def setUp(self, *args, **kwargs):
if self.config.mock_enabled:
raise SkipTest('Real server must be used for admin tests')
super(UserManagementTests, self).setUp(*args, **kwargs)
self.um = self.cluster.users()
if self.supports_groups():
self.um.upsert_group(Group('qweqwe', roles={Role.of(name='admin')}))
def setUp(self, *args, **kwargs):
super(UserManagementTests, self).setUp(*args, **kwargs)
self.um = self.cluster.users()
if not self.is_realserver:
raise SkipTest('Real server must be used for admin tests')
try:
self.um.upsert_group(Group('qweqwe'))
except:
pass
def test_groups(self):
fresh_group = Group(name='qweqwe', roles={Role.of(name='admin')})
if UG_WORKING:
self.um.upsert_group(fresh_group)
result = self.um.get_group('qweqwe')
admin_role = Role.of(name='admin')
expected_roles = {admin_role}
actual_roles = result.roles
self.assertSetEqual(expected_roles, actual_roles)
def test_get_all_groups(self):
all_groups = self.um.get_all_groups()
# NOTE: we could well have other groups on this server, apart from the one we added, so
# lets be ok with there being more of them. However, the one we added _MUST_ be there.
known_group = Group('qweqwe', roles={RawRole('admin', None)})
for g in all_groups:
if known_group == g:
return
self.fail("didn't find expected group in get_all_groups")
def test_get_all_groups(self):
roles = [
Role(name='data_reader', bucket='*'),
Role(name='data_writer', bucket='*')
]
fresh_group = Group(name='my-test-group',
roles=roles,
description="test group description")
self.um.upsert_group(fresh_group)
all_groups = self.um.get_all_groups()
# NOTE: we could well have other groups on this server, apart from the one we added, so
# lets be ok with there being more of them. However, the one we added _MUST_ be there.
known_group = Group('qweqwe', roles=[Role(name='admin')])
self.um.drop_group('my-test-group')
for g in all_groups:
if known_group == g:
return
self.fail("didn't find expected group in get_all_groups")
def test_api_object_creation(self):
# roles, users and groups must have a name
self.assertRaises(InvalidArgumentException, Role)
self.assertRaises(InvalidArgumentException, User)
self.assertRaises(InvalidArgumentException, Group)
# user roles should be a set, but allow users to create
# user w/ 1 or many roles
roles = Role('admin')
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=[roles])
roles = [Role('admin'), Role('data-reader', bucket='default')]
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
roles = {Role('admin'), Role('data-reader', bucket='default')}
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
roles = (Role('admin'), Role('data-reader', bucket='default'))
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
# group roles should be a set, but allow users to create
# group w/ 1 or many roles
roles = Role('admin')
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=[roles])
roles = [Role('admin'), Role('data-reader', bucket='default')]
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
roles = {Role('admin'), Role('data-reader', bucket='default')}
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
roles = (Role('admin'), Role('data-reader', bucket='default'))
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
def test_group_feature_not_found(self):
if self.supports_groups():
raise SkipTest('Only test on Server < 6.5')
roles = Role(name='admin')
test_group = Group(name='my-test-group',
roles=roles,
description="test group description")
self.assertRaises(FeatureNotFoundException, self.um.upsert_group,
test_group)
self.assertRaises(FeatureNotFoundException, self.um.get_all_groups)
self.assertRaises(FeatureNotFoundException, self.um.get_group,
test_group.name)
self.assertRaises(FeatureNotFoundException, self.um.drop_group,
test_group.name)
def setUp(self, *args, **kwargs):
if self.config.mock_enabled:
raise SkipTest('Real server must be used for admin tests')
super(UserManagementTests, self).setUp(*args, **kwargs)
self.bm = self.cluster.buckets()
try:
self.test_bucket = self.bm.get_bucket("default")
except BucketDoesNotExistException:
self.bm.create_bucket(
CreateBucketSettings(name="default",
bucket_type="couchbase",
ram_quota_mb=100))
self.um = self.cluster.users()
if self.supports_groups():
self.um.upsert_group(Group('qweqwe', roles={Role(name='admin')}))
def test_group(self):
roles = Role(name='admin')
test_group = Group(name='my-test-group',
roles=roles,
description="test group description")
# add group
self.um.upsert_group(test_group)
# get group
result = self.try_n_times(10, 1, self.um.get_group, test_group.name)
self.validate_group(result, test_group.roles)
# remove group
self.um.drop_group(test_group.name)
self.try_n_times_till_exception(
10,
1,
self.um.get_group,
test_group.name,
expected_exceptions=GroupNotFoundException)
def test_get_all_groups(self):
all_groups = self.um.get_all_groups()
self.assertEqual([Group('qweqwe', roles={RawRole('admin', None)})],
all_groups)
def test_user_and_groups(self):
user_roles = [
Role(name='query_select', bucket='default'),
Role(name='fts_searcher', bucket='default')
]
group_roles = [
Role(name='data_reader', bucket='*'),
Role(name='data_writer', bucket='*')
]
groups = [
Group(name='my-test-group',
roles=group_roles,
description="test group description"),
Group(name='my-test-group-1',
roles=Role(name='admin'),
description="test group description")
]
# add groups
for group in groups:
self.um.upsert_group(group)
self.try_n_times(10, 1, self.um.get_group, group.name)
user_groups = list(map(lambda g: g.name, groups))
# add user
test_user = User(username='******',
roles=user_roles,
groups=user_groups,
password='******')
self.um.upsert_user(test_user, domain_name="local")
# get user
user_metadata = self.try_n_times(10,
1,
self.um.get_user,
test_user.username,
domain_name="local")
# handle 7.0 roles w/ scopes/collections
test_roles = user_roles
if self.supports_collections():
test_roles = []
for r in user_roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata,
user_roles=test_roles,
groups=groups)
# remove group
remove_group = groups.pop()
self.um.drop_group(remove_group.name)
self.try_n_times_till_exception(
10,
1,
self.um.get_group,
remove_group.name,
expected_exceptions=GroupNotFoundException)
# get user to verify roles from removed group are removed
user_metadata = self.try_n_times(10,
1,
self.um.get_user,
test_user.username,
domain_name="local")
# handle 7.0 roles w/ scopes/collections
if self.supports_collections():
test_roles = []
for r in user_roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata,
user_roles=test_roles,
groups=groups)
# cleanup
self.um.drop_user(test_user.username, domain_name="local")
for group in groups:
self.um.drop_group(group.name)