Ejemplo n.º 1
0
async def test_user_change_password(client, sys_db, cluster):
    if cluster:
        pytest.skip('Not tested in a cluster setup')

    username = generate_username()
    password1 = generate_string()
    password2 = generate_string()

    await sys_db.create_user(username, password1)
    await sys_db.update_permission(username, 'rw', sys_db.name)

    db1 = await client.db(sys_db.name, username, password1)
    db2 = await client.db(sys_db.name, username, password2)

    # Check authentication
    assert isinstance(await db1.properties(), dict)
    with assert_raises(DatabasePropertiesError) as err:
        await db2.properties()
    assert err.value.http_code == 401

    # Update the user password and check again
    await sys_db.update_user(username, password2)
    assert isinstance(await db2.properties(), dict)
    with assert_raises(DatabasePropertiesError) as err:
        await db1.properties()
    assert err.value.http_code == 401

    # Replace the user password back and check again
    await sys_db.update_user(username, password1)
    assert isinstance(await db1.properties(), dict)
    with assert_raises(DatabasePropertiesError) as err:
        await db2.properties()
    assert err.value.http_code == 401
Ejemplo n.º 2
0
async def test_auth_jwt(client, sys_db, db_name, username, password):
    db = await client.db(name=db_name,
                         username=username,
                         password=password,
                         verify=True,
                         auth_method='jwt')
    assert isinstance(db.conn, JWTConnection)
    assert isinstance(await db.version(), string_types)
    assert isinstance(await db.properties(), dict)

    bad_password = generate_string()
    with assert_raises(JWTAuthError) as err:
        await client.db(db_name, username, bad_password, auth_method='jwt')
    assert err.value.error_code == HTTP_UNAUTHORIZED
Ejemplo n.º 3
0
async def test_pregel_management(db, graph, cluster):
    if cluster:
        pytest.skip('Not tested in a cluster setup')

    # Test create pregel job
    job_id = await db.pregel.create_job(
        graph.name,
        'pagerank',
        store=False,
        max_gss=100,
        thread_count=1,
        async_mode=False,
        result_field='result',
        algorithm_params={'threshold': 0.000001}
    )
    assert isinstance(job_id, int)

    # Test create pregel job with unsupported algorithm
    with assert_raises(PregelJobCreateError) as err:
        await db.pregel.create_job(graph.name, 'invalid')
    assert err.value.error_code in {4, 10, 1600}

    # Test get existing pregel job
    job = await db.pregel.job(job_id)
    assert isinstance(job['state'], string_types)
    assert isinstance(job['aggregators'], dict)
    assert isinstance(job['gss'], int)
    assert isinstance(job['received_count'], int)
    assert isinstance(job['send_count'], int)
    assert 'total_runtime' in job

    # Test delete existing pregel job
    assert await db.pregel.delete_job(job_id) is True
    await asyncio.sleep(0.2)
    with assert_raises(PregelJobGetError) as err:
        await db.pregel.job(job_id)
    assert err.value.error_code in {4, 10, 1600}

    # Test delete missing pregel job
    with assert_raises(PregelJobDeleteError) as err:
        await db.pregel.delete_job(generate_string())
    assert err.value.error_code in {4, 10, 1600}
Ejemplo n.º 4
0
async def sys_db(client):
    sys_db = await client.db(name='_system',
                             username='******',
                             password=global_data.get('passwd'),
                             superuser_token=generate_jwt(
                                 global_data.get('secret')))
    username = generate_username()
    password = generate_string()

    global_data['username'] = username
    global_data['password'] = password
    await sys_db.create_database(name=global_data.get('tst_db_name'),
                                 users=[{
                                     'active': True,
                                     'username': username,
                                     'password': password,
                                 }])
    yield sys_db
    await sys_db.clear_async_jobs()
    # Remove all test tasks.
    for task in await sys_db.tasks():
        task_name = task['name']
        if task_name.startswith('test_task'):
            await sys_db.delete_task(task_name, ignore_missing=True)

    # Remove all test users.
    for user in await sys_db.users():
        username = user['username']
        if username.startswith('test_user'):
            await sys_db.delete_user(username, ignore_missing=True)

    # Remove all test databases.
    for db_name in await sys_db.databases():
        if db_name.startswith('test_database'):
            await sys_db.delete_database(db_name, ignore_missing=True)

    # Remove all test collections.
    for collection in await sys_db.collections():
        col_name = collection['name']
        if col_name.startswith('test_collection'):
            await sys_db.delete_collection(col_name, ignore_missing=True)
Ejemplo n.º 5
0
async def test_client_bad_connection(db, username, password, cluster):
    client = ArangoClient(hosts=f'http://127.0.0.1:{arango_image.get_port()}')

    bad_db_name = generate_db_name()
    bad_username = generate_username()
    bad_password = generate_string()

    if not cluster:
        # Test connection with bad username password
        with pytest.raises(ServerConnectionError):
            await client.db(db.name, bad_username, bad_password, verify=True)

    # Test connection with missing database
    with pytest.raises(ServerConnectionError):
        await client.db(bad_db_name, bad_username, bad_password, verify=True)
    await client.close()

    # Test connection with invalid host URL
    client = ArangoClient(hosts='http://127.0.0.1:8500')
    with pytest.raises(ServerConnectionError) as err:
        await client.db(db.name, username, password, verify=True)
    assert 'bad connection' in str(err.value)
    await client.close()
Ejemplo n.º 6
0
async def test_user_management(sys_db, bad_db):
    # Test create user
    username = generate_username()
    password = generate_string()
    assert not await sys_db.has_user(username)

    new_user = await sys_db.create_user(
        username=username,
        password=password,
        active=True,
        extra={'foo': 'bar'},
    )
    assert new_user['username'] == username
    assert new_user['active'] is True
    assert new_user['extra'] == {'foo': 'bar'}
    assert await sys_db.has_user(username)

    # Test create duplicate user
    with assert_raises(UserCreateError) as err:
        await sys_db.create_user(username=username, password=password)
    assert err.value.error_code == 1702

    # Test list users
    for user in await sys_db.users():
        assert isinstance(user['username'], string_types)
        assert isinstance(user['active'], bool)
        assert isinstance(user['extra'], dict)
    assert await sys_db.user(username) == new_user

    # Test list users with bad database
    with assert_raises(UserListError) as err:
        await bad_db.users()
    assert err.value.error_code in {11, 1228}

    # Test get user
    users = await sys_db.users()
    for user in users:
        assert 'active' in user
        assert 'extra' in user
        assert 'username' in user
    assert username in await extract('username', await sys_db.users())

    # Test get missing user
    with assert_raises(UserGetError) as err:
        await sys_db.user(generate_username())
    assert err.value.error_code == 1703

    # Update existing user
    new_user = await sys_db.update_user(
        username=username,
        password=password,
        active=False,
        extra={'bar': 'baz'},
    )
    assert new_user['username'] == username
    assert new_user['active'] is False
    assert new_user['extra'] == {'bar': 'baz'}
    assert await sys_db.user(username) == new_user

    # Update missing user
    with assert_raises(UserUpdateError) as err:
        await sys_db.update_user(username=generate_username(),
                                 password=generate_string())
    assert err.value.error_code == 1703

    # Replace existing user
    new_user = await sys_db.replace_user(
        username=username,
        password=password,
        active=False,
        extra={'baz': 'qux'},
    )
    assert new_user['username'] == username
    assert new_user['active'] is False
    assert new_user['extra'] == {'baz': 'qux'}
    assert await sys_db.user(username) == new_user

    # Replace missing user
    with assert_raises(UserReplaceError) as err:
        await sys_db.replace_user(username=generate_username(),
                                  password=generate_string())
    assert err.value.error_code == 1703

    # Delete an existing user
    assert await sys_db.delete_user(username) is True

    # Delete a missing user
    with assert_raises(UserDeleteError) as err:
        await sys_db.delete_user(username, ignore_missing=False)
    assert err.value.error_code == 1703
    assert await sys_db.delete_user(username, ignore_missing=True) is False
Ejemplo n.º 7
0
async def test_user_create_with_new_database(client, sys_db, cluster):
    if cluster:
        pytest.skip('Not tested in a cluster setup')

    db_name = generate_db_name()

    username1 = generate_username()
    username2 = generate_username()
    username3 = generate_username()

    password1 = generate_string()
    password2 = generate_string()
    password3 = generate_string()

    result = await sys_db.create_database(name=db_name,
                                          users=[
                                              {
                                                  'username': username1,
                                                  'password': password1,
                                                  'active': True
                                              },
                                              {
                                                  'username': username2,
                                                  'password': password2,
                                                  'active': True
                                              },
                                              {
                                                  'username': username3,
                                                  'password': password3,
                                                  'active': False
                                              },
                                          ])
    assert result is True

    await sys_db.update_permission(username1,
                                   permission='rw',
                                   database=db_name)
    await sys_db.update_permission(username2,
                                   permission='rw',
                                   database=db_name)
    await sys_db.update_permission(username3,
                                   permission='rw',
                                   database=db_name)

    # Test if the users were created properly
    usernames = await extract('username', await sys_db.users())
    assert all(u in usernames for u in [username1, username2, username3])

    # Test if the first user has access to the database
    db = await client.db(db_name, username1, password1)
    await db.properties()

    # Test if the second user also has access to the database
    db = await client.db(db_name, username2, password2)
    await db.properties()

    # Test if the third user has access to the database (should not)
    db = await client.db(db_name, username3, password3)
    with assert_raises(DatabasePropertiesError) as err:
        await db.properties()
    assert err.value.http_code == 401
Ejemplo n.º 8
0
async def test_permission_management(client, sys_db, bad_db, cluster):
    if cluster:
        pytest.skip('Not tested in a cluster setup')

    username = generate_username()
    password = generate_string()
    db_name = generate_db_name()
    col_name_1 = generate_col_name()
    col_name_2 = generate_col_name()

    await sys_db.create_database(name=db_name,
                                 users=[{
                                     'username': username,
                                     'password': password,
                                     'active': True
                                 }])
    db = await client.db(db_name, username, password)
    assert isinstance(await sys_db.permissions(username), dict)

    # Test list permissions with bad database
    with assert_raises(PermissionListError) as err:
        await bad_db.permissions(username)
    assert err.value.error_code in {11, 1228}

    # Test get permission with bad database
    with assert_raises(PermissionGetError) as err:
        await bad_db.permission(username, db_name)
    assert err.value.error_code in {11, 1228}

    # The user should not have read and write permissions
    assert await sys_db.permission(username, db_name) == 'rw'
    assert await sys_db.permission(username, db_name, col_name_1) == 'rw'

    # Test update permission (database level) with bad database
    with assert_raises(PermissionUpdateError):
        await bad_db.update_permission(username, 'ro', db_name)
    assert await sys_db.permission(username, db_name) == 'rw'

    # Test update permission (database level) to read only and verify access
    assert await sys_db.update_permission(username, 'ro', db_name) is True
    assert await sys_db.permission(username, db_name) == 'ro'
    with assert_raises(CollectionCreateError) as err:
        await db.create_collection(col_name_2)
    assert err.value.http_code == 403
    assert col_name_1 not in await extract('name', await db.collections())
    assert col_name_2 not in await extract('name', await db.collections())

    # Test reset permission (database level) with bad database
    with assert_raises(PermissionResetError) as err:
        await bad_db.reset_permission(username, db_name)
    assert err.value.error_code in {11, 1228}
    assert await sys_db.permission(username, db_name) == 'ro'

    # Test reset permission (database level) and verify access
    assert await sys_db.reset_permission(username, db_name) is True
    assert await sys_db.permission(username, db_name) == 'none'
    with assert_raises(CollectionCreateError) as err:
        await db.create_collection(col_name_1)
    assert err.value.http_code == 401
    with assert_raises(CollectionListError) as err:
        await db.collections()
    assert err.value.http_code == 401

    # Test update permission (database level) and verify access
    assert await sys_db.update_permission(username, 'rw', db_name) is True
    assert await sys_db.permission(username, db_name, col_name_2) == 'rw'
    assert await db.create_collection(col_name_1) is not None
    assert await db.create_collection(col_name_2) is not None
    assert col_name_1 in await extract('name', await db.collections())
    assert col_name_2 in await extract('name', await db.collections())

    col_1 = await db.collection(col_name_1)
    col_2 = await db.collection(col_name_2)

    # Verify that user has read and write access to both collections
    assert isinstance(await col_1.properties(), dict)
    assert isinstance(await col_1.insert({}), dict)
    assert isinstance(await col_2.properties(), dict)
    assert isinstance(await col_2.insert({}), dict)

    # Test update permission (collection level) to read only and verify access
    assert await sys_db.update_permission(username, 'ro', db_name, col_name_1)
    assert await sys_db.permission(username, db_name, col_name_1) == 'ro'
    assert isinstance(await col_1.properties(), dict)
    with assert_raises(DocumentInsertError) as err:
        await col_1.insert({})
    assert err.value.http_code == 403
    assert isinstance(await col_2.properties(), dict)
    assert isinstance(await col_2.insert({}), dict)

    # Test update permission (collection level) to none and verify access
    assert await sys_db.update_permission(username, 'none', db_name,
                                          col_name_1)
    assert await sys_db.permission(username, db_name, col_name_1) == 'none'
    with assert_raises(CollectionPropertiesError) as err:
        await col_1.properties()
    assert err.value.http_code == 403
    with assert_raises(DocumentInsertError) as err:
        await col_1.insert({})
    assert err.value.http_code == 403
    assert isinstance(await col_2.properties(), dict)
    assert isinstance(await col_2.insert({}), dict)

    # Test reset permission (collection level)
    assert await sys_db.reset_permission(username, db_name, col_name_1) is True
    assert await sys_db.permission(username, db_name, col_name_1) == 'rw'
    assert isinstance(await col_1.properties(), dict)
    assert isinstance(await col_1.insert({}), dict)
    assert isinstance(await col_2.properties(), dict)
    assert isinstance(await col_2.insert({}), dict)