garnet/test/Garnet.test.acl/Resp/ACL/GetUserTests.cs at ded578ac44cbbd9660aefab7579b9729406d6929 · microsoft/garnet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.

using System;
using System.IO;
using System.Text;
using System.Threading.Tasks;
using Allure.NUnit;
using NUnit.Framework;
using NUnit.Framework.Legacy;
using StackExchange.Redis;

namespace Garnet.test.Resp.ACL
{
    /// <summary>
    /// Tests for ACL GETUSER command.
    /// </summary>
    [AllureNUnit]
    [TestFixture]
    internal class GetUserTests : AclTest
    {
        private const string DefaultUserName = "default";

        private const string MultiCommandList = "+get +set +setex +decr +decrby +incr +incrby +del +unlink +flushdb +latency";

        /// <summary>
        /// Tests that ACL GETUSER shows the default user.
        /// </summary>
        [Test]
        public async Task GetUserTest()
        {
            server = TestUtils.CreateGarnetServer(TestUtils.MethodTestDir, useAcl: true);
            server.Start();

            using var redis = ConnectionMultiplexer.Connect(TestUtils.GetConfig());
            var db = redis.GetDatabase(0);

            UserAclResult commandResult = new UserAclResult(await db.ExecuteAsync("ACL", "GETUSER", DefaultUserName).ConfigureAwait(false));

            ClassicAssert.NotNull(commandResult);
            ClassicAssert.IsTrue(commandResult.IsWellStructured());
            ClassicAssert.IsTrue(commandResult.IsEnabled);
            ClassicAssert.AreEqual(0, commandResult.PasswordResult.Length);
            ClassicAssert.AreEqual("+@all", commandResult.PermittedCommands);
        }

        /// <summary>
        /// Tests that ACL GETUSER returns null when user is not found.
        /// </summary>
        [Test]
        public async Task GetUserNotFoundTest()
        {
            server = TestUtils.CreateGarnetServer(TestUtils.MethodTestDir, useAcl: true);
            server.Start();

            using var redis = ConnectionMultiplexer.Connect(TestUtils.GetConfig());
            var db = redis.GetDatabase(0);

            ClassicAssert.IsTrue((await db.ExecuteAsync("ACL", "GETUSER", $"!{DefaultUserName}").ConfigureAwait(false)).IsNull);
        }

        /// <summary>
        /// Tests that ACL GETUSER shows various users and their appropriate ACL information.
        /// Note: Multi-segment ACLs are consolidated, ex: -@all +get becomes +get. Matching ACL LIST behavior.
        /// </summary>
        [Test, Sequential]
        [TestCase(TestUserA, "on", DummyPassword, "+@admin", "+@admin")]
        [TestCase(TestUserA, "off", "nopass", "+get", "+get")]
        [TestCase(TestUserA, "", "", "+@all", "+@all")]
        [TestCase(TestUserA, "on", "nopass", "-@all +get", "+get")]
        public async Task GetUserAclTest(
            string userName,
            string enabled,
            string credential,
            string commands,
            string expectedCommands)
        {
            if (!string.IsNullOrWhiteSpace(credential) && credential != "nopass")
            {
                credential = $">{credential}";
            }

            StringBuilder sb = new StringBuilder($"user default on nopass +@all {Environment.NewLine}");
            sb.AppendLine($"user {userName} {enabled} {credential} {commands}");

            // Create an input with user definition (including default)
            var configurationFile = Path.Join(TestUtils.MethodTestDir, "users.acl");
            File.WriteAllText(configurationFile, sb.ToString());

            // Start up Garnet with a defined default user password
            server = TestUtils.CreateGarnetServer(TestUtils.MethodTestDir, useAcl: true, aclFile: configurationFile, defaultPassword: DummyPassword);
            server.Start();

            using var redis = ConnectionMultiplexer.Connect(TestUtils.GetConfig(authUsername: DefaultUserName));
            var db = redis.GetDatabase(0);

            UserAclResult commandResult = new UserAclResult(await db.ExecuteAsync("ACL", "GETUSER", userName).ConfigureAwait(false));

            ClassicAssert.NotNull(commandResult);
            ClassicAssert.IsTrue(commandResult.IsWellStructured());

            ClassicAssert.AreEqual(enabled == "on", commandResult.IsEnabled);

            bool expectPasswordMatch = !string.IsNullOrWhiteSpace(credential) && credential != "nopass";
            ClassicAssert.AreEqual(expectPasswordMatch, commandResult.ContainsPasswordHash($"#{DummyPasswordHash}"));

            ClassicAssert.AreEqual(expectedCommands, commandResult.PermittedCommands);
        }

        /// <summary>
        /// Tests that ACL GETUSER retrieves correct user and their appropriate ACL information when multiple users
        /// are present.
        /// </summary>
        [Test, Sequential]
        public async Task GetUserMultiUserTest()
        {
            StringBuilder sb = new StringBuilder($"user {DefaultUserName} on nopass +@all {Environment.NewLine}");
            sb.AppendLine($"user {TestUserA} on >{DummyPassword} {MultiCommandList} {Environment.NewLine}");
            sb.AppendLine($"user {TestUserB} on >{DummyPasswordB} +set {Environment.NewLine}");

            // Create an input with 3 user definitions (including default)
            var configurationFile = Path.Join(TestUtils.MethodTestDir, "users.acl");
            File.WriteAllText(configurationFile, sb.ToString());

            // Start up Garnet with a defined default user password
            server = TestUtils.CreateGarnetServer(TestUtils.MethodTestDir, useAcl: true, aclFile: configurationFile, defaultPassword: DummyPassword);
            server.Start();

            using var redis = ConnectionMultiplexer.Connect(TestUtils.GetConfig(authUsername: DefaultUserName));
            var db = redis.GetDatabase(0);

            UserAclResult commandResult = new UserAclResult(await db.ExecuteAsync("ACL", "GETUSER", TestUserA).ConfigureAwait(false));

            ClassicAssert.NotNull(commandResult);
            ClassicAssert.IsTrue(commandResult.IsWellStructured());
            ClassicAssert.IsTrue(commandResult.IsEnabled);
            ClassicAssert.IsTrue(commandResult.ContainsPasswordHash($"#{DummyPasswordHash}"));
            ClassicAssert.AreEqual(MultiCommandList, commandResult.PermittedCommands);
        }
    }
}