@cubejs-backend/testing 0.36.9 → 0.36.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/birdbox-fixtures/rbac/cube.js +27 -0
- package/birdbox-fixtures/rbac/model/cubes/line_items.js +76 -0
- package/birdbox-fixtures/rbac/model/cubes/orders.js +76 -0
- package/birdbox-fixtures/rbac/model/cubes/orders_open.yaml +19 -0
- package/birdbox-fixtures/rbac/model/cubes/users.yaml +49 -0
- package/birdbox-fixtures/rbac/model/views/views.yaml +37 -0
- package/package.json +7 -6
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module.exports = {
|
|
2
|
+
contextToRoles: async (context) => context.securityContext.auth?.roles || [],
|
|
3
|
+
checkSqlAuth: async (req, user, password) => {
|
|
4
|
+
if (user === 'admin') {
|
|
5
|
+
if (password && password !== 'admin_password') {
|
|
6
|
+
throw new Error(`Password doesn't match for ${user}`);
|
|
7
|
+
}
|
|
8
|
+
return {
|
|
9
|
+
password,
|
|
10
|
+
superuser: true,
|
|
11
|
+
securityContext: {
|
|
12
|
+
auth: {
|
|
13
|
+
username: 'admin',
|
|
14
|
+
userAttributes: {
|
|
15
|
+
region: 'CA',
|
|
16
|
+
city: 'Fresno',
|
|
17
|
+
canHaveAdmin: true,
|
|
18
|
+
minDefaultId: 10000,
|
|
19
|
+
},
|
|
20
|
+
roles: ['admin', 'ownder', 'hr'],
|
|
21
|
+
},
|
|
22
|
+
},
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
throw new Error(`User "${user}" doesn't exist`);
|
|
26
|
+
}
|
|
27
|
+
};
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
cube('line_items', {
|
|
2
|
+
sql_table: 'public.line_items',
|
|
3
|
+
|
|
4
|
+
data_source: 'default',
|
|
5
|
+
|
|
6
|
+
joins: {
|
|
7
|
+
orders: {
|
|
8
|
+
relationship: 'many_to_one',
|
|
9
|
+
sql: `${orders}.id = ${line_items}.order_id`,
|
|
10
|
+
},
|
|
11
|
+
|
|
12
|
+
},
|
|
13
|
+
|
|
14
|
+
dimensions: {
|
|
15
|
+
id: {
|
|
16
|
+
sql: 'id',
|
|
17
|
+
type: 'number',
|
|
18
|
+
primary_key: true,
|
|
19
|
+
},
|
|
20
|
+
|
|
21
|
+
created_at: {
|
|
22
|
+
sql: 'created_at',
|
|
23
|
+
type: 'time',
|
|
24
|
+
},
|
|
25
|
+
|
|
26
|
+
price_dim: {
|
|
27
|
+
sql: 'price',
|
|
28
|
+
type: 'number',
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
|
|
32
|
+
measures: {
|
|
33
|
+
count: {
|
|
34
|
+
type: 'count',
|
|
35
|
+
},
|
|
36
|
+
|
|
37
|
+
price: {
|
|
38
|
+
sql: 'price',
|
|
39
|
+
type: 'sum',
|
|
40
|
+
},
|
|
41
|
+
|
|
42
|
+
quantity: {
|
|
43
|
+
sql: 'quantity',
|
|
44
|
+
type: 'sum',
|
|
45
|
+
},
|
|
46
|
+
},
|
|
47
|
+
|
|
48
|
+
accessPolicy: [
|
|
49
|
+
{
|
|
50
|
+
role: '*',
|
|
51
|
+
rowLevel: {
|
|
52
|
+
filters: [{
|
|
53
|
+
member: 'id',
|
|
54
|
+
operator: 'gt',
|
|
55
|
+
// This is to test dynamic values based on security context
|
|
56
|
+
values: [`${security_context.auth?.userAttributes?.minDefaultId || 20000}`],
|
|
57
|
+
}]
|
|
58
|
+
}
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
role: 'admin',
|
|
62
|
+
conditions: [
|
|
63
|
+
{
|
|
64
|
+
if: security_context.auth?.userAttributes?.region === 'CA',
|
|
65
|
+
},
|
|
66
|
+
],
|
|
67
|
+
rowLevel: {
|
|
68
|
+
// The "allowAll" flag should negate the default `id` filter
|
|
69
|
+
allowAll: true,
|
|
70
|
+
},
|
|
71
|
+
memberLevel: {
|
|
72
|
+
excludes: ['created_at'],
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
});
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
cube('orders', {
|
|
2
|
+
sql_table: 'public.orders',
|
|
3
|
+
|
|
4
|
+
data_source: 'default',
|
|
5
|
+
|
|
6
|
+
joins: {
|
|
7
|
+
line_items: {
|
|
8
|
+
relationship: 'one_to_many',
|
|
9
|
+
sql: `${orders}.id = ${line_items}.order_id`,
|
|
10
|
+
},
|
|
11
|
+
},
|
|
12
|
+
|
|
13
|
+
dimensions: {
|
|
14
|
+
id: {
|
|
15
|
+
sql: 'id',
|
|
16
|
+
type: 'number',
|
|
17
|
+
primary_key: true,
|
|
18
|
+
},
|
|
19
|
+
|
|
20
|
+
created_at: {
|
|
21
|
+
sql: 'created_at',
|
|
22
|
+
type: 'time',
|
|
23
|
+
},
|
|
24
|
+
},
|
|
25
|
+
|
|
26
|
+
measures: {
|
|
27
|
+
count: {
|
|
28
|
+
type: 'count',
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
|
|
32
|
+
accessPolicy: [
|
|
33
|
+
{
|
|
34
|
+
role: '*',
|
|
35
|
+
memberLevel: {
|
|
36
|
+
// This cube is "private" by default and only accessible via views
|
|
37
|
+
includes: [],
|
|
38
|
+
},
|
|
39
|
+
rowLevel: {
|
|
40
|
+
filters: [
|
|
41
|
+
{
|
|
42
|
+
member: 'id',
|
|
43
|
+
operator: 'equals',
|
|
44
|
+
values: [1],
|
|
45
|
+
},
|
|
46
|
+
],
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
role: 'admin',
|
|
51
|
+
memberLevel: {
|
|
52
|
+
// This cube is "private" by default and only accessible via views
|
|
53
|
+
includes: [],
|
|
54
|
+
},
|
|
55
|
+
rowLevel: {
|
|
56
|
+
filters: [
|
|
57
|
+
{
|
|
58
|
+
or: [
|
|
59
|
+
{
|
|
60
|
+
member: `${CUBE}.id`,
|
|
61
|
+
operator: 'equals',
|
|
62
|
+
values: [10],
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
// Testing different ways of referencing cube members
|
|
66
|
+
member: 'id',
|
|
67
|
+
operator: 'equals',
|
|
68
|
+
values: ['11'],
|
|
69
|
+
},
|
|
70
|
+
],
|
|
71
|
+
},
|
|
72
|
+
],
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
});
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
cubes:
|
|
2
|
+
# An open cube with no access policy
|
|
3
|
+
- name: orders_open
|
|
4
|
+
sql_table: orders
|
|
5
|
+
|
|
6
|
+
dimensions:
|
|
7
|
+
- name: id
|
|
8
|
+
sql: id
|
|
9
|
+
type: string
|
|
10
|
+
primary_key: true
|
|
11
|
+
|
|
12
|
+
- name: created_at
|
|
13
|
+
sql: created_at
|
|
14
|
+
type: time
|
|
15
|
+
|
|
16
|
+
measures:
|
|
17
|
+
- name: count
|
|
18
|
+
sql: id
|
|
19
|
+
type: count
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
cubes:
|
|
2
|
+
- name: users
|
|
3
|
+
sql_table: users
|
|
4
|
+
|
|
5
|
+
measures:
|
|
6
|
+
- name: count
|
|
7
|
+
sql: id
|
|
8
|
+
type: count
|
|
9
|
+
|
|
10
|
+
dimensions:
|
|
11
|
+
- name: city
|
|
12
|
+
sql: city
|
|
13
|
+
type: string
|
|
14
|
+
|
|
15
|
+
- name: id
|
|
16
|
+
sql: id
|
|
17
|
+
type: number
|
|
18
|
+
primary_key: true
|
|
19
|
+
|
|
20
|
+
access_policy:
|
|
21
|
+
- role: "*"
|
|
22
|
+
- role: admin
|
|
23
|
+
conditions:
|
|
24
|
+
# This thing will fail if there's no auth info in the context
|
|
25
|
+
# Unfortunately, as of now, there's no way to write more complex expressions
|
|
26
|
+
# that would allow us to check for the existence of the auth object
|
|
27
|
+
- if: "{ security_context.auth.userAttributes.canHaveAdmin }"
|
|
28
|
+
row_level:
|
|
29
|
+
filters:
|
|
30
|
+
- or:
|
|
31
|
+
- and:
|
|
32
|
+
- member: "{CUBE}.city"
|
|
33
|
+
operator: notStartsWith
|
|
34
|
+
values:
|
|
35
|
+
- London
|
|
36
|
+
- "{ security_context.auth.userAttributes.city }"
|
|
37
|
+
# mixing string, dynamic values, integers and bools should not
|
|
38
|
+
# cause any compilation issues
|
|
39
|
+
- 4
|
|
40
|
+
- true
|
|
41
|
+
- member: "city"
|
|
42
|
+
operator: notEquals
|
|
43
|
+
values:
|
|
44
|
+
- 'San Francisco'
|
|
45
|
+
- member: "{CUBE}.city"
|
|
46
|
+
operator: equals
|
|
47
|
+
values:
|
|
48
|
+
- "New York"
|
|
49
|
+
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
views:
|
|
2
|
+
- name: line_items_view_price_gt_200
|
|
3
|
+
cubes:
|
|
4
|
+
- join_path: line_items
|
|
5
|
+
includes: "*"
|
|
6
|
+
access_policy:
|
|
7
|
+
- role: "*"
|
|
8
|
+
row_level:
|
|
9
|
+
filters:
|
|
10
|
+
- member: "${CUBE}.price_dim"
|
|
11
|
+
operator: gt
|
|
12
|
+
values:
|
|
13
|
+
- 200
|
|
14
|
+
|
|
15
|
+
- name: line_items_view_joined_orders
|
|
16
|
+
cubes:
|
|
17
|
+
- join_path: line_items
|
|
18
|
+
includes: "*"
|
|
19
|
+
- join_path: line_items.orders
|
|
20
|
+
prefix: true
|
|
21
|
+
includes: "*"
|
|
22
|
+
|
|
23
|
+
- name: line_items_view_no_policy
|
|
24
|
+
cubes:
|
|
25
|
+
- join_path: line_items
|
|
26
|
+
includes: "*"
|
|
27
|
+
|
|
28
|
+
- name: orders_view
|
|
29
|
+
cubes:
|
|
30
|
+
- join_path: orders
|
|
31
|
+
includes: "*"
|
|
32
|
+
access_policy:
|
|
33
|
+
- role: admin
|
|
34
|
+
member_level:
|
|
35
|
+
includes: "*"
|
|
36
|
+
row_level:
|
|
37
|
+
allow_all: true
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cubejs-backend/testing",
|
|
3
|
-
"version": "0.36.
|
|
3
|
+
"version": "0.36.10",
|
|
4
4
|
"description": "Cube.js e2e tests",
|
|
5
5
|
"author": "Cube Dev, Inc.",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -73,6 +73,7 @@
|
|
|
73
73
|
"smoke:postgres": "jest --verbose -i dist/test/smoke-postgres.test.js",
|
|
74
74
|
"smoke:redshift": "jest --verbose -i dist/test/smoke-redshift.test.js",
|
|
75
75
|
"smoke:redshift:snapshot": "jest --verbose --updateSnapshot -i dist/test/smoke-redshift.test.js",
|
|
76
|
+
"smoke:rbac": "TZ=UTC jest --verbose --forceExit -i dist/test/smoke-rbac.test.js",
|
|
76
77
|
"smoke:cubesql": "TZ=UTC jest --verbose --forceExit -i dist/test/smoke-cubesql.test.js",
|
|
77
78
|
"smoke:cubesql:snapshot": "TZ=UTC jest --verbose --forceExit --updateSnapshot -i dist/test/smoke-cubesql.test.js",
|
|
78
79
|
"smoke:prestodb": "jest --verbose -i dist/test/smoke-prestodb.test.js",
|
|
@@ -91,12 +92,12 @@
|
|
|
91
92
|
"dependencies": {
|
|
92
93
|
"@cubejs-backend/cubestore-driver": "^0.36.9",
|
|
93
94
|
"@cubejs-backend/dotenv": "^9.0.2",
|
|
94
|
-
"@cubejs-backend/ksql-driver": "^0.36.
|
|
95
|
-
"@cubejs-backend/postgres-driver": "^0.36.
|
|
95
|
+
"@cubejs-backend/ksql-driver": "^0.36.10",
|
|
96
|
+
"@cubejs-backend/postgres-driver": "^0.36.10",
|
|
96
97
|
"@cubejs-backend/query-orchestrator": "^0.36.9",
|
|
97
|
-
"@cubejs-backend/schema-compiler": "^0.36.
|
|
98
|
+
"@cubejs-backend/schema-compiler": "^0.36.10",
|
|
98
99
|
"@cubejs-backend/shared": "^0.36.8",
|
|
99
|
-
"@cubejs-backend/testing-shared": "^0.36.
|
|
100
|
+
"@cubejs-backend/testing-shared": "^0.36.10",
|
|
100
101
|
"@cubejs-client/ws-transport": "^0.36.4",
|
|
101
102
|
"dedent": "^0.7.0",
|
|
102
103
|
"fs-extra": "^8.1.0",
|
|
@@ -145,5 +146,5 @@
|
|
|
145
146
|
"eslintConfig": {
|
|
146
147
|
"extends": "../cubejs-linter"
|
|
147
148
|
},
|
|
148
|
-
"gitHead": "
|
|
149
|
+
"gitHead": "362c32c7906ff8bc860b9294194f3e86a2857f2f"
|
|
149
150
|
}
|