@cubejs-backend/testing 1.6.22 → 1.6.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -132,6 +132,60 @@ module.exports = {
|
|
|
132
132
|
},
|
|
133
133
|
};
|
|
134
134
|
}
|
|
135
|
+
// User for masking tests - no special roles, sees only masked values
|
|
136
|
+
if (user === 'masking_viewer') {
|
|
137
|
+
if (password && password !== 'masking_viewer_password') {
|
|
138
|
+
throw new Error(`Password doesn't match for ${user}`);
|
|
139
|
+
}
|
|
140
|
+
return {
|
|
141
|
+
password,
|
|
142
|
+
superuser: false,
|
|
143
|
+
securityContext: {
|
|
144
|
+
auth: {
|
|
145
|
+
username: 'masking_viewer',
|
|
146
|
+
userAttributes: {},
|
|
147
|
+
roles: [],
|
|
148
|
+
groups: [],
|
|
149
|
+
},
|
|
150
|
+
},
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
// User for masking tests - has full access role
|
|
154
|
+
if (user === 'masking_full') {
|
|
155
|
+
if (password && password !== 'masking_full_password') {
|
|
156
|
+
throw new Error(`Password doesn't match for ${user}`);
|
|
157
|
+
}
|
|
158
|
+
return {
|
|
159
|
+
password,
|
|
160
|
+
superuser: false,
|
|
161
|
+
securityContext: {
|
|
162
|
+
auth: {
|
|
163
|
+
username: 'masking_full',
|
|
164
|
+
userAttributes: {},
|
|
165
|
+
roles: ['masking_full_access'],
|
|
166
|
+
groups: [],
|
|
167
|
+
},
|
|
168
|
+
},
|
|
169
|
+
};
|
|
170
|
+
}
|
|
171
|
+
// User for masking tests - has partial access + masking
|
|
172
|
+
if (user === 'masking_partial') {
|
|
173
|
+
if (password && password !== 'masking_partial_password') {
|
|
174
|
+
throw new Error(`Password doesn't match for ${user}`);
|
|
175
|
+
}
|
|
176
|
+
return {
|
|
177
|
+
password,
|
|
178
|
+
superuser: false,
|
|
179
|
+
securityContext: {
|
|
180
|
+
auth: {
|
|
181
|
+
username: 'masking_partial',
|
|
182
|
+
userAttributes: {},
|
|
183
|
+
roles: ['masking_partial'],
|
|
184
|
+
groups: [],
|
|
185
|
+
},
|
|
186
|
+
},
|
|
187
|
+
};
|
|
188
|
+
}
|
|
135
189
|
throw new Error(`User "${user}" doesn't exist`);
|
|
136
190
|
}
|
|
137
191
|
};
|
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
cubes:
|
|
2
|
+
- name: masking_test
|
|
3
|
+
sql_table: public.line_items
|
|
4
|
+
|
|
5
|
+
dimensions:
|
|
6
|
+
- name: id
|
|
7
|
+
sql: id
|
|
8
|
+
type: number
|
|
9
|
+
primary_key: true
|
|
10
|
+
|
|
11
|
+
- name: secret_string
|
|
12
|
+
sql: product_id
|
|
13
|
+
mask:
|
|
14
|
+
sql: "CONCAT('***', RIGHT(CAST({CUBE}.product_id AS TEXT), 2))"
|
|
15
|
+
type: string
|
|
16
|
+
|
|
17
|
+
- name: secret_number
|
|
18
|
+
sql: price
|
|
19
|
+
mask: -1
|
|
20
|
+
type: number
|
|
21
|
+
|
|
22
|
+
- name: secret_boolean
|
|
23
|
+
sql: "CASE WHEN {CUBE}.quantity > 3 THEN TRUE ELSE FALSE END"
|
|
24
|
+
mask: FALSE
|
|
25
|
+
type: boolean
|
|
26
|
+
|
|
27
|
+
- name: public_dim
|
|
28
|
+
sql: order_id
|
|
29
|
+
type: number
|
|
30
|
+
|
|
31
|
+
measures:
|
|
32
|
+
- name: count
|
|
33
|
+
mask: 12345
|
|
34
|
+
type: count
|
|
35
|
+
|
|
36
|
+
- name: count_d
|
|
37
|
+
sql: product_id
|
|
38
|
+
mask: 34567
|
|
39
|
+
type: count_distinct
|
|
40
|
+
|
|
41
|
+
- name: total_quantity
|
|
42
|
+
sql: quantity
|
|
43
|
+
type: sum
|
|
44
|
+
|
|
45
|
+
access_policy:
|
|
46
|
+
- role: "*"
|
|
47
|
+
member_level:
|
|
48
|
+
includes: []
|
|
49
|
+
member_masking:
|
|
50
|
+
includes: "*"
|
|
51
|
+
|
|
52
|
+
- role: "masking_full_access"
|
|
53
|
+
member_level:
|
|
54
|
+
includes: "*"
|
|
55
|
+
row_level:
|
|
56
|
+
allow_all: true
|
|
57
|
+
|
|
58
|
+
- role: "masking_partial"
|
|
59
|
+
member_level:
|
|
60
|
+
includes:
|
|
61
|
+
- id
|
|
62
|
+
- public_dim
|
|
63
|
+
- total_quantity
|
|
64
|
+
member_masking:
|
|
65
|
+
includes: "*"
|
|
66
|
+
row_level:
|
|
67
|
+
allow_all: true
|
|
68
|
+
|
|
69
|
+
# Cube where all members are hidden by policy.
|
|
70
|
+
# Members carry mask definitions so a view can apply masking on top.
|
|
71
|
+
- name: masking_hidden_cube
|
|
72
|
+
sql_table: public.line_items
|
|
73
|
+
|
|
74
|
+
dimensions:
|
|
75
|
+
- name: id
|
|
76
|
+
sql: id
|
|
77
|
+
type: number
|
|
78
|
+
primary_key: true
|
|
79
|
+
|
|
80
|
+
- name: secret_string
|
|
81
|
+
sql: product_id
|
|
82
|
+
mask:
|
|
83
|
+
sql: "CONCAT('***', RIGHT(CAST({CUBE}.product_id AS TEXT), 2))"
|
|
84
|
+
type: string
|
|
85
|
+
|
|
86
|
+
- name: secret_number
|
|
87
|
+
sql: price
|
|
88
|
+
mask: -1
|
|
89
|
+
type: number
|
|
90
|
+
|
|
91
|
+
- name: public_dim
|
|
92
|
+
sql: order_id
|
|
93
|
+
type: number
|
|
94
|
+
|
|
95
|
+
measures:
|
|
96
|
+
- name: count
|
|
97
|
+
mask: 12345
|
|
98
|
+
type: count
|
|
99
|
+
|
|
100
|
+
- name: total_quantity
|
|
101
|
+
sql: quantity
|
|
102
|
+
type: sum
|
|
103
|
+
|
|
104
|
+
access_policy:
|
|
105
|
+
- role: "*"
|
|
106
|
+
member_level:
|
|
107
|
+
includes: []
|
|
108
|
+
|
|
109
|
+
views:
|
|
110
|
+
# View with full access at view level - but cube masking still applies (RLS pattern)
|
|
111
|
+
# Excludes members with {CUBE} references in SQL (secret_string, secret_boolean)
|
|
112
|
+
- name: masking_view
|
|
113
|
+
cubes:
|
|
114
|
+
- join_path: masking_test
|
|
115
|
+
includes:
|
|
116
|
+
- secret_number
|
|
117
|
+
- public_dim
|
|
118
|
+
- count
|
|
119
|
+
- count_d
|
|
120
|
+
- total_quantity
|
|
121
|
+
access_policy:
|
|
122
|
+
- role: "*"
|
|
123
|
+
member_level:
|
|
124
|
+
includes: "*"
|
|
125
|
+
row_level:
|
|
126
|
+
allow_all: true
|
|
127
|
+
|
|
128
|
+
# View with its own masking policy: all members masked for "*", full access for masking_full_access
|
|
129
|
+
# Excludes secret_string (SQL mask with {CUBE} references causes FROM-clause issues in SQL API)
|
|
130
|
+
- name: masking_view_masked
|
|
131
|
+
cubes:
|
|
132
|
+
- join_path: masking_test
|
|
133
|
+
includes:
|
|
134
|
+
- secret_number
|
|
135
|
+
- public_dim
|
|
136
|
+
- count
|
|
137
|
+
- count_d
|
|
138
|
+
- total_quantity
|
|
139
|
+
access_policy:
|
|
140
|
+
- role: "*"
|
|
141
|
+
member_level:
|
|
142
|
+
includes: []
|
|
143
|
+
member_masking:
|
|
144
|
+
includes: "*"
|
|
145
|
+
row_level:
|
|
146
|
+
allow_all: true
|
|
147
|
+
- role: "masking_full_access"
|
|
148
|
+
member_level:
|
|
149
|
+
includes: "*"
|
|
150
|
+
row_level:
|
|
151
|
+
allow_all: true
|
|
152
|
+
|
|
153
|
+
# View with partial masking: public_dim and total_quantity unmasked, rest masked
|
|
154
|
+
# Excludes members with {CUBE} references in SQL (secret_string, secret_boolean)
|
|
155
|
+
- name: masking_view_partial
|
|
156
|
+
cubes:
|
|
157
|
+
- join_path: masking_test
|
|
158
|
+
includes:
|
|
159
|
+
- secret_number
|
|
160
|
+
- public_dim
|
|
161
|
+
- count
|
|
162
|
+
- count_d
|
|
163
|
+
- total_quantity
|
|
164
|
+
access_policy:
|
|
165
|
+
- role: "*"
|
|
166
|
+
member_level:
|
|
167
|
+
includes:
|
|
168
|
+
- public_dim
|
|
169
|
+
- total_quantity
|
|
170
|
+
member_masking:
|
|
171
|
+
includes: "*"
|
|
172
|
+
row_level:
|
|
173
|
+
allow_all: true
|
|
174
|
+
|
|
175
|
+
# View over a cube where all members are hidden.
|
|
176
|
+
# The view adds its own masking policy — members that are invisible at
|
|
177
|
+
# the cube level become accessible (some masked, some real) through the view.
|
|
178
|
+
# Excludes secret_string (SQL mask with {CUBE} references causes FROM-clause issues in SQL API)
|
|
179
|
+
- name: masking_view_over_hidden_cube
|
|
180
|
+
cubes:
|
|
181
|
+
- join_path: masking_hidden_cube
|
|
182
|
+
includes:
|
|
183
|
+
- secret_number
|
|
184
|
+
- public_dim
|
|
185
|
+
- count
|
|
186
|
+
- total_quantity
|
|
187
|
+
access_policy:
|
|
188
|
+
- role: "*"
|
|
189
|
+
member_level:
|
|
190
|
+
includes:
|
|
191
|
+
- public_dim
|
|
192
|
+
- total_quantity
|
|
193
|
+
member_masking:
|
|
194
|
+
includes: "*"
|
|
195
|
+
row_level:
|
|
196
|
+
allow_all: true
|
|
197
|
+
- role: "masking_full_access"
|
|
198
|
+
member_level:
|
|
199
|
+
includes: "*"
|
|
200
|
+
row_level:
|
|
201
|
+
allow_all: true
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cubejs-backend/testing",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.23",
|
|
4
4
|
"description": "Cube.js e2e tests",
|
|
5
5
|
"author": "Cube Dev, Inc.",
|
|
6
6
|
"repository": {
|
|
@@ -99,15 +99,15 @@
|
|
|
99
99
|
"birdbox-fixtures"
|
|
100
100
|
],
|
|
101
101
|
"dependencies": {
|
|
102
|
-
"@cubejs-backend/cubestore-driver": "1.6.
|
|
102
|
+
"@cubejs-backend/cubestore-driver": "1.6.23",
|
|
103
103
|
"@cubejs-backend/dotenv": "^9.0.2",
|
|
104
|
-
"@cubejs-backend/ksql-driver": "1.6.
|
|
105
|
-
"@cubejs-backend/postgres-driver": "1.6.
|
|
106
|
-
"@cubejs-backend/query-orchestrator": "1.6.
|
|
107
|
-
"@cubejs-backend/schema-compiler": "1.6.
|
|
108
|
-
"@cubejs-backend/shared": "1.6.
|
|
109
|
-
"@cubejs-backend/testing-shared": "1.6.
|
|
110
|
-
"@cubejs-client/ws-transport": "1.6.
|
|
104
|
+
"@cubejs-backend/ksql-driver": "1.6.23",
|
|
105
|
+
"@cubejs-backend/postgres-driver": "1.6.23",
|
|
106
|
+
"@cubejs-backend/query-orchestrator": "1.6.23",
|
|
107
|
+
"@cubejs-backend/schema-compiler": "1.6.23",
|
|
108
|
+
"@cubejs-backend/shared": "1.6.23",
|
|
109
|
+
"@cubejs-backend/testing-shared": "1.6.23",
|
|
110
|
+
"@cubejs-client/ws-transport": "1.6.23",
|
|
111
111
|
"dedent": "^0.7.0",
|
|
112
112
|
"fs-extra": "^8.1.0",
|
|
113
113
|
"http-proxy": "^1.18.1",
|
|
@@ -118,8 +118,8 @@
|
|
|
118
118
|
},
|
|
119
119
|
"devDependencies": {
|
|
120
120
|
"@4tw/cypress-drag-drop": "^1.6.0",
|
|
121
|
-
"@cubejs-backend/linter": "1.6.
|
|
122
|
-
"@cubejs-client/core": "1.6.
|
|
121
|
+
"@cubejs-backend/linter": "1.6.23",
|
|
122
|
+
"@cubejs-client/core": "1.6.23",
|
|
123
123
|
"@jest/globals": "^29",
|
|
124
124
|
"@types/dedent": "^0.7.0",
|
|
125
125
|
"@types/http-proxy": "^1.17.5",
|
|
@@ -145,5 +145,5 @@
|
|
|
145
145
|
"eslintConfig": {
|
|
146
146
|
"extends": "../cubejs-linter"
|
|
147
147
|
},
|
|
148
|
-
"gitHead": "
|
|
148
|
+
"gitHead": "018952a49aa1d0e7843b209ffac5fc3be2c2f27b"
|
|
149
149
|
}
|