2018-10-28 21:27:49 +03:00
#!/usr/bin/env bash
set -euo pipefail
2021-01-25 11:23:12 +03:00
echo " Running tests on node $CIRCLE_NODE_INDEX of $CIRCLE_NODE_TOTAL "
if [ -z " $SERVER_TEST_TO_RUN " ] ; then
2022-09-28 19:06:54 +03:00
# shellcheck disable=SC2016
2022-01-11 14:21:49 +03:00
echo 'Please specify $SERVER_TEST_TO_RUN'
exit 1
2021-01-29 08:48:17 +03:00
else
2022-01-11 14:21:49 +03:00
echo " Running test $SERVER_TEST_TO_RUN "
2021-01-25 11:23:12 +03:00
fi
2018-10-28 21:27:49 +03:00
### Functions
2022-09-28 19:06:54 +03:00
# Disable the following warning:
# > Note that A && B || C is not if-then-else. C may run when A is true.
# We want this behavior, as we want to continue even if `kill` fails.
# shellcheck disable=SC2015
2018-10-28 21:27:49 +03:00
stop_services( ) {
2022-01-20 21:27:55 +03:00
echo "killing and waiting for spawned services"
2022-09-28 19:06:54 +03:00
[ [ -n " ${ HGE_PIDS [*] } " ] ] && kill -s INT " ${ HGE_PIDS [@] } " || true
[ [ -n " $WH_PID " ] ] && kill " $WH_PID " || true
[ [ -n " $GQL_SERVER_PID " ] ] && kill " $GQL_SERVER_PID " || true
2022-01-20 21:27:55 +03:00
2022-09-28 19:06:54 +03:00
[ [ -n " ${ HGE_PIDS [*] } " ] ] && wait " ${ HGE_PIDS [@] } " || true
[ [ -n " $WH_PID " ] ] && wait " $WH_PID " || true
[ [ -n " $GQL_SERVER_PID " ] ] && wait " $GQL_SERVER_PID " || true
2019-04-08 10:22:38 +03:00
}
2022-01-11 14:21:49 +03:00
time_elapsed( ) {
printf "(%02d:%02d)" $(( SECONDS / 60 )) $(( SECONDS % 60 ))
2019-04-08 10:22:38 +03:00
}
fail_if_port_busy( ) {
2022-09-28 19:06:54 +03:00
local PORT = " $1 "
if nc -z localhost " $PORT " ; then
2022-01-11 14:21:49 +03:00
echo " Port $PORT is busy. Exiting "
exit 1
fi
2018-10-28 21:27:49 +03:00
}
wait_for_port( ) {
2022-09-28 19:06:54 +03:00
local PORT = " $1 "
2022-01-11 14:21:49 +03:00
echo " waiting for $PORT "
for _ in $( seq 1 60) ; do
2022-09-28 19:06:54 +03:00
nc -z localhost " $PORT " && echo " port $PORT is ready " && return
2022-01-11 14:21:49 +03:00
echo -n .
sleep 0.25
done
echo " Failed waiting for $PORT " && exit 1
2018-10-28 21:27:49 +03:00
}
init_jwt( ) {
CUR_DIR = " $PWD "
mkdir -p " $OUTPUT_FOLDER /ssl "
cd " $OUTPUT_FOLDER /ssl "
openssl genrsa -out jwt_private.key 2048
2022-01-11 14:21:49 +03:00
openssl rsa -pubout -in jwt_private.key -out jwt_public.key
openssl genpkey -algorithm ed25519 -outform PEM -out ed25519_jwt_private.key
openssl pkey -pubout -in ed25519_jwt_private.key -out ed25519_jwt_public.key
2018-10-28 21:27:49 +03:00
cd " $CUR_DIR "
}
2021-08-12 04:53:13 +03:00
# init_hge_and_test_jwt function will run the hge server using the environment varibles and run the pytest which is sent as argument
# The first argument is the relative path of the jwt-key-file. the jwt-key-file can be RSA or EdDSA
# The second argument is the test to run, eg. test_jwt_claims_map.py::TestJWTClaimsMapBasic, test_jwt.py, etc.
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt( ) {
2022-08-22 08:11:43 +03:00
local key_file
key_file = " ${ OUTPUT_FOLDER } / ${ 1 } "
shift
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 20:18:49 +03:00
--hge-jwt-key-file= " $key_file " --hge-jwt-conf= " $HASURA_GRAPHQL_JWT_SECRET " \
2022-08-22 08:11:43 +03:00
" $@ "
2022-01-11 14:21:49 +03:00
kill_hge_servers
2021-08-12 04:53:13 +03:00
}
2018-10-28 21:27:49 +03:00
init_ssl( ) {
CUR_DIR = " $PWD "
mkdir -p " $OUTPUT_FOLDER /ssl "
cd " $OUTPUT_FOLDER /ssl "
CNF_TEMPLATE = ' [ req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[ req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1'
2022-01-11 14:21:49 +03:00
echo " $CNF_TEMPLATE " >webhook-req.cnf
2018-10-28 21:27:49 +03:00
openssl genrsa -out ca-key.pem 2048
openssl req -x509 -new -nodes -key ca-key.pem -days 10 -out ca.pem -subj "/CN=webhook-ca"
openssl genrsa -out webhook-key.pem 2048
openssl req -new -key webhook-key.pem -out webhook.csr -subj "/CN=hge-webhook" -config webhook-req.cnf
openssl x509 -req -in webhook.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out webhook.pem -days 10 -extensions v3_req -extfile webhook-req.cnf
cp ca.pem /etc/ssl/certs/webhook.crt
update-ca-certificates
cd " $CUR_DIR "
}
2022-01-11 18:28:36 +03:00
webhook_tests_check_root( ) {
if [ $EUID != 0 ] ; then
echo -e "webhook tests require root (in order to trust certificate authority)."
exit 1
fi
}
2019-04-08 10:22:38 +03:00
kill_hge_servers( ) {
2022-09-28 19:06:54 +03:00
kill -s INT " ${ HGE_PIDS [@] } " || true
wait " ${ HGE_PIDS [@] } " || true
HGE_PIDS = ( )
2018-10-28 21:27:49 +03:00
}
2022-01-18 06:18:10 +03:00
HGE_INDEX = 1
2019-04-08 10:22:38 +03:00
run_hge_with_args( ) {
2022-01-18 06:18:10 +03:00
i = $(( HGE_INDEX++))
2019-04-08 10:22:38 +03:00
set -x
2022-09-28 19:06:54 +03:00
" $GRAPHQL_ENGINE " " $@ " >" $OUTPUT_FOLDER /graphql-engine- ${ i } .log " 2>& 1 &
HGE_PIDS = ( " ${ HGE_PIDS [@] } " $! )
2019-04-08 10:22:38 +03:00
set +x
2019-02-28 16:53:03 +03:00
}
2019-04-08 10:22:38 +03:00
start_multiple_hge_servers( ) {
2022-01-11 14:21:49 +03:00
run_hge_with_args --database-url " $HASURA_GRAPHQL_DATABASE_URL " serve
if [ -n " ${ HASURA_GRAPHQL_DATABASE_URL_2 :- } " ] ; then
run_hge_with_args --database-url " $HASURA_GRAPHQL_DATABASE_URL_2 " serve --server-port 8081
wait_for_port 8081
fi
wait_for_port 8080
2019-04-08 10:22:38 +03:00
}
2021-07-01 17:40:05 +03:00
source_data_sources_utils( ) {
2022-01-11 14:21:49 +03:00
# Only source this file in the $SERVER_TEST_TO_RUN case branch it's used,
# to avoid sourcing for every server job & test.
# https://github.com/hasura/graphql-engine-mono/pull/1526#discussion_r661411538
SCRIPTS_SOURCE = $CIRCLECI_FOLDER /../scripts
2022-09-28 19:06:54 +03:00
# shellcheck source=../scripts/data-sources-util.sh
2022-01-11 14:21:49 +03:00
source " $SCRIPTS_SOURCE /data-sources-util.sh "
2021-07-01 17:40:05 +03:00
}
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
if [ -z " ${ HASURA_GRAPHQL_DATABASE_URL :- } " ] ; then
2018-10-28 21:27:49 +03:00
echo "Env var HASURA_GRAPHQL_DATABASE_URL is not set"
exit 1
fi
2022-01-11 14:21:49 +03:00
if [ -z " ${ HASURA_GRAPHQL_DATABASE_URL_2 :- } " ] ; then
2019-04-08 10:22:38 +03:00
echo "Env var HASURA_GRAPHQL_DATABASE_URL_2 is not set"
exit 1
fi
2018-10-28 21:27:49 +03:00
CIRCLECI_FOLDER = " ${ BASH_SOURCE [0]%/* } "
2022-09-28 19:06:54 +03:00
cd " $CIRCLECI_FOLDER "
2018-10-28 21:27:49 +03:00
CIRCLECI_FOLDER = " $PWD "
PYTEST_ROOT = " $CIRCLECI_FOLDER /../server/tests-py "
OUTPUT_FOLDER = ${ OUTPUT_FOLDER :- " $CIRCLECI_FOLDER /test-server-output " }
mkdir -p " $OUTPUT_FOLDER "
2022-09-28 19:06:54 +03:00
cd " $PYTEST_ROOT "
2018-10-28 21:27:49 +03:00
2022-05-23 14:12:45 +03:00
for port in 8080 8081 9876 5592 5000 5001 5593 5594; do
2019-04-08 10:22:38 +03:00
fail_if_port_busy $port
done
2018-10-28 21:27:49 +03:00
echo -e " \nINFO: GraphQL Executable : $GRAPHQL_ENGINE "
echo -e " INFO: Logs Folder : $OUTPUT_FOLDER \n "
2022-09-07 17:27:54 +03:00
# Copy the node_modules directory installed in the Docker image here.
cp -R /deps/node_modules .
2020-05-27 18:02:58 +03:00
2018-10-28 21:27:49 +03:00
export EVENT_WEBHOOK_HEADER = "MyEnvValue"
2020-05-13 15:33:16 +03:00
2022-08-15 17:57:55 +03:00
export HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES = true
export DEFAULT_HASURA_EXPERIMENTAL_FEATURES = streaming_subscriptions
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = $DEFAULT_HASURA_EXPERIMENTAL_FEATURES
2018-10-28 21:27:49 +03:00
export HGE_URL = "http://localhost:8080"
2019-04-08 10:22:38 +03:00
export HGE_URL_2 = ""
2022-01-28 03:17:53 +03:00
if [ -n " ${ HASURA_GRAPHQL_DATABASE_URL_2 :- } " ] ; then
2019-04-08 10:22:38 +03:00
HGE_URL_2 = "http://localhost:8081"
fi
2022-08-15 17:57:55 +03:00
export EVENT_WEBHOOK_HEADER = "MyEnvValue"
export EVENT_WEBHOOK_HANDLER = "http://localhost:5592"
export ACTION_WEBHOOK_HANDLER = "http://localhost:5593"
export SCHEDULED_TRIGGERS_WEBHOOK_DOMAIN = "http://localhost:5594"
export REMOTE_SCHEMAS_WEBHOOK_DOMAIN = "http://localhost:5000"
export GRAPHQL_SERVICE_HANDLER = "http://localhost:4001"
export GRAPHQL_SERVICE_1 = "http://localhost:4020"
export GRAPHQL_SERVICE_2 = "http://localhost:4021"
export GRAPHQL_SERVICE_3 = "http://localhost:4022"
2021-07-16 19:08:23 +03:00
2022-08-22 08:11:43 +03:00
PYTEST_REPORTING_ARGS = (
'-vv' # show all passes and the full assertion text
'-r' 'a' # show extra test summary info for every test except passes
)
PYTEST_COMMON_ARGS = (
" ${ PYTEST_REPORTING_ARGS [@] } "
--hge-urls= " $HGE_URL "
--pg-urls= " $HASURA_GRAPHQL_DATABASE_URL "
)
PYTEST_PARALLEL_ARGS = (
" ${ PYTEST_REPORTING_ARGS [@] } "
-n 2
--hge-urls " $HGE_URL " " ${ HGE_URL_2 :- } "
--pg-urls " $HASURA_GRAPHQL_DATABASE_URL " " ${ HASURA_GRAPHQL_DATABASE_URL_2 } "
)
2022-09-28 19:06:54 +03:00
HGE_PIDS = ( )
2018-10-28 21:27:49 +03:00
WH_PID = ""
2021-03-02 19:51:08 +03:00
GQL_SERVER_PID = ""
2019-03-12 08:46:27 +03:00
2018-10-28 21:27:49 +03:00
trap stop_services ERR
trap stop_services INT
2022-01-20 21:27:55 +03:00
trap stop_services EXIT
2018-10-28 21:27:49 +03:00
2019-04-08 10:22:38 +03:00
run_pytest_parallel( ) {
trap stop_services ERR
2022-01-11 14:21:49 +03:00
if [ -n " ${ HASURA_GRAPHQL_DATABASE_URL_2 :- } " ] ; then
2019-04-08 10:22:38 +03:00
set -x
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_PARALLEL_ARGS [@] } " " $@ "
2019-04-08 10:22:38 +03:00
set +x
else
set -x
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " " $@ "
2019-04-08 10:22:38 +03:00
set +x
fi
}
2018-10-28 21:27:49 +03:00
2021-01-25 11:23:12 +03:00
case " $SERVER_TEST_TO_RUN " in
2022-01-11 14:21:49 +03:00
haskell-tests)
echo -e " \n $( time_elapsed) : <########## RUN GRAPHQL-ENGINE HASKELL TESTS ###########################################>\n "
2022-10-06 12:44:49 +03:00
SKIP_TEST_LIST = ""
2022-10-11 20:52:09 +03:00
if [ " ${ PG_VERSION } " -eq "15" ] ; then
2022-10-06 12:44:49 +03:00
# https://packages.ubuntu.com/search?suite=jammy§ion=all&arch=any&keywords=postgresql-client-15&searchon=names
echo -e "Skipping Hasura.Server.Migrate tests until postgresql-client version 15 is available to fix pg_dump errors"
SKIP_TEST_LIST = "Hasura.Server.Migrate"
fi
HSPEC_SKIP = ${ SKIP_TEST_LIST } " ${ GRAPHQL_ENGINE_TESTS : ? } " postgres
2022-01-11 14:21:49 +03:00
; ;
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
no-auth)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITHOUT ADMIN SECRET ###########################################>\n "
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
start_multiple_hge_servers
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
run_pytest_parallel
2019-02-05 15:04:16 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
admin-secret)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET #####################################>\n "
2019-02-05 15:04:16 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
start_multiple_hge_servers
2019-02-05 15:04:16 +03:00
2022-09-29 20:18:49 +03:00
run_pytest_parallel
2019-02-05 15:04:16 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-02-05 15:04:16 +03:00
2022-01-11 14:21:49 +03:00
admin-secret-unauthorized-role)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND UNAUTHORIZED ROLE #####################################>\n "
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_UNAUTHORIZED_ROLE = "anonymous"
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2019-07-11 12:58:39 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-unauthorized-role \
test_graphql_queries.py::TestUnauthorizedRolePermission
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
#unset HASURA_GRAPHQL_UNAUTHORIZED_ROLE
; ;
2021-12-23 12:17:39 +03:00
2022-01-11 14:21:49 +03:00
jwt-rs512)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (RS512) #####################################>\n "
2021-08-12 04:53:13 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-08-12 04:53:13 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key }' ) "
export HASURA_GRAPHQL_ADMIN_SECRET HASURA_GRAPHQL_JWT_SECRET
2021-08-12 04:53:13 +03:00
2022-01-11 14:21:49 +03:00
start_multiple_hge_servers
2021-08-12 04:53:13 +03:00
2022-09-29 20:18:49 +03:00
run_pytest_parallel --hge-jwt-key-file= " $OUTPUT_FOLDER /ssl/jwt_private.key " --hge-jwt-conf= " $HASURA_GRAPHQL_JWT_SECRET "
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
#unset HASURA_GRAPHQL_JWT_SECRET
; ;
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
jwt-ed25519)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (Ed25519) #####################################>\n "
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-08-03 14:11:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key }' ) "
export HASURA_GRAPHQL_ADMIN_SECRET HASURA_GRAPHQL_JWT_SECRET
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
start_multiple_hge_servers
2019-07-11 12:58:39 +03:00
2022-09-29 20:18:49 +03:00
run_pytest_parallel --hge-jwt-key-file= " $OUTPUT_FOLDER /ssl/ed25519_jwt_private.key " --hge-jwt-conf= " $HASURA_GRAPHQL_JWT_SECRET "
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
#unset HASURA_GRAPHQL_JWT_SECRET
; ;
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
jwt-stringified)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (in stringified mode) #####################################>\n "
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-08-03 14:11:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_format: "stringified_json"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2019-07-11 12:58:39 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_format: "stringified_json"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
# unset HASURA_GRAPHQL_JWT_SECRET
; ;
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
jwt-audience-check-single-string)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with audience check - string) #####################################>\n "
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2019-07-11 12:58:39 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , audience: "myapp-1234"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , audience: "myapp-1234"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
#unset HASURA_GRAPHQL_JWT_SECRET
; ;
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
jwt-audience-check-list-string)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with audience check - list of strings) #################################>\n "
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2020-04-21 12:24:35 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , audience: ["myapp-1234", "myapp-9876"]}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , audience: ["myapp-1234", "myapp-9876"]}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2020-04-21 12:24:35 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2020-04-16 09:45:21 +03:00
2022-01-11 14:21:49 +03:00
jwt-issuer-check)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with issuer check) #####################################>\n "
2020-04-16 09:45:21 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2020-04-16 09:45:21 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , issuer: "https://hasura.com"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , issuer: "https://hasura.com"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
jwt-with-claims-namespace-path)
##########
# TODO(swann): should these not be run in parallel?
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with claims_namespace_path) #####################################>\n "
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
# hasura claims at one level of nesting
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2020-08-31 19:40:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_namespace_path: "$.hasura_claims"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2020-08-31 19:40:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_namespace_path: "$.hasura_claims"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
# hasura claims at two levels of nesting with claims_namespace_path containing special character
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2020-08-31 19:40:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_namespace_path: "$.hasura[' \' 'claims%' \' ']"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2020-08-31 19:40:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_namespace_path: "$.hasura[' \' 'claims%' \' ']"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
# hasura claims at the root of the JWT token
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2020-08-31 19:40:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_namespace_path: "$"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_namespace_path: "$"}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-01-13 11:38:13 +03:00
2022-01-11 14:21:49 +03:00
jwt-claims-map-with-json-path-values)
# test JWT with Claims map
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with claims_map and values are json path) #####################################>\n "
2021-01-13 11:38:13 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id"}, "x-hasura-allowed-roles": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.allowed"}, "x-hasura-default-role": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.default"}}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapBasic
2021-08-03 14:11:01 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id"}, "x-hasura-allowed-roles": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.allowed"}, "x-hasura-default-role": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.default"}}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-01-13 11:38:13 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapBasic
2021-01-13 11:38:13 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
2020-08-31 19:40:01 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with claims_map and values are json path with default values set) #####################################>\n "
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id", "default":"1"}, "x-hasura-allowed-roles": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.allowed", "default":["user","editor"]}, "x-hasura-default-role": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.default","default":"user"}}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapBasic
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id", "default":"1"}, "x-hasura-allowed-roles": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.allowed", "default":["user","editor"]}, "x-hasura-default-role": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].role.default","default":"user"}}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2019-02-14 08:58:38 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapBasic
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2019-02-14 08:58:38 +03:00
2022-01-11 14:21:49 +03:00
jwt-with-expiry-time-leeway)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with JWT config allowing for leeway) #####################################>\n "
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2022-09-28 19:06:54 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-03-04 10:46:53 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , allowed_skew: 60}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py::TestJWTExpirySkew
2019-03-04 10:46:53 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , allowed_skew: 60}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py::TestJWTExpirySkew
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
jwt-claims-map-with-literal-values)
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with claims_map and values are literal values) #####################################>\n "
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-02-25 12:02:43 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-02-25 12:02:43 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id"}, "x-hasura-allowed-roles": ["user","editor"], "x-hasura-default-role": "user","x-hasura-custom-header":"custom-value"}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapWithStaticHasuraClaimsMapValues
2021-10-05 15:28:38 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , claims_map: {"x-hasura-user-id": {"path":"$.[' "'" 'https://myapp.com/jwt/claims' "'" '].user.id"}, "x-hasura-allowed-roles": ["user","editor"], "x-hasura-default-role": "user","x-hasura-custom-header":"custom-value"}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt_claims_map.py::TestJWTClaimsMapWithStaticHasuraClaimsMapValues
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-02-25 12:02:43 +03:00
2022-01-11 14:21:49 +03:00
jwt-cookie)
2021-02-25 12:02:43 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (in cookie mode) #####################################>\n "
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-12-08 21:28:36 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , header: {"type": "Cookie", "name": "hasura_user"}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/jwt_private.key" test_jwt.py
2021-12-08 21:28:36 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/ed25519_jwt_public.key " ) " '{ type: "Ed25519", key: $key , header: {"type": "Cookie", "name": "hasura_user"}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
init_hge_and_test_jwt "ssl/ed25519_jwt_private.key" test_jwt.py
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
jwt-cookie-unauthorized-role)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH JWT (in cookie mode) AND UNAUTHORIZED ROLE #####################################>\n "
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
init_jwt
2021-12-08 21:28:36 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_UNAUTHORIZED_ROLE = "anonymous"
2021-12-08 21:28:36 +03:00
2022-09-28 19:06:54 +03:00
HASURA_GRAPHQL_JWT_SECRET = " $( jq -n --arg key " $( cat " $OUTPUT_FOLDER /ssl/jwt_public.key " ) " '{ type: "RS512", key: $key , header: {"type": "Cookie", "name": "hasura_user"}}' ) "
export HASURA_GRAPHQL_JWT_SECRET
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 20:18:49 +03:00
--hge-jwt-key-file= " $OUTPUT_FOLDER /ssl/jwt_private.key " --hge-jwt-conf= " $HASURA_GRAPHQL_JWT_SECRET " \
2022-08-22 08:11:43 +03:00
--test-unauthorized-role \
test_graphql_queries.py::TestFallbackUnauthorizedRoleCookie
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_UNAUTHORIZED_ROLE
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 20:18:49 +03:00
--hge-jwt-key-file= " $OUTPUT_FOLDER /ssl/jwt_private.key " --hge-jwt-conf= " $HASURA_GRAPHQL_JWT_SECRET " \
2022-08-22 08:11:43 +03:00
--test-no-cookie-and-unauth-role \
test_graphql_queries.py::TestMissingUnauthorizedRoleAndCookie
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2021-11-09 15:00:21 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
; ;
2021-11-09 15:00:21 +03:00
2022-01-11 14:21:49 +03:00
# test with CORS modes
cors-domains)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH CORS DOMAINS ########>\n "
export HASURA_GRAPHQL_CORS_DOMAIN = "http://*.localhost, http://localhost:3000, https://*.foo.bar.com"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-11-09 15:00:21 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-11-09 15:00:21 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_cors.py
2021-11-09 15:00:21 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_CORS_DOMAIN
; ;
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
auth-webhook-cookie)
# test auth webhook set-cookie forwarding on response
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH SET-COOKIE HEADER IN AUTH WEBHOOK ########>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-02-28 16:53:03 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 20:18:49 +03:00
--hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK " \
2022-08-22 08:11:43 +03:00
--test-auth-webhook-header \
test_auth_webhook_cookie.py
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
ws-init-cookie-read-cors-enabled)
# test websocket transport with initial cookie header
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH COOKIE IN WEBSOCKET INIT ########>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
echo " $( time_elapsed) : testcase 1: read cookie, cors enabled "
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-ws-init-cookie= read \
test_websocket_init_cookie.py
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
ws-init-cookie-noread)
echo " $( time_elapsed) : testcase 2: no read cookie, cors disabled "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
run_hge_with_args serve --disable-cors
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2019-02-28 16:53:03 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-ws-init-cookie= noread \
test_websocket_init_cookie.py
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
ws-init-cookie-read-cors-disabled)
echo " $( time_elapsed) : testcase 3: read cookie, cors disabled and ws-read-cookie "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2019-02-28 16:53:03 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
export HASURA_GRAPHQL_WS_READ_COOKIE = "true"
run_hge_with_args serve --disable-cors
wait_for_port 8080
2019-02-14 08:58:38 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 13:42:47 +03:00
--test-ws-init-cookie= read \
test_websocket_init_cookie.py
2020-12-21 12:11:37 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2020-12-21 12:11:37 +03:00
2022-01-11 14:21:49 +03:00
ws-graphql-api-disabled)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH GRAPHQL DISABLED ########>\n "
export HASURA_GRAPHQL_ENABLED_APIS = "metadata"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
2019-10-16 17:33:34 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-10-16 17:33:34 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_apis_disabled.py
2019-07-11 08:37:06 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-03-04 10:46:53 +03:00
2022-01-11 14:21:49 +03:00
ws-metadata-api-disabled)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH METADATA DISABLED ########>\n "
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ENABLED_APIS = "graphql"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:9876/auth"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2018-10-28 21:27:49 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_apis_disabled.py
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
remote-schema-permissions)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH REMOTE SCHEMA PERMISSIONS ENABLED ########>\n "
export HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS = true
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-01-29 08:48:17 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_remote_schema_permissions.py
2021-08-09 13:20:04 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
2022-01-11 14:21:49 +03:00
function -permissions)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH FUNCTION PERMISSIONS ENABLED ########>\n "
export HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS = false
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-10-05 15:28:38 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_graphql_queries.py::TestGraphQLQueryFunctionPermissions
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_graphql_mutations.py::TestGraphQLMutationFunctions
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS
unset HASURA_GRAPHQL_ADMIN_SECRET
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
roles-inheritance)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH EXPERIMENTAL FEATURE: ROLES INHERITANCE ########>\n "
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS = "true"
export HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS = false
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-09-06 15:26:45 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_roles_inheritance.py
2018-12-03 14:19:08 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_ADMIN_SECRET
unset HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
unset HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS
2018-12-03 14:19:08 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2018-12-03 14:19:08 +03:00
2022-05-26 14:54:30 +03:00
naming-conventions)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH EXPERIMENTAL FEATURE: NAMING CONVENTIONS ########>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM "
2022-06-30 08:55:50 +03:00
run_hge_with_args serve
wait_for_port 8080
2022-09-28 12:19:47 +03:00
unset HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_naming_conventions.py
2022-06-30 08:55:50 +03:00
kill_hge_servers
2022-07-06 15:12:55 +03:00
2022-05-27 08:55:45 +03:00
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = naming_convention
2022-05-26 14:54:30 +03:00
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_naming_conventions.py
2022-05-26 14:54:30 +03:00
kill_hge_servers
# We are now going to test by setting the default naming convention to
# graphql-default. So now we don't need to set the naming convention in
# source customisation
export HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION = "graphql-default"
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_naming_conventions.py
2022-05-26 14:54:30 +03:00
unset HASURA_GRAPHQL_ADMIN_SECRET
2022-07-06 15:12:55 +03:00
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = $DEFAULT_HASURA_EXPERIMENTAL_FEATURES
2022-05-26 14:54:30 +03:00
unset HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION
kill_hge_servers
; ;
2022-04-22 22:53:12 +03:00
streaming-subscriptions)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH STREAMING SUBSCRIPTIONS #########################>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
run_hge_with_args serve
wait_for_port 8080
# run all the subscriptions tests with streaming subscriptions enabled
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_subscriptions.py
2022-04-22 22:53:12 +03:00
unset HASURA_GRAPHQL_ADMIN_SECRET
unset HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
kill_hge_servers
; ;
2022-01-11 14:21:49 +03:00
query-caching)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE QUERY CACHING #####################################>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2018-12-03 14:19:08 +03:00
2022-01-11 14:21:49 +03:00
# use only one capability to disable cache striping
run_hge_with_args +RTS -N1 -RTS serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_graphql_queries.py::TestGraphQLQueryCaching
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
query-logs)
# verbose logging tests
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH QUERY LOG ########>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ENABLED_LOG_TYPES = " startup,http-log,webhook-log,websocket-log,query-log"
export HASURA_GRAPHQL_LOG_LEVEL = "debug"
2021-03-02 19:51:08 +03:00
2022-01-11 14:21:49 +03:00
#run_hge_with_args serve
# we are doing this instead of calling run_hge_with_args, because we want to save in a custom log file
set -x
export LOGGING_TEST_LOGFILE_PATH = " $OUTPUT_FOLDER /graphql-engine-verbose-logging.log "
2022-09-28 19:06:54 +03:00
" $GRAPHQL_ENGINE " serve >" $LOGGING_TEST_LOGFILE_PATH " 2>& 1 &
HGE_PIDS = ( " ${ HGE_PIDS [@] } " $! )
2022-01-11 14:21:49 +03:00
set +x
2021-03-02 19:51:08 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2021-03-02 19:51:08 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-logging \
test_logging.py
2021-03-02 19:51:08 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_ENABLED_LOG_TYPES
kill_hge_servers
2021-03-02 19:51:08 +03:00
2022-01-11 14:21:49 +03:00
# end verbose logging tests
; ;
2021-03-02 19:51:08 +03:00
2022-02-09 08:13:32 +03:00
startup-db-calls)
# verbose logging tests
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE STARTUP DB CALLS ########>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_ENABLED_LOG_TYPES = " startup,http-log,webhook-log,websocket-log,query-log"
export HASURA_GRAPHQL_LOG_LEVEL = "debug"
#run_hge_with_args serve
# we are doing this instead of calling run_hge_with_args, because we want to save in a custom log file
set -x
export LOGGING_TEST_LOGFILE_PATH = " $OUTPUT_FOLDER /graphql-engine-verbose-logging-db.log "
2022-09-28 19:06:54 +03:00
" $GRAPHQL_ENGINE " serve >" $LOGGING_TEST_LOGFILE_PATH " 2>& 1 &
HGE_PIDS = ( " ${ HGE_PIDS [@] } " $! )
2022-02-09 08:13:32 +03:00
set +x
wait_for_port 8080
2022-02-28 08:15:21 +03:00
kill_hge_servers
# end verbose logging
2022-02-09 08:13:32 +03:00
2022-02-28 08:15:21 +03:00
# running HGE server again for pytest, the test will use the log generated from the previous run
# see https://github.com/hasura/graphql-engine-mono/pull/3813 for more information
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-startup-db-calls \
test_startup_db_calls.py
2022-02-09 08:13:32 +03:00
kill_hge_servers
2022-02-28 08:15:21 +03:00
unset HASURA_GRAPHQL_ENABLED_LOG_TYPES
unset HASURA_GRAPHQL_LOG_LEVEL
unset HASURA_GRAPHQL_ADMIN_SECRET
unset LOGGING_TEST_LOGFILE_PATH
2022-02-09 08:13:32 +03:00
; ;
2022-02-21 12:59:02 +03:00
read-only-db)
## read-only DB tests; Hasura should start and run read queries against a read-only DB
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH READ-ONLY DATABASE ########>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_ENABLED_LOG_TYPES = "startup,http-log,webhook-log,websocket-log,query-log"
export HASURA_GRAPHQL_LOG_LEVEL = "debug"
export HASURA_GRAPHQL_DEV_MODE = "false"
export HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS = "false"
# setup the database for read-only access
# 'test_graphql_read_only_source.py' assumes 'HASURA_READONLY_DB_URL' is set
# Note: setting default_transaction_mode to read-only etc. doesn't work for
# DDL statements. To replicate read-only access even for DDLs, we need to
# create a read-only user
readonly_sql = $( cat <<EOF
CREATE USER hasuraro WITH PASSWORD 'passme' ;
GRANT CONNECT ON DATABASE pg_source_1 TO hasuraro;
GRANT USAGE ON SCHEMA public TO hasuraro;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO hasuraro;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO hasuraro;
GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO hasuraro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO hasuraro;
EOF
)
psql " $HASURA_GRAPHQL_PG_SOURCE_URL_1 " -c " $readonly_sql "
export HASURA_READONLY_DB_URL = "postgresql://hasuraro:passme@localhost:5432/pg_source_1"
run_hge_with_args serve
wait_for_port 8080
# and then test graphql queries work
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_REPORTING_ARGS [@] } " \
--hge-urls " $HGE_URL " \
2022-02-21 12:59:02 +03:00
--pg-urls " $HASURA_GRAPHQL_PG_SOURCE_URL_1 " \
--test-read-only-source \
test_graphql_read_only_source.py
unset HASURA_GRAPHQL_ENABLED_LOG_TYPES
kill_hge_servers
# end read-only DB tests
; ;
2022-01-11 14:21:49 +03:00
remote-schema-https)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH SECURE REMOTE SCHEMA #########################>\n "
2021-03-02 19:51:08 +03:00
2022-08-15 17:57:55 +03:00
OLD_REMOTE_SCHEMAS_WEBHOOK_DOMAIN = " ${ REMOTE_SCHEMAS_WEBHOOK_DOMAIN } "
export REMOTE_SCHEMAS_WEBHOOK_DOMAIN = "https://localhost:5001"
2022-01-11 14:21:49 +03:00
init_ssl
2021-03-02 19:51:08 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
python3 graphql_server.py 5001 " $OUTPUT_FOLDER /ssl/webhook.pem " " $OUTPUT_FOLDER /ssl/webhook-key.pem " >" $OUTPUT_FOLDER /remote_gql_server.log " 2>& 1 &
GQL_SERVER_PID = $!
2021-01-29 08:48:17 +03:00
2022-01-11 14:21:49 +03:00
wait_for_port 5001
2021-01-29 08:48:17 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " test_schema_stitching.py::TestRemoteSchemaBasic
2021-01-29 08:48:17 +03:00
2022-08-15 17:57:55 +03:00
export REMOTE_SCHEMAS_WEBHOOK_DOMAIN = " ${ OLD_REMOTE_SCHEMAS_WEBHOOK_DOMAIN } "
2022-01-11 14:21:49 +03:00
kill_hge_servers
2022-09-28 19:06:54 +03:00
kill " $GQL_SERVER_PID "
2022-01-11 14:21:49 +03:00
; ;
2018-12-03 14:19:08 +03:00
2022-04-22 22:53:12 +03:00
2022-01-11 14:21:49 +03:00
post-webhook)
2022-01-11 18:28:36 +03:00
webhook_tests_check_root
2021-02-03 10:10:39 +03:00
2022-01-11 18:28:36 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET & WEBHOOK (POST) #########################>\n "
2021-02-03 10:10:39 +03:00
2022-01-11 18:28:36 +03:00
export HASURA_GRAPHQL_AUTH_HOOK = "https://localhost:9090/"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
init_ssl
2021-02-03 10:10:39 +03:00
2022-01-11 18:28:36 +03:00
start_multiple_hge_servers
2021-02-03 10:10:39 +03:00
2022-01-11 18:28:36 +03:00
python3 webhook.py 9090 " $OUTPUT_FOLDER /ssl/webhook-key.pem " " $OUTPUT_FOLDER /ssl/webhook.pem " >" $OUTPUT_FOLDER /webhook.log " 2>& 1 &
WH_PID = $!
wait_for_port 9090
2021-02-03 10:10:39 +03:00
2022-09-29 20:18:49 +03:00
run_pytest_parallel --hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK "
2022-01-11 18:28:36 +03:00
kill_hge_servers
2022-01-11 14:21:49 +03:00
; ;
2018-12-03 14:19:08 +03:00
2022-01-11 14:21:49 +03:00
webhook-request-context)
2022-01-11 18:28:36 +03:00
webhook_tests_check_root
2018-12-03 14:19:08 +03:00
2022-01-11 18:28:36 +03:00
echo -e " \n $( time_elapsed) : <########## TEST WEBHOOK RECEIVES REQUEST DATA AS CONTEXT #########################>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "http://localhost:5594/"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2018-12-03 14:19:08 +03:00
2022-01-11 18:28:36 +03:00
run_hge_with_args serve
wait_for_port 8080
2018-12-03 14:19:08 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK " \
--test-webhook-request-context \
test_webhook_request_context.py
2022-01-11 18:28:36 +03:00
kill_hge_servers
2022-01-11 14:21:49 +03:00
; ;
2021-01-25 11:23:12 +03:00
2022-01-11 14:21:49 +03:00
get-webhook)
2022-01-11 18:28:36 +03:00
webhook_tests_check_root
2021-01-25 11:23:12 +03:00
2022-01-11 18:28:36 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET & WEBHOOK (GET) #########################>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "https://localhost:9090/"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "GET"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
init_ssl
2021-01-25 11:23:12 +03:00
2022-01-11 18:28:36 +03:00
start_multiple_hge_servers
2021-01-25 11:23:12 +03:00
2022-01-11 18:28:36 +03:00
python3 webhook.py 9090 " $OUTPUT_FOLDER /ssl/webhook-key.pem " " $OUTPUT_FOLDER /ssl/webhook.pem " >" $OUTPUT_FOLDER /webhook.log " 2>& 1 &
WH_PID = $!
wait_for_port 9090
2021-01-25 11:23:12 +03:00
2022-09-29 20:18:49 +03:00
run_pytest_parallel --hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK "
2022-01-11 18:28:36 +03:00
kill_hge_servers
2022-01-11 14:21:49 +03:00
; ;
insecure-webhook)
2022-01-11 18:28:36 +03:00
webhook_tests_check_root
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET & HTTPS INSECURE WEBHOOK (GET) ########>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "https://localhost:9090/"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "GET"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
init_ssl
rm /etc/ssl/certs/webhook.crt
update-ca-certificates
run_hge_with_args serve
wait_for_port 8080
echo -e "running webhook"
python3 webhook.py 9090 " $OUTPUT_FOLDER /ssl/webhook-key.pem " " $OUTPUT_FOLDER /ssl/webhook.pem " &
WH_PID = $!
echo -e " webhook pid $WH_PID "
wait_for_port 9090
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK " \
--test-webhook-insecure \
test_webhook_insecure.py
2022-01-11 18:28:36 +03:00
kill_hge_servers
2022-01-11 14:21:49 +03:00
; ;
2018-10-28 21:27:49 +03:00
2022-01-11 14:21:49 +03:00
insecure-webhook-with-admin-secret)
2022-01-11 18:28:36 +03:00
webhook_tests_check_root
2018-10-28 21:27:49 +03:00
2022-01-11 18:28:36 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ADMIN_SECRET & HTTPS INSECURE WEBHOOK WITH ADMIN SECRET (POST) ########>\n "
export HASURA_GRAPHQL_AUTH_HOOK = "https://localhost:9090/"
export HASURA_GRAPHQL_AUTH_HOOK_MODE = "POST"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
init_ssl
rm /etc/ssl/certs/webhook.crt
update-ca-certificates
2018-10-28 21:27:49 +03:00
2022-01-11 18:28:36 +03:00
run_hge_with_args serve
wait_for_port 8080
2018-10-28 21:27:49 +03:00
2022-01-11 18:28:36 +03:00
python3 webhook.py 9090 " $OUTPUT_FOLDER /ssl/webhook-key.pem " " $OUTPUT_FOLDER /ssl/webhook.pem " >" $OUTPUT_FOLDER /webhook.log " 2>& 1 &
WH_PID = $!
echo -e " webhook pid $WH_PID "
wait_for_port 9090
2018-10-28 21:27:49 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--hge-webhook= " $HASURA_GRAPHQL_AUTH_HOOK " \
--test-webhook-insecure \
test_webhook_insecure.py
2019-02-14 08:58:38 +03:00
2022-01-11 18:28:36 +03:00
kill_hge_servers
kill $WH_PID
2022-01-11 14:21:49 +03:00
; ;
2018-10-28 21:27:49 +03:00
2022-07-25 18:53:25 +03:00
apollo-federation)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH APOLLO FEDERATION ########>\n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM "
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = "apollo_federation"
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_apollo_federation.py
2022-07-25 18:53:25 +03:00
unset HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
unset HASURA_GRAPHQL_ADMIN_SECRET
kill_hge_servers
; ;
2022-01-11 14:21:49 +03:00
allowlist-queries)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH ALLOWLIST QUERIES ########> \n "
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
export HASURA_GRAPHQL_ENABLE_ALLOWLIST = true
2019-05-16 09:13:25 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-05-16 09:13:25 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
test_allowlist_queries.py
2019-05-16 09:13:25 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2021-08-03 14:11:01 +03:00
2022-01-11 14:21:49 +03:00
developer-api-tests)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH DEVELOPER API ENABLED ########>\n "
export HASURA_GRAPHQL_ENABLED_APIS = "metadata,graphql,developer,config,pgdump"
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
2021-07-16 19:08:23 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve --enabled-apis " $HASURA_GRAPHQL_ENABLED_APIS "
wait_for_port 8080
2021-07-16 19:08:23 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
2022-09-29 13:42:47 +03:00
test_dev_endpoints.py
2021-07-16 19:08:23 +03:00
2022-01-11 14:21:49 +03:00
unset HASURA_GRAPHQL_ENABLED_APIS
2021-07-16 19:08:23 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2019-05-16 09:13:25 +03:00
2022-01-11 14:21:49 +03:00
jwk-url)
# TODO(swann): ditto, these have to be parallelised
2019-05-16 09:13:25 +03:00
2022-01-11 14:21:49 +03:00
# jwk test
unset HASURA_GRAPHQL_AUTH_HOOK
unset HASURA_GRAPHQL_AUTH_HOOK_MODE
unset HASURA_GRAPHQL_JWT_SECRET
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET = " HGE $RANDOM $RANDOM "
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH JWK URL ########> \n "
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
# start the JWK server
python3 jwk_server.py >" $OUTPUT_FOLDER /jwk_server.log " 2>& 1 &
JWKS_PID = $!
wait_for_port 5001
2019-12-03 23:56:59 +03:00
2022-01-28 03:17:53 +03:00
echo "Test: Cache-Control with max-age=3"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-cache-control?max-age=3"}'
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-12-03 23:56:59 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_cache_control_header_max_age'
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
unset HASURA_GRAPHQL_JWT_SECRET
2019-12-03 23:56:59 +03:00
2022-03-15 10:35:26 +03:00
echo "Test: Cache-Control with must-revalidate, max-age=3"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-cache-control?must-revalidate=true&must-revalidate=true"}'
run_hge_with_args serve
wait_for_port 8080
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_cache_control_header_max_age'
2022-03-15 10:35:26 +03:00
kill_hge_servers
unset HASURA_GRAPHQL_JWT_SECRET
2022-01-28 03:17:53 +03:00
echo "Test: Cache-Control with must-revalidate"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-cache-control?must-revalidate=true"}'
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2019-12-03 23:56:59 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_cache_control_header_no_caching'
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
unset HASURA_GRAPHQL_JWT_SECRET
2019-12-03 23:56:59 +03:00
2022-01-28 03:17:53 +03:00
echo "Test: Cache-Control with no-cache, public"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-cache-control?no-cache=true&public=true"}'
run_hge_with_args serve
2022-01-11 14:21:49 +03:00
wait_for_port 8080
2019-12-03 23:56:59 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_cache_control_header_no_caching'
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2022-01-28 03:17:53 +03:00
unset HASURA_GRAPHQL_JWT_SECRET
2019-12-03 23:56:59 +03:00
2022-01-28 03:17:53 +03:00
echo "Test: Cache-Control with no-store, max-age=3"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-cache-control?no-store=true&max-age=3"}'
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2020-02-05 10:07:31 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_cache_control_header_no_caching'
2020-02-05 10:07:31 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
unset HASURA_GRAPHQL_JWT_SECRET
2020-02-05 10:07:31 +03:00
2022-01-28 03:17:53 +03:00
echo "Test: Expires with three second expiry"
export HASURA_GRAPHQL_JWT_SECRET = '{"jwk_url": "http://localhost:5001/jwk-expires?seconds=3"}'
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2020-02-05 10:07:31 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-jwk-url \
-k 'test_expires_header'
2020-02-05 10:07:31 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
unset HASURA_GRAPHQL_JWT_SECRET
2020-02-05 10:07:31 +03:00
2022-01-11 14:21:49 +03:00
kill $JWKS_PID
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
# end jwk url test
; ;
2019-12-03 23:56:59 +03:00
2022-01-11 14:21:49 +03:00
horizontal-scaling)
# horizontal scale test
unset HASURA_GRAPHQL_AUTH_HOOK
unset HASURA_GRAPHQL_AUTH_HOOK_MODE
unset HASURA_GRAPHQL_ADMIN_SECRET
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH HORIZONTAL SCALING ########>\n "
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
HASURA_HS_TEST_DB = 'postgresql://postgres:postgres@localhost:6543/hs_hge_test'
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
if ! psql " $HASURA_GRAPHQL_DATABASE_URL " -c "SELECT 1 FROM pg_database WHERE datname = 'hs_hge_test'" | grep -q -F '(1 row)' ; then
psql " $HASURA_GRAPHQL_DATABASE_URL " -c 'CREATE DATABASE hs_hge_test;'
fi
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
pgUserInfo = $( python3 -c '
2019-04-08 10:22:38 +03:00
import os
from urllib.parse import urlparse
uri = urlparse( os.environ[ "HASURA_GRAPHQL_DATABASE_URL" ] )
if uri.password:
print( "password=" +uri.password+" user=" +uri.username)
else :
2022-01-11 14:21:49 +03:00
print( "user=" +uri.username) ' )
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
pgDbInfo = $( psql " $HASURA_GRAPHQL_DATABASE_URL " -c "SELECT concat(' host=',inet_server_addr(),' port=', inet_server_port(),' dbname=',current_database())" | sed -n '3 p' )
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# create pgbouncer user
id pgbouncer || useradd pgbouncer
2022-09-28 19:06:54 +03:00
cd " $CIRCLECI_FOLDER "
2022-01-11 14:21:49 +03:00
mkdir -p pgbouncer
chown -R pgbouncer:pgbouncer pgbouncer
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
echo ' [ databases]
2019-04-08 10:22:38 +03:00
hs_hge_test = '"$pgDbInfo" "$pgUserInfo"'
[ pgbouncer]
listen_port = 6543
listen_addr = 127.0.0.1
logfile = pgbouncer/pgbouncer.log
pidfile = pgbouncer/pgbouncer.pid
auth_type = md5
auth_file = pgbouncer/users.txt
2022-01-11 14:21:49 +03:00
admin_users = postgres' >pgbouncer/pgbouncer.ini
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
# start pgbouncer
pgbouncer -u pgbouncer -d pgbouncer/pgbouncer.ini
2019-03-12 08:46:27 +03:00
2022-09-28 19:06:54 +03:00
cd " $PYTEST_ROOT "
2022-01-11 14:21:49 +03:00
sleep 2
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# start 1st server
run_hge_with_args --database-url " $HASURA_HS_TEST_DB " serve
wait_for_port 8080
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# start 2nd server
run_hge_with_args --database-url " $HASURA_HS_TEST_DB " serve \
--server-port 8081
wait_for_port 8081
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# run test
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-hge-scale-url= "http://localhost:8081" \
test_horizontal_scale.py
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# Shutdown pgbouncer
psql "postgresql://postgres:postgres@localhost:6543/pgbouncer" -c "SHUTDOWN;" || true
2019-03-12 08:46:27 +03:00
2022-09-28 19:06:54 +03:00
cd " $CIRCLECI_FOLDER "
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# start pgbouncer again
pgbouncer -u pgbouncer -d pgbouncer/pgbouncer.ini
2019-03-12 08:46:27 +03:00
2022-09-28 19:06:54 +03:00
cd " $PYTEST_ROOT "
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# sleep for 20 seconds
sleep 20
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# run test
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--test-hge-scale-url= "http://localhost:8081" \
test_horizontal_scale.py
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# Shutdown pgbouncer
psql "postgresql://postgres:postgres@localhost:6543/pgbouncer" -c "SHUTDOWN;" || true
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
2019-04-08 10:22:38 +03:00
2022-01-11 14:21:49 +03:00
psql " $HASURA_GRAPHQL_DATABASE_URL " -c "drop database hs_hge_test;"
sleep 4
unset HASURA_HS_TEST_DB
2019-03-12 08:46:27 +03:00
2022-01-11 14:21:49 +03:00
# end horizontal scale test
; ;
#
# ###########################################
# the following backend-* tests are excluded from `server-test-names.txt`
# and are run via their respective `test_oss_server_*` jobs
#
# [Specifying Pytests with -k flag]
# tests are run with the -k flag to filter on common and
# backend-specific test classes using keyword expressions.
#
# this reduces the number of unrelated tests skipped, which
# avoids an increasingly negative impact on our test run
# time as we add more backends and tests.
#
2022-08-22 08:11:43 +03:00
# https://docs..org/en/6.2.x/usage.html#specifying-tests-selecting-tests
2022-01-13 17:28:03 +03:00
# https://github.com/hasura/graphql-engine/blob/master/server/py-tests/README.md#running-bigquery-tests
2022-01-11 14:21:49 +03:00
#
backend-mssql)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH SQL SERVER BACKEND ###########################################>\n "
2021-06-14 10:30:52 +03:00
2022-05-27 08:55:45 +03:00
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = naming_convention
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-06-14 10:30:52 +03:00
2022-01-11 14:21:49 +03:00
source_data_sources_utils
add_mssql_source 8080 " $HASURA_GRAPHQL_MSSQL_SOURCE_URL "
2021-07-01 17:40:05 +03:00
2022-01-11 14:21:49 +03:00
# See note [Specifying Pytests with -k flag]
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--backend= mssql \
-k "MSSQL"
2021-07-01 17:40:05 +03:00
2022-01-11 14:21:49 +03:00
# start inherited roles test
echo -e " \n $( time_elapsed) : <########## TEST INHERITED-ROLES WITH SQL SERVER BACKEND ###########################################>\n "
2021-07-08 23:49:10 +03:00
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--backend= mssql \
-k TestGraphQLInheritedRolesMSSQL
2021-07-08 23:49:10 +03:00
2022-01-11 14:21:49 +03:00
# end inherited roles test
2021-07-08 23:49:10 +03:00
2022-05-26 14:54:30 +03:00
# start naming conventions test (failure for other than postgres backend)
echo -e " \n $( time_elapsed) : <########## TEST NAMING CONVENTIONS WITH SQL SERVER BACKEND ###########################################>\n "
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--backend mssql \
-k TestNamingConventionsFailure
2022-07-06 15:12:55 +03:00
export HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = $DEFAULT_HASURA_EXPERIMENTAL_FEATURES
2022-05-26 14:54:30 +03:00
# end naming conventions test
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
backend-citus)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH CITUS BACKEND ###########################################>\n "
2021-07-01 17:40:05 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-07-01 17:40:05 +03:00
2022-01-11 14:21:49 +03:00
source_data_sources_utils
add_citus_source 8080 " $HASURA_GRAPHQL_CITUS_SOURCE_URL "
2021-06-14 10:30:52 +03:00
2022-01-11 14:21:49 +03:00
# See note [Specifying Pytests with -k flag]
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--backend= citus \
-k "Citus"
2021-08-12 19:47:33 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
backend-bigquery)
echo -e " \n $( time_elapsed) : <########## TEST GRAPHQL-ENGINE WITH BIGQUERY BACKEND ###########################################>\n "
2021-08-12 19:47:33 +03:00
2022-09-28 19:06:54 +03:00
# shellcheck source=../scripts/bigquery.sh
2022-01-25 11:26:32 +03:00
source " $CIRCLECI_FOLDER /../scripts/bigquery.sh " && verify_bigquery_pytest_env
2021-08-12 19:47:33 +03:00
2022-01-11 14:21:49 +03:00
run_hge_with_args serve
wait_for_port 8080
2021-08-12 19:47:33 +03:00
2022-01-25 11:26:32 +03:00
source_data_sources_utils
2022-01-11 14:21:49 +03:00
add_bigquery_source 8080
2021-10-12 20:58:46 +03:00
2022-01-11 14:21:49 +03:00
# See note [Specifying Pytests with -k flag]
2022-08-22 08:11:43 +03:00
pytest " ${ PYTEST_COMMON_ARGS [@] } " \
--backend= bigquery \
-k "Bigquery"
2021-06-14 10:30:52 +03:00
2022-01-11 14:21:49 +03:00
kill_hge_servers
; ;
2021-01-25 11:23:12 +03:00
esac
2019-03-12 08:46:27 +03:00
2021-01-25 11:23:12 +03:00
echo " Finished running tests on node $CIRCLE_NODE_INDEX of $CIRCLE_NODE_TOTAL "
2019-04-08 10:22:38 +03:00
echo -e " \n $( time_elapsed) : <########## DONE ########>\n "