diff --git a/dgraphtest/cluster.go b/dgraphtest/cluster.go index 260a175aaa2..34b1d9c7e88 100644 --- a/dgraphtest/cluster.go +++ b/dgraphtest/cluster.go @@ -74,9 +74,9 @@ type GraphQLResponse struct { Extensions map[string]interface{} `json:"extensions,omitempty"` } -func (hc *HTTPClient) LoginIntoNamespace(user, password string, ns uint64) error { +func (hc *HTTPClient) LoginIntoNamespace(user, password string, ns uint64, refreshToken string) error { q := `mutation login($userId: String, $password: String, $namespace: Int) { - login(userId: $userId, password: $password, namespace: $namespace) { + login(userId: $userId, password: $password, namespace: $namespace ,refreshToken: $refreshToken) { response { accessJWT refreshJWT diff --git a/ee/acl/acl_curl_test.go b/ee/acl/acl_curl_test.go index 65ffdb80d38..4124f6ecd75 100644 --- a/ee/acl/acl_curl_test.go +++ b/ee/acl/acl_curl_test.go @@ -24,33 +24,32 @@ import ( "github.com/dgraph-io/dgraph/dgraphtest" "github.com/dgraph-io/dgraph/testutil" - "github.com/dgraph-io/dgraph/x" ) var adminEndpoint string func (suite *AclTestSuite) TestCurlAuthorization() { t := suite.T() - ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second) - defer cancel() if testing.Short() { t.Skip("skipping because -short=true") } - - glog.Infof("testing with port %s", testutil.SockAddr) + ctx, cancel := context.WithTimeout(context.Background(), 100*time.Second) + defer cancel() + // glog.Infof("testing with port %s", testutil.SockAddr) gc, cleanup, err := suite.dc.Client() require.NoError(t, err) defer cleanup() - require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) createAccountAndData(t, gc, hc) // test query through curl - - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, 0)) - + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace, "")) // No ACL rules are specified, so query should return empty response, // alter and mutate should fail. queryArgs := func(jwt string) []string { @@ -58,7 +57,7 @@ func (suite *AclTestSuite) TestCurlAuthorization() { "-H", "Content-Type: application/dql", "-d", query, testutil.SockAddrHttp + "/query"} } - testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) @@ -71,7 +70,7 @@ func (suite *AclTestSuite) TestCurlAuthorization() { } - testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) @@ -80,7 +79,7 @@ func (suite *AclTestSuite) TestCurlAuthorization() { return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt), "-d", fmt.Sprintf(`%s: int .`, predicateToAlter), testutil.SockAddrHttp + "/alter"} } - testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) @@ -90,69 +89,60 @@ func (suite *AclTestSuite) TestCurlAuthorization() { // JWT glog.Infof("Sleeping for accessJwt to expire") time.Sleep(expireJwtSleep) - testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) - testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) - testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) // login again using the refreshJwt - token, err = testutil.HttpLogin(&testutil.LoginParams{ - Endpoint: adminEndpoint, - RefreshJwt: token.RefreshToken, - Namespace: x.GalaxyNamespace, - }) - require.No + require.NoError(t, hc.LoginIntoNamespace("", "", dgraphtest.GalaxyNamespace, hc.HttpToken.RefreshToken)) require.NoError(t, err, fmt.Sprintf("login through refresh httpToken failed: %v", err)) - createGroupAndAcls(t, unusedGroup, false) + createGroupAndAcls(t, unusedGroup, false, hc) time.Sleep(expireJwtSleep) - testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "Token is expired", }) // refresh the jwts again - token, err = testutil.HttpLogin(&testutil.LoginParams{ - Endpoint: adminEndpoint, - RefreshJwt: token.RefreshToken, - }) + require.NoError(t, hc.LoginIntoNamespace("", "", dgraphtest.GalaxyNamespace, hc.HttpToken.RefreshToken)) + require.NoError(t, err, fmt.Sprintf("login through refresh httpToken failed: %v", err)) // verify that with an ACL rule defined, all the operations except query should // does not have the required permissions be denied when the acsess JWT - testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) - testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) - testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.HttpToken.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: true, DgraphErrMsg: "PermissionDenied", }) - createGroupAndAcls(t, devGroup, true) + createGroupAndAcls(t, devGroup, true, hc) time.Sleep(defaultTimeToSleep) // refresh the jwts again - token, err = testutil.HttpLogin(&testutil.LoginParams{ - Endpoint: adminEndpoint, - RefreshJwt: token.RefreshToken, - }) + require.NoError(t, hc.LoginIntoNamespace("", "", dgraphtest.GalaxyNamespace, hc.HttpToken.RefreshToken)) + require.NoError(t, err, fmt.Sprintf("login through refresh httpToken failed: %v", err)) // verify that the operations should be allowed again through the dev group - testutil.VerifyCurlCmd(t, queryArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, queryArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) - testutil.VerifyCurlCmd(t, mutateArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, mutateArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) - testutil.VerifyCurlCmd(t, alterArgs(token.AccessJwt), &testutil.CurlFailureConfig{ + testutil.VerifyCurlCmd(t, alterArgs(hc.AccessJwt), &testutil.CurlFailureConfig{ ShouldFail: false, }) } diff --git a/ee/acl/acl_integration_test.go b/ee/acl/acl_integration_test.go index dee57a670d7..30e635f0b80 100644 --- a/ee/acl/acl_integration_test.go +++ b/ee/acl/acl_integration_test.go @@ -20,6 +20,7 @@ import ( "github.com/stretchr/testify/require" + "github.com/dgraph-io/dgo/v210/protos/api" "github.com/dgraph-io/dgraph/dgraphtest" "github.com/dgraph-io/dgraph/x" ) @@ -42,7 +43,8 @@ func (suite *AclTestSuite) TestPasswordReturn() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) query := ` query { getCurrentUser { @@ -66,7 +68,8 @@ func (suite *AclTestSuite) TestHealthForAcl() { t := suite.T() hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) params := dgraphtest.GraphQLParams{ Query: ` @@ -87,7 +90,8 @@ func (suite *AclTestSuite) TestHealthForAcl() { assertNonGuardianFailure(t, "health", false, params, hc) // assert data for guardians - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resp, err := hc.RunGraphqlQuery(dgraphtest.GraphQLParams{Query: query}, true) var guardianResp struct { @@ -347,13 +351,15 @@ func (suite *AclTestSuite) TestGuardianOnlyAccessForAdminEndpoints() { params := dgraphtest.GraphQLParams{Query: tcase.query} hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // assert ACL error for non-guardians assertNonGuardianFailure(t, tcase.queryName, !tcase.respIsArray, params, hc) // for guardians, assert non-ACL error or success if tcase.testGuardianAccess { - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resp, err := hc.RunGraphqlQuery(params, true) if tcase.guardianErr == "" { @@ -383,7 +389,8 @@ func (suite *AclTestSuite) TestFailedLogin() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) require.NoError(t, err) @@ -411,28 +418,26 @@ func (suite *AclTestSuite) TestWrongPermission() { defer cleanup() require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) - ruleMutation := ` - _:dev "dgraph.type.Group" . - _:dev "dev" . - _:dev _:rule1 . - _:rule1 "name" . - _:rule1 "9" . - ` - - _, err = gc.Mutate(ruleMutation, true) + mu := &api.Mutation{SetNquads: []byte(` + _:dev "dgraph.type.Group" . + _:dev "dev" . + _:dev _:rule1 . + _:rule1 "name" . + _:rule1 "9" . + `), CommitNow: true} + _, err = gc.Mutate(mu) require.Error(t, err, "Setting permission to 9 should have returned error") require.Contains(t, err.Error(), "Value for this predicate should be between 0 and 7") - ruleMutation = ` - _:dev "dgraph.type.Group" . - _:dev "dev" . - _:dev _:rule1 . - _:rule1 "name" . - _:rule1 "-1" . - ` - - _, err = gc.Mutate(ruleMutation, true) + mu = &api.Mutation{SetNquads: []byte(` + _:dev "dgraph.type.Group" . + _:dev "dev" . + _:dev _:rule1 . + _:rule1 "name" . + _:rule1 "-1" . + `), CommitNow: true} + _, err = gc.Mutate(mu) require.Error(t, err, "Setting permission to -1 should have returned error") require.Contains(t, err.Error(), "Value for this predicate should be between 0 and 7") diff --git a/ee/acl/acl_test.go b/ee/acl/acl_test.go index ceba5fef40d..a291a2a2745 100644 --- a/ee/acl/acl_test.go +++ b/ee/acl/acl_test.go @@ -153,7 +153,7 @@ func (suite *AclTestSuite) TestGetCurrentUser() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace), "login failed") + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, ""), "login failed") currentUser, err := hc.GetCurrentUser() require.Equal(t, currentUser, "groot") // clean up the user to allow repeated running of this test @@ -166,7 +166,7 @@ func (suite *AclTestSuite) TestGetCurrentUser() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, - dgraphtest.GalaxyNamespace), "login failed") + dgraphtest.GalaxyNamespace, ""), "login failed") currentUser, err = hc.GetCurrentUser() require.Equal(t, currentUser, "hamilton") @@ -182,11 +182,11 @@ func (suite *AclTestSuite) TestCreateAndDeleteUsers() { require.NoError(t, err) // adding the user again should fail require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.Equal(t, "error while running admin query: couldn't rewrite mutation addUser because failed to "+ "rewrite mutation payload because id alice already exists for field name inside type User", hc.CreateUser(userid, userpassword).Error()) - // checkUserCount(t, resp.Data, dgraphtest.GalaxyNamespace) + // checkUserCount(t, resp.Data, dgraphtest.GalaxyNamespace,"") // delete the user require.NoError(t, hc.DeleteUser(userid), "error while deleteing user") @@ -195,7 +195,7 @@ func (suite *AclTestSuite) TestCreateAndDeleteUsers() { func resetUser(t *testing.T, hc *dgraphtest.HTTPClient) { require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // clean up the user to allow repeated running of this test require.NoError(t, hc.DeleteUser(userid), "error while deleteing user") glog.Infof("deleted user") @@ -320,7 +320,7 @@ func testAuthorization(t *testing.T, gc *dgraphtest.GrpcClient, hc *dgraphtest.H hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) ctx := context.Background() require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) // initially the query should return empty result, mutate and alter @@ -782,7 +782,7 @@ func (suite *AclTestSuite) TestPredicatePermission() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) @@ -796,7 +796,7 @@ func (suite *AclTestSuite) TestPredicatePermission() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace), "Logging in with the current password should have succeeded") @@ -833,7 +833,7 @@ func (suite *AclTestSuite) TestAccessWithoutLoggingIn() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) @@ -876,7 +876,7 @@ func (suite *AclTestSuite) TestUnauthorizedDeletion() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resetUser(t, hc) @@ -914,7 +914,7 @@ func (suite *AclTestSuite) TestGuardianAccess() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) @@ -963,7 +963,7 @@ func (suite *AclTestSuite) TestGuardianAccess() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, hc.RemoveUserFromGroup("guardian", "guardians")) // gqlResp.RequireNoGraphQLErrors(t) @@ -1029,7 +1029,7 @@ func (suite *AclTestSuite) TestQueryRemoveUnauthorizedPred() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -1172,7 +1172,7 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -1226,7 +1226,7 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) time.Sleep(defaultTimeToSleep) require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) @@ -1243,7 +1243,7 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { // Login to groot to modify accesses (2) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // Add alice to sre group which has read access to and write access to require.NoError(t, hc.AddUserToGroup(userid, sreGroup)) @@ -1252,7 +1252,7 @@ func (suite *AclTestSuite) TestExpandQueryWithACLPermissions() { // Login to groot to modify accesses (3) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // Give read access of and , write access of to dev require.NoError(t, hc.AddRulesToGroup(devGroup, @@ -1275,7 +1275,7 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -1346,7 +1346,7 @@ func (suite *AclTestSuite) TestDeleteQueryWithACLPermissions() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resp, err = gc.Query(query) require.NoError(t, err, "Error while querying data") @@ -1383,7 +1383,7 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -1538,7 +1538,7 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) time.Sleep(defaultTimeToSleep) require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) @@ -1568,7 +1568,7 @@ func (suite *AclTestSuite) TestValQueryWithACLPermissions() { // Login to groot to modify accesses (1) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // Give read access of and to dev require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}, @@ -1598,7 +1598,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -1703,7 +1703,7 @@ func (suite *AclTestSuite) TestAllPredsPermission() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // Give read access of all predicates to dev require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"dgraph.all", Read.Code}})) @@ -1749,7 +1749,7 @@ func (suite *AclTestSuite) TestNewACLPredicates() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) userClient, _, err := suite.dc.Client() @@ -1879,13 +1879,13 @@ func (suite *AclTestSuite) TestDeleteRule() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) userClient, _, err := suite.dc.Client() require.NoError(t, err) time.Sleep(defaultTimeToSleep) @@ -1986,12 +1986,11 @@ func (suite *AclTestSuite) TestNonExistentGroup() { defer cleanup() require.NoError(t, gc.LoginIntoNamespace(ctx, dgraphtest.DefaultUser, dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) - require.NoError(t, gc.DropAll()) hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, hc.AddRulesToGroup(devGroup, []dgraphtest.AclGroupRules{{"name", Read.Code}})) } @@ -2008,9 +2007,9 @@ func (suite *AclTestSuite) TestQueryUserInfo() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace, "")) gqlQuery := ` query { @@ -2093,7 +2092,7 @@ func (suite *AclTestSuite) TestQueryUserInfo() { require.NoError(t, userClient.LoginIntoNamespace(ctx, userid, userpassword, dgraphtest.GalaxyNamespace)) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace, "")) resp, err := userClient.Query(query) require.NoError(t, err, "Error while querying ACL") @@ -2189,7 +2188,7 @@ func (suite *AclTestSuite) TestQueriesWithUserAndGroupOfSameName() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) // Creates a user -- alice @@ -2237,14 +2236,14 @@ func (suite *AclTestSuite) TestQueriesForNonGuardianUserWithoutGroup() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) // Create a new user without any groups, queryGroup should return an empty result. resetUser(t, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace, "")) gqlQuery := ` query { @@ -2462,7 +2461,7 @@ func (suite *AclTestSuite) TestSchemaQueryWithACL() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) resp, err := gc.Query(schemaQuery) require.NoError(t, err) @@ -2495,7 +2494,7 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resetUser(t, hc) addDataAndRules(ctx, t, gc, hc) @@ -2503,7 +2502,7 @@ func (suite *AclTestSuite) TestDeleteUserShouldDeleteUserFromGroup() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, hc.DeleteUser(userid)) @@ -2577,7 +2576,7 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) resetUser(t, hc) addDataAndRules(ctx, t, gc, hc) @@ -2586,7 +2585,7 @@ func (suite *AclTestSuite) TestGroupDeleteShouldDeleteGroupFromUser() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, hc.DeleteGroup("dev-a")) @@ -2649,7 +2648,7 @@ func assertNonGuardianFailure(t *testing.T, queryName string, respIsNull bool, params dgraphtest.GraphQLParams, hc *dgraphtest.HTTPClient) { resetUser(t, hc) - require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace)) + require.NoError(t, hc.LoginIntoNamespace(userid, userpassword, dgraphtest.GalaxyNamespace, "")) gqlResp, err := hc.RunGraphqlQuery(params, true) require.NoError(t, err) require.Len(t, err.Error(), 1) @@ -2682,7 +2681,7 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) groupName := "testGroup" addedRules := []dgraphtest.AclGroupRules{ { @@ -2709,7 +2708,7 @@ func (suite *AclTestSuite) TestAddUpdateGroupWithDuplicateRules() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) updatedRules := []dgraphtest.AclGroupRules{ { Predicate: "test", @@ -2756,7 +2755,7 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) op := api.Operation{Schema: ` name : string @index(exact) . @@ -2785,7 +2784,7 @@ func (suite *AclTestSuite) TestAllowUIDAccess() { uidQuery := ` { - me(func: uid(10dgraphtest.GalaxyNamespace)) { + me(func: uid(10dgraphtest.GalaxyNamespace,"")) { uid name } @@ -2810,7 +2809,7 @@ func (suite *AclTestSuite) TestAddNewPredicate() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) resetUser(t, hc) @@ -2818,7 +2817,7 @@ func (suite *AclTestSuite) TestAddNewPredicate() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) userClient, cancel, err := suite.dc.Client() defer cleanup() require.NoError(t, err) @@ -2853,7 +2852,7 @@ func (suite *AclTestSuite) TestCrossGroupPermission() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) @@ -2960,7 +2959,7 @@ func (suite *AclTestSuite) TestMutationWithValueVar() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.NoError(t, gc.DropAll()) err = gc.Alter(ctx, &api.Operation{ Schema: ` @@ -3056,7 +3055,7 @@ func (suite *AclTestSuite) TestDeleteGuardiansGroupShouldFail() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) @@ -3064,7 +3063,7 @@ func (suite *AclTestSuite) TestDeleteGuardiansGroupShouldFail() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.Contains(t, hc.DeleteGroup("guardians").Error(), "guardians group and groot user cannot be deleted.") @@ -3082,13 +3081,13 @@ func (suite *AclTestSuite) TestDeleteGrootUserShouldFail() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.Contains(t, hc.DeleteUser("groot").Error(), "guardians group and groot user cannot be deleted.") } @@ -3105,13 +3104,13 @@ func (suite *AclTestSuite) TestDeleteGrootUserFromGuardiansGroupShouldFail() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) require.Contains(t, hc.RemoveUserFromGroup("groot", "guardians").Error(), "guardians group and groot user cannot be deleted.") @@ -3129,7 +3128,7 @@ func (suite *AclTestSuite) TestDeleteGrootAndGuardiansUsingDelNQuadShouldFail() hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() @@ -3174,7 +3173,7 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { hc, err := suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) addDataAndRules(ctx, t, gc, hc) suite.Upgrade(hc) gc, cleanup, err = suite.dc.Client() @@ -3196,7 +3195,7 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) deleteGuardiansGroupAndGrootUserShouldFail(t, hc) // Try Drop Data @@ -3211,6 +3210,6 @@ func (suite *AclTestSuite) TestDropAllShouldResetGuardiansAndGroot() { hc, err = suite.dc.HTTPClient() require.NoError(t, err) require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, - dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace)) + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) deleteGuardiansGroupAndGrootUserShouldFail(t, hc) } diff --git a/systest/incremental-restore/incremental_restore_test.go b/systest/incremental-restore/incremental_restore_test.go index 1fdea1ed58b..06f25520c93 100644 --- a/systest/incremental-restore/incremental_restore_test.go +++ b/systest/incremental-restore/incremental_restore_test.go @@ -46,7 +46,8 @@ func TestIncrementalRestore(t *testing.T) { hc, err := c.HTTPClient() require.NoError(t, err) - require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, dgraphtest.DefaultPassword, 0)) + require.NoError(t, hc.LoginIntoNamespace(dgraphtest.DefaultUser, + dgraphtest.DefaultPassword, dgraphtest.GalaxyNamespace, "")) uids := []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20} c.AssignUids(gc.Dgraph, uint64(len(uids)))