@cubejs-backend/testing 0.36.9 → 0.36.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/birdbox-fixtures/rbac/cube.js +27 -0
- package/birdbox-fixtures/rbac/model/cubes/line_items.js +76 -0
- package/birdbox-fixtures/rbac/model/cubes/orders.js +76 -0
- package/birdbox-fixtures/rbac/model/cubes/orders_open.yaml +19 -0
- package/birdbox-fixtures/rbac/model/cubes/users.yaml +49 -0
- package/birdbox-fixtures/rbac/model/views/views.yaml +37 -0
- package/package.json +10 -9
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module.exports = {
|
|
2
|
+
contextToRoles: async (context) => context.securityContext.auth?.roles || [],
|
|
3
|
+
checkSqlAuth: async (req, user, password) => {
|
|
4
|
+
if (user === 'admin') {
|
|
5
|
+
if (password && password !== 'admin_password') {
|
|
6
|
+
throw new Error(`Password doesn't match for ${user}`);
|
|
7
|
+
}
|
|
8
|
+
return {
|
|
9
|
+
password,
|
|
10
|
+
superuser: true,
|
|
11
|
+
securityContext: {
|
|
12
|
+
auth: {
|
|
13
|
+
username: 'admin',
|
|
14
|
+
userAttributes: {
|
|
15
|
+
region: 'CA',
|
|
16
|
+
city: 'Fresno',
|
|
17
|
+
canHaveAdmin: true,
|
|
18
|
+
minDefaultId: 10000,
|
|
19
|
+
},
|
|
20
|
+
roles: ['admin', 'ownder', 'hr'],
|
|
21
|
+
},
|
|
22
|
+
},
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
throw new Error(`User "${user}" doesn't exist`);
|
|
26
|
+
}
|
|
27
|
+
};
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
cube('line_items', {
|
|
2
|
+
sql_table: 'public.line_items',
|
|
3
|
+
|
|
4
|
+
data_source: 'default',
|
|
5
|
+
|
|
6
|
+
joins: {
|
|
7
|
+
orders: {
|
|
8
|
+
relationship: 'many_to_one',
|
|
9
|
+
sql: `${orders}.id = ${line_items}.order_id`,
|
|
10
|
+
},
|
|
11
|
+
|
|
12
|
+
},
|
|
13
|
+
|
|
14
|
+
dimensions: {
|
|
15
|
+
id: {
|
|
16
|
+
sql: 'id',
|
|
17
|
+
type: 'number',
|
|
18
|
+
primary_key: true,
|
|
19
|
+
},
|
|
20
|
+
|
|
21
|
+
created_at: {
|
|
22
|
+
sql: 'created_at',
|
|
23
|
+
type: 'time',
|
|
24
|
+
},
|
|
25
|
+
|
|
26
|
+
price_dim: {
|
|
27
|
+
sql: 'price',
|
|
28
|
+
type: 'number',
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
|
|
32
|
+
measures: {
|
|
33
|
+
count: {
|
|
34
|
+
type: 'count',
|
|
35
|
+
},
|
|
36
|
+
|
|
37
|
+
price: {
|
|
38
|
+
sql: 'price',
|
|
39
|
+
type: 'sum',
|
|
40
|
+
},
|
|
41
|
+
|
|
42
|
+
quantity: {
|
|
43
|
+
sql: 'quantity',
|
|
44
|
+
type: 'sum',
|
|
45
|
+
},
|
|
46
|
+
},
|
|
47
|
+
|
|
48
|
+
accessPolicy: [
|
|
49
|
+
{
|
|
50
|
+
role: '*',
|
|
51
|
+
rowLevel: {
|
|
52
|
+
filters: [{
|
|
53
|
+
member: 'id',
|
|
54
|
+
operator: 'gt',
|
|
55
|
+
// This is to test dynamic values based on security context
|
|
56
|
+
values: [`${security_context.auth?.userAttributes?.minDefaultId || 20000}`],
|
|
57
|
+
}]
|
|
58
|
+
}
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
role: 'admin',
|
|
62
|
+
conditions: [
|
|
63
|
+
{
|
|
64
|
+
if: security_context.auth?.userAttributes?.region === 'CA',
|
|
65
|
+
},
|
|
66
|
+
],
|
|
67
|
+
rowLevel: {
|
|
68
|
+
// The "allowAll" flag should negate the default `id` filter
|
|
69
|
+
allowAll: true,
|
|
70
|
+
},
|
|
71
|
+
memberLevel: {
|
|
72
|
+
excludes: ['created_at'],
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
});
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
cube('orders', {
|
|
2
|
+
sql_table: 'public.orders',
|
|
3
|
+
|
|
4
|
+
data_source: 'default',
|
|
5
|
+
|
|
6
|
+
joins: {
|
|
7
|
+
line_items: {
|
|
8
|
+
relationship: 'one_to_many',
|
|
9
|
+
sql: `${orders}.id = ${line_items}.order_id`,
|
|
10
|
+
},
|
|
11
|
+
},
|
|
12
|
+
|
|
13
|
+
dimensions: {
|
|
14
|
+
id: {
|
|
15
|
+
sql: 'id',
|
|
16
|
+
type: 'number',
|
|
17
|
+
primary_key: true,
|
|
18
|
+
},
|
|
19
|
+
|
|
20
|
+
created_at: {
|
|
21
|
+
sql: 'created_at',
|
|
22
|
+
type: 'time',
|
|
23
|
+
},
|
|
24
|
+
},
|
|
25
|
+
|
|
26
|
+
measures: {
|
|
27
|
+
count: {
|
|
28
|
+
type: 'count',
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
|
|
32
|
+
accessPolicy: [
|
|
33
|
+
{
|
|
34
|
+
role: '*',
|
|
35
|
+
memberLevel: {
|
|
36
|
+
// This cube is "private" by default and only accessible via views
|
|
37
|
+
includes: [],
|
|
38
|
+
},
|
|
39
|
+
rowLevel: {
|
|
40
|
+
filters: [
|
|
41
|
+
{
|
|
42
|
+
member: 'id',
|
|
43
|
+
operator: 'equals',
|
|
44
|
+
values: [1],
|
|
45
|
+
},
|
|
46
|
+
],
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
role: 'admin',
|
|
51
|
+
memberLevel: {
|
|
52
|
+
// This cube is "private" by default and only accessible via views
|
|
53
|
+
includes: [],
|
|
54
|
+
},
|
|
55
|
+
rowLevel: {
|
|
56
|
+
filters: [
|
|
57
|
+
{
|
|
58
|
+
or: [
|
|
59
|
+
{
|
|
60
|
+
member: `${CUBE}.id`,
|
|
61
|
+
operator: 'equals',
|
|
62
|
+
values: [10],
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
// Testing different ways of referencing cube members
|
|
66
|
+
member: 'id',
|
|
67
|
+
operator: 'equals',
|
|
68
|
+
values: ['11'],
|
|
69
|
+
},
|
|
70
|
+
],
|
|
71
|
+
},
|
|
72
|
+
],
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
});
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
cubes:
|
|
2
|
+
# An open cube with no access policy
|
|
3
|
+
- name: orders_open
|
|
4
|
+
sql_table: orders
|
|
5
|
+
|
|
6
|
+
dimensions:
|
|
7
|
+
- name: id
|
|
8
|
+
sql: id
|
|
9
|
+
type: string
|
|
10
|
+
primary_key: true
|
|
11
|
+
|
|
12
|
+
- name: created_at
|
|
13
|
+
sql: created_at
|
|
14
|
+
type: time
|
|
15
|
+
|
|
16
|
+
measures:
|
|
17
|
+
- name: count
|
|
18
|
+
sql: id
|
|
19
|
+
type: count
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
cubes:
|
|
2
|
+
- name: users
|
|
3
|
+
sql_table: users
|
|
4
|
+
|
|
5
|
+
measures:
|
|
6
|
+
- name: count
|
|
7
|
+
sql: id
|
|
8
|
+
type: count
|
|
9
|
+
|
|
10
|
+
dimensions:
|
|
11
|
+
- name: city
|
|
12
|
+
sql: city
|
|
13
|
+
type: string
|
|
14
|
+
|
|
15
|
+
- name: id
|
|
16
|
+
sql: id
|
|
17
|
+
type: number
|
|
18
|
+
primary_key: true
|
|
19
|
+
|
|
20
|
+
access_policy:
|
|
21
|
+
- role: "*"
|
|
22
|
+
- role: admin
|
|
23
|
+
conditions:
|
|
24
|
+
# This thing will fail if there's no auth info in the context
|
|
25
|
+
# Unfortunately, as of now, there's no way to write more complex expressions
|
|
26
|
+
# that would allow us to check for the existence of the auth object
|
|
27
|
+
- if: "{ security_context.auth.userAttributes.canHaveAdmin }"
|
|
28
|
+
row_level:
|
|
29
|
+
filters:
|
|
30
|
+
- or:
|
|
31
|
+
- and:
|
|
32
|
+
- member: "{CUBE}.city"
|
|
33
|
+
operator: notStartsWith
|
|
34
|
+
values:
|
|
35
|
+
- London
|
|
36
|
+
- "{ security_context.auth.userAttributes.city }"
|
|
37
|
+
# mixing string, dynamic values, integers and bools should not
|
|
38
|
+
# cause any compilation issues
|
|
39
|
+
- 4
|
|
40
|
+
- true
|
|
41
|
+
- member: "city"
|
|
42
|
+
operator: notEquals
|
|
43
|
+
values:
|
|
44
|
+
- 'San Francisco'
|
|
45
|
+
- member: "{CUBE}.city"
|
|
46
|
+
operator: equals
|
|
47
|
+
values:
|
|
48
|
+
- "New York"
|
|
49
|
+
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
views:
|
|
2
|
+
- name: line_items_view_price_gt_200
|
|
3
|
+
cubes:
|
|
4
|
+
- join_path: line_items
|
|
5
|
+
includes: "*"
|
|
6
|
+
access_policy:
|
|
7
|
+
- role: "*"
|
|
8
|
+
row_level:
|
|
9
|
+
filters:
|
|
10
|
+
- member: "${CUBE}.price_dim"
|
|
11
|
+
operator: gt
|
|
12
|
+
values:
|
|
13
|
+
- 200
|
|
14
|
+
|
|
15
|
+
- name: line_items_view_joined_orders
|
|
16
|
+
cubes:
|
|
17
|
+
- join_path: line_items
|
|
18
|
+
includes: "*"
|
|
19
|
+
- join_path: line_items.orders
|
|
20
|
+
prefix: true
|
|
21
|
+
includes: "*"
|
|
22
|
+
|
|
23
|
+
- name: line_items_view_no_policy
|
|
24
|
+
cubes:
|
|
25
|
+
- join_path: line_items
|
|
26
|
+
includes: "*"
|
|
27
|
+
|
|
28
|
+
- name: orders_view
|
|
29
|
+
cubes:
|
|
30
|
+
- join_path: orders
|
|
31
|
+
includes: "*"
|
|
32
|
+
access_policy:
|
|
33
|
+
- role: admin
|
|
34
|
+
member_level:
|
|
35
|
+
includes: "*"
|
|
36
|
+
row_level:
|
|
37
|
+
allow_all: true
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cubejs-backend/testing",
|
|
3
|
-
"version": "0.36.
|
|
3
|
+
"version": "0.36.11",
|
|
4
4
|
"description": "Cube.js e2e tests",
|
|
5
5
|
"author": "Cube Dev, Inc.",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -73,6 +73,7 @@
|
|
|
73
73
|
"smoke:postgres": "jest --verbose -i dist/test/smoke-postgres.test.js",
|
|
74
74
|
"smoke:redshift": "jest --verbose -i dist/test/smoke-redshift.test.js",
|
|
75
75
|
"smoke:redshift:snapshot": "jest --verbose --updateSnapshot -i dist/test/smoke-redshift.test.js",
|
|
76
|
+
"smoke:rbac": "TZ=UTC jest --verbose --forceExit -i dist/test/smoke-rbac.test.js",
|
|
76
77
|
"smoke:cubesql": "TZ=UTC jest --verbose --forceExit -i dist/test/smoke-cubesql.test.js",
|
|
77
78
|
"smoke:cubesql:snapshot": "TZ=UTC jest --verbose --forceExit --updateSnapshot -i dist/test/smoke-cubesql.test.js",
|
|
78
79
|
"smoke:prestodb": "jest --verbose -i dist/test/smoke-prestodb.test.js",
|
|
@@ -89,14 +90,14 @@
|
|
|
89
90
|
"birdbox-fixtures"
|
|
90
91
|
],
|
|
91
92
|
"dependencies": {
|
|
92
|
-
"@cubejs-backend/cubestore-driver": "^0.36.
|
|
93
|
+
"@cubejs-backend/cubestore-driver": "^0.36.11",
|
|
93
94
|
"@cubejs-backend/dotenv": "^9.0.2",
|
|
94
|
-
"@cubejs-backend/ksql-driver": "^0.36.
|
|
95
|
-
"@cubejs-backend/postgres-driver": "^0.36.
|
|
96
|
-
"@cubejs-backend/query-orchestrator": "^0.36.
|
|
97
|
-
"@cubejs-backend/schema-compiler": "^0.36.
|
|
98
|
-
"@cubejs-backend/shared": "^0.36.
|
|
99
|
-
"@cubejs-backend/testing-shared": "^0.36.
|
|
95
|
+
"@cubejs-backend/ksql-driver": "^0.36.11",
|
|
96
|
+
"@cubejs-backend/postgres-driver": "^0.36.11",
|
|
97
|
+
"@cubejs-backend/query-orchestrator": "^0.36.11",
|
|
98
|
+
"@cubejs-backend/schema-compiler": "^0.36.11",
|
|
99
|
+
"@cubejs-backend/shared": "^0.36.11",
|
|
100
|
+
"@cubejs-backend/testing-shared": "^0.36.11",
|
|
100
101
|
"@cubejs-client/ws-transport": "^0.36.4",
|
|
101
102
|
"dedent": "^0.7.0",
|
|
102
103
|
"fs-extra": "^8.1.0",
|
|
@@ -145,5 +146,5 @@
|
|
|
145
146
|
"eslintConfig": {
|
|
146
147
|
"extends": "../cubejs-linter"
|
|
147
148
|
},
|
|
148
|
-
"gitHead": "
|
|
149
|
+
"gitHead": "5a4f46756ad70d95e850b73dfa55e246bbf7b1af"
|
|
149
150
|
}
|