFail: "+strconv.FormatBool(shouldFail)) @@ -2922,9 +2878,9 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { err = userClient.LoginIntoNamespace(ctx, "user"+userIdx, "password"+userIdx, x.GalaxyNamespace) require.NoError(t, err, "Login error") - dgQuery(userClient.Dgraph, false, "user"+userIdx) // Query won't fail, will return empty result instead. - dgMutation(userClient.Dgraph, i&2 == 0, "user"+userIdx) - dgAlter(userClient.Dgraph, i&1 == 0, "user"+userIdx) + dgQuery(userClient, false, "user"+userIdx) // Query won't fail, will return empty result instead. + dgMutation(userClient, i&2 == 0, "user"+userIdx) + dgAlter(userClient, i&1 == 0, "user"+userIdx) } } @@ -2940,9 +2896,7 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - - err = gc.Alter(context.Background(), &api.Operation{DropAll: true}) - require.NoError(t, err) + require.NoError(t, gc.DropAll()) err = gc.Alter(ctx, &api.Operation{ Schema: ` @@ -2953,21 +2907,18 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { }) require.NoError(t, err) - data := &api.Mutation{ - SetNquads: []byte(` + rdfs := ` _:u1 "RandomGuy" . _:u1 "r1" . - `), - CommitNow: true, - } - _, err = gc.NewTxn().Mutate(ctx, data) + ` + _, err = gc.Mutate(rdfs, true) require.NoError(t, err) resetUser(t, hc) - createUser(t, hc, userid, userpassword) + require.NoError(t, hc.CreateUser(userid, userpassword)) require.NoError(t, hc.CreateGroup(devGroup)) require.NoError(t, hc.AddToGroup(userid, devGroup)) - addRulesToGroup(t, hc, devGroup, []rule{ + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{ { Predicate: "name", Permission: Read.Code | Write.Code, @@ -2980,7 +2931,8 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { Predicate: "age", Permission: Write.Code, }, - }) + })) + time.Sleep(defaultTimeToSleep) query := ` @@ -3021,7 +2973,7 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { } ` - resp, err := userClient.NewReadOnlyTxn().Query(ctx, query) + resp, err := userClient.Query(query) require.NoError(t, err) testutil.CompareJSON(t, `{"me": [{"name":"r1","nickname":"r1"}]}`, string(resp.GetJson())) @@ -3039,15 +2991,15 @@ func (suite *AclTestSuite) TestDeleteGuardiansGroupShouldFail() { require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - resp := deleteGroup(t, hc, "guardians", false) - require.Contains(t, resp.Errors.Error(), + err = hc.DeleteGroup("guardians") + require.Contains(t, err.Error(), "guardians group and groot user cannot be deleted.") } @@ -3062,13 +3014,13 @@ func (suite *AclTestSuite) TestDeleteGrootUserShouldFail() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - resp := deleteUser(t, hc, "groot", false) - require.Contains(t, resp.Errors.Error(), + err = hc.DeleteGroup("groot") + require.Contains(t, err.Error(), "guardians group and groot user cannot be deleted.") } @@ -3083,7 +3035,7 @@ func (suite *AclTestSuite) TestDeleteGrootUserFromGuardiansGroupShouldFail() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) @@ -3104,33 +3056,35 @@ func (suite *AclTestSuite) TestDeleteGrootAndGuardiansUsingDelNQuadShouldFail() hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) - require.NoError(t, err, "login failed") gc, cleanup, err = suite.dc.Client() require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) defer cleanup() grootUid, guardiansUid := getGrootAndGuardiansUid(t, gc.Dgraph) + mutString := fmt.Sprintf("%s %s %s .", "<"+grootUid+">", "*", "*") // Try deleting groot user - _, err = deleteUsingNQuad(gc.Dgraph, "<"+grootUid+">", "*", "*") + _, err = gc.Mutate(mutString, false) require.Error(t, err, "Deleting groot user should have returned an error") require.Contains(t, err.Error(), "Properties of guardians group and groot user cannot be deleted") + mutString = fmt.Sprintf("%s %s %s .", "<"+guardiansUid+">", "*", "*") + // Try deleting guardians group - _, err = deleteUsingNQuad(gc.Dgraph, "<"+guardiansUid+">", "*", "*") + _, err = gc.Mutate(mutString, false) require.Error(t, err, "Deleting guardians group should have returned an error") require.Contains(t, err.Error(), "Properties of guardians group and groot user cannot be deleted") } func deleteGuardiansGroupAndGrootUserShouldFail(t *testing.T, hc *dgraphtest.HTTPClient) { // Try deleting guardians group should fail - resp := deleteGroup(t, hc, "guardians", false) - require.Contains(t, resp.Errors.Error(), + err := hc.DeleteUser("guardians") + require.Contains(t, err.Error(), "guardians group and groot user cannot be deleted.") // Try deleting groot user should fail - resp = deleteUser(t, hc, "groot", false) - require.Contains(t, resp.Errors.Error(), + err = hc.DeleteUser("groot") + require.Contains(t, err.Error(), "guardians group and groot user cannot be deleted.") } @@ -3145,7 +3099,7 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - addDataAndRules(ctx, t, gc.Dgraph, hc) + addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) @@ -3153,10 +3107,9 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { defer cleanup() hc, err = suite.dc.HTTPClient() require.NoError(t, err) - if err := hc.LoginIntoNamespace(x.GrootId, dgraphtest.DefaultPassword, 0); err != nil { - t.Fatal(err) - } + require.NoError(t, hc.LoginIntoNamespace(x.GrootId, dgraphtest.DefaultPassword, 0)) // Try Drop All + require.NoError(t, gc.DropAll()) op := api.Operation{ DropAll: true, DropOp: api.Operation_ALL,