2021-08-09 13:20:04 +03:00
|
|
|
import pytest
|
|
|
|
|
2022-10-21 20:32:58 +03:00
|
|
|
from conftest import extract_server_address_from, use_action_fixtures
|
2022-09-29 13:42:47 +03:00
|
|
|
from remote_server import NodeGraphQL
|
|
|
|
from validate import check_query_f
|
2021-08-09 13:20:04 +03:00
|
|
|
|
2022-09-29 13:42:47 +03:00
|
|
|
pytestmark = [
|
2022-09-29 20:18:49 +03:00
|
|
|
pytest.mark.admin_secret,
|
2022-09-29 13:42:47 +03:00
|
|
|
pytest.mark.hge_env('HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS', 'true'),
|
|
|
|
]
|
2021-08-09 13:20:04 +03:00
|
|
|
|
2022-09-29 13:42:47 +03:00
|
|
|
@pytest.fixture(scope='class')
|
|
|
|
@pytest.mark.early
|
2023-04-25 15:49:31 +03:00
|
|
|
def graphql_service(worker_id: str, hge_fixture_env: dict[str, str]):
|
2022-10-21 20:32:58 +03:00
|
|
|
(_, port) = extract_server_address_from('GRAPHQL_SERVICE_1')
|
2023-04-25 15:49:31 +03:00
|
|
|
server = NodeGraphQL(worker_id, 'remote_schemas/nodejs/remote_schema_perms.js', port=port)
|
2022-10-21 20:32:58 +03:00
|
|
|
server.start()
|
|
|
|
print(f'{graphql_service.__name__} server started on {server.url}')
|
|
|
|
hge_fixture_env['GRAPHQL_SERVICE_1'] = server.url
|
|
|
|
yield server
|
|
|
|
server.stop()
|
2021-08-09 13:20:04 +03:00
|
|
|
|
|
|
|
@pytest.mark.usefixtures('per_class_db_schema_for_mutation_tests', 'per_method_db_data_for_mutation_tests')
|
|
|
|
class TestGraphQLMutationRolesInheritance:
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def dir(cls):
|
|
|
|
return 'queries/graphql_mutation/roles_inheritance/'
|
|
|
|
|
|
|
|
setup_metadata_api_version = "v2"
|
|
|
|
|
|
|
|
def test_inheritance_from_single_parent(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'inheritance_from_single_parent.yaml')
|
|
|
|
|
|
|
|
def test_inheritance_when_mutation_permissions_conflict(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'resolve_inconsistent_permission.yaml')
|
|
|
|
|
|
|
|
def test_mutation_permission_inheritance_for_nested_roles(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'inherited_mutation_permission_for_nested_roles.yaml')
|
|
|
|
|
|
|
|
def test_defined_permission_should_override_inherited_permission(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'override_inherited_permission.yaml')
|
|
|
|
|
2022-09-29 13:42:47 +03:00
|
|
|
@pytest.mark.usefixtures('graphql_service', 'per_class_tests_db_state')
|
2021-08-09 13:20:04 +03:00
|
|
|
class TestRemoteSchemaPermissionsInheritance:
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def dir(cls):
|
|
|
|
return "queries/remote_schemas/permissions/inheritance/"
|
|
|
|
|
|
|
|
setup_metadata_api_version = "v2"
|
|
|
|
|
|
|
|
def test_inheritance_from_multiple_parents_having_no_conflicts(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'multiple_parents_inheritance.yaml')
|
|
|
|
|
|
|
|
def test_conflicting_parent_permissions(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'conflicting_parent_permissions.yaml')
|
|
|
|
|
|
|
|
def test_override_inherited_permission(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'override_inherited_permission.yaml')
|
|
|
|
|
|
|
|
@use_action_fixtures
|
|
|
|
class TestActionsPermissionInheritance:
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def dir(cls):
|
|
|
|
return "queries/actions/roles_inheritance/"
|
|
|
|
|
|
|
|
setup_metadata_api_version = "2"
|
|
|
|
|
|
|
|
def test_inheritance_from_multiple_parents(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'multiple_parents_inheritance.yaml')
|
|
|
|
|
|
|
|
def test_override_inherited_permission(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'override_inherited_permission.yaml')
|
|
|
|
|
2022-09-29 13:42:47 +03:00
|
|
|
@pytest.mark.usefixtures('per_class_db_schema_for_mutation_tests', 'per_method_db_data_for_mutation_tests')
|
|
|
|
@pytest.mark.hge_env('HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS', 'false')
|
2021-08-09 13:20:04 +03:00
|
|
|
class TestCustomFunctionPermissionsInheritance:
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def dir(cls):
|
|
|
|
return "queries/graphql_mutation/functions/permissions/roles_inheritance/"
|
|
|
|
|
|
|
|
setup_metadata_api_version = "2"
|
|
|
|
|
|
|
|
def test_inheritance_from_multiple_parents(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'multiple_parents_inheritance.yaml')
|
|
|
|
|
|
|
|
def test_override_inherited_permission(self, hge_ctx):
|
|
|
|
check_query_f(hge_ctx, self.dir() + 'override_inherited_permission.yaml')
|