memgraph/tests/e2e/fine_grained_access/workloads.yaml
andrejtonev 6a4ef55e90
Better auth user/role handling (#1699)
* Stop auth module from creating users
* Explicit about auth policy (check if no users defined OR auth module used)
* Role supports database access definition
* Authenticate() returns user or role
* AuthChecker generates QueryUserOrRole (can be empty)
* QueryUserOrRole actually authorizes
* Add auth cache invalidation
* Better database access queries (GRANT, DENY, REVOKE DATABASE)
2024-02-22 14:00:39 +00:00

189 lines
8.0 KiB
YAML

args: &args
- "--bolt-port"
- "7687"
- "--log-level=TRACE"
create_delete_filtering_setup_queries: &create_delete_filtering_setup_queries
- "CREATE USER admin IDENTIFIED BY 'test';"
- "CREATE USER user IDENTIFIED BY 'test';"
- "GRANT ALL PRIVILEGES TO admin;"
- "GRANT DATABASE * TO admin;"
- "GRANT ALL PRIVILEGES TO user;"
- "GRANT DATABASE * TO user;"
edge_type_filtering_setup_queries: &edge_type_filtering_setup_queries
- "CREATE USER admin IDENTIFIED BY 'test';"
- "CREATE USER user IDENTIFIED BY 'test';"
- "GRANT ALL PRIVILEGES TO admin;"
- "GRANT DATABASE * TO admin;"
- "GRANT ALL PRIVILEGES TO user;"
- "GRANT DATABASE * TO user;"
- "GRANT CREATE_DELETE ON LABELS * TO admin;"
- "GRANT CREATE_DELETE ON EDGE_TYPES * TO admin;"
- "MERGE (l1:label1 {name: 'test1'});"
- "MERGE (l2:label2 {name: 'test2'});"
- "MATCH (l1:label1),(l2:label2) WHERE l1.name = 'test1' AND l2.name = 'test2' CREATE (l1)-[r:edgeType1]->(l2);"
- "MERGE (l3:label3 {name: 'test3'});"
- "MATCH (l1:label1),(l3:label3) WHERE l1.name = 'test1' AND l3.name = 'test3' CREATE (l1)-[r:edgeType2]->(l3);"
- "MERGE (mix:label3:label1 {name: 'test4'});"
- "MATCH (l1:label1),(mix:label3) WHERE l1.name = 'test1' AND mix.name = 'test4' CREATE (l1)-[r:edgeType2]->(mix);"
- "CREATE DATABASE clean;"
- "USE DATABASE clean"
- "MATCH (n) DETACH DELETE n;"
- "MERGE (l1:label1 {name: 'test1'});"
- "MERGE (l2:label2 {name: 'test2'});"
- "MATCH (l1:label1),(l2:label2) WHERE l1.name = 'test1' AND l2.name = 'test2' CREATE (l1)-[r:edgeType1]->(l2);"
- "MERGE (l3:label3 {name: 'test3'});"
- "MATCH (l1:label1),(l3:label3) WHERE l1.name = 'test1' AND l3.name = 'test3' CREATE (l1)-[r:edgeType2]->(l3);"
- "MERGE (mix:label3:label1 {name: 'test4'});"
- "MATCH (l1:label1),(mix:label3) WHERE l1.name = 'test1' AND mix.name = 'test4' CREATE (l1)-[r:edgeType2]->(mix);"
- "USE DATABASE memgraph"
path_filtering_setup_queries: &path_filtering_setup_queries
- "CREATE USER admin IDENTIFIED BY 'test';"
- "CREATE USER user IDENTIFIED BY 'test';"
- "GRANT ALL PRIVILEGES TO admin;"
- "GRANT DATABASE * TO admin;"
- "GRANT ALL PRIVILEGES TO user;"
- "GRANT DATABASE * TO user;"
- "MERGE (a:label0 {id: 0}) MERGE (b:label1 {id: 1}) CREATE (a)-[:edge_type_1 {weight: 6}]->(b);"
- "MERGE (a:label0 {id: 0}) MERGE (b:label2 {id: 2}) CREATE (a)-[:edge_type_1 {weight: 14}]->(b);"
- "MERGE (a:label1 {id: 1}) MERGE (b:label2 {id: 2}) CREATE (a)-[:edge_type_2 {weight: 1}]->(b);"
- "MERGE (a:label2 {id: 2}) MERGE (b:label3 {id: 4}) CREATE (a)-[:edge_type_2 {weight: 10}]->(b);"
- "MERGE (a:label1 {id: 1}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_3 {weight: 5}]->(b);"
- "MERGE (a:label2 {id: 2}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_3 {weight: 7}]->(b);"
- "MERGE (a:label3 {id: 3}) MERGE (b:label3 {id: 4}) CREATE (a)-[:edge_type_4 {weight: 1}]->(b);"
- "MERGE (a:label3 {id: 4}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_4 {weight: 1}]->(b);"
- "MERGE (a:label3 {id: 3}) MERGE (b:label4 {id: 5}) CREATE (a)-[:edge_type_4 {weight: 14}]->(b);"
- "MERGE (a:label3 {id: 4}) MERGE (b:label4 {id: 5}) CREATE (a)-[:edge_type_4 {weight: 8}]->(b);"
- "CREATE DATABASE clean;"
- "USE DATABASE clean"
- "MATCH (n) DETACH DELETE n;"
- "MERGE (a:label0 {id: 0}) MERGE (b:label1 {id: 1}) CREATE (a)-[:edge_type_1 {weight: 6}]->(b);"
- "MERGE (a:label0 {id: 0}) MERGE (b:label2 {id: 2}) CREATE (a)-[:edge_type_1 {weight: 14}]->(b);"
- "MERGE (a:label1 {id: 1}) MERGE (b:label2 {id: 2}) CREATE (a)-[:edge_type_2 {weight: 1}]->(b);"
- "MERGE (a:label2 {id: 2}) MERGE (b:label3 {id: 4}) CREATE (a)-[:edge_type_2 {weight: 10}]->(b);"
- "MERGE (a:label1 {id: 1}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_3 {weight: 5}]->(b);"
- "MERGE (a:label2 {id: 2}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_3 {weight: 7}]->(b);"
- "MERGE (a:label3 {id: 3}) MERGE (b:label3 {id: 4}) CREATE (a)-[:edge_type_4 {weight: 1}]->(b);"
- "MERGE (a:label3 {id: 4}) MERGE (b:label3 {id: 3}) CREATE (a)-[:edge_type_4 {weight: 1}]->(b);"
- "MERGE (a:label3 {id: 3}) MERGE (b:label4 {id: 5}) CREATE (a)-[:edge_type_4 {weight: 14}]->(b);"
- "MERGE (a:label3 {id: 4}) MERGE (b:label4 {id: 5}) CREATE (a)-[:edge_type_4 {weight: 8}]->(b);"
- "USE DATABASE memgraph"
show_databases_w_user_setup_queries: &show_databases_w_user_setup_queries
- "CREATE USER admin IDENTIFIED BY 'test';"
- "CREATE USER user IDENTIFIED BY 'test';"
- "CREATE USER user2 IDENTIFIED BY 'test';"
- "CREATE USER user3 IDENTIFIED BY 'test';"
- "CREATE DATABASE db1;"
- "CREATE DATABASE db2;"
- "GRANT ALL PRIVILEGES TO admin;"
- "GRANT DATABASE * TO admin;"
- "GRANT ALL PRIVILEGES TO user;"
- "GRANT DATABASE db1 TO user;"
- "GRANT ALL PRIVILEGES TO user2;"
- "GRANT DATABASE db2 TO user2;"
- "GRANT DATABASE memgraph TO user2;"
- "REVOKE DATABASE memgraph FROM user2;"
- "SET MAIN DATABASE db2 FOR user2"
- "GRANT ALL PRIVILEGES TO user3;"
- "GRANT DATABASE * TO user3;"
- "DENY DATABASE memgraph FROM user3;"
- "SET MAIN DATABASE db1 FOR user3"
create_delete_filtering_in_memory_cluster: &create_delete_filtering_in_memory_cluster
cluster:
main:
args: *args
log_file: "fine_grained_access.log"
setup_queries: *create_delete_filtering_setup_queries
validation_queries: []
create_delete_filtering_disk_cluster: &create_delete_filtering_disk_cluster
cluster:
main:
args: *args
log_file: "disk_fine_grained_access.log"
setup_queries:
- "STORAGE MODE ON_DISK_TRANSACTIONAL"
- *create_delete_filtering_setup_queries
validation_queries: []
edge_type_filtering_in_memory_cluster: &edge_type_filtering_in_memory_cluster
cluster:
main:
args: *args
log_file: "fine_grained_access.log"
setup_queries: *edge_type_filtering_setup_queries
validation_queries: []
edge_type_filtering_disk_cluster: &edge_type_filtering_disk_cluster
cluster:
main:
args: *args
log_file: "disk_fine_grained_access.log"
setup_queries:
- "STORAGE MODE ON_DISK_TRANSACTIONAL"
- *edge_type_filtering_setup_queries
validation_queries: []
path_filtering_in_memory_cluster: &path_filtering_in_memory_cluster
cluster:
main:
args: *args
log_file: "fine_grained_access.log"
setup_queries: *path_filtering_setup_queries
path_filtering_disk_cluster: &path_filtering_disk_cluster
cluster:
main:
args: *args
log_file: "disk_fine_grained_access.log"
setup_queries:
- "STORAGE MODE ON_DISK_TRANSACTIONAL"
- *path_filtering_setup_queries
show_databases_w_user: &show_databases_w_user
cluster:
main:
args: *args
log_file: "fine_grained_access.log"
setup_queries: *show_databases_w_user_setup_queries
workloads:
- name: "Create delete filtering"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/create_delete_filtering_tests.py"]
<<: *create_delete_filtering_in_memory_cluster
- name: "Create delete filtering on disk"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/create_delete_filtering_tests.py"]
<<: *create_delete_filtering_disk_cluster
- name: "EdgeType filtering"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/edge_type_filtering_tests.py"]
<<: *edge_type_filtering_in_memory_cluster
- name: "EdgeType filtering on disk"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/edge_type_filtering_tests.py"]
<<: *edge_type_filtering_disk_cluster
- name: "Path filtering"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/path_filtering_tests.py"]
<<: *path_filtering_in_memory_cluster
- name: "Show databases with users"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/show_db.py"]
<<: *show_databases_w_user
- name: "Path filtering on disk"
binary: "tests/e2e/pytest_runner.sh"
args: ["fine_grained_access/path_filtering_tests.py"]
<<: *path_filtering_disk_cluster