async def test_user_change_password(client, sys_db, cluster): if cluster: pytest.skip('Not tested in a cluster setup') username = generate_username() password1 = generate_string() password2 = generate_string() await sys_db.create_user(username, password1) await sys_db.update_permission(username, 'rw', sys_db.name) db1 = await client.db(sys_db.name, username, password1) db2 = await client.db(sys_db.name, username, password2) # Check authentication assert isinstance(await db1.properties(), dict) with assert_raises(DatabasePropertiesError) as err: await db2.properties() assert err.value.http_code == 401 # Update the user password and check again await sys_db.update_user(username, password2) assert isinstance(await db2.properties(), dict) with assert_raises(DatabasePropertiesError) as err: await db1.properties() assert err.value.http_code == 401 # Replace the user password back and check again await sys_db.update_user(username, password1) assert isinstance(await db1.properties(), dict) with assert_raises(DatabasePropertiesError) as err: await db2.properties() assert err.value.http_code == 401
async def test_auth_jwt(client, sys_db, db_name, username, password): db = await client.db(name=db_name, username=username, password=password, verify=True, auth_method='jwt') assert isinstance(db.conn, JWTConnection) assert isinstance(await db.version(), string_types) assert isinstance(await db.properties(), dict) bad_password = generate_string() with assert_raises(JWTAuthError) as err: await client.db(db_name, username, bad_password, auth_method='jwt') assert err.value.error_code == HTTP_UNAUTHORIZED
async def test_pregel_management(db, graph, cluster): if cluster: pytest.skip('Not tested in a cluster setup') # Test create pregel job job_id = await db.pregel.create_job( graph.name, 'pagerank', store=False, max_gss=100, thread_count=1, async_mode=False, result_field='result', algorithm_params={'threshold': 0.000001} ) assert isinstance(job_id, int) # Test create pregel job with unsupported algorithm with assert_raises(PregelJobCreateError) as err: await db.pregel.create_job(graph.name, 'invalid') assert err.value.error_code in {4, 10, 1600} # Test get existing pregel job job = await db.pregel.job(job_id) assert isinstance(job['state'], string_types) assert isinstance(job['aggregators'], dict) assert isinstance(job['gss'], int) assert isinstance(job['received_count'], int) assert isinstance(job['send_count'], int) assert 'total_runtime' in job # Test delete existing pregel job assert await db.pregel.delete_job(job_id) is True await asyncio.sleep(0.2) with assert_raises(PregelJobGetError) as err: await db.pregel.job(job_id) assert err.value.error_code in {4, 10, 1600} # Test delete missing pregel job with assert_raises(PregelJobDeleteError) as err: await db.pregel.delete_job(generate_string()) assert err.value.error_code in {4, 10, 1600}
async def sys_db(client): sys_db = await client.db(name='_system', username='******', password=global_data.get('passwd'), superuser_token=generate_jwt( global_data.get('secret'))) username = generate_username() password = generate_string() global_data['username'] = username global_data['password'] = password await sys_db.create_database(name=global_data.get('tst_db_name'), users=[{ 'active': True, 'username': username, 'password': password, }]) yield sys_db await sys_db.clear_async_jobs() # Remove all test tasks. for task in await sys_db.tasks(): task_name = task['name'] if task_name.startswith('test_task'): await sys_db.delete_task(task_name, ignore_missing=True) # Remove all test users. for user in await sys_db.users(): username = user['username'] if username.startswith('test_user'): await sys_db.delete_user(username, ignore_missing=True) # Remove all test databases. for db_name in await sys_db.databases(): if db_name.startswith('test_database'): await sys_db.delete_database(db_name, ignore_missing=True) # Remove all test collections. for collection in await sys_db.collections(): col_name = collection['name'] if col_name.startswith('test_collection'): await sys_db.delete_collection(col_name, ignore_missing=True)
async def test_client_bad_connection(db, username, password, cluster): client = ArangoClient(hosts=f'http://127.0.0.1:{arango_image.get_port()}') bad_db_name = generate_db_name() bad_username = generate_username() bad_password = generate_string() if not cluster: # Test connection with bad username password with pytest.raises(ServerConnectionError): await client.db(db.name, bad_username, bad_password, verify=True) # Test connection with missing database with pytest.raises(ServerConnectionError): await client.db(bad_db_name, bad_username, bad_password, verify=True) await client.close() # Test connection with invalid host URL client = ArangoClient(hosts='http://127.0.0.1:8500') with pytest.raises(ServerConnectionError) as err: await client.db(db.name, username, password, verify=True) assert 'bad connection' in str(err.value) await client.close()
async def test_user_management(sys_db, bad_db): # Test create user username = generate_username() password = generate_string() assert not await sys_db.has_user(username) new_user = await sys_db.create_user( username=username, password=password, active=True, extra={'foo': 'bar'}, ) assert new_user['username'] == username assert new_user['active'] is True assert new_user['extra'] == {'foo': 'bar'} assert await sys_db.has_user(username) # Test create duplicate user with assert_raises(UserCreateError) as err: await sys_db.create_user(username=username, password=password) assert err.value.error_code == 1702 # Test list users for user in await sys_db.users(): assert isinstance(user['username'], string_types) assert isinstance(user['active'], bool) assert isinstance(user['extra'], dict) assert await sys_db.user(username) == new_user # Test list users with bad database with assert_raises(UserListError) as err: await bad_db.users() assert err.value.error_code in {11, 1228} # Test get user users = await sys_db.users() for user in users: assert 'active' in user assert 'extra' in user assert 'username' in user assert username in await extract('username', await sys_db.users()) # Test get missing user with assert_raises(UserGetError) as err: await sys_db.user(generate_username()) assert err.value.error_code == 1703 # Update existing user new_user = await sys_db.update_user( username=username, password=password, active=False, extra={'bar': 'baz'}, ) assert new_user['username'] == username assert new_user['active'] is False assert new_user['extra'] == {'bar': 'baz'} assert await sys_db.user(username) == new_user # Update missing user with assert_raises(UserUpdateError) as err: await sys_db.update_user(username=generate_username(), password=generate_string()) assert err.value.error_code == 1703 # Replace existing user new_user = await sys_db.replace_user( username=username, password=password, active=False, extra={'baz': 'qux'}, ) assert new_user['username'] == username assert new_user['active'] is False assert new_user['extra'] == {'baz': 'qux'} assert await sys_db.user(username) == new_user # Replace missing user with assert_raises(UserReplaceError) as err: await sys_db.replace_user(username=generate_username(), password=generate_string()) assert err.value.error_code == 1703 # Delete an existing user assert await sys_db.delete_user(username) is True # Delete a missing user with assert_raises(UserDeleteError) as err: await sys_db.delete_user(username, ignore_missing=False) assert err.value.error_code == 1703 assert await sys_db.delete_user(username, ignore_missing=True) is False
async def test_user_create_with_new_database(client, sys_db, cluster): if cluster: pytest.skip('Not tested in a cluster setup') db_name = generate_db_name() username1 = generate_username() username2 = generate_username() username3 = generate_username() password1 = generate_string() password2 = generate_string() password3 = generate_string() result = await sys_db.create_database(name=db_name, users=[ { 'username': username1, 'password': password1, 'active': True }, { 'username': username2, 'password': password2, 'active': True }, { 'username': username3, 'password': password3, 'active': False }, ]) assert result is True await sys_db.update_permission(username1, permission='rw', database=db_name) await sys_db.update_permission(username2, permission='rw', database=db_name) await sys_db.update_permission(username3, permission='rw', database=db_name) # Test if the users were created properly usernames = await extract('username', await sys_db.users()) assert all(u in usernames for u in [username1, username2, username3]) # Test if the first user has access to the database db = await client.db(db_name, username1, password1) await db.properties() # Test if the second user also has access to the database db = await client.db(db_name, username2, password2) await db.properties() # Test if the third user has access to the database (should not) db = await client.db(db_name, username3, password3) with assert_raises(DatabasePropertiesError) as err: await db.properties() assert err.value.http_code == 401
async def test_permission_management(client, sys_db, bad_db, cluster): if cluster: pytest.skip('Not tested in a cluster setup') username = generate_username() password = generate_string() db_name = generate_db_name() col_name_1 = generate_col_name() col_name_2 = generate_col_name() await sys_db.create_database(name=db_name, users=[{ 'username': username, 'password': password, 'active': True }]) db = await client.db(db_name, username, password) assert isinstance(await sys_db.permissions(username), dict) # Test list permissions with bad database with assert_raises(PermissionListError) as err: await bad_db.permissions(username) assert err.value.error_code in {11, 1228} # Test get permission with bad database with assert_raises(PermissionGetError) as err: await bad_db.permission(username, db_name) assert err.value.error_code in {11, 1228} # The user should not have read and write permissions assert await sys_db.permission(username, db_name) == 'rw' assert await sys_db.permission(username, db_name, col_name_1) == 'rw' # Test update permission (database level) with bad database with assert_raises(PermissionUpdateError): await bad_db.update_permission(username, 'ro', db_name) assert await sys_db.permission(username, db_name) == 'rw' # Test update permission (database level) to read only and verify access assert await sys_db.update_permission(username, 'ro', db_name) is True assert await sys_db.permission(username, db_name) == 'ro' with assert_raises(CollectionCreateError) as err: await db.create_collection(col_name_2) assert err.value.http_code == 403 assert col_name_1 not in await extract('name', await db.collections()) assert col_name_2 not in await extract('name', await db.collections()) # Test reset permission (database level) with bad database with assert_raises(PermissionResetError) as err: await bad_db.reset_permission(username, db_name) assert err.value.error_code in {11, 1228} assert await sys_db.permission(username, db_name) == 'ro' # Test reset permission (database level) and verify access assert await sys_db.reset_permission(username, db_name) is True assert await sys_db.permission(username, db_name) == 'none' with assert_raises(CollectionCreateError) as err: await db.create_collection(col_name_1) assert err.value.http_code == 401 with assert_raises(CollectionListError) as err: await db.collections() assert err.value.http_code == 401 # Test update permission (database level) and verify access assert await sys_db.update_permission(username, 'rw', db_name) is True assert await sys_db.permission(username, db_name, col_name_2) == 'rw' assert await db.create_collection(col_name_1) is not None assert await db.create_collection(col_name_2) is not None assert col_name_1 in await extract('name', await db.collections()) assert col_name_2 in await extract('name', await db.collections()) col_1 = await db.collection(col_name_1) col_2 = await db.collection(col_name_2) # Verify that user has read and write access to both collections assert isinstance(await col_1.properties(), dict) assert isinstance(await col_1.insert({}), dict) assert isinstance(await col_2.properties(), dict) assert isinstance(await col_2.insert({}), dict) # Test update permission (collection level) to read only and verify access assert await sys_db.update_permission(username, 'ro', db_name, col_name_1) assert await sys_db.permission(username, db_name, col_name_1) == 'ro' assert isinstance(await col_1.properties(), dict) with assert_raises(DocumentInsertError) as err: await col_1.insert({}) assert err.value.http_code == 403 assert isinstance(await col_2.properties(), dict) assert isinstance(await col_2.insert({}), dict) # Test update permission (collection level) to none and verify access assert await sys_db.update_permission(username, 'none', db_name, col_name_1) assert await sys_db.permission(username, db_name, col_name_1) == 'none' with assert_raises(CollectionPropertiesError) as err: await col_1.properties() assert err.value.http_code == 403 with assert_raises(DocumentInsertError) as err: await col_1.insert({}) assert err.value.http_code == 403 assert isinstance(await col_2.properties(), dict) assert isinstance(await col_2.insert({}), dict) # Test reset permission (collection level) assert await sys_db.reset_permission(username, db_name, col_name_1) is True assert await sys_db.permission(username, db_name, col_name_1) == 'rw' assert isinstance(await col_1.properties(), dict) assert isinstance(await col_1.insert({}), dict) assert isinstance(await col_2.properties(), dict) assert isinstance(await col_2.insert({}), dict)