From 080fbe8c5c30bcb9167b94be3b4ec39776506170 Mon Sep 17 00:00:00 2001 From: Tom Harding Date: Thu, 16 Mar 2023 12:04:54 +0000 Subject: [PATCH] Remove `postMetadata` permission command calls PR-URL: https://github.com/hasura/graphql-engine-mono/pull/8336 GitOrigin-RevId: 588e0e46177ec18ee851a507cadba0f8f95ab457 --- .../RemoteRelationshipStringifyNum8387Spec.hs | 15 +- .../Test/Schema/ComputedFields/TableSpec.hs | 57 +++--- .../XToDBArrayRelationshipSpec.hs | 56 ++++-- .../src/Harness/Test/Permissions.hs | 165 +++++++++--------- .../src/Harness/Test/SetupAction.hs | 10 +- 5 files changed, 169 insertions(+), 134 deletions(-) diff --git a/server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs b/server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs index c49a5355169..6e6e9f56b13 100644 --- a/server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs +++ b/server/lib/api-tests/src/Test/Regression/RemoteRelationshipStringifyNum8387Spec.hs @@ -220,8 +220,12 @@ lhsPostgresSetup rhsTableName (testEnvironment, _) = do Schema.trackTable (Text.unpack lhsSourceName_) track testEnvironmentPostgres -- Setup metadata - Permissions.createPermission testEnvironmentPostgres lhsRole1 - Permissions.createPermission testEnvironmentPostgres lhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironmentPostgres lhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironmentPostgres lhsRole2 + createRemoteRelationship rhsTableName testEnvironmentPostgres -------------------------------------------------------------------------------- @@ -316,8 +320,11 @@ rhsPostgresSetup (testEnvironment, _) = do Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironmentPostgres -- setup metadata - Permissions.createPermission testEnvironmentPostgres rhsRole1 - Permissions.createPermission testEnvironmentPostgres rhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironmentPostgres rhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironmentPostgres rhsRole2 -------------------------------------------------------------------------------- -- Tests diff --git a/server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs b/server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs index a2c357bbb4c..fcbc7d85e0a 100644 --- a/server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs +++ b/server/lib/api-tests/src/Test/Schema/ComputedFields/TableSpec.hs @@ -226,41 +226,44 @@ setupMetadata testEnvironment = }, Fixture.SetupAction { Fixture.setupAction = - -- Role user_1 has select permissions on author and article tables. - -- user_1 can query search_articles computed field. - Permission.createPermission - testEnvironment - $ SelectPermission - selectPermission - { selectPermissionTable = "author", - selectPermissionRole = "user_1", - selectPermissionColumns = (["id", "name"] :: [Text]) - }, + GraphqlEngine.postMetadata_ testEnvironment do + -- Role user_1 has select permissions on author and article tables. + -- user_1 can query search_articles computed field. + Permission.createPermissionCommand + testEnvironment + $ SelectPermission + selectPermission + { selectPermissionTable = "author", + selectPermissionRole = "user_1", + selectPermissionColumns = (["id", "name"] :: [Text]) + }, Fixture.teardownAction = \_ -> pure () }, Fixture.SetupAction { Fixture.setupAction = - Permission.createPermission - testEnvironment - $ SelectPermission - selectPermission - { selectPermissionTable = "article", - selectPermissionRole = "user_1", - selectPermissionColumns = (["id", "title", "content", "author_id"] :: [Text]) - }, + GraphqlEngine.postMetadata_ testEnvironment do + Permission.createPermissionCommand + testEnvironment + $ SelectPermission + selectPermission + { selectPermissionTable = "article", + selectPermissionRole = "user_1", + selectPermissionColumns = (["id", "title", "content", "author_id"] :: [Text]) + }, Fixture.teardownAction = \_ -> pure () }, Fixture.SetupAction { Fixture.setupAction = - -- Role user_2 has select permissions only on author table. - Permission.createPermission - testEnvironment - $ SelectPermission - selectPermission - { selectPermissionTable = "author", - selectPermissionRole = "user_2", - selectPermissionColumns = (["id", "name"] :: [Text]) - }, + GraphqlEngine.postMetadata_ testEnvironment do + -- Role user_2 has select permissions only on author table. + Permission.createPermissionCommand + testEnvironment + $ SelectPermission + selectPermission + { selectPermissionTable = "author", + selectPermissionRole = "user_2", + selectPermissionColumns = (["id", "name"] :: [Text]) + }, Fixture.teardownAction = \_ -> pure () } ] diff --git a/server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs b/server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs index dabef584ae4..9683871c13f 100644 --- a/server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs +++ b/server/lib/api-tests/src/Test/Schema/RemoteRelationships/XToDBArrayRelationshipSpec.hs @@ -319,8 +319,11 @@ lhsPostgresSetup rhsTableName (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment lhsRole1 - Permissions.createPermission testEnvironment lhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole2 createRemoteRelationship rhsTableName testEnvironment @@ -342,8 +345,11 @@ lhsCockroachSetup rhsTableName (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment lhsRole1 - Permissions.createPermission testEnvironment lhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole2 createRemoteRelationship rhsTableName testEnvironment @@ -364,8 +370,11 @@ lhsCitusSetup rhsTableName (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment lhsRole1 - Permissions.createPermission testEnvironment lhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole2 createRemoteRelationship rhsTableName testEnvironment @@ -386,8 +395,11 @@ lhsSQLServerSetup rhsTableName (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack lhsSourceName_) artist testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment lhsRole1 - Permissions.createPermission testEnvironment lhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment lhsRole2 createRemoteRelationship rhsTableName testEnvironment @@ -593,8 +605,11 @@ rhsPostgresSetup (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment rhsRole1 - Permissions.createPermission testEnvironment rhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole2 -------------------------------------------------------------------------------- -- RHS Cockroach @@ -613,8 +628,11 @@ rhsCockroachSetup (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment rhsRole1 - Permissions.createPermission testEnvironment rhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole2 -------------------------------------------------------------------------------- -- RHS Citus @@ -633,8 +651,11 @@ rhsCitusSetup (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment rhsRole1 - Permissions.createPermission testEnvironment rhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole2 -------------------------------------------------------------------------------- -- RHS SQLServer @@ -653,8 +674,11 @@ rhsSQLServerSetup (wholeTestEnvironment, _) = do Schema.trackTable (Text.unpack rhsSourceName_) album testEnvironment -- Setup permissions - Permissions.createPermission testEnvironment rhsRole1 - Permissions.createPermission testEnvironment rhsRole2 + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole1 + + GraphqlEngine.postMetadata_ testEnvironment do + Permissions.createPermissionCommand testEnvironment rhsRole2 -------------------------------------------------------------------------------- -- Tests diff --git a/server/lib/test-harness/src/Harness/Test/Permissions.hs b/server/lib/test-harness/src/Harness/Test/Permissions.hs index ab69d247258..42b98ae1ff9 100644 --- a/server/lib/test-harness/src/Harness/Test/Permissions.hs +++ b/server/lib/test-harness/src/Harness/Test/Permissions.hs @@ -11,8 +11,8 @@ module Harness.Test.Permissions SelectPermissionDetails (..), UpdatePermissionDetails (..), InsertPermissionDetails (..), - createPermission, - dropPermission, + createPermissionCommand, + dropPermissionCommand, selectPermission, updatePermission, insertPermission, @@ -153,10 +153,14 @@ withPermissions (toList -> permissions) = mapSpecForest (map go) let permissions' :: [Permission] permissions' = fmap (withRole "success") permissions - traverse_ (createPermission testEnvironment) permissions' + for_ permissions' \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + createPermissionCommand testEnvironment permission test testEnvironment {testingRole = Just "success"} - `finally` traverse_ (dropPermission testEnvironment) permissions' + `finally` for_ permissions' \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + dropPermissionCommand testEnvironment permission failing :: (ActionWith TestEnvironment -> IO ()) -> ActionWith TestEnvironment -> IO () failing k test = k \testEnvironment -> do @@ -164,9 +168,12 @@ withPermissions (toList -> permissions) = mapSpecForest (map go) -- they lead to test failures. for_ (subsequences permissions) \subsequence -> unless (subsequence == permissions) do - let permissions' = map (withRole "failure") subsequence + let permissions' :: [Permission] + permissions' = map (withRole "failure") subsequence - traverse_ (createPermission testEnvironment) permissions' + for_ permissions' \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + createPermissionCommand testEnvironment permission let attempt :: IO () -> IO () attempt x = @@ -181,7 +188,9 @@ withPermissions (toList -> permissions) = mapSpecForest (map go) pure () attempt (test testEnvironment {testingRole = Just "failure"}) - `finally` traverse_ (dropPermission testEnvironment) permissions' + `finally` for_ permissions' \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + dropPermissionCommand testEnvironment permission -- | Update the role on a given permission. withRole :: Text -> Permission -> Permission @@ -193,8 +202,8 @@ withRole role = \case -- | Send a JSON payload of the common `*_create_*_permission` form. -- Backends where the format of this api call deviates significantly from this -- should implement their own variation in its harness module. -createPermission :: TestEnvironment -> Permission -> IO () -createPermission testEnvironment (InsertPermission InsertPermissionDetails {..}) = do +createPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value +createPermissionCommand testEnvironment (InsertPermission InsertPermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment schemaName = Schema.getSchemaName testEnvironment backendType = BackendType.backendTypeString backendTypeMetadata @@ -205,21 +214,19 @@ createPermission testEnvironment (InsertPermission InsertPermissionDetails {..}) insertPermissionSource requestType = backendType <> "_create_insert_permission" qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName insertPermissionTable - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *insertPermissionRole - permission: - columns: *insertPermissionColumns - filter: *insertPermissionRows - check: {} - set: {} - |] -createPermission testEnvironment (UpdatePermission UpdatePermissionDetails {..}) = do + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *insertPermissionRole + permission: + columns: *insertPermissionColumns + filter: *insertPermissionRows + check: {} + set: {} + |] +createPermissionCommand testEnvironment (UpdatePermission UpdatePermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment schemaName = Schema.getSchemaName testEnvironment backendType = BackendType.backendTypeString backendTypeMetadata @@ -230,21 +237,19 @@ createPermission testEnvironment (UpdatePermission UpdatePermissionDetails {..}) updatePermissionSource requestType = backendType <> "_create_update_permission" qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName updatePermissionTable - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *updatePermissionRole - permission: - columns: *updatePermissionColumns - filter: *updatePermissionRows - check: {} - set: {} - |] -createPermission testEnvironment (SelectPermission SelectPermissionDetails {..}) = do + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *updatePermissionRole + permission: + columns: *updatePermissionColumns + filter: *updatePermissionRows + check: {} + set: {} + |] +createPermissionCommand testEnvironment (SelectPermission SelectPermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig testEnvironment schemaName = Schema.getSchemaName testEnvironment backendType = BackendType.backendTypeString backendTypeMetadata @@ -255,67 +260,59 @@ createPermission testEnvironment (SelectPermission SelectPermissionDetails {..}) selectPermissionSource requestType = backendType <> "_create_select_permission" qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName selectPermissionTable - GraphqlEngine.postMetadata_ - testEnvironment - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *selectPermissionRole - permission: - columns: *selectPermissionColumns - filter: *selectPermissionRows - allow_aggregations: *selectPermissionAllowAggregations - limit: *selectPermissionLimit - |] + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *selectPermissionRole + permission: + columns: *selectPermissionColumns + filter: *selectPermissionRows + allow_aggregations: *selectPermissionAllowAggregations + limit: *selectPermissionLimit + |] -dropPermission :: TestEnvironment -> Permission -> IO () -dropPermission env (InsertPermission InsertPermissionDetails {..}) = do +dropPermissionCommand :: TestEnvironment -> Permission -> Aeson.Value +dropPermissionCommand env (InsertPermission InsertPermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env schemaName = Schema.getSchemaName env backendType = BackendType.backendTypeString backendTypeMetadata requestType = backendType <> "_drop_insert_permission" sourceName = BackendType.backendSourceName backendTypeMetadata qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName insertPermissionTable - GraphqlEngine.postMetadata_ - env - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *insertPermissionRole - |] -dropPermission env (SelectPermission SelectPermissionDetails {..}) = do + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *insertPermissionRole + |] +dropPermissionCommand env (SelectPermission SelectPermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env schemaName = Schema.getSchemaName env backendType = BackendType.backendTypeString backendTypeMetadata sourceName = BackendType.backendSourceName backendTypeMetadata requestType = backendType <> "_drop_select_permission" qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName selectPermissionTable - GraphqlEngine.postMetadata_ - env - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *selectPermissionRole - |] -dropPermission env (UpdatePermission UpdatePermissionDetails {..}) = do + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *selectPermissionRole + |] +dropPermissionCommand env (UpdatePermission UpdatePermissionDetails {..}) = do let backendTypeMetadata = fromMaybe (error "Unknown backend") $ getBackendTypeConfig env schemaName = Schema.getSchemaName env backendType = BackendType.backendTypeString backendTypeMetadata sourceName = BackendType.backendSourceName backendTypeMetadata requestType = backendType <> "_drop_update_permission" qualifiedTable = Schema.mkTableField backendTypeMetadata schemaName updatePermissionTable - GraphqlEngine.postMetadata_ - env - [yaml| - type: *requestType - args: - table: *qualifiedTable - source: *sourceName - role: *updatePermissionRole - |] + [yaml| + type: *requestType + args: + table: *qualifiedTable + source: *sourceName + role: *updatePermissionRole + |] diff --git a/server/lib/test-harness/src/Harness/Test/SetupAction.hs b/server/lib/test-harness/src/Harness/Test/SetupAction.hs index 85039ec27b4..89570b470c8 100644 --- a/server/lib/test-harness/src/Harness/Test/SetupAction.hs +++ b/server/lib/test-harness/src/Harness/Test/SetupAction.hs @@ -10,7 +10,7 @@ where import Control.Exception.Safe (catchAny) import Harness.GraphqlEngine qualified as GraphqlEngine -import Harness.Test.Permissions (Permission, createPermission, dropPermission) +import Harness.Test.Permissions (Permission, createPermissionCommand, dropPermissionCommand) import Harness.TestEnvironment (TestEnvironment (..)) import Hasura.Prelude @@ -52,6 +52,10 @@ permitTeardownFail SetupAction {teardownAction = ta, setupAction = sa} = setupPermissionsAction :: [Permission] -> TestEnvironment -> SetupAction setupPermissionsAction permissions testEnvironment = SetupAction - { setupAction = traverse_ (createPermission testEnvironment) permissions, - teardownAction = const $ traverse_ (dropPermission testEnvironment) permissions + { setupAction = for_ permissions \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + createPermissionCommand testEnvironment permission, + teardownAction = const $ for_ permissions \permission -> + GraphqlEngine.postMetadata_ testEnvironment do + dropPermissionCommand testEnvironment permission }