mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-15 09:22:43 +03:00
chore(api-tests): talk about permissions, not explicit roles
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/8359 GitOrigin-RevId: 5f0f106c8479b03bc3dbf445116c545bc43a2891
This commit is contained in:
parent
ec24ea7182
commit
3c683b0852
@ -61,7 +61,7 @@ import Harness.Exceptions (bracket, withFrozenCallStack)
|
||||
import Harness.Http qualified as Http
|
||||
import Harness.Logging
|
||||
import Harness.Quoter.Yaml (fromYaml, yaml)
|
||||
import Harness.TestEnvironment (Protocol (..), Server (..), TestEnvironment (..), getServer, requestProtocol, serverUrl, testLogMessage)
|
||||
import Harness.TestEnvironment (Protocol (..), Server (..), TestEnvironment (..), TestingRole (..), getServer, requestProtocol, serverUrl, testLogMessage)
|
||||
import Harness.WebSockets (responseListener)
|
||||
import Hasura.App qualified as App
|
||||
import Hasura.Logging (Hasura)
|
||||
@ -121,10 +121,13 @@ postWithHeadersStatus ::
|
||||
postWithHeadersStatus statusCode testEnv@(getServer -> Server {urlPrefix, port}) path headers requestBody = do
|
||||
testLogMessage testEnv $ LogHGERequest (T.pack path) requestBody
|
||||
|
||||
let headers' :: Http.RequestHeaders
|
||||
headers' = case testingRole testEnv of
|
||||
Just role -> ("X-Hasura-Role", txtToBs role) : headers
|
||||
Nothing -> headers
|
||||
let role :: ByteString
|
||||
role = case permissions testEnv of
|
||||
Admin -> "admin"
|
||||
NonAdmin _ -> "test-role"
|
||||
|
||||
headers' :: Http.RequestHeaders
|
||||
headers' = ("X-Hasura-Role", role) : headers
|
||||
|
||||
responseBody <- withFrozenCallStack case requestProtocol (globalEnvironment testEnv) of
|
||||
WebSocket connection -> postWithHeadersStatusViaWebSocket connection headers' requestBody
|
||||
|
@ -55,7 +55,7 @@ selectPermission =
|
||||
SelectPermissionDetails
|
||||
{ selectPermissionSource = Nothing,
|
||||
selectPermissionTable = mempty,
|
||||
selectPermissionRole = mempty,
|
||||
selectPermissionRole = "test-role",
|
||||
selectPermissionColumns = mempty,
|
||||
selectPermissionRows = object [],
|
||||
selectPermissionAllowAggregations = False,
|
||||
@ -67,7 +67,7 @@ updatePermission =
|
||||
UpdatePermissionDetails
|
||||
{ updatePermissionSource = Nothing,
|
||||
updatePermissionTable = mempty,
|
||||
updatePermissionRole = mempty,
|
||||
updatePermissionRole = "test-role",
|
||||
updatePermissionColumns = mempty,
|
||||
updatePermissionRows = object []
|
||||
}
|
||||
@ -77,7 +77,7 @@ insertPermission =
|
||||
InsertPermissionDetails
|
||||
{ insertPermissionSource = Nothing,
|
||||
insertPermissionTable = mempty,
|
||||
insertPermissionRole = mempty,
|
||||
insertPermissionRole = "test-role",
|
||||
insertPermissionColumns = mempty,
|
||||
insertPermissionRows = object []
|
||||
}
|
||||
|
@ -63,6 +63,7 @@ import Harness.TestEnvironment
|
||||
Server (..),
|
||||
TestEnvironment (..),
|
||||
TestingMode (..),
|
||||
TestingRole (..),
|
||||
UniqueTestId (..),
|
||||
logger,
|
||||
)
|
||||
@ -283,7 +284,7 @@ setupTestEnvironment name globalTestEnvironment = do
|
||||
{ fixtureName = name,
|
||||
uniqueTestId = uniqueTestId,
|
||||
globalEnvironment = globalTestEnvironment,
|
||||
testingRole = Nothing
|
||||
permissions = Admin
|
||||
}
|
||||
|
||||
-- create source databases
|
||||
@ -459,17 +460,14 @@ withPermissions (toList -> permissions) spec = do
|
||||
where
|
||||
succeeding :: (ActionWith TestEnvironment -> IO ()) -> ActionWith TestEnvironment -> IO ()
|
||||
succeeding k test = k \testEnvironment -> do
|
||||
let permissions' :: [Permission]
|
||||
permissions' = fmap (withRole "success") permissions
|
||||
for_ permissions $
|
||||
postMetadata_ testEnvironment
|
||||
. Permissions.createPermissionMetadata testEnvironment
|
||||
|
||||
for_ permissions' \permission ->
|
||||
postMetadata_ testEnvironment do
|
||||
Permissions.createPermissionMetadata testEnvironment permission
|
||||
|
||||
test testEnvironment {testingRole = Just "success"}
|
||||
`finally` for_ permissions' \permission ->
|
||||
postMetadata_ testEnvironment do
|
||||
Permissions.dropPermissionMetadata testEnvironment permission
|
||||
test testEnvironment {permissions = NonAdmin permissions} `finally` do
|
||||
for_ permissions $
|
||||
postMetadata_ testEnvironment
|
||||
. Permissions.dropPermissionMetadata testEnvironment
|
||||
|
||||
failing :: (ActionWith TestEnvironment -> IO ()) -> ActionWith TestEnvironment -> IO ()
|
||||
failing k test = k \testEnvironment -> do
|
||||
@ -477,12 +475,9 @@ withPermissions (toList -> permissions) spec = do
|
||||
-- they lead to test failures.
|
||||
for_ (subsequences permissions) \subsequence ->
|
||||
unless (subsequence == permissions) do
|
||||
let permissions' :: [Permission]
|
||||
permissions' = map (withRole "failure") subsequence
|
||||
|
||||
for_ permissions' \permission ->
|
||||
postMetadata_ testEnvironment do
|
||||
Permissions.createPermissionMetadata testEnvironment permission
|
||||
for_ subsequence $
|
||||
postMetadata_ testEnvironment
|
||||
. Permissions.createPermissionMetadata testEnvironment
|
||||
|
||||
let attempt :: IO () -> IO ()
|
||||
attempt x =
|
||||
@ -491,18 +486,12 @@ withPermissions (toList -> permissions) spec = do
|
||||
expectationFailure $
|
||||
mconcat
|
||||
[ "Unexpectedly adequate permissions:\n",
|
||||
ppShow permissions'
|
||||
ppShow subsequence
|
||||
]
|
||||
Left (_ :: SomeException) ->
|
||||
pure ()
|
||||
|
||||
attempt (test testEnvironment {testingRole = Just "failure"})
|
||||
`finally` for_ permissions' \permission ->
|
||||
postMetadata_ testEnvironment do
|
||||
Permissions.dropPermissionMetadata testEnvironment permission
|
||||
|
||||
withRole :: Text -> Permission -> Permission
|
||||
withRole role = \case
|
||||
SelectPermission p -> Permissions.SelectPermission p {Permissions.selectPermissionRole = role}
|
||||
UpdatePermission p -> Permissions.UpdatePermission p {Permissions.updatePermissionRole = role}
|
||||
InsertPermission p -> Permissions.InsertPermission p {Permissions.insertPermissionRole = role}
|
||||
attempt (test testEnvironment {permissions = NonAdmin subsequence}) `finally` do
|
||||
for_ subsequence $
|
||||
postMetadata_ testEnvironment
|
||||
. Permissions.dropPermissionMetadata testEnvironment
|
||||
|
@ -8,6 +8,7 @@ module Harness.TestEnvironment
|
||||
Protocol (..),
|
||||
Server (..),
|
||||
TestingMode (..),
|
||||
TestingRole (..),
|
||||
UniqueTestId (..),
|
||||
debugger,
|
||||
getServer,
|
||||
@ -32,6 +33,7 @@ import Data.UUID (UUID)
|
||||
import Data.Word
|
||||
import Database.PostgreSQL.Simple.Options (Options)
|
||||
import Harness.Logging.Messages
|
||||
import Harness.Permissions.Types (Permission)
|
||||
import Harness.Services.Composed qualified as Services
|
||||
import Harness.Test.BackendType
|
||||
import Harness.Test.FixtureName
|
||||
@ -90,11 +92,15 @@ data TestEnvironment = TestEnvironment
|
||||
uniqueTestId :: UniqueTestId,
|
||||
-- | the backend types of the tests
|
||||
fixtureName :: FixtureName,
|
||||
-- | The role we attach to requests made within the tests. This allows us
|
||||
-- to test permissions.
|
||||
testingRole :: Maybe Text
|
||||
-- | The permissions we'd like to use for testing.
|
||||
permissions :: TestingRole
|
||||
}
|
||||
|
||||
-- | The role we're going to use for testing. Either we're an admin, in which
|
||||
-- case all permissions are implied, /or/ we're a regular user, in which case
|
||||
-- the given permissions will be applied.
|
||||
data TestingRole = Admin | NonAdmin [Permission]
|
||||
|
||||
-- | How should we make requests to `graphql-engine`? Both WebSocket- and HTTP-
|
||||
-- based requests are supported.
|
||||
data Protocol = HTTP | WebSocket WS.Connection
|
||||
|
Loading…
Reference in New Issue
Block a user