Running tests as minimal user

rjrudin · rjrudin · commit 587b016c6548 · 2022-09-07T12:23:07.000-04:00
Resolves #75 . Realized in the process that we don't need to read the API declaration from the modules database, so going to submit a PR for that next.
diff --git a/gradle.properties b/gradle.properties
@@ -22,3 +22,4 @@ mlAppName=kafka-test
 mlUsername=admin
 mlPassword=changeme-in-gradle-local.properties
 mlContentForestsPerHost=1
+mlModulePermissions=rest-extension-user,read,rest-extension-user,execute,rest-admin,update
diff --git a/src/test/java/com/marklogic/kafka/connect/sink/AbstractIntegrationTest.java b/src/test/java/com/marklogic/kafka/connect/sink/AbstractIntegrationTest.java
@@ -24,13 +24,14 @@ public class AbstractIntegrationTest extends AbstractSpringMarkLogicTest {
     /**
      * @return a config map containing connection values based on the test application configuration
      */
-    protected Map<String, String> newSinkConfig() {
+    private Map<String, String> newSinkConfig() {
         Map<String, String> config = new HashMap<>();
         config.put("ml.connection.host", testConfig.getHost());
         config.put("ml.connection.port", testConfig.getRestPort() + "");
         config.put("ml.connection.securityContextType", "DIGEST");
-        config.put("ml.connection.username", testConfig.getUsername());
-        config.put("ml.connection.password", testConfig.getPassword());
+        config.put("ml.connection.username", "kafka-test-user");
+        config.put("ml.connection.password", "kafkatest");
+        config.put("ml.document.permissions", "rest-reader,read,rest-writer,update");
         return config;
     }
 
diff --git a/src/test/ml-config/security/roles/minimal-user-role.json b/src/test/ml-config/security/roles/minimal-user-role.json
@@ -0,0 +1,34 @@
+{
+  "role-name": "kafka-test-minimal-user",
+  "description": "rest-reader/rest-writer privileges are needed to read forest info and write documents; rest-extension-user, any-uri, unprotected-collections, and xdmp-eval-in is needed for Bulk DS to read the API declaration",
+  "role": [
+    "rest-extension-user"
+  ],
+  "privilege": [
+    {
+      "privilege-name": "rest-reader",
+      "action": "http://marklogic.com/xdmp/privileges/rest-reader",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "rest-writer",
+      "action": "http://marklogic.com/xdmp/privileges/rest-writer",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "any-uri",
+      "action": "http://marklogic.com/xdmp/privileges/any-uri",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "unprotected-collections",
+      "action": "http://marklogic.com/xdmp/privileges/unprotected-collections",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "xdmp:eval-in",
+      "action": "http://marklogic.com/xdmp/privileges/xdmp-eval-in",
+      "kind": "execute"
+    }
+  ]
+}
diff --git a/src/test/ml-config/security/users/minimal-user.json b/src/test/ml-config/security/users/minimal-user.json
@@ -0,0 +1,7 @@
+{
+  "user-name": "kafka-test-user",
+  "password": "kafkatest",
+  "role": [
+    "kafka-test-minimal-user"
+  ]
+}
