def test_external_nopassword(self):
userid = 'custom-user'
password = '******'
roles = [
Role.of(name='data_reader', bucket='default'),
Role.of(name='data_writer', bucket='default')
]
# password with external generates argument error
self.assertRaises(ArgumentError,
self.um.upsert_user,
User(username=userid, password=password,
roles=roles),
domain=AuthDomain.External)
self.assertRaises(ArgumentError,
self.um.upsert_user,
User(username=userid, password=password, roles=None),
domain=AuthDomain.External)
self.assertRaises(ArgumentError,
self.um.upsert_user,
User(username=userid, password=password, roles=[]),
domain=AuthDomain.External)
try:
self.um.upsert_user(User(username=userid,
password=None,
roles=roles),
domain=AuthDomain.External)
except ArgumentError:
raise
except:
pass
def test_invalid_domain_raises_argument_error(self):
username = '******'
password = '******'
roles = [
Role(name='data_reader', bucket='default'),
Role(name='data_writer', bucket='default')
]
# invalid domain generates argument error
self.assertRaises(InvalidArgumentException,
self.um.get_all_users,
domain_name="fake-domain")
self.assertRaises(InvalidArgumentException,
self.um.get_user,
username,
domain_name="fake-domain")
self.assertRaises(InvalidArgumentException,
self.um.upsert_user,
User(username=username,
password=password,
roles=roles),
domain_name="fake-domain")
self.assertRaises(InvalidArgumentException,
self.um.drop_user,
username,
domain_name="fake-domain")
def test_create_list_get_remove_internal_user(self):
userid = 'custom-user'
password = '******'
roles = [
Role.of(name='data_reader', bucket='default'),
Role.of(name='data_writer', bucket='default')
]
# add user
self.um.upsert_user(User(username=userid,
roles=roles,
password=password),
domain=AuthDomain.Local)
# get all users
users = self.um.get_all_users(AuthDomain.Local)
self.assertIsNotNone(users)
# get single user
user = self.um.get_user(userid, AuthDomain.Local)
self.assertIsNotNone(user)
# remove user
self.um.drop_user(userid, AuthDomain.Local)
def test_api_object_creation(self):
# roles, users and groups must have a name
self.assertRaises(InvalidArgumentException, Role)
self.assertRaises(InvalidArgumentException, User)
self.assertRaises(InvalidArgumentException, Group)
# user roles should be a set, but allow users to create
# user w/ 1 or many roles
roles = Role('admin')
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=[roles])
roles = [Role('admin'), Role('data-reader', bucket='default')]
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
roles = {Role('admin'), Role('data-reader', bucket='default')}
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
roles = (Role('admin'), Role('data-reader', bucket='default'))
user = User(username='******',
roles=roles,
password='******')
self.validate_user(user, user_roles=roles)
# group roles should be a set, but allow users to create
# group w/ 1 or many roles
roles = Role('admin')
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=[roles])
roles = [Role('admin'), Role('data-reader', bucket='default')]
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
roles = {Role('admin'), Role('data-reader', bucket='default')}
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
roles = (Role('admin'), Role('data-reader', bucket='default'))
group = Group(name='test-group', roles=roles)
self.validate_group(group, roles=roles)
def test_external_nopassword(self):
username = '******'
password = '******'
roles = [
Role(name='data_reader', bucket='default'),
Role(name='data_writer', bucket='default')
]
# password with external generates argument error
self.assertRaises(InvalidArgumentException,
self.um.upsert_user,
User(username=username,
password=password,
roles=roles),
domain_name="external")
self.assertRaises(InvalidArgumentException,
self.um.upsert_user,
User(username=username,
password=password,
roles=None),
domain_name="external")
self.assertRaises(InvalidArgumentException,
self.um.upsert_user,
User(username=username, password=password, roles=[]),
domain_name="external")
try:
self.um.upsert_user(
User(username=username, password=None, roles=roles),
UpsertUserOptions(domain_name="external"))
except InvalidArgumentException:
raise
except:
pass
finally:
self.um.drop_user(username, domain_name="external")
def test_invalid_domain_raises_argument_error(self):
userid = 'custom-user'
password = '******'
roles = [
Role.of(name='data_reader', bucket='default'),
Role.of(name='data_writer', bucket='default')
]
# invalid domain generates argument error
self.assertRaises(ArgumentError, self.um.get_all_users, None)
self.assertRaises(ArgumentError, self.um.get_user, userid, None)
self.assertRaises(ArgumentError,
self.um.upsert_user,
User(username=userid, password=password,
roles=roles),
domain=None)
self.assertRaises(ArgumentError, self.um.drop_user, userid, None)
def test_user_api_aliases(self):
userid = 'custom-user'
password = '******'
roles = [('data_reader', 'default'), ('data_writer', 'default')]
# add user
self.um.upsert_user(User(username=userid, password=password, roles=roles), domain=AuthDomain.Local)
# get all users
users = self.um.get_all_users(AuthDomain.Local)
self.assertIsNotNone(users)
# get single user
user = self.um.get_user(username=userid, domain_name=AuthDomain.Local)
self.assertIsNotNone(user)
# remove user
self.um.drop_user(userid, AuthDomain.Local)
def test_user_display_name(self):
roles = [
Role(name='data_reader', bucket='default'),
Role(name='data_writer', bucket='default')
]
user = User(username='******',
display_name="Custom User",
roles=roles,
password='******')
# create user
self.um.upsert_user(user, UpsertUserOptions(domain_name="local"))
# get user
user_metadata = self.try_n_times(10, 1, self.um.get_user,
user.username,
GetUserOptions(domain_name="local"))
self.assertEquals(user_metadata.user.display_name, user.display_name)
self.um.drop_user(user.username, DropUserOptions(domain_name="local"))
def test_default_domain(self):
username = '******'
password = '******'
roles = [
Role(name='data_reader', bucket='default'),
Role(name='data_writer', bucket='default')
]
self.um.upsert_user(
User(username=username, password=password, roles=roles))
user_metadata = self.try_n_times(10, 1, self.um.get_user, username)
self.assertIsNotNone(user_metadata)
# handle 7.0 roles w/ scopes/collections
test_roles = roles
if self.supports_collections():
test_roles = []
for r in roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.validate_user_and_metadata(user_metadata, user_roles=test_roles)
users_metadata = self.um.get_all_users()
self.assertIsNotNone(users_metadata)
result = all(
map(lambda um: self.validate_user_and_metadata(um),
users_metadata))
self.assertTrue(result)
self.um.drop_user(username)
adm_cluster = Cluster("couchbase://localhost",
authenticator=PasswordAuthenticator(
"Administrator", "password"))
# For Server versions 6.5 or later you do not need to open a bucket here
adm_bucket = adm_cluster.bucket(bucket_name)
# tag::create_user[]
user_manager = adm_cluster.users()
user = User(
username=username,
display_name="Test User",
roles=[
# Roles required for reading data from bucket
Role(name="data_reader", bucket="*"),
Role(name="query_select", bucket="*"),
# Roles require for writing data to bucket
Role(name="data_writer", bucket=bucket_name),
Role(name="query_insert", bucket=bucket_name),
Role(name="query_delete", bucket=bucket_name),
# Role required for idx creation on bucket
Role(name="query_manage_index", bucket=bucket_name),
],
password=pw)
user_manager.upsert_user(user)
# end::create_user[]
# tag::get_all_users[]
users_metadata = user_manager.get_all_users()
for u in users_metadata:
print("User's display name: {}".format(u.user.display_name))
def do_upsert_user(self, *args, **kwargs):
return self.user_manager.upsert_user(
User(username=args[0], roles=args[1], password=args[2]))
def test_user_and_groups(self):
user_roles = [
Role(name='query_select', bucket='default'),
Role(name='fts_searcher', bucket='default')
]
group_roles = [
Role(name='data_reader', bucket='*'),
Role(name='data_writer', bucket='*')
]
groups = [
Group(name='my-test-group',
roles=group_roles,
description="test group description"),
Group(name='my-test-group-1',
roles=Role(name='admin'),
description="test group description")
]
# add groups
for group in groups:
self.um.upsert_group(group)
self.try_n_times(10, 1, self.um.get_group, group.name)
user_groups = list(map(lambda g: g.name, groups))
# add user
test_user = User(username='******',
roles=user_roles,
groups=user_groups,
password='******')
self.um.upsert_user(test_user, domain_name="local")
# get user
user_metadata = self.try_n_times(10,
1,
self.um.get_user,
test_user.username,
domain_name="local")
# handle 7.0 roles w/ scopes/collections
test_roles = user_roles
if self.supports_collections():
test_roles = []
for r in user_roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata,
user_roles=test_roles,
groups=groups)
# remove group
remove_group = groups.pop()
self.um.drop_group(remove_group.name)
self.try_n_times_till_exception(
10,
1,
self.um.get_group,
remove_group.name,
expected_exceptions=GroupNotFoundException)
# get user to verify roles from removed group are removed
user_metadata = self.try_n_times(10,
1,
self.um.get_user,
test_user.username,
domain_name="local")
# handle 7.0 roles w/ scopes/collections
if self.supports_collections():
test_roles = []
for r in user_roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata,
user_roles=test_roles,
groups=groups)
# cleanup
self.um.drop_user(test_user.username, domain_name="local")
for group in groups:
self.um.drop_group(group.name)
def test_user_scopes_collections(self):
if not self.supports_collections():
raise SkipTest('Only test on Server >= 7.0')
def get_bucket(name):
return self.cluster.bucket(name)
test_bucket = self.try_n_times(10, 3, get_bucket, 'default')
cm = test_bucket.collections()
cm.create_scope('test-scope')
for _ in range(3):
scope = next(
(s for s in cm.get_all_scopes() if s.name == 'test-scope'),
None)
if scope:
break
time.sleep(1)
collection = CollectionSpec('test-collection', scope_name='test-scope')
cm.create_collection(collection)
for _ in range(3):
scope = next(
(s for s in cm.get_all_scopes() if s.name == 'test-scope'),
None)
if scope:
coll = next((c for c in scope.collections
if c.name == 'test-collection'), None)
if coll:
break
time.sleep(1)
username = '******'
password = '******'
roles = [
Role(name='data_reader', bucket='default', scope='test-scope'),
Role(name='data_writer',
bucket='default',
scope='test-scope',
collection='test-collection')
]
initial_user = User(username=username, roles=roles, password=password)
# create user
self.um.upsert_user(initial_user, domain_name="local")
# get single user
user_metadata = self.try_n_times(10,
1,
self.um.get_user,
username,
domain_name="local")
# handle 7.0 roles w/ scopes/collections
test_roles = roles
if self.supports_collections():
test_roles = []
for r in roles:
if not r.collection:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope=r.scope,
collection='*'))
else:
test_roles.append(r)
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata, user_roles=test_roles)
self.um.drop_user(username)
cm.drop_collection(collection)
cm.drop_scope('test-scope')
def test_external_user(self):
"""
test_external_user()
Tests create, retrieve, update and removal
of external (domain_name="external")
Uses *UserOptions() for options
"""
username = '******'
roles = [
Role(name='data_reader', bucket='default'),
Role(name='data_writer', bucket='default')
]
initial_user = User(username=username, roles=roles)
# create user
self.um.upsert_user(initial_user,
UpsertUserOptions(domain_name="external"))
# get user
user_metadata = self.try_n_times(
10, 1, self.um.get_user, username,
GetUserOptions(domain_name="external"))
# handle 7.0 roles w/ scopes/collections
test_roles = roles
if self.supports_collections():
test_roles = []
for r in roles:
test_roles.append(
Role(name=r.name,
bucket=r.bucket,
scope='*',
collection='*'))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata, user_roles=test_roles)
# update user
user = user_metadata.user
user.roles = Role('admin')
self.um.upsert_user(user, UpsertUserOptions(domain_name="external"))
# get user and verify updates
user_metadata = self.try_n_times(
10, 1, self.um.get_user, username,
GetUserOptions(domain_name="external"))
self.assertIsNotNone(user_metadata)
self.validate_user_and_metadata(user_metadata, user_roles=user.roles)
user_update = user_metadata.user
self.assertNotEqual(initial_user, user_update)
# remove user
self.um.drop_user(username, DropUserOptions(domain_name="external"))
self.try_n_times_till_exception(
10,
1,
self.um.get_user,
username,
domain_name="external",
expected_exceptions=UserNotFoundException)
return None
# end::listing-scope-collection[]
cluster = Cluster("couchbase://localhost",
authenticator=PasswordAuthenticator("Administrator",
"password"))
print("scopeAdmin\n")
# tag::scopeAdmin[]
users = cluster.users()
user = User(username="******",
password="******",
display_name="Manage Scopes [travel-sample:*]",
roles=[
Role(name="scope_admin", bucket="travel-sample"),
Role(name="data_reader", bucket="travel-sample")
])
users.upsert_user(user)
# end::scopeAdmin[]
cluster = Cluster("couchbase://localhost",
authenticator=PasswordAuthenticator("scopeAdmin",
"password"))
# tag::create_collections_mgr[]
bucket = cluster.bucket("travel-sample")
coll_manager = bucket.collections()
# end::create_collections_mgr[]