memgraph/tests/e2e/fine_grained_access/common.py

# Copyright 2023 Memgraph Ltd.
#
# Use of this software is governed by the Business Source License
# included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
# License, and you may not use this file except in compliance with the Business Source License.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0, included in the file
# licenses/APL.txt.

import mgclient


def switch_db(cursor):
    execute_and_fetch_all(cursor, "USE DATABASE clean;")


def create_multi_db(cursor, switch):
    execute_and_fetch_all(cursor, "USE DATABASE memgraph;")
    try:
        execute_and_fetch_all(cursor, "DROP DATABASE clean;")
    except:
        pass
    execute_and_fetch_all(cursor, "CREATE DATABASE clean;")
    if switch:
        switch_db(cursor)
        reset_and_prepare(cursor)
        execute_and_fetch_all(cursor, "USE DATABASE memgraph;")


def reset_and_prepare(admin_cursor):
    execute_and_fetch_all(admin_cursor, "REVOKE LABELS * FROM user;")
    execute_and_fetch_all(admin_cursor, "REVOKE EDGE_TYPES * FROM user;")
    execute_and_fetch_all(admin_cursor, "MATCH(n) DETACH DELETE n;")
    execute_and_fetch_all(admin_cursor, "CREATE (n:test_delete {name: 'test1'});")
    execute_and_fetch_all(admin_cursor, "CREATE (n:test_delete_1)-[r:edge_type_delete]->(m:test_delete_2);")


def execute_and_fetch_all(cursor, query):
    cursor.execute(query)
    return cursor.fetchall()


def connect(**kwargs):
    connection = mgclient.connect(host="localhost", port=7687, **kwargs)
    connection.autocommit = True
    return connection
Add multi-tenancy v1 (#952) * Decouple BoltSession and communication::bolt::Session * Add CREATE/USE/DROP DATABASE * Add SHOW DATABASES * Cover WebSocket session * Simple session safety implemented via RWLock * Storage symlinks for backward. compatibility * Extend the audit log with the DB info * Add auth part * Add tenant recovery 2023-08-02 00:49:11 +08:00			`# Copyright 2023 Memgraph Ltd.`
[E129-MG <-T0982-MG] implement edge type filtering (#489) * GRANT, REVOKE, DENY and access_checker DONE * Added AccessChecker to ExecutionContext * grammar expanded; (#462) * current * T0954 mg expand user and role to hold permissions on labels (#465) * added FineGrainedAccessPermissions class to model * expanded user and role with fine grained access permissions * fixed grammar * [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464) * GRANT, DENY, REVOKE added in interpreter and mainVisitor * Commented labelPermissons * remove labelsPermission adding * Fixed * Removed extra lambda * fixed * [E129<-T0955-MG] Expand ExecutionContext with label related information (#467) * added * Added FineGrainedAccessChecker to Context * fixed * Added filtering * testing * Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp * Removed storage changes * MATCH filtering working * EdgeTypeFiltering working, just need to test everything again * Removed FineGrainedAccessChecker * Removed Expand Path * Fix * Tested FineGrainedAccessHandler, need to test AuthChecker * Added integration test for lba * Fixed merge conflicts * PR fix * fixed * PR fix * Fix test * removed .vscode, .cache, .githooks * githooks * added tests * fixed build * Changed ast.lcp and User pointer to value in context.hpp * Fixed test * Remove denies on grant all * AuthChecker * Pr fix, auth_checker still not fixed * Create mg-glue and extract UserBasedAuthChecker from AuthChecker * Build fixed, need to fix test * e2e tests * e2e test working * Added unit test, e2e and FineGrainedChecker * Mege E129, auth_checker tests * Fixed test * e2e fix Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com> Co-authored-by: josipmrden <josip.mrden@external-basf.com> Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io> 2022-08-16 21:57:23 +08:00			`#`
			`# Use of this software is governed by the Business Source License`
			`# included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source`
			`# License, and you may not use this file except in compliance with the Business Source License.`
			`#`
			`# As of the Change Date specified in that file, in accordance with`
			`# the Business Source License, use of this software will be governed`
			`# by the Apache License, Version 2.0, included in the file`
			`# licenses/APL.txt.`
[E129-MG < T1007-MG] Expand Cursors with LBA checks (#524) * [T1007-MG < T0997-MG] Authorization on paths (#501) * Added read authorization in paths operators * [T1007-MG < T1016-MG] Added authorization in create and delete operators (#513) * Added authorization in RemoveNodeCursor, RemoveExpandCursor, CreateNodeCursor, CreateExpandCursor,MergeCursor * [T1007-MG < T1014-MG] Add authorization to read operators (#520) Added label based access control to read operators (ScanAll). * [T1007-MG < T1015-MG] Add authorization to update operators (SetProperty, SetProperties, RemoveProperty) (#521) Added label based authorization to update operators Co-authored-by: niko4299 <51059248+niko4299@users.noreply.github.com> Co-authored-by: Josip Mrden <josip.mrden@memgraph.io> 2022-09-02 23:12:07 +08:00
[E129-MG <-T0982-MG] implement edge type filtering (#489) * GRANT, REVOKE, DENY and access_checker DONE * Added AccessChecker to ExecutionContext * grammar expanded; (#462) * current * T0954 mg expand user and role to hold permissions on labels (#465) * added FineGrainedAccessPermissions class to model * expanded user and role with fine grained access permissions * fixed grammar * [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464) * GRANT, DENY, REVOKE added in interpreter and mainVisitor * Commented labelPermissons * remove labelsPermission adding * Fixed * Removed extra lambda * fixed * [E129<-T0955-MG] Expand ExecutionContext with label related information (#467) * added * Added FineGrainedAccessChecker to Context * fixed * Added filtering * testing * Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp * Removed storage changes * MATCH filtering working * EdgeTypeFiltering working, just need to test everything again * Removed FineGrainedAccessChecker * Removed Expand Path * Fix * Tested FineGrainedAccessHandler, need to test AuthChecker * Added integration test for lba * Fixed merge conflicts * PR fix * fixed * PR fix * Fix test * removed .vscode, .cache, .githooks * githooks * added tests * fixed build * Changed ast.lcp and User pointer to value in context.hpp * Fixed test * Remove denies on grant all * AuthChecker * Pr fix, auth_checker still not fixed * Create mg-glue and extract UserBasedAuthChecker from AuthChecker * Build fixed, need to fix test * e2e tests * e2e test working * Added unit test, e2e and FineGrainedChecker * Mege E129, auth_checker tests * Fixed test * e2e fix Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com> Co-authored-by: josipmrden <josip.mrden@external-basf.com> Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io> 2022-08-16 21:57:23 +08:00			`import mgclient`


Add multi-tenancy v1 (#952) * Decouple BoltSession and communication::bolt::Session * Add CREATE/USE/DROP DATABASE * Add SHOW DATABASES * Cover WebSocket session * Simple session safety implemented via RWLock * Storage symlinks for backward. compatibility * Extend the audit log with the DB info * Add auth part * Add tenant recovery 2023-08-02 00:49:11 +08:00			`def switch_db(cursor):`
			`execute_and_fetch_all(cursor, "USE DATABASE clean;")`


			`def create_multi_db(cursor, switch):`
			`execute_and_fetch_all(cursor, "USE DATABASE memgraph;")`
			`try:`
			`execute_and_fetch_all(cursor, "DROP DATABASE clean;")`
			`except:`
			`pass`
			`execute_and_fetch_all(cursor, "CREATE DATABASE clean;")`
			`if switch:`
			`switch_db(cursor)`
			`reset_and_prepare(cursor)`
			`execute_and_fetch_all(cursor, "USE DATABASE memgraph;")`


[E129-MG < T1007-MG] Expand Cursors with LBA checks (#524) * [T1007-MG < T0997-MG] Authorization on paths (#501) * Added read authorization in paths operators * [T1007-MG < T1016-MG] Added authorization in create and delete operators (#513) * Added authorization in RemoveNodeCursor, RemoveExpandCursor, CreateNodeCursor, CreateExpandCursor,MergeCursor * [T1007-MG < T1014-MG] Add authorization to read operators (#520) Added label based access control to read operators (ScanAll). * [T1007-MG < T1015-MG] Add authorization to update operators (SetProperty, SetProperties, RemoveProperty) (#521) Added label based authorization to update operators Co-authored-by: niko4299 <51059248+niko4299@users.noreply.github.com> Co-authored-by: Josip Mrden <josip.mrden@memgraph.io> 2022-09-02 23:12:07 +08:00			`def reset_and_prepare(admin_cursor):`
			`execute_and_fetch_all(admin_cursor, "REVOKE LABELS * FROM user;")`
			`execute_and_fetch_all(admin_cursor, "REVOKE EDGE_TYPES * FROM user;")`
			`execute_and_fetch_all(admin_cursor, "MATCH(n) DETACH DELETE n;")`
			`execute_and_fetch_all(admin_cursor, "CREATE (n:test_delete {name: 'test1'});")`
			`execute_and_fetch_all(admin_cursor, "CREATE (n:test_delete_1)-[r:edge_type_delete]->(m:test_delete_2);")`


[E129-MG <-T0982-MG] implement edge type filtering (#489) * GRANT, REVOKE, DENY and access_checker DONE * Added AccessChecker to ExecutionContext * grammar expanded; (#462) * current * T0954 mg expand user and role to hold permissions on labels (#465) * added FineGrainedAccessPermissions class to model * expanded user and role with fine grained access permissions * fixed grammar * [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464) * GRANT, DENY, REVOKE added in interpreter and mainVisitor * Commented labelPermissons * remove labelsPermission adding * Fixed * Removed extra lambda * fixed * [E129<-T0955-MG] Expand ExecutionContext with label related information (#467) * added * Added FineGrainedAccessChecker to Context * fixed * Added filtering * testing * Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp * Removed storage changes * MATCH filtering working * EdgeTypeFiltering working, just need to test everything again * Removed FineGrainedAccessChecker * Removed Expand Path * Fix * Tested FineGrainedAccessHandler, need to test AuthChecker * Added integration test for lba * Fixed merge conflicts * PR fix * fixed * PR fix * Fix test * removed .vscode, .cache, .githooks * githooks * added tests * fixed build * Changed ast.lcp and User pointer to value in context.hpp * Fixed test * Remove denies on grant all * AuthChecker * Pr fix, auth_checker still not fixed * Create mg-glue and extract UserBasedAuthChecker from AuthChecker * Build fixed, need to fix test * e2e tests * e2e test working * Added unit test, e2e and FineGrainedChecker * Mege E129, auth_checker tests * Fixed test * e2e fix Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com> Co-authored-by: josipmrden <josip.mrden@external-basf.com> Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io> 2022-08-16 21:57:23 +08:00			`def execute_and_fetch_all(cursor, query):`
			`cursor.execute(query)`
			`return cursor.fetchall()`


			`def connect(**kwargs):`
			`connection = mgclient.connect(host="localhost", port=7687, **kwargs)`
			`connection.autocommit = True`
			`return connection`