mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-15 01:12:56 +03:00
server: move remote schema permissions APIs to /v1/metadata
Earlier (pre catalog separation), the remote schema permissions were in `/v1/query`. This PR moves it to `/v1/metadata`. GitOrigin-RevId: cb39d9df4cc2288f67231504e3a7909f2f8df4da
This commit is contained in:
parent
513a3d0c19
commit
6c22132061
@ -94,6 +94,10 @@ data RQLMetadata
|
||||
| RMReloadRemoteSchema !RemoteSchemaNameQuery
|
||||
| RMIntrospectRemoteSchema !RemoteSchemaNameQuery
|
||||
|
||||
-- remote-schema permissions
|
||||
| RMAddRemoteSchemaPermissions !AddRemoteSchemaPermissions
|
||||
| RMDropRemoteSchemaPermissions !DropRemoteSchemaPermissions
|
||||
|
||||
-- scheduled triggers
|
||||
| RMCreateCronTrigger !CreateCronTrigger
|
||||
| RMDeleteCronTrigger !ScheduledTriggerName
|
||||
@ -185,11 +189,12 @@ runMetadataQueryM
|
||||
, HTTP.HasHttpManagerM m
|
||||
, MetadataM m
|
||||
, MonadMetadataStorageQueryAPI m
|
||||
, HasRemoteSchemaPermsCtx m
|
||||
)
|
||||
=> Env.Environment
|
||||
-> RQLMetadata
|
||||
-> m EncJSON
|
||||
runMetadataQueryM env = \case
|
||||
runMetadataQueryM env = withPathK "args" . \case
|
||||
RMPgAddSource q -> runAddPgSource q
|
||||
RMPgDropSource q -> runDropPgSource q
|
||||
|
||||
@ -238,6 +243,9 @@ runMetadataQueryM env = \case
|
||||
RMReloadRemoteSchema q -> runReloadRemoteSchema q
|
||||
RMIntrospectRemoteSchema q -> runIntrospectRemoteSchema q
|
||||
|
||||
RMAddRemoteSchemaPermissions q -> runAddRemoteSchemaPermissions q
|
||||
RMDropRemoteSchemaPermissions q -> runDropRemoteSchemaPermissions q
|
||||
|
||||
RMCreateCronTrigger q -> runCreateCronTrigger q
|
||||
RMDeleteCronTrigger q -> runDeleteCronTrigger q
|
||||
RMCreateScheduledEvent q -> runCreateScheduledEvent q
|
||||
|
@ -98,10 +98,6 @@ data RQLQueryV1
|
||||
| RQReloadRemoteSchema !RemoteSchemaNameQuery
|
||||
| RQIntrospectRemoteSchema !RemoteSchemaNameQuery
|
||||
|
||||
-- remote-schema permissions
|
||||
| RQAddRemoteSchemaPermissions !AddRemoteSchemaPermissions
|
||||
| RQDropRemoteSchemaPermissions !DropRemoteSchemaPermissions
|
||||
|
||||
| RQCreateEventTrigger !CreateEventTriggerQuery
|
||||
| RQDeleteEventTrigger !DeleteEventTriggerQuery
|
||||
| RQRedeliverEvent !RedeliverEventQuery
|
||||
@ -268,9 +264,6 @@ queryModifiesSchemaCache (RQV1 qi) = case qi of
|
||||
RQReloadRemoteSchema _ -> True
|
||||
RQIntrospectRemoteSchema _ -> False
|
||||
|
||||
RQAddRemoteSchemaPermissions _ -> True
|
||||
RQDropRemoteSchemaPermissions _ -> True
|
||||
|
||||
RQCreateEventTrigger _ -> True
|
||||
RQDeleteEventTrigger _ -> True
|
||||
RQRedeliverEvent _ -> False
|
||||
@ -407,9 +400,6 @@ runQueryM env rq = withPathK "args" $ case rq of
|
||||
RQReloadRemoteSchema q -> runReloadRemoteSchema q
|
||||
RQIntrospectRemoteSchema q -> runIntrospectRemoteSchema q
|
||||
|
||||
RQAddRemoteSchemaPermissions q -> runAddRemoteSchemaPermissions q
|
||||
RQDropRemoteSchemaPermissions q -> runDropRemoteSchemaPermissions q
|
||||
|
||||
RQCreateRemoteRelationship q -> runCreateRemoteRelationship q
|
||||
RQUpdateRemoteRelationship q -> runUpdateRemoteRelationship q
|
||||
RQDeleteRemoteRelationship q -> runDeleteRemoteRelationship q
|
||||
@ -505,9 +495,6 @@ requiresAdmin = \case
|
||||
RQReloadRemoteSchema _ -> True
|
||||
RQIntrospectRemoteSchema _ -> True
|
||||
|
||||
RQAddRemoteSchemaPermissions _ -> True
|
||||
RQDropRemoteSchemaPermissions _ -> True
|
||||
|
||||
RQCreateEventTrigger _ -> True
|
||||
RQDeleteEventTrigger _ -> True
|
||||
RQRedeliverEvent _ -> True
|
||||
|
@ -521,12 +521,12 @@ class HGECtx:
|
||||
conn.close()
|
||||
return res
|
||||
|
||||
def v1q(self, q, headers = {}):
|
||||
def execute_query(self, q, url_path, headers = {}):
|
||||
h = headers.copy()
|
||||
if self.hge_key is not None:
|
||||
h['X-Hasura-Admin-Secret'] = self.hge_key
|
||||
resp = self.http.post(
|
||||
self.hge_url + "/v1/query",
|
||||
self.hge_url + url_path,
|
||||
json=q,
|
||||
headers=h
|
||||
)
|
||||
@ -534,12 +534,25 @@ class HGECtx:
|
||||
# properties in the graphql spec properly
|
||||
return resp.status_code, resp.json(object_pairs_hook=OrderedDict)
|
||||
|
||||
|
||||
def v1q(self, q, headers = {}):
|
||||
return self.execute_query(q, "/v1/query", headers)
|
||||
|
||||
def v1q_f(self, fn):
|
||||
with open(fn) as f:
|
||||
# NOTE: preserve ordering with ruamel
|
||||
yml = yaml.YAML()
|
||||
return self.v1q(yml.load(f))
|
||||
|
||||
def v1metadataq(self, q, headers = {}):
|
||||
return self.execute_query(q, "/v1/metadata", headers)
|
||||
|
||||
def v1metadataq_f(self, fn):
|
||||
with open(fn) as f:
|
||||
# NOTE: preserve ordering with ruamel
|
||||
yml = yaml.YAML()
|
||||
return self.v1metadataq(yml.load(f))
|
||||
|
||||
def teardown(self):
|
||||
self.http.close()
|
||||
self.engine.dispose()
|
||||
|
@ -1,5 +1,5 @@
|
||||
- description: adding preset directive at the wrong location
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
@ -21,7 +21,7 @@
|
||||
code: validation-failed
|
||||
|
||||
- description: adding an invalid directive preset value
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
@ -80,7 +80,7 @@
|
||||
code: validation-failed
|
||||
|
||||
- description: adding an invalid directive preset value
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -1,5 +1,5 @@
|
||||
- description: Include Enum Occupation which doesn't exist in the remote schema
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
response:
|
||||
path: $.args
|
||||
@ -33,7 +33,7 @@
|
||||
}
|
||||
|
||||
- description: Include unknown enum value "IDLE" in the 'MessageStatus' Enum
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
response:
|
||||
path: $.args
|
||||
@ -70,7 +70,7 @@
|
||||
}
|
||||
|
||||
- description: Add duplicate enum value in the `MessageStatus` Enum
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
response:
|
||||
path: $.args
|
||||
|
@ -2,7 +2,7 @@ description:
|
||||
The types of the fields of the input 'IntCompareObj'
|
||||
object in the upstream remote schema is 'Int', so a different
|
||||
type should throw an error
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -1,5 +1,5 @@
|
||||
description: Include unknown field "timestamp" in the "Communication" interface
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -1,7 +1,7 @@
|
||||
- description:
|
||||
The types of the fields of the 'User' object have been changed, 'user_id' has the type 'Int' in the upstream
|
||||
remote schema and the field 'created_at' doesn't exist in the upstream remote schema.
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
@ -33,7 +33,7 @@
|
||||
- description:
|
||||
The 'Person' object is implementing the interface 'FullName' which doesn't exist in the
|
||||
remote schema
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
@ -72,7 +72,7 @@
|
||||
- description:
|
||||
The 'user' field in the 'Query' object doesn't have all the non-nullable arguments
|
||||
that the corresponding remote 'user' field implements.
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -1,5 +1,5 @@
|
||||
description: Include Enum Occupation which doesn't exist in the remote schema
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -1,5 +1,5 @@
|
||||
description: Provide a member type 'Message' in the 'SearchResult' which doesn't exist in the upstream remote
|
||||
url: /v1/query
|
||||
url: /v1/metadata
|
||||
status: 400
|
||||
query:
|
||||
type: add_remote_schema_permissions
|
||||
|
@ -31,11 +31,11 @@ class TestAddRemoteSchemaPermissions:
|
||||
return "queries/remote_schemas/permissions/"
|
||||
|
||||
def test_add_permission_with_valid_subset_of_fields(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_valid_subset_of_fields.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_valid_subset_of_fields.yaml')
|
||||
assert st_code == 200, resp
|
||||
|
||||
def test_add_permission_with_valid_subset_of_arguments(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_valid_subset_of_arguments.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_valid_subset_of_arguments.yaml')
|
||||
assert st_code == 200, resp
|
||||
|
||||
def test_role_based_schema_enums_validation(self, hge_ctx):
|
||||
@ -67,12 +67,12 @@ class TestRemoteSchemaPermissionsExecution:
|
||||
return "queries/remote_schemas/permissions/"
|
||||
|
||||
def test_execution_with_subset_of_fields_exposed_to_role(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_valid_subset_of_fields.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_valid_subset_of_fields.yaml')
|
||||
assert st_code == 200, resp
|
||||
check_query_f(hge_ctx, self.dir() + 'execution_with_partial_fields_exposed_to_role.yaml')
|
||||
|
||||
def test_execution_with_subset_of_arguments_exposed_to_role(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_valid_subset_of_arguments.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_valid_subset_of_arguments.yaml')
|
||||
assert st_code == 200, resp
|
||||
check_query_f(hge_ctx, self.dir() + 'execution_with_partial_args_exposed_to_role.yaml')
|
||||
|
||||
@ -88,11 +88,11 @@ class TestRemoteSchemaPermissionsArgumentPresets:
|
||||
return "queries/remote_schemas/permissions/argument_presets/"
|
||||
|
||||
def test_execution_with_static_argument_preset(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_static_preset_argument.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_static_preset_argument.yaml')
|
||||
assert st_code == 200, resp
|
||||
check_query_f(hge_ctx, self.dir() + 'execution_with_static_preset_args.yaml')
|
||||
|
||||
def test_execution_with_session_argument_preset(self, hge_ctx):
|
||||
st_code, resp = hge_ctx.v1q_f(self.dir() + 'add_permission_with_session_preset_argument.yaml')
|
||||
st_code, resp = hge_ctx.v1metadataq_f(self.dir() + 'add_permission_with_session_preset_argument.yaml')
|
||||
assert st_code == 200, resp
|
||||
check_query_f(hge_ctx, self.dir() + 'execution_with_session_preset_args.yaml')
|
||||
|
Loading…
Reference in New Issue
Block a user