milvus-io
/
milvus
mirror of https://github.com/milvus-io/milvus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update RBAC apis and test cases (#25114) 

Signed-off-by: nico <cheng.yuan@zilliz.com>
pull/25037/head
nico 2023-06-26 15:28:44 +08:00 committed by GitHub
parent c31635a0f8
commit a5734be42b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 59 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
tests/python_client/base/client_base.py
View File

@ -82,6 +82,23 @@ class Base:
except Exception as e:
log.debug(str(e))
try:
""" Drop roles before disconnect """
if not self.connection_wrap.has_connection(alias=DefaultConfig.DEFAULT_USING)[0]:
self.connection_wrap.connect(alias=DefaultConfig.DEFAULT_USING, host=cf.param_info.param_host,
port=cf.param_info.param_port, user=ct.default_user,
password=ct.default_password)
role_list = self.utility_wrap.list_roles(False)[0]
for role in role_list.groups:
role_name = role.role_name
if role_name not in ["admin", "public"]:
each_role = self.utility_wrap.init_role(name=role_name)[0]
each_role.drop()
except Exception as e:
log.debug(str(e))
try:
""" Delete connection and reset configuration"""
res = self.connection_wrap.list_connections()

48
tests/python_client/base/utility_wrapper.py
View File

@ -7,7 +7,7 @@ sys.path.append("..")
from check.func_check import ResponseChecker
from utils.api_request import api_request
from pymilvus import BulkInsertState
from pymilvus import Role
from pymilvus.orm.role import Role
from utils.util_log import test_log as log
TIMEOUT = 20
@ -367,21 +367,6 @@ class ApiUtilityWrapper:
using=using).run()
return res, check_result
def init_role(self, name, using="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, is_succ = api_request([Role, name, using], **kwargs)
self.role = res if is_succ else None
check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
name=name, **kwargs).run()
return res, check_result
def create_role(self, using="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, is_succ = api_request([self.role.create], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
**kwargs).run()
return res, check_result
def list_roles(self, include_user_info: bool, using="default", check_task=None, check_items=None):
func_name = sys._getframe().f_code.co_name
res, is_succ = api_request([self.ut.list_roles, include_user_info, using])
@ -400,6 +385,21 @@ class ApiUtilityWrapper:
check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ, using=using).run()
return res, check_result
def init_role(self, name, using="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, is_succ = api_request([Role, name, using], **kwargs)
self.role = res if is_succ else None
check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
name=name, **kwargs).run()
return res, check_result
def create_role(self, check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, is_succ = api_request([self.role.create], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, is_succ,
**kwargs).run()
return res, check_result
def role_drop(self, check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, check = api_request([self.role.drop], **kwargs)
@ -434,27 +434,27 @@ class ApiUtilityWrapper:
def role_name(self):
return self.role.name
def role_grant(self, object: str, object_name: str, privilege: str, check_task=None, check_items=None, **kwargs):
def role_grant(self, object: str, object_name: str, privilege: str, db_name="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, check = api_request([self.role.grant, object, object_name, privilege], **kwargs)
res, check = api_request([self.role.grant, object, object_name, privilege, db_name], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
return res, check_result
def role_revoke(self, object: str, object_name: str, privilege: str, check_task=None, check_items=None, **kwargs):
def role_revoke(self, object: str, object_name: str, privilege: str, db_name="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, check = api_request([self.role.revoke, object, object_name, privilege], **kwargs)
res, check = api_request([self.role.revoke, object, object_name, privilege, db_name], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
return res, check_result
def role_list_grant(self, object: str, object_name: str, check_task=None, check_items=None, **kwargs):
def role_list_grant(self, object: str, object_name: str, db_name="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, check = api_request([self.role.list_grant, object, object_name], **kwargs)
res, check = api_request([self.role.list_grant, object, object_name, db_name], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
return res, check_result
def role_list_grants(self, check_task=None, check_items=None, **kwargs):
def role_list_grants(self, db_name="default", check_task=None, check_items=None, **kwargs):
func_name = sys._getframe().f_code.co_name
res, check = api_request([self.role.list_grants], **kwargs)
res, check = api_request([self.role.list_grants, db_name], **kwargs)
check_result = ResponseChecker(res, func_name, check_task, check_items, check, **kwargs).run()
return res, check_result

20
tests/python_client/testcases/test_connection.py
View File

@ -1006,9 +1006,10 @@ class TestConnectUserPasswordInvalid(TestcaseBase):
method: connect without parameters of user and password
excepted: connected is false
"""
self.connection_wrap.connect(host=host, port=port, check_task=ct.CheckTasks.ccr)
self.utility_wrap.list_collections(check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 1})
self.connection_wrap.connect(host=host, port=port,
check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 2,
ct.err_msg: "Fail connecting to server"})
@pytest.mark.tags(ct.CaseLabel.RBAC)
@pytest.mark.parametrize("user", ["alice3333"])
@ -1019,9 +1020,9 @@ class TestConnectUserPasswordInvalid(TestcaseBase):
excepted: connected is false
"""
self.connection_wrap.connect(host=host, port=port, user=user, password="abc123",
check_task=ct.CheckTasks.ccr)
self.utility_wrap.list_collections(check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 1})
check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 2,
ct.err_msg: "Fail connecting to server"})
@pytest.mark.tags(ct.CaseLabel.RBAC)
@pytest.mark.parametrize("user", ["anny015"])
@ -1041,6 +1042,7 @@ class TestConnectUserPasswordInvalid(TestcaseBase):
# 3.connect with the created user and wrong password
self.connection_wrap.disconnect(alias=connect_name)
self.connection_wrap.connect(host=host, port=port, user=user, password=ct.default_password)
self.utility_wrap.list_collections(check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 1})
self.connection_wrap.connect(host=host, port=port, user=user, password=ct.default_password,
check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 2,
ct.err_msg: "Fail connecting to server"})

14
tests/python_client/testcases/test_utility.py
View File

@ -2211,10 +2211,10 @@ class TestUtilityUserPassword(TestcaseBase):
self.utility_wrap.create_user(user=user, password="abc123")
self.utility_wrap.delete_user(user=user)
self.connection_wrap.disconnect(alias=connect_name)
self.connection_wrap.connect(host=host, port=port, user=user,
password="abc123", check_task=ct.CheckTasks.ccr)
self.utility_wrap.list_collections(check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 1})
self.connection_wrap.connect(host=host, port=port, user=user, password="abc123",
check_task=ct.CheckTasks.err_res,
check_items={ct.err_code: 2,
ct.err_msg: "Fail connecting to server"})
@pytest.mark.tags(ct.CaseLabel.RBAC)
def test_delete_user_with_invalid_username(self, host, port):
@ -2338,7 +2338,7 @@ class TestUtilityInvalidUserPassword(TestcaseBase):
check_items={ct.err_code: 5})
@pytest.mark.tags(ct.CaseLabel.RBAC)
@pytest.mark.parametrize("user", ["genny"])
@pytest.mark.parametrize("user", ["genny001"])
def test_reset_password_with_invalid_old_password(self, host, port, user):
"""
target: test the old password when resetting password
@ -2353,7 +2353,7 @@ class TestUtilityInvalidUserPassword(TestcaseBase):
check_items={ct.err_code: 30})
@pytest.mark.tags(ct.CaseLabel.RBAC)
@pytest.mark.parametrize("user", ["hobo89"])
@pytest.mark.parametrize("user", ["hobo233"])
@pytest.mark.parametrize("old_password", ["qwaszx0"])
def test_update_password_with_invalid_username(self, host, port, user, old_password):
"""
@ -2374,7 +2374,7 @@ class TestUtilityInvalidUserPassword(TestcaseBase):
check_items={ct.err_code: 30})
@pytest.mark.tags(ct.CaseLabel.RBAC)
@pytest.mark.parametrize("user", ["demo"])
@pytest.mark.parametrize("user", ["demo001"])
@pytest.mark.parametrize("old_password", ["qwaszx0"])
@pytest.mark.parametrize("new_password", ["12345"])
def test_update_password_with_invalid_new_password(self, host, port, user, old_password, new_password):