d008a2ad8d
* [T1007-MG < T0997-MG] Authorization on paths (#501) * Added read authorization in paths operators * [T1007-MG < T1016-MG] Added authorization in create and delete operators (#513) * Added authorization in RemoveNodeCursor, RemoveExpandCursor, CreateNodeCursor, CreateExpandCursor,MergeCursor * [T1007-MG < T1014-MG] Add authorization to read operators (#520) Added label based access control to read operators (ScanAll). * [T1007-MG < T1015-MG] Add authorization to update operators (SetProperty, SetProperties, RemoveProperty) (#521) Added label based authorization to update operators Co-authored-by: niko4299 <51059248+niko4299@users.noreply.github.com> Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
107 lines
3.7 KiB
YAML
107 lines
3.7 KiB
YAML
template_cluster: &template_cluster
|
|
cluster:
|
|
main:
|
|
args: ["--bolt-port", "7687", "--log-level=TRACE"]
|
|
log_file: "lba-e2e.log"
|
|
setup_queries:
|
|
- "Create (:Label1 {id: 1}) ;"
|
|
- "Create (:Label1 {id: 2}) ;"
|
|
- "Create (:Label1 {id: 3}) ;"
|
|
- "Create (:Label1 {id: 4}) ;"
|
|
- "Create (:Label1 {id: 5}) ;"
|
|
- "Create (:Label1 {id: 6}) ;"
|
|
- "Create (:Label2 {id: 1}) ;"
|
|
- "Create (:Label2 {id: 2}) ;"
|
|
- "Create (:Label2 {id: 3}) ;"
|
|
- "Create (:Label2 {id: 4}) ;"
|
|
- "Create User Josip ;"
|
|
- "Create User Boris ;"
|
|
- "Grant Read On Labels :Label1 to Boris;"
|
|
validation_queries: []
|
|
|
|
show_privileges_cluster: &show_privileges_cluster
|
|
cluster:
|
|
main:
|
|
args: ["--bolt-port", "7687", "--log-level=TRACE"]
|
|
log_file: "lba-e2e.log"
|
|
setup_queries:
|
|
- "Create User Josip;"
|
|
- "Grant Read On Labels :Label1 to Josip;"
|
|
- "Deny Read On Labels :Label2 to Josip;"
|
|
- "Grant Update On Labels :Label3 to Josip;"
|
|
- "Deny Update On Labels :Label4 to Josip;"
|
|
- "Grant Create_Delete On Labels :Label5 to Josip;"
|
|
- "Deny Create_Delete On Labels :Label6 to Josip;"
|
|
- "Grant Create_Delete On Labels :Label7 to Josip;"
|
|
- "Deny Read On Labels :Label7 to Josip;"
|
|
|
|
- "Create User Boris;"
|
|
- "Grant Auth to Boris;"
|
|
- "Grant Read On Labels :Label1 to Boris;"
|
|
- "Deny Read On Labels :Label2 to Boris;"
|
|
- "Grant Update On Labels :Label3 to Boris;"
|
|
- "Deny Update On Labels :Label4 to Boris;"
|
|
- "Grant Create_Delete On Labels :Label5 to Boris;"
|
|
- "Deny Create_Delete On Labels :Label6 to Boris;"
|
|
- "Grant Create_Delete On Labels :Label7 to Boris;"
|
|
- "Deny Read On Labels :Label7 to Boris;"
|
|
|
|
- "Create User Niko;"
|
|
- "Grant Auth to Niko;"
|
|
- "Grant Create_Delete On Labels * to Niko"
|
|
- "Deny Update On Labels * to Niko"
|
|
|
|
- "Create User Bruno;"
|
|
- "Grant Auth to Bruno;"
|
|
- "Deny Create_Delete On Labels * to Bruno"
|
|
|
|
read_permission_queries: &read_permission_queries
|
|
cluster:
|
|
main:
|
|
args: ["--bolt-port", "7687", "--log-level=TRACE"]
|
|
log_file: "lba-e2e.log"
|
|
setup_queries:
|
|
- "CREATE USER admin IDENTIFIED BY 'test';"
|
|
- "GRANT ALL PRIVILEGES TO admin;"
|
|
- "CREATE USER user IDENTIFIED BY 'test';"
|
|
- "GRANT ALL PRIVILEGES TO user;"
|
|
validation_queries: []
|
|
|
|
update_permission_queries_cluster: &update_permission_queries_cluster
|
|
cluster:
|
|
main:
|
|
args: ["--bolt-port", "7687", "--log-level=TRACE"]
|
|
log_file: "lba-e2e.log"
|
|
setup_queries:
|
|
- "CREATE USER admin IDENTIFIED BY 'test';"
|
|
- "GRANT ALL PRIVILEGES TO admin;"
|
|
- "CREATE USER user IDENTIFIED BY 'test'"
|
|
- "GRANT ALL PRIVILEGES TO user;"
|
|
|
|
validation_queries: []
|
|
|
|
workloads:
|
|
- name: "Label-based auth"
|
|
binary: "tests/e2e/pytest_runner.sh"
|
|
proc: "tests/e2e/lba_procedures/procedures/"
|
|
args: ["lba_procedures/lba_procedures.py"]
|
|
<<: *template_cluster
|
|
|
|
- name: "show-privileges"
|
|
binary: "tests/e2e/pytest_runner.sh"
|
|
proc: "tests/e2e/lba_procedures/procedures/"
|
|
args: ["lba_procedures/show_privileges.py"]
|
|
<<: *show_privileges_cluster
|
|
|
|
- name: "read-permission-queries"
|
|
binary: "tests/e2e/pytest_runner.sh"
|
|
proc: "tests/e2e/lba_procedures/procedures/"
|
|
args: ["lba_procedures/read_permission_queries.py"]
|
|
<<: *read_permission_queries
|
|
|
|
- name: "update-permission-queries"
|
|
binary: "tests/e2e/pytest_runner.sh"
|
|
proc: "tests/e2e/lba_procedures/procedures/"
|
|
args: ["lba_procedures/update_permission_queries.py"]
|
|
<<: *update_permission_queries_cluster
|