def test_get_user_access_db_level():
# Create a test user
username = generate_user_name()
db.create_user(username=username, password='******')
# Get user access (should be none initially)
# TODO CHANGED due to change in underlying behavior
assert len(db.user_access(username)) == 0
# Grant user access to the database and check again
# TODO CHANGED due to change in underlying behavior
db.grant_user_access(username)
assert db.user_access(username)[db_name] == 'rw'
# Get access of a missing user
# TODO CHANGED due to change in underlying behavior
bad_username = generate_user_name()
with pytest.raises(UserAccessError) as err:
db.user_access(bad_username)
assert err.value.http_code == 404
# Get user access from a bad database (incorrect password)
with pytest.raises(UserAccessError) as err:
bad_db.user_access(bad_username)
assert err.value.http_code in HTTP_AUTH_ERR
def test_update_user():
username = generate_user_name()
arango_client.create_user(
username=username,
password='******',
active=True,
extra={'foo': 'bar'},
)
# Update an existing user
new_user = arango_client.update_user(
username=username,
password='******',
active=False,
extra={'bar': 'baz'},
)
assert new_user['username'] == username
assert new_user['active'] is False
assert new_user['extra'] == {'foo': 'bar', 'bar': 'baz'}
assert arango_client.user(username) == new_user
# Update a missing user
bad_username = generate_user_name()
with pytest.raises(UserUpdateError) as err:
arango_client.update_user(username=bad_username,
password='******')
assert err.value.http_code == 404
def test_get_user_access_collection_level():
# Create a new test user
username = generate_user_name()
db.create_user(username=username, password='******')
arango_client.database(name=db_name,
username=username,
password='******')
col_name = generate_col_name()
col = db.create_collection(col_name)
# The new user should have no access to the collection
assert col.user_access(username) is None
# After granting access to the collection it should work
col.grant_user_access(username)
assert col.user_access(username) == 'rw'
# Revoke the access again to see that 401 is back
col.revoke_user_access(username)
assert col.user_access(username) is None
# Grant access from a bad database (missing user)
with pytest.raises(ArangoError) as err:
bad_db.collection(col_name).user_access(generate_user_name())
assert err.value.http_code in HTTP_AUTH_ERR
assert isinstance(err.value, UserAccessError) \
or isinstance(err.value, AsyncExecuteError) \
or isinstance(err.value, BatchExecuteError)
def test_revoke_user_access_collection_level():
# Create a new test user
username = generate_user_name()
db.create_user(username=username, password='******')
user_db = arango_client.database(name=db_name,
username=username,
password='******')
col_name = generate_col_name()
col = db.create_collection(col_name)
# The new user should have no access to the collection
with pytest.raises(ArangoError) as err:
user_db.collection(col_name).count()
assert err.value.http_code in HTTP_AUTH_ERR
# After granting access to the collection it should work
col.grant_user_access(username)
# TODO enable again once the bug is fixed on ArangoDB side
# assert user_db.collection(col_name).count() == 0
# Revoke the access again to see that 401 is back
col.revoke_user_access(username)
with pytest.raises(ArangoError) as err:
user_db.collection(col_name).count()
assert err.value.http_code in HTTP_AUTH_ERR
# Grant access from a bad database (missing user)
with pytest.raises(ArangoError) as err:
bad_db.collection(col_name).revoke_user_access(generate_user_name())
assert err.value.http_code in HTTP_AUTH_ERR
assert isinstance(err.value, UserRevokeAccessError) \
or isinstance(err.value, AsyncExecuteError) \
or isinstance(err.value, BatchExecuteError)
def test_grant_user_access_db_level():
# Create a test user and login as that user
username = generate_user_name()
db.create_user(username=username, password='******')
user_db = arango_client.database(name=db_name,
username=username,
password='******')
# Create a collection with the user (should have no access)
col_name = generate_col_name()
with pytest.raises(CollectionCreateError) as err:
user_db.create_collection(col_name)
assert err.value.http_code in HTTP_AUTH_ERR
assert col_name not in set(col['name'] for col in db.collections())
# Grant the user access and try again
db.grant_user_access(username)
db.create_collection(col_name)
assert col_name in set(col['name'] for col in db.collections())
# Grant access to a missing user
bad_username = generate_user_name()
with pytest.raises(UserGrantAccessError) as err:
db.grant_user_access(bad_username)
assert err.value.http_code == 404
def test_revoke_user_access_db_level():
# Create a test user with access and login as that user
username = generate_user_name()
db.create_user(username=username, password='******')
db.grant_user_access(username, db_name)
user_db = arango_client.database(name=db_name,
username=username,
password='******')
# Test user access by creating a collection
col_name = generate_col_name()
user_db.create_collection(col_name)
assert col_name in set(col['name'] for col in db.collections())
# Revoke access from the user
db.revoke_user_access(username)
with pytest.raises(CollectionDeleteError) as err:
user_db.delete_collection(col_name)
assert err.value.http_code in HTTP_AUTH_ERR
# Test revoke access to missing user
bad_username = generate_user_name()
with pytest.raises(UserRevokeAccessError) as err:
db.revoke_user_access(bad_username)
assert err.value.http_code == 404
def test_replace_user_db_level():
username = generate_user_name()
db.create_user(
username=username,
password='******',
active=True,
extra={'foo': 'bar'},
)
# Replace an existing user
new_user = db.replace_user(
username=username,
password='******',
active=False,
extra={'bar': 'baz'},
)
assert new_user['username'] == username
assert new_user['active'] is False
assert new_user['extra'] == {'bar': 'baz'}
assert db.user(username) == new_user
# Replace a missing user
bad_username = generate_user_name()
with pytest.raises(UserReplaceError) as err:
db.replace_user(username=bad_username, password='******')
assert err.value.http_code == 404
def test_create_user_with_database():
username1 = generate_user_name()
username2 = generate_user_name()
username3 = generate_user_name()
user_db = arango_client.create_database(name=another_db_name,
users=[
{
'username': username1,
'password': '******'
},
{
'username': username2,
'password': '******'
},
{
'username': username3,
'password': '******',
'active': False
},
],
username=username1,
password='******')
# Test if the users were created properly
all_usernames = set(user['username'] for user in arango_client.users())
assert username1 in all_usernames
assert username2 in all_usernames
# Test if the first user has access to the database
assert user_db.connection.username == username1
assert user_db.connection.password == 'password1'
user_db.properties()
# Test if the second user also has access to the database
user_db = arango_client.database(another_db_name, username2, 'password2')
assert user_db.connection.username == username2
assert user_db.connection.password == 'password2'
user_db.properties()
# Test if the third user has access to the database (should not)
user_db = arango_client.database(another_db_name, username3, 'password3')
assert user_db.connection.username == username3
assert user_db.connection.password == 'password3'
with pytest.raises(DatabasePropertiesError) as err:
user_db.properties()
assert err.value.http_code in HTTP_AUTH_ERR
def test_get_user():
# Get existing user
for user in arango_client.users():
assert arango_client.user(user['username']) == user
# Get a missing user
bad_username = generate_user_name()
with pytest.raises(UserGetError) as err:
arango_client.user(bad_username)
assert err.value.http_code == 404
def test_delete_user_db_level():
username = generate_user_name()
db.create_user(username=username, password='******')
# Delete an existing user
assert db.delete_user(username) is True
# Delete a missing user without ignore_missing
with pytest.raises(UserDeleteError) as err:
db.delete_user(username, ignore_missing=False)
assert err.value.http_code == 404
# Delete a missing user with ignore_missing
assert db.delete_user(username, ignore_missing=True) is False
def test_get_user_access():
# Create a test user
username = generate_user_name()
arango_client.create_user(username=username, password='******')
# Get user access (should be empty initially)
# TODO CHANGED due to change in underlying behavior
assert arango_client.user_access(username) == {}
# Grant user access to the database and check again
arango_client.grant_user_access(username, db_name)
# TODO CHANGED due to change in underlying behavior
assert arango_client.user_access(username)[db_name] == 'rw'
# Get access of a missing user
bad_username = generate_user_name()
with pytest.raises(UserAccessError) as err:
arango_client.user_access(bad_username)
assert err.value.http_code == 404
# Get access of a user from a bad client (incorrect password)
with pytest.raises(UserAccessError) as err:
bad_client.user_access(username)
assert err.value.http_code in HTTP_AUTH_ERR
def test_create_user():
# Create a new user
username = generate_user_name()
new_user = arango_client.create_user(
username=username,
password='******',
active=True,
extra={'foo': 'bar'},
)
assert new_user['username'] == username
assert new_user['active'] is True
assert new_user['extra'] == {'foo': 'bar'}
assert arango_client.user(username) == new_user
# Create a duplicate user
with pytest.raises(UserCreateError) as err:
arango_client.create_user(username=username, password='******')
assert 'duplicate' in err.value.message
def test_change_password():
username = generate_user_name()
arango_client.create_user(username=username, password='******')
arango_client.grant_user_access(username, db_name)
db1 = arango_client.db(db_name, username, 'password1')
db2 = arango_client.db(db_name, username, 'password2')
# Ensure that the user can make requests with correct credentials
db1.properties()
# Ensure that the user cannot make requests with bad credentials
with pytest.raises(DatabasePropertiesError) as err:
db2.properties()
assert err.value.http_code in HTTP_AUTH_ERR
# Update the user password and test again
arango_client.update_user(username=username, password='******')
db2.properties()
def test_update_user():
# added for full coverage of patch command
username = generate_user_name()
arango_client.create_user(
username=username,
password='******',
active=True,
extra={'foo': 'bar'},
)
# Update an existing user
new_user = arango_client.update_user(
username=username,
password='******',
active=False,
extra={'bar': 'baz'},
)
assert new_user['username'] == username
assert new_user['active'] is False
assert new_user['extra'] == {'foo': 'bar', 'bar': 'baz'}
assert arango_client.user(username) == new_user
from __future__ import absolute_import, unicode_literals
import pytest
from arango import ArangoClient
from arango.exceptions import (WALConfigureError, WALFlushError,
WALPropertiesError, WALTransactionListError)
from tests.utils import generate_user_name, generate_db_name
arango_client = ArangoClient()
username = generate_user_name()
user = arango_client.create_user(username, 'password')
db_name = generate_db_name()
db = arango_client.create_database(db_name)
def teardown_module(*_):
arango_client.delete_user(username, ignore_missing=True)
arango_client.delete_database(db_name, ignore_missing=True)
@pytest.mark.order1
def test_wal_properties():
properties = arango_client.wal.properties()
assert 'ArangoDB write-ahead log' in repr(arango_client.wal)
assert 'oversized_ops' in properties
assert 'log_size' in properties
assert 'historic_logs' in properties
assert 'reserve_logs' in properties
