From e03168f81a9b44b5aae6dc82d7af5643404b82ec Mon Sep 17 00:00:00 2001 From: shivaji-dgraph Date: Mon, 17 Apr 2023 17:10:02 +0530 Subject: [PATCH] Resolved review comments --- dgraphtest/{acl_cluster.go => acl.go} | 142 +--- dgraphtest/cluster.go | 19 +- ee/acl/acl_test.go | 604 ++++++++++-------- ee/acl/integration_test.go | 2 +- ee/acl/upgrade_test.go | 2 +- .../incremental_restore_test.go | 5 +- 6 files changed, 377 insertions(+), 397 deletions(-) rename dgraphtest/{acl_cluster.go => acl.go} (72%) diff --git a/dgraphtest/acl_cluster.go b/dgraphtest/acl.go similarity index 72% rename from dgraphtest/acl_cluster.go rename to dgraphtest/acl.go index ee7295e7c7f..94790ad9737 100644 --- a/dgraphtest/acl_cluster.go +++ b/dgraphtest/acl.go @@ -22,13 +22,13 @@ import ( "github.com/pkg/errors" ) -type AclGrpRules struct { +type AclGroupRules struct { Predicate string `json:"predicate"` Permission int32 `json:"permission"` } type AclGroup struct { - Name string `json:"name"` - Rules []AclGrpRules `json:"rules"` + Name string `json:"name"` + Rules []AclGroupRules `json:"rules"` } func (hc *HTTPClient) GetCurrentUser() (string, error) { @@ -45,21 +45,19 @@ func (hc *HTTPClient) GetCurrentUser() (string, error) { if err != nil { return "", err } - var currentUserResp struct { + var userResp struct { GetCurrentUser struct { Name string } } - if err := json.Unmarshal(resp, ¤tUserResp); err != nil { - errors.Wrapf(err, "error unmarshalling getCurrentUser response %v") + if err := json.Unmarshal(resp, &userResp); err != nil { + return "", errors.Wrapf(err, "error unmarshalling getCurrentUser response %v") } - return currentUserResp.GetCurrentUser.Name, nil + return userResp.GetCurrentUser.Name, nil } func (hc *HTTPClient) DeleteUser(username string) error { - - delUser := ` - mutation deleteUser($name: String!) { + delUser := `mutation deleteUser($name: String!) { deleteUser(filter: {name: {eq: $name}}) { msg numUids @@ -73,15 +71,11 @@ func (hc *HTTPClient) DeleteUser(username string) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } func (hc *HTTPClient) CreateUser(username, password string) error { - addUser := ` - mutation addUser($name: String!, $pass: String!) { + addUser := `mutation addUser($name: String!, $pass: String!) { addUser(input: [{name: $name, password: $pass}]) { user { name @@ -97,15 +91,11 @@ func (hc *HTTPClient) CreateUser(username, password string) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } func (hc *HTTPClient) CreateGroup(name string) error { - addGroup := ` - mutation addGroup($name: String!) { + addGroup := `mutation addGroup($name: String!) { addGroup(input: [{name: $name}]) { group { name @@ -120,24 +110,12 @@ func (hc *HTTPClient) CreateGroup(name string) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } -func (hc *HTTPClient) AddRulesToGroup(group string, rules []AclGrpRules) error { +func (hc *HTTPClient) AddRulesToGroup(group string, rules []AclGroupRules) error { addRuleToGroup := `mutation updateGroup($name: String!, $rules: [RuleRef!]!) { - updateGroup(input: { - filter: { - name: { - eq: $name - } - }, - set: { - rules: $rules - } - }) { + updateGroup(input: {filter: {name: {eq: $name}},set: {rules: $rules}}) { group { name rules { @@ -156,26 +134,12 @@ func (hc *HTTPClient) AddRulesToGroup(group string, rules []AclGrpRules) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } -func (hc *HTTPClient) AddToGroup(userName, group string) error { +func (hc *HTTPClient) AddUserToGroup(userName, group string) error { addUserToGroup := `mutation updateUser($name: String!, $group: String!) { - updateUser(input: { - filter: { - name: { - eq: $name - } - }, - set: { - groups: [ - { name: $group } - ] - } - }) { + updateUser(input: {filter: {name: {eq: $name}},set: {groups: [{ name: $group }]}}) { user { name groups { @@ -193,24 +157,12 @@ func (hc *HTTPClient) AddToGroup(userName, group string) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } func (hc *HTTPClient) RemoveUserFromGroup(userName, groupName string) error { removeUserGroups := `mutation updateUser($name: String!, $groupName: String!) { - updateUser(input: { - filter: { - name: { - eq: $name - } - }, - remove: { - groups: [{ name: $groupName }] - } - }) { + updateUser(input: {filter: {name: {eq: $name}},remove: {groups: [{ name: $groupName }]}}) { user { name groups { @@ -227,26 +179,13 @@ func (hc *HTTPClient) RemoveUserFromGroup(userName, groupName string) error { "groupName": groupName, }, } - _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } -func (hc *HTTPClient) RemoveRuleFromGroup(group string, rulePredicate string) error { +func (hc *HTTPClient) RemovePredicateFromGroup(group string, predicate string) error { removeRuleFromGroup := `mutation updateGroup($name: String!, $rules: [String!]!) { - updateGroup(input: { - filter: { - name: { - eq: $name - } - }, - remove: { - rules: $rules - } - }) { + updateGroup(input: {filter: {name: {eq: $name}},remove: {rules: $rules}}) { group { name rules { @@ -261,19 +200,15 @@ func (hc *HTTPClient) RemoveRuleFromGroup(group string, rulePredicate string) er Query: removeRuleFromGroup, Variables: map[string]interface{}{ "name": group, - "rules": []string{rulePredicate}, + "rules": []string{predicate}, }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } func (hc *HTTPClient) DeleteGroup(name string) error { - delGroup := ` - mutation deleteGroup($name: String!) { + delGroup := `mutation deleteGroup($name: String!) { deleteGroup(filter: {name: {eq: $name}}) { msg numUids @@ -287,16 +222,12 @@ func (hc *HTTPClient) DeleteGroup(name string) error { }, } _, err := hc.RunGraphqlQuery(params, true) - if err != nil { - return err - } - return nil + return err } -func (hc *HTTPClient) CreateGroupWithRules(name string, rules []AclGrpRules) (*AclGroup, error) { +func (hc *HTTPClient) CreateGroupWithRules(name string, rules []AclGroupRules) (*AclGroup, error) { queryParams := GraphQLParams{ - Query: ` - mutation addGroup($name: String!, $rules: [RuleRef]){ + Query: `mutation addGroup($name: String!, $rules: [RuleRef]){ addGroup(input: [ { name: $name @@ -337,20 +268,11 @@ func (hc *HTTPClient) CreateGroupWithRules(name string, rules []AclGrpRules) (*A return &addGroupResp.AddGroup.Group[0], nil } -func (hc *HTTPClient) UpdateGroup(name string, setRules []AclGrpRules, +func (hc *HTTPClient) UpdateGroup(name string, setRules []AclGroupRules, removeRules []string) (*AclGroup, error) { queryParams := GraphQLParams{ - Query: ` - mutation updateGroup($name: String!, $set: SetGroupPatch, $remove: RemoveGroupPatch){ - updateGroup(input: { - filter: { - name: { - eq: $name - } - } - set: $set - remove: $remove - }) { + Query: `mutation updateGroup($name: String!, $set: SetGroupPatch, $remove: RemoveGroupPatch){ + updateGroup(input: {filter: {name: {eq: $name}}set: $set remove: $remove}) { group { name rules { diff --git a/dgraphtest/cluster.go b/dgraphtest/cluster.go index 640ee529bd3..260a175aaa2 100644 --- a/dgraphtest/cluster.go +++ b/dgraphtest/cluster.go @@ -29,7 +29,6 @@ import ( "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/pkg/errors" - "github.com/stretchr/testify/require" "github.com/dgraph-io/dgo/v210" "github.com/dgraph-io/dgo/v210/protos/api" @@ -407,19 +406,12 @@ func (gc *GrpcClient) DropAll() error { } // Mutate performs a given mutation in a txn -func (gc *GrpcClient) Mutate(rdfs string, SetNQuads bool) (*api.Response, error) { +func (gc *GrpcClient) Mutate(mu *api.Mutation) (*api.Response, error) { txn := gc.NewTxn() defer func() { _ = txn.Discard(context.Background()) }() ctx, cancel := context.WithTimeout(context.Background(), requestTimeout) defer cancel() - var mu *api.Mutation - if SetNQuads { - mu = &api.Mutation{SetNquads: []byte(rdfs), CommitNow: true} - } else { - mu = &api.Mutation{DelNquads: []byte(rdfs), CommitNow: true} - } - return txn.Mutate(ctx, mu) } @@ -485,12 +477,3 @@ func isParent(ancestor, descendant string) (bool, error) { } return isParentCommit, nil } - -func (resp *GraphQLResponse) RequireNoGraphQLErrors(t *testing.T) { - if resp == nil { - require.Fail(t, "got nil response") - } else { - require.Nil(t, resp.Errors, "required no GraphQL errors, but received :\n%s", - resp.Errors.Error()) - } -} diff --git a/ee/acl/acl_test.go b/ee/acl/acl_test.go index 2df90c384bd..ceba5fef40d 100644 --- a/ee/acl/acl_test.go +++ b/ee/acl/acl_test.go @@ -117,13 +117,14 @@ func deleteUser(t *testing.T, hc *dgraphtest.HTTPClient, username string, resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) if confirmDeletion { - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) require.JSONEq(t, `{"deleteUser":{"msg":"Deleted","numUids":1}}`, string(resp.Data)) } return resp } -func deleteGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string, confirmDeletion bool) *dgraphtest.GraphQLResponse { +func deleteGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string, + confirmDeletion bool) *dgraphtest.GraphQLResponse { delGroup := ` mutation deleteGroup($name: String!) { deleteGroup(filter: {name: {eq: $name}}) { @@ -141,29 +142,18 @@ func deleteGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string, confirmDe resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) if confirmDeletion { - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) require.JSONEq(t, `{"deleteGroup":{"msg":"Deleted","numUids":1}}`, string(resp.Data)) } return resp } -func deleteUsingNQuad(userClient *dgo.Dgraph, sub, pred, val string) (*api.Response, error) { - ctx := context.Background() - txn := userClient.NewTxn() - mutString := fmt.Sprintf("%s %s %s .", sub, pred, val) - mutation := &api.Mutation{ - DelNquads: []byte(mutString), - CommitNow: true, - } - return txn.Mutate(ctx, mutation) -} - func (suite *AclTestSuite) TestGetCurrentUser() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, 0), "login failed") + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace), "login failed") currentUser, err := hc.GetCurrentUser() require.Equal(t, currentUser, "groot") // clean up the user to allow repeated running of this test @@ -175,7 +165,8 @@ func (suite *AclTestSuite) TestGetCurrentUser() { suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace), "login failed") + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, + dgraphtest.GalaxyNamespace), "login failed") currentUser, err = hc.GetCurrentUser() require.Equal(t, currentUser, "hamilton") @@ -190,11 +181,12 @@ func (suite *AclTestSuite) TestCreateAndDeleteUsers() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) // adding the user again should fail - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.Equal(t, "error while running admin query: couldn't rewrite mutation addUser because failed to "+ "rewrite mutation payload because id alice already exists for field name inside type User", hc.CreateUser(userid, userpassword).Error()) - // checkUserCount(t, resp.Data, 0) + // checkUserCount(t, resp.Data, dgraphtest.GalaxyNamespace) // delete the user require.NoError(t, hc.DeleteUser(userid), "error while deleteing user") @@ -202,7 +194,8 @@ func (suite *AclTestSuite) TestCreateAndDeleteUsers() { } func resetUser(t *testing.T, hc *dgraphtest.HTTPClient) { - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // clean up the user to allow repeated running of this test require.NoError(t, hc.DeleteUser(userid), "error while deleteing user") glog.Infof("deleted user") @@ -219,7 +212,8 @@ func (suite *AclTestSuite) TestPreDefinedPredicates() { require.NoError(t, err) defer cleanup() ctx := context.Background() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) alterPreDefinedPredicates(t, gc.Dgraph) } @@ -231,7 +225,8 @@ func (suite *AclTestSuite) TestPreDefinedTypes() { require.NoError(t, err) defer cleanup() ctx := context.Background() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) alterPreDefinedTypes(t, gc.Dgraph) } @@ -324,9 +319,10 @@ func testAuthorization(t *testing.T, gc *dgraphtest.GrpcClient, hc *dgraphtest.H require.NoError(t, err) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, x.GalaxyNamespace)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) ctx := context.Background() - require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // initially the query should return empty result, mutate and alter // operations should all fail when there are no rules defined on the predicates queryWithShouldFail(t, gc, false, query) @@ -454,7 +450,8 @@ func queryWithShouldFail(t *testing.T, gc *dgraphtest.GrpcClient, shouldFail boo } func mutatePredicateWithUserAccount(t *testing.T, gc *dgraphtest.GrpcClient, shouldFail bool) { - _, err := gc.Mutate(fmt.Sprintf(`_:a <%s> "string" .`, predicateToWrite), true) + mu := &api.Mutation{SetNquads: []byte(fmt.Sprintf(`_:a <%s> "string" .`, predicateToWrite)), CommitNow: true} + _, err := gc.Mutate(mu) if shouldFail { require.Error(t, err, "the mutation should have failed") } else { @@ -477,7 +474,7 @@ func alterPredicateWithUserAccount(t *testing.T, gc *dgraphtest.GrpcClient, shou func createAccountAndData(t *testing.T, gc *dgraphtest.GrpcClient, hc *dgraphtest.HTTPClient) { // use the groot account to clean the database ctx := context.Background() - require.NoError(t, gc.LoginIntoNamespace(ctx, x.GrootId, "password", x.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(ctx, x.GrootId, "password", dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll(), "Unable to cleanup db") require.NoError(t, gc.Alter(ctx, &api.Operation{ @@ -490,12 +487,9 @@ func createAccountAndData(t *testing.T, gc *dgraphtest.GrpcClient, hc *dgraphtes // create some data, e.g. user with name alice resetUser(t, hc) - txn := gc.NewTxn() - _, err := txn.Mutate(ctx, &api.Mutation{ - SetNquads: []byte(fmt.Sprintf("_:a <%s> \"SF\" .", predicateToRead)), - }) + mu := &api.Mutation{SetNquads: []byte(fmt.Sprintf("_:a <%s> \"SF\" .", predicateToRead)), CommitNow: true} + _, err := gc.Mutate(mu) require.NoError(t, err) - require.NoError(t, txn.Commit(ctx)) } func createGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string) []byte { @@ -515,7 +509,7 @@ func createGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string) []byte { }, } resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) return resp.Data } @@ -544,7 +538,7 @@ func createGroupWithRules(t *testing.T, hc *dgraphtest.HTTPClient, name string, }, } resp := makeRequestAndRefreshTokenIfNecessary(t, queryParams, hc) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) var addGroupResp struct { AddGroup struct { @@ -597,7 +591,7 @@ func updateGroup(t *testing.T, hc *dgraphtest.HTTPClient, name string, setRules } } resp := makeRequestAndRefreshTokenIfNecessary(t, queryParams, hc) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) var result struct { UpdateGroup struct { @@ -655,7 +649,7 @@ func addToGroup(t *testing.T, hc *dgraphtest.HTTPClient, userName, group string) }, } resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) var result struct { UpdateUser struct { @@ -727,7 +721,7 @@ func addRulesToGroup(t *testing.T, hc *dgraphtest.HTTPClient, group string, rule }, } resp := makeRequestAndRefreshTokenIfNecessary(t, params, hc) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) rulesb, err := json.Marshal(rules) require.NoError(t, err) expectedOutput := fmt.Sprintf(`{ @@ -749,10 +743,10 @@ func createGroupAndAcls(t *testing.T, group string, addUserToGroup bool, hc *dgr // add the user to the group if addUserToGroup { - require.NoError(t, hc.AddToGroup(userid, group)) + require.NoError(t, hc.AddUserToGroup(userid, group)) } - rules := []dgraphtest.AclGrpRules{ + rules := []dgraphtest.AclGroupRules{ { predicateToRead, Read.Code, }, @@ -787,20 +781,24 @@ func (suite *AclTestSuite) TestPredicatePermission() { defer cleanup() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) createAccountAndData(t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) - require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace), + require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace), "Logging in with the current password should have succeeded") // Schema query is allowed to all logged in users. @@ -834,8 +832,10 @@ func (suite *AclTestSuite) TestAccessWithoutLoggingIn() { defer cleanup() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) createAccountAndData(t, gc, hc) suite.Upgrade(hc) @@ -864,7 +864,8 @@ func (suite *AclTestSuite) TestUnauthorizedDeletion() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -874,28 +875,29 @@ func (suite *AclTestSuite) TestUnauthorizedDeletion() { require.NoError(t, gc.Alter(ctx, &op)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) resetUser(t, hc) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - rdf := fmt.Sprintf("_:a <%s> \"testdata\" .", unAuthPred) - resp, err := gc.Mutate(rdf, true) + mu := &api.Mutation{SetNquads: []byte(fmt.Sprintf("_:a <%s> \"testdata\" .", unAuthPred)), CommitNow: true} + resp, err := gc.Mutate(mu) require.NoError(t, err) nodeUID, ok := resp.Uids["a"] require.True(t, ok) - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{unAuthPred, 0}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{unAuthPred, 0}})) suite.Upgrade(hc) userClient, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) - mutString := fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "<"+unAuthPred+">", "*") - _, err = userClient.Mutate(mutString, false) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) + mu = &api.Mutation{DelNquads: []byte(fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "<"+unAuthPred+">", "*")), CommitNow: true} + _, err = userClient.Mutate(mu) require.Error(t, err) require.Contains(t, err.Error(), "PermissionDenied") @@ -911,21 +913,23 @@ func (suite *AclTestSuite) TestGuardianAccess() { defer cleanup() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) op := api.Operation{Schema: "unauthpred: string @index(exact) ."} require.NoError(t, gc.Dgraph.Alter(ctx, &op)) require.NoError(t, hc.CreateUser("guardian", "guardianpass")) - require.NoError(t, hc.AddToGroup("guardian", "guardians")) + require.NoError(t, hc.AddUserToGroup("guardian", "guardians")) - mutation := &api.Mutation{ + mu := &api.Mutation{ SetNquads: []byte("_:a \"testdata\" ."), CommitNow: true, } - resp, err := gc.NewTxn().Mutate(ctx, mutation) + resp, err := gc.Mutate(mu) require.NoError(t, err) nodeUID, ok := resp.Uids["a"] @@ -935,10 +939,12 @@ func (suite *AclTestSuite) TestGuardianAccess() { suite.Upgrade(hc) gClient, cleanup, err := suite.dc.Client() require.NoError(t, err, "Error while creating client") - require.NoError(t, gClient.LoginIntoNamespace(ctx, "guardian", "guardianpass", x.GalaxyNamespace)) - - mutString := fmt.Sprintf("<%s> \"testdata\" .", nodeUID) - _, err = gClient.Mutate(mutString, true) + require.NoError(t, gClient.LoginIntoNamespace(ctx, "guardian", "guardianpass", dgraphtest.GalaxyNamespace)) + mu = &api.Mutation{ + SetNquads: []byte(fmt.Sprintf("<%s> \"testdata\" .", nodeUID)), + CommitNow: true, + } + _, err = gClient.Mutate(mu) require.NoError(t, err, "Error while mutating unauthorized predicate") query := ` @@ -956,7 +962,8 @@ func (suite *AclTestSuite) TestGuardianAccess() { require.NoError(t, gClient.Alter(ctx, &op), "Error while altering unauthorized predicate") hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, hc.RemoveUserFromGroup("guardian", "guardians")) // gqlResp.RequireNoGraphQLErrors(t) @@ -969,7 +976,7 @@ func (suite *AclTestSuite) TestGuardianAccess() { func addNewUserToGroup(t *testing.T, userName, password, groupName string, hc *dgraphtest.HTTPClient) { resp := createUser(t, hc, userName, password) - resp.RequireNoGraphQLErrors(t) + // resp.RequireNoGraphQLErrors(t) checkUserCount(t, resp.Data, 1) addToGroup(t, hc, userName, groupName) @@ -1017,10 +1024,12 @@ func (suite *AclTestSuite) TestQueryRemoveUnauthorizedPred() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -1037,9 +1046,9 @@ func (suite *AclTestSuite) TestQueryRemoveUnauthorizedPred() { resetUser(t, hc) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - muString := ` + mu := &api.Mutation{SetNquads: []byte(` _:a "RandomGuy" . _:a "23" . _:a "RG" . @@ -1048,20 +1057,20 @@ func (suite *AclTestSuite) TestQueryRemoveUnauthorizedPred() { _:b "25" . _:b "RG2" . _:b "TypeName" . - ` + `), CommitNow: true} - _, err = gc.Mutate(muString, true) + _, err = gc.Mutate(mu) require.NoError(t, err) // give read access of to alice - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}})) suite.Upgrade(hc) userClient, cleanup, err := suite.dc.Client() // defer cleanup() require.NoError(t, err) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) tests := []struct { input string @@ -1158,10 +1167,12 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -1183,11 +1194,11 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { require.NoError(t, hc.CreateGroup(sreGroup)) require.NoError(t, hc.AddRulesToGroup(sreGroup, - []dgraphtest.AclGrpRules{{"age", Read.Code}, {"name", Write.Code}})) + []dgraphtest.AclGroupRules{{"age", Read.Code}, {"name", Write.Code}})) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - rdfs := ` + mu := &api.Mutation{SetNquads: []byte(` _:a "RandomGuy" . _:a "23" . _:a "RG" . @@ -1196,8 +1207,8 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { _:b "25" . _:b "RG2" . _:b "TypeName" . - ` - _, err = gc.Mutate(rdfs, true) + `), CommitNow: true} + _, err = gc.Mutate(mu) require.NoError(t, err) query := "{me(func: has(name)){expand(_all_)}}" @@ -1214,35 +1225,38 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { require.NoError(t, err) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // Query via user when user has no permissions testutil.PollTillPassOrTimeout(t, userClient.Dgraph, query, `{}`, timeout) // Give read access of , write access of to dev require.NoError(t, hc.AddRulesToGroup(devGroup, - []dgraphtest.AclGrpRules{{"age", Write.Code}, {"name", Read.Code}})) + []dgraphtest.AclGroupRules{{"age", Write.Code}, {"name", Read.Code}})) testutil.PollTillPassOrTimeout(t, userClient.Dgraph, query, `{"me":[{"name":"RandomGuy"},{"name":"RandomGuy2"}]}`, timeout) // Login to groot to modify accesses (2) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Add alice to sre group which has read access to and write access to - require.NoError(t, hc.AddToGroup(userid, sreGroup)) + require.NoError(t, hc.AddUserToGroup(userid, sreGroup)) testutil.PollTillPassOrTimeout(t, userClient.Dgraph, query, `{"me":[{"name":"RandomGuy","age":23},{"name":"RandomGuy2","age":25}]}`, timeout) // Login to groot to modify accesses (3) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Give read access of and , write access of to dev require.NoError(t, hc.AddRulesToGroup(devGroup, - []dgraphtest.AclGrpRules{{"age", Write.Code}, {"name", Read.Code}, {"nickname", Read.Code}})) + []dgraphtest.AclGroupRules{{"age", Write.Code}, {"name", Read.Code}, {"nickname", Read.Code}})) testutil.PollTillPassOrTimeout(t, userClient.Dgraph, query, `{"me":[{"name":"RandomGuy","age":23, "nickname":"RG"},{"name":"RandomGuy2","age":25, "nickname":"RG2"}]}`, @@ -1256,10 +1270,12 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -1277,9 +1293,9 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { resetUser(t, hc) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - rdfs := ` + mu := &api.Mutation{SetNquads: []byte(` _:a "RandomGuy" . _:a "23" . _:a "RG" . @@ -1288,9 +1304,9 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { _:b "25" . _:b "RG2" . _:b "Person" . - ` + `), CommitNow: true} - resp, err := gc.Mutate(rdfs, true) + resp, err := gc.Mutate(mu) require.NoError(t, err) nodeUID := resp.Uids["a"] @@ -1309,26 +1325,28 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { // Give Write Access to alice for name and age predicate require.NoError(t, hc.AddRulesToGroup(devGroup, - []dgraphtest.AclGrpRules{{"name", Write.Code}, {"age", Write.Code}})) + []dgraphtest.AclGroupRules{{"name", Write.Code}, {"age", Write.Code}})) suite.Upgrade(hc) gc, _, err = suite.dc.Client() require.NoError(t, err) - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) userClient, _, err := suite.dc.Client() require.NoError(t, err) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) - mutString := fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "*", "*") + mu = &api.Mutation{DelNquads: []byte(fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "*", "*")), CommitNow: true} // delete S * * (user now has permission to name and age) - _, err = userClient.Mutate(mutString, false) + _, err = userClient.Mutate(mu) require.NoError(t, err) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) resp, err = gc.Query(query) require.NoError(t, err, "Error while querying data") @@ -1338,12 +1356,12 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { // Give write access of to dev require.NoError(t, hc.AddRulesToGroup(devGroup, - []dgraphtest.AclGrpRules{{"name", Write.Code}, {"age", Write.Code}, {"dgraph.type", Write.Code}})) + []dgraphtest.AclGroupRules{{"name", Write.Code}, {"age", Write.Code}, {"dgraph.type", Write.Code}})) time.Sleep(defaultTimeToSleep) // delete S * * (user now has permission to name, age and dgraph.type) - mutString = fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "*", "*") - _, err = userClient.Mutate(mutString, false) + mu = &api.Mutation{DelNquads: []byte(fmt.Sprintf("%s %s %s .", "<"+nodeUID+">", "*", "*")), CommitNow: true} + _, err = userClient.Mutate(mu) require.NoError(t, err) resp, err = gc.Query(query) @@ -1360,10 +1378,12 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -1384,19 +1404,19 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { // createGroup(t, accessJwt, sreGroup) // addRulesToGroup(t, accessJwt, sreGroup, []rule{{"age", Read.Code}, {"name", Write.Code}}) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - rdfs := ` - _:a "RandomGuy" . - _:a "23" . - _:a "RG" . - _:a "TypeName" . - _:b "RandomGuy2" . - _:b "25" . - _:b "RG2" . - _:b "TypeName" . - ` - _, err = gc.Mutate(rdfs, true) + mu := &api.Mutation{SetNquads: []byte(` + _:a "RandomGuy" . + _:a "23" . + _:a "RG" . + _:a "TypeName" . + _:b "RandomGuy2" . + _:b "25" . + _:b "RG2" . + _:b "TypeName" . + `), CommitNow: true} + _, err = gc.Mutate(mu) require.NoError(t, err) query := `{q1(func: has(name)){ @@ -1517,10 +1537,11 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { require.NoError(t, err) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // Query via user when user has no permissions for _, tc := range tests { @@ -1533,7 +1554,7 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { } // Give read access of to dev - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}})) time.Sleep(defaultTimeToSleep) for _, tc := range tests { @@ -1546,10 +1567,12 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { } // Login to groot to modify accesses (1) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Give read access of and to dev - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}, {"age", Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}, + {"age", Read.Code}})) time.Sleep(defaultTimeToSleep) for _, tc := range tests { @@ -1570,10 +1593,12 @@ func (suite *AclTestSuite) TestAllPredsPermission() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -1592,19 +1617,19 @@ func (suite *AclTestSuite) TestAllPredsPermission() { resetUser(t, hc) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) - rdfs := ` - _:a "RandomGuy" . - _:a "23" . - _:a "RG" . - _:a "TypeName" . - _:b "RandomGuy2" . - _:b "25" . - _:b "RG2" . - _:b "TypeName" . - ` - _, err = gc.Mutate(rdfs, true) + mu := &api.Mutation{SetNquads: []byte(` + _:a "RandomGuy" . + _:a "23" . + _:a "RG" . + _:a "TypeName" . + _:b "RandomGuy2" . + _:b "25" . + _:b "RG2" . + _:b "TypeName" . + `), CommitNow: true} + _, err = gc.Mutate(mu) require.NoError(t, err) query := `{q1(func: has(name)){ @@ -1662,7 +1687,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { require.NoError(t, err) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // Query via user when user has no permissions for _, tc := range tests { @@ -1677,10 +1702,11 @@ func (suite *AclTestSuite) TestAllPredsPermission() { // Login to groot to modify accesses (1) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Give read access of all predicates to dev - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"dgraph.all", Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"dgraph.all", Read.Code}})) time.Sleep(defaultTimeToSleep) for _, tc := range tests { @@ -1693,19 +1719,21 @@ func (suite *AclTestSuite) TestAllPredsPermission() { } // Mutation shall fail. - rdfs = ` - _:a "RandomGuy" . - _:a "23" . - _:a "TypeName" . - ` - _, err = userClient.Mutate(rdfs, true) + + mu = &api.Mutation{SetNquads: []byte(` + _:a "RandomGuy" . + _:a "23" . + _:a "TypeName" . + `), CommitNow: true} + + _, err = userClient.Mutate(mu) require.Error(t, err) require.Contains(t, err.Error(), "unauthorized to mutate") // Give write access of all predicates to dev. Now mutation should succeed. - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"dgraph.all", Write.Code | Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"dgraph.all", Write.Code | Read.Code}})) - _, err = userClient.Mutate(rdfs, true) + _, err = userClient.Mutate(mu) require.NoError(t, err) } @@ -1716,17 +1744,19 @@ func (suite *AclTestSuite) TestNewACLPredicates() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) userClient, _, err := suite.dc.Client() require.NoError(t, err) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) queryTests := []struct { input string @@ -1793,10 +1823,7 @@ func (suite *AclTestSuite) TestNewACLPredicates() { } for _, tc := range mutationTests { t.Run(tc.description, func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second) - defer cancel() - - _, err := userClient.NewTxn().Mutate(ctx, &api.Mutation{ + _, err := userClient.Mutate(&api.Mutation{ SetNquads: []byte(tc.input), CommitNow: true, }) @@ -1847,20 +1874,23 @@ func (suite *AclTestSuite) TestDeleteRule() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) userClient, _, err := suite.dc.Client() require.NoError(t, err) time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) queryName := "{me(func: has(name)) {name}}" resp, err := userClient.Query(queryName) @@ -1869,7 +1899,7 @@ func (suite *AclTestSuite) TestDeleteRule() { testutil.CompareJSON(t, `{"me":[{"name":"RandomGuy"},{"name":"RandomGuy2"}]}`, string(resp.GetJson())) - require.NoError(t, hc.RemoveRuleFromGroup(devGroup, "name")) + require.NoError(t, hc.RemovePredicateFromGroup(devGroup, "name")) time.Sleep(defaultTimeToSleep) resp, err = userClient.Query(queryName) @@ -1905,7 +1935,8 @@ func addDataAndRules(ctx context.Context, t *testing.T, gc *dgraphtest.GrpcClien _:r2 "nickname" . _:r2 "2" . ` - _, err := gc.Mutate(devGroupMut, true) + mu := &api.Mutation{SetNquads: []byte(devGroupMut), CommitNow: true} + _, err := gc.Mutate(mu) require.NoError(t, err, "Error adding group and permissions") idQuery := fmt.Sprintf(` @@ -1930,14 +1961,15 @@ func addDataAndRules(ctx context.Context, t *testing.T, gc *dgraphtest.GrpcClien }) require.NoError(t, err, "Error adding user to dev group") - mutation := ` - _:a "RandomGuy" . - _:a "RG" . - _:b "RandomGuy2" . - _:b "25" . - _:b "RG2" . - ` - _, err = gc.Mutate(mutation, true) + mu = &api.Mutation{SetNquads: []byte(` + _:a "RandomGuy" . + _:a "RG" . + _:b "RandomGuy2" . + _:b "25" . + _:b "RG2" . + `), CommitNow: true} + + _, err = gc.Mutate(mu) require.NoError(t, err) } @@ -1952,13 +1984,15 @@ func (suite *AclTestSuite) TestNonExistentGroup() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}})) } func (suite *AclTestSuite) TestQueryUserInfo() { @@ -1969,12 +2003,14 @@ func (suite *AclTestSuite) TestQueryUserInfo() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) gqlQuery := ` query { @@ -2054,10 +2090,10 @@ func (suite *AclTestSuite) TestQueryUserInfo() { suite.Upgrade(hc) userClient, _, err := suite.dc.Client() require.NoError(t, err) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) resp, err := userClient.Query(query) require.NoError(t, err, "Error while querying ACL") @@ -2148,34 +2184,37 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) // Creates a user -- alice resetUser(t, hc) - rdfs := ` - _:a "RandomGuy" . - _:a "23" . - _:a "RG" . - _:a "TypeName" . - _:b "RandomGuy2" . - _:b "25" . - _:b "RG2" . - _:b "TypeName" . - ` - _, err = gc.Mutate(rdfs, true) + mu := &api.Mutation{SetNquads: []byte(` + _:a "RandomGuy" . + _:a "23" . + _:a "RG" . + _:a "TypeName" . + _:b "RandomGuy2" . + _:b "25" . + _:b "RG2" . + _:b "TypeName" . + `), CommitNow: true} + + _, err = gc.Mutate(mu) require.NoError(t, err) require.NoError(t, hc.CreateGroup("alice")) - require.NoError(t, hc.AddToGroup(userid, "alice")) + require.NoError(t, hc.AddUserToGroup(userid, "alice")) // add rules to groups require.NoError(t, hc.AddRulesToGroup("alice", - []dgraphtest.AclGrpRules{{Predicate: "name", Permission: Read.Code}})) + []dgraphtest.AclGroupRules{{Predicate: "name", Permission: Read.Code}})) query := ` { @@ -2188,7 +2227,7 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { suite.Upgrade(hc) dc, cleanup, err := suite.dc.Client() defer cleanup() - require.NoError(t, dc.LoginIntoNamespace(ctx, userid, userpassword, 0)) + require.NoError(t, dc.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) testutil.PollTillPassOrTimeout(t, dc.Dgraph, query, `{"q":[{"name":"RandomGuy"},{"name":"RandomGuy2"}]}`, timeout) } @@ -2197,14 +2236,15 @@ func (suite *AclTestSuite) TestQueriesForNonGuardianUserWithoutGroup() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Create a new user without any groups, queryGroup should return an empty result. resetUser(t, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) gqlQuery := ` query { @@ -2417,10 +2457,12 @@ func (suite *AclTestSuite) TestSchemaQueryWithACL() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) resp, err := gc.Query(schemaQuery) require.NoError(t, err) @@ -2435,7 +2477,7 @@ func (suite *AclTestSuite) TestSchemaQueryWithACL() { // the other user should be able to view only the part of schema for which it has read access gc, _, err = suite.dc.Client() require.NoError(t, err) - require.NoError(t, gc.LoginIntoNamespace(context.Background(), userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, gc.LoginIntoNamespace(context.Background(), userid, userpassword, dgraphtest.GalaxyNamespace)) resp, err = gc.Query(schemaQuery) require.NoError(t, err) require.JSONEq(t, aliceSchema, string(resp.GetJson())) @@ -2448,17 +2490,20 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) resetUser(t, hc) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, hc.DeleteUser(userid)) @@ -2527,10 +2572,12 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) resetUser(t, hc) addDataAndRules(ctx, t, gc, hc) @@ -2538,7 +2585,8 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, hc.DeleteGroup("dev-a")) @@ -2601,7 +2649,7 @@ func assertNonGuardianFailure(t *testing.T, queryName string, respIsNull bool, params dgraphtest.GraphQLParams, hc *dgraphtest.HTTPClient) { resetUser(t, hc) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) gqlResp, err := hc.RunGraphqlQuery(params, true) require.NoError(t, err) require.Len(t, err.Error(), 1) @@ -2633,9 +2681,10 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) groupName := "testGroup" - addedRules := []dgraphtest.AclGrpRules{ + addedRules := []dgraphtest.AclGroupRules{ { Predicate: "test", Permission: 1, @@ -2659,8 +2708,9 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - updatedRules := []dgraphtest.AclGrpRules{ + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + updatedRules := []dgraphtest.AclGroupRules{ { Predicate: "test", Permission: 3, @@ -2678,7 +2728,7 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { require.NoError(t, err) require.Equal(t, groupName, updatedGroup.Name) require.Len(t, updatedGroup.Rules, 3) - require.ElementsMatch(t, []dgraphtest.AclGrpRules{updatedRules[0], addedRules[2], updatedRules[2]}, + require.ElementsMatch(t, []dgraphtest.AclGroupRules{updatedRules[0], addedRules[2], updatedRules[2]}, updatedGroup.Rules) updatedGroup1, err := hc.UpdateGroup(groupName, nil, @@ -2687,7 +2737,7 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { require.Equal(t, groupName, updatedGroup1.Name) require.Len(t, updatedGroup1.Rules, 2) - require.ElementsMatch(t, []dgraphtest.AclGrpRules{updatedRules[0], updatedRules[2]}, updatedGroup1.Rules) + require.ElementsMatch(t, []dgraphtest.AclGroupRules{updatedRules[0], updatedRules[2]}, updatedGroup1.Rules) // cleanup require.NoError(t, hc.DeleteGroup(groupName)) @@ -2701,10 +2751,12 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) op := api.Operation{Schema: ` name : string @index(exact) . @@ -2714,28 +2766,26 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { resetUser(t, hc) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) require.NoError(t, suite.dc.AssignUids(gc.Dgraph, 101)) - rdf := ` - <100> "100th User" . - ` - _, err = gc.Mutate(rdf, true) + mu := &api.Mutation{SetNquads: []byte(`<100> "100th User" .`), CommitNow: true} + _, err = gc.Mutate(mu) require.NoError(t, err) // give read access of to alice - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{{"name", Read.Code}})) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}})) suite.Upgrade(hc) userClient, cancel, err := suite.dc.Client() require.NoError(t, err) defer cancel() time.Sleep(defaultTimeToSleep) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) uidQuery := ` { - me(func: uid(100)) { + me(func: uid(10dgraphtest.GalaxyNamespace)) { uid name } @@ -2755,21 +2805,24 @@ func (suite *AclTestSuite) TestAddNewPredicate() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) resetUser(t, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) userClient, cancel, err := suite.dc.Client() defer cleanup() require.NoError(t, err) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // Alice doesn't have access to create new predicate. err = userClient.Alter(ctx, &api.Operation{ @@ -2777,7 +2830,7 @@ func (suite *AclTestSuite) TestAddNewPredicate() { }) require.Error(t, err, "User can't create new predicate. Alter should have returned error.") - require.NoError(t, hc.AddToGroup(userid, "guardians")) + require.NoError(t, hc.AddUserToGroup(userid, "guardians")) time.Sleep(expireJwtSleep) // Alice is a guardian now, it can create new predicate. @@ -2795,10 +2848,12 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) @@ -2812,9 +2867,9 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { require.NoError(t, hc.CreateGroup("writer")) require.NoError(t, hc.CreateGroup("alterer")) // add rules to groups - require.NoError(t, hc.AddRulesToGroup("reader", []dgraphtest.AclGrpRules{{Predicate: "newpred", Permission: 4}})) - require.NoError(t, hc.AddRulesToGroup("writer", []dgraphtest.AclGrpRules{{Predicate: "newpred", Permission: 2}})) - require.NoError(t, hc.AddRulesToGroup("writer", []dgraphtest.AclGrpRules{{Predicate: "newpred", Permission: 1}})) + require.NoError(t, hc.AddRulesToGroup("reader", []dgraphtest.AclGroupRules{{Predicate: "newpred", Permission: 4}})) + require.NoError(t, hc.AddRulesToGroup("writer", []dgraphtest.AclGroupRules{{Predicate: "newpred", Permission: 2}})) + require.NoError(t, hc.AddRulesToGroup("writer", []dgraphtest.AclGroupRules{{Predicate: "newpred", Permission: 1}})) // Wait for acl cache to be refreshed time.Sleep(defaultTimeToSleep) @@ -2829,13 +2884,13 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { for i := 0; i < 8; i++ { userIdx := strconv.Itoa(i) if i&1 > 0 { - require.NoError(t, hc.AddToGroup("user"+userIdx, "alterer")) + require.NoError(t, hc.AddUserToGroup("user"+userIdx, "alterer")) } if i&2 > 0 { - require.NoError(t, hc.AddToGroup("user"+userIdx, "writer")) + require.NoError(t, hc.AddUserToGroup("user"+userIdx, "writer")) } if i&4 > 0 { - require.NoError(t, hc.AddToGroup("user"+userIdx, "reader")) + require.NoError(t, hc.AddUserToGroup("user"+userIdx, "reader")) } } time.Sleep(defaultTimeToSleep) @@ -2853,7 +2908,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { "Query test Failed for: "+user+", shouldFail: "+strconv.FormatBool(shouldFail)) } dgMutation := func(client *dgraphtest.GrpcClient, shouldFail bool, user string) { - _, err := client.NewTxn().Mutate(ctx, &api.Mutation{ + _, err := client.Mutate(&api.Mutation{ Set: []*api.NQuad{ { Subject: "_:a", @@ -2884,7 +2939,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { require.NoError(t, err, "Client creation error") require.NoError(t, userClient.LoginIntoNamespace(ctx, "user"+userIdx, - "password"+userIdx, x.GalaxyNamespace), "Login error") + "password"+userIdx, dgraphtest.GalaxyNamespace), "Login error") dgQuery(userClient, false, "user"+userIdx) // Query won't fail, will return empty result instead. dgMutation(userClient, i&2 == 0, "user"+userIdx) @@ -2900,10 +2955,12 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.NoError(t, gc.DropAll()) err = gc.Alter(ctx, &api.Operation{ Schema: ` @@ -2914,18 +2971,19 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { }) require.NoError(t, err) - rdfs := ` - _:u1 "RandomGuy" . - _:u1 "r1" . - ` - _, err = gc.Mutate(rdfs, true) + mu := &api.Mutation{SetNquads: []byte(` + _:u1 "RandomGuy" . + _:u1 "r1" . + `), CommitNow: true} + + _, err = gc.Mutate(mu) require.NoError(t, err) resetUser(t, hc) // require.NoError(t, hc.CreateUser(userid, userpassword)) require.NoError(t, hc.CreateGroup(devGroup)) - require.NoError(t, hc.AddToGroup(userid, devGroup)) - require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGrpRules{ + require.NoError(t, hc.AddUserToGroup(userid, devGroup)) + require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{ { Predicate: "name", Permission: Read.Code | Write.Code, @@ -2961,7 +3019,7 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { suite.Upgrade(hc) userClient, _, err := suite.dc.Client() require.NoError(t, err) - require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, x.GalaxyNamespace)) + require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) _, err = userClient.NewTxn().Do(ctx, &api.Request{ Query: query, @@ -2993,17 +3051,20 @@ func (suite *AclTestSuite) TestDeleteGuardiansGroupShouldFail() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.Contains(t, hc.DeleteGroup("guardians").Error(), "guardians group and groot user cannot be deleted.") @@ -3016,15 +3077,18 @@ func (suite *AclTestSuite) TestDeleteGrootUserShouldFail() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.Contains(t, hc.DeleteUser("groot").Error(), "guardians group and groot user cannot be deleted.") } @@ -3036,15 +3100,18 @@ func (suite *AclTestSuite) TestDeleteGrootUserFromGuardiansGroupShouldFail() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) require.Contains(t, hc.RemoveUserFromGroup("groot", "guardians").Error(), "guardians group and groot user cannot be deleted.") @@ -3057,27 +3124,29 @@ func (suite *AclTestSuite) TestDeleteGrootAndGuardiansUsingDelNQuadShouldFail() gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) defer cleanup() grootUid, guardiansUid := getGrootAndGuardiansUid(t, gc.Dgraph) - mutString := fmt.Sprintf("%s %s %s .", "<"+grootUid+">", "*", "*") + mu := &api.Mutation{DelNquads: []byte(fmt.Sprintf("%s %s %s .", "<"+grootUid+">", "*", "*")), CommitNow: true} // Try deleting groot user - _, err = gc.Mutate(mutString, false) + _, err = gc.Mutate(mu) require.Error(t, err, "Deleting groot user should have returned an error") require.Contains(t, err.Error(), "Properties of guardians group and groot user cannot be deleted") - mutString = fmt.Sprintf("%s %s %s .", "<"+guardiansUid+">", "*", "*") - + mu = &api.Mutation{DelNquads: []byte(fmt.Sprintf("%s %s %s .", "<"+guardiansUid+">", "*", "*")), CommitNow: true} // Try deleting guardians group - _, err = gc.Mutate(mutString, false) + _, err = gc.Mutate(mu) require.Error(t, err, "Deleting guardians group should have returned an error") require.Contains(t, err.Error(), "Properties of guardians group and groot user cannot be deleted") } @@ -3100,16 +3169,19 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() defer cleanup() require.NoError(t, err) - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) // Try Drop All op := api.Operation{ @@ -3123,7 +3195,8 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { time.Sleep(defaultTimeToSleep) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) deleteGuardiansGroupAndGrootUserShouldFail(t, hc) // Try Drop Data @@ -3137,6 +3210,7 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) deleteGuardiansGroupAndGrootUserShouldFail(t, hc) } diff --git a/ee/acl/integration_test.go b/ee/acl/integration_test.go index 593c8a74802..0f5623e74dd 100644 --- a/ee/acl/integration_test.go +++ b/ee/acl/integration_test.go @@ -33,6 +33,6 @@ func (suite *AclTestSuite) Upgrade(hc *dgraphtest.HTTPClient) { // not implemented for integration tests } -func TestSuite(t *testing.T) { +func TestACLSuite(t *testing.T) { suite.Run(t, new(AclTestSuite)) } diff --git a/ee/acl/upgrade_test.go b/ee/acl/upgrade_test.go index 39be964a7e3..3264fbfa33a 100644 --- a/ee/acl/upgrade_test.go +++ b/ee/acl/upgrade_test.go @@ -49,6 +49,6 @@ func (suite *AclTestSuite) Upgrade(hc *dgraphtest.HTTPClient) { x.Panic(suite.c.Upgrade(hc, "v23.0.0-beta1", dgraphtest.StopStart)) } -func TestSuite(t *testing.T) { +func TestACLSuite(t *testing.T) { suite.Run(t, new(AclTestSuite)) } diff --git a/systest/incremental-restore/incremental_restore_test.go b/systest/incremental-restore/incremental_restore_test.go index bfb7af0a484..1fdea1ed58b 100644 --- a/systest/incremental-restore/incremental_restore_test.go +++ b/systest/incremental-restore/incremental_restore_test.go @@ -27,6 +27,7 @@ import ( "github.com/stretchr/testify/require" + "github.com/dgraph-io/dgo/v210/protos/api" "github.com/dgraph-io/dgraph/dgraphtest" ) @@ -53,8 +54,8 @@ func TestIncrementalRestore(t *testing.T) { for i := 1; i <= len(uids); i++ { for j := 1; j <= i; j++ { - rdfs := fmt.Sprintf(`<%v> "%v" .`, j, i) - _, err := gc.Mutate(rdfs, true) + mu := &api.Mutation{SetNquads: []byte(fmt.Sprintf(`<%v> "%v" .`, j, i)), CommitNow: true} + _, err := gc.Mutate(mu) require.NoError(t, err) } t.Logf("taking backup #%v\n", i)