marklogic-community#563 create a testing user

The amps approach doesn't work, because we support using the filesystem for modules. Amps may not be applied to filesystem code unless it's under the MarkLogic install directory. New approach: the testing role gets the general app role, plus several privileges needed for running tests.
dmcassel · Oct 25, 2016 · 971b334 · 971b334
1 parent 4fefd77
commit 971b334
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 87 deletions.
diff --git a/deploy/lib/server_config.rb b/deploy/lib/server_config.rb
@@ -2409,6 +2409,21 @@ def test_modules_db_xml
     }
   end
 
+  def test_user_xml
+    %Q{
+      <user>
+        <user-name>${test-user}</user-name>
+        <description>A user for the ${app-name} unit tests</description>
+        <password>${test-user-password}</password>
+        <role-names>
+          <role-name>${app-role}-unit-test</role-name>
+        </role-names>
+        <permissions/>
+        <collections/>
+      </user>
+    }
+  end
+
   def test_modules_db_assignment
     %Q{
       <assignment>
@@ -2571,6 +2586,14 @@ def build_config(config_files)
       config.gsub!("@ml.test-modules-db-assignment", "")
     end
 
+    if @properties['ml.test-user'].present?
+
+      config.gsub!("@ml.test-user-xml", test_user_xml)
+
+    else
+      config.gsub!("@ml.test-user-xml", "")
+    end
+
     if @properties['ml.rest-port'].present?
 
       # Set up a REST API app server, distinct from the main application.

diff --git a/deploy/sample/build.sample.properties b/deploy/sample/build.sample.properties
@@ -38,6 +38,14 @@ modules-prefix=/
 # test-content-db=${app-name}-content-test
 # test-modules-db=${app-name}-modules
 # test-port=8042
+
+# The unit tests that come with Roxy require some privileges that we might not
+# want to grant to all users. The ${app-name}-unit-test role has those
+# privileges and also inherits from ${app-name}-role. To create a user for the
+# testing role, uncomment the two following properties. You can also run unit
+# tests as admin.
+# test-user=${app-name}-test-user
+# test-user-password=random
 #
 # The authentication method used for your test appserver
 # application-level, basic, digest, digestbasic

diff --git a/deploy/sample/ml-config.sample.xml b/deploy/sample/ml-config.sample.xml
@@ -488,7 +488,21 @@
     <role>
       <role-name>${app-role}-unit-test</role-name>
       <description>A role for unit testing the ${app-name} application</description>
+      <role-names>
+        <role-name>${app-role}</role-name>
+      </role-names>
       <privileges>
+        <!-- START: privileges needed for unit testing while running on filesystem -->
+        <privilege>
+          <privilege-name>xdmp:document-get</privilege-name>
+        </privilege>
+        <privilege>
+          <privilege-name>xdmp:filesystem-directory</privilege-name>
+        </privilege>
+        <privilege>
+          <privilege-name>xdmp:save</privilege-name>
+        </privilege>
+        <!-- END: privileges needed for unit testing while running on filesystem -->
         <privilege>
           <privilege-name>xdmp:eval</privilege-name>
         </privilege>
@@ -524,6 +538,7 @@
       <permissions/>
       <collections/>
     </user>
+    @ml.test-user-xml
   </users>
   <amps xmlns="http://marklogic.com/xdmp/security">
     <!--
@@ -538,87 +553,6 @@
       <role-name>a-privileged-role</role-name>
     </amp>
     -->
-    <!-- This group of amps allows the app-user to run the unit tests. If you
-         aren't using the Unit Test framework, or if you run them as admin, you
-         can safely delete these.
-    -->
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>list-from-database</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>get-modules-file</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>load-test-file</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>remove-modules</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>remove-modules-directories</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test-helper</namespace>
-      <local-name>http-get</local-name>
-      <doc-uri>/test/test-helper.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test/framework</namespace>
-      <local-name>http-head</local-name>
-      <doc-uri>/test/suites/Framework Tests/lib/framework-lib.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test/framework</namespace>
-      <local-name>http-delete</local-name>
-      <doc-uri>/test/suites/Framework Tests/lib/framework-lib.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test/framework</namespace>
-      <local-name>http-post</local-name>
-      <doc-uri>/test/suites/Framework Tests/lib/framework-lib.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test/framework</namespace>
-      <local-name>http-put</local-name>
-      <doc-uri>/test/suites/Framework Tests/lib/framework-lib.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
-    <amp>
-      <namespace>http://marklogic.com/roxy/test/framework</namespace>
-      <local-name>create-delete-target</local-name>
-      <doc-uri>/test/suites/Framework Tests/lib/framework-lib.xqy</doc-uri>
-      <db-name>${app-modules-db}</db-name>
-      <role-name>${app-role}-unit-test</role-name>
-    </amp>
   </amps>
   <privileges xmlns="http://marklogic.com/xdmp/security">
 <!--

diff --git a/src/test/suites/Framework Tests/routing.xqy b/src/test/suites/Framework Tests/routing.xqy
@@ -20,16 +20,16 @@ declare variable $options :=
   <options xmlns="xdmp:http">
     <format xmlns="xdmp:document-get">xml</format>
     <authentication method="digest">
-      <username>{$c:APP-USER}</username>
-      <password>{$c:APP-USER-PASSWORD}</password>
+      <username>{$c:TEST-USER}</username>
+      <password>{$c:TEST-USER-PASSWORD}</password>
     </authentication>
   </options>;
 
 declare variable $options-non-xml :=
   <options xmlns="xdmp:http">
     <authentication method="digest">
-      <username>{$c:APP-USER}</username>
-      <password>{$c:APP-USER-PASSWORD}</password>
+      <username>{$c:TEST-USER}</username>
+      <password>{$c:TEST-USER-PASSWORD}</password>
     </authentication>
   </options>;
 
@@ -42,6 +42,8 @@ declare variable $options-non-xml :=
 declare variable $LANG-XQY := "language=xqy";
 declare variable $LANG-SJS := "language=sjs";
 
+xdmp:log("options: " || xdmp:quote($options)),
+
 (: Verify that /tester will call tester:main and return the html view :)
 let $response := test:http-get(test:easy-url("/tester?" || $LANG-XQY), $options)
 return

diff --git a/src/test/test-config.xqy b/src/test/test-config.xqy
@@ -21,5 +21,9 @@ module namespace c = "http://marklogic.com/roxy/test-config";
 declare variable $c:USER := "@ml.user";
 declare variable $c:PASSWORD := "@ml.password";
 
-declare variable $c:APP-USER as xs:string := ("@ml.default-user", $c:USER)[1];
-declare variable $c:APP-USER-PASSWORD as xs:string := ("@ml.appuser-password", $c:PASSWORD)[1];
+declare variable $c:TEST-USER as xs:string :=
+  if (fn:matches("@ml.test-user", "@")) then $c:USER
+  else "@ml.test-user";
+declare variable $c:TEST-USER-PASSWORD as xs:string :=
+  if (fn:matches("@ml.test-user-password", "@")) then $c:PASSWORD
+  else "@ml.test-user-password";