diff options
author | dvora-h <67596500+dvora-h@users.noreply.github.com> | 2022-05-03 14:04:14 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-03 14:04:14 +0300 |
commit | 5c99e27459a047cd1334e1b87fb0623ac2c881db (patch) | |
tree | 67434cb616fdcfa0dfaf852f42fba0934cf3a0fe /tests/test_commands.py | |
parent | fa7b3f6213625f248764b134ed2c82fcdba95d62 (diff) | |
download | redis-py-5c99e27459a047cd1334e1b87fb0623ac2c881db.tar.gz |
ACL SETUSER - add selectors and key based permissions (#2161)
* acl setuser
* async tests
Co-authored-by: Chayim <chayim@users.noreply.github.com>
Diffstat (limited to 'tests/test_commands.py')
-rw-r--r-- | tests/test_commands.py | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/tests/test_commands.py b/tests/test_commands.py index 5975412..b7287b4 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -120,8 +120,14 @@ class TestRedisCommands: @skip_if_server_version_lt("7.0.0") @skip_if_redis_enterprise() - def test_acl_dryrun(self, r): + def test_acl_dryrun(self, r, request): username = "redis-py-user" + + def teardown(): + r.acl_deluser(username) + + request.addfinalizer(teardown) + r.acl_setuser( username, keys=["*"], @@ -171,7 +177,7 @@ class TestRedisCommands: r.acl_genpass(555) assert isinstance(password, str) - @skip_if_server_version_lt("6.0.0") + @skip_if_server_version_lt("7.0.0") @skip_if_redis_enterprise() def test_acl_getuser_setuser(self, r, request): username = "redis-py-user" @@ -217,7 +223,7 @@ class TestRedisCommands: assert set(acl["commands"]) == {"+get", "+mget", "-hset"} assert acl["enabled"] is True assert "on" in acl["flags"] - assert set(acl["keys"]) == {b"cache:*", b"objects:*"} + assert set(acl["keys"]) == {"~cache:*", "~objects:*"} assert len(acl["passwords"]) == 2 # test reset=False keeps existing ACL and applies new ACL on top @@ -243,7 +249,7 @@ class TestRedisCommands: assert set(acl["commands"]) == {"+get", "+mget"} assert acl["enabled"] is True assert "on" in acl["flags"] - assert set(acl["keys"]) == {b"cache:*", b"objects:*"} + assert set(acl["keys"]) == {"~cache:*", "~objects:*"} assert len(acl["passwords"]) == 2 # test removal of passwords @@ -278,6 +284,30 @@ class TestRedisCommands: ) assert len(r.acl_getuser(username)["passwords"]) == 1 + # test selectors + assert r.acl_setuser( + username, + enabled=True, + reset=True, + passwords=["+pass1", "+pass2"], + categories=["+set", "+@hash", "-geo"], + commands=["+get", "+mget", "-hset"], + keys=["cache:*", "objects:*"], + channels=["message:*"], + selectors=[("+set", "%W~app*")], + ) + acl = r.acl_getuser(username) + assert set(acl["categories"]) == {"-@all", "+@set", "+@hash"} + assert set(acl["commands"]) == {"+get", "+mget", "-hset"} + assert acl["enabled"] is True + assert "on" in acl["flags"] + assert set(acl["keys"]) == {"~cache:*", "~objects:*"} + assert len(acl["passwords"]) == 2 + assert set(acl["channels"]) == {"&message:*"} + assert acl["selectors"] == [ + ["commands", "-@all +set", "keys", "%W~app*", "channels", ""] + ] + @skip_if_server_version_lt("6.0.0") def test_acl_help(self, r): res = r.acl_help() |