test: move RBAC configuration to a separate container class

bevzzz · bevzzz · commit 2a0b999fe5f2 · 2025-01-30T11:04:57.000+01:00
diff --git a/src/main/java/io/weaviate/client/v1/rbac/model/RbacAction.java b/src/main/java/io/weaviate/client/v1/rbac/model/RbacAction.java
@@ -24,7 +24,8 @@
 interface RbacAction {
   String getValue();
 
-  static <E extends Enum<E> & RbacAction> E fromString(Class<E> enumClass, String value) {
+  static <E extends Enum<E> & RbacAction> E fromString(Class<E> enumClass, String value)
+      throws IllegalArgumentException {
     for (E action : enumClass.getEnumConstants()) {
       if (action.getValue().equals(value)) {
         return action;
diff --git a/src/test/java/io/weaviate/integration/client/WeaviateDockerCompose.java b/src/test/java/io/weaviate/integration/client/WeaviateDockerCompose.java
@@ -18,36 +18,19 @@ public class WeaviateDockerCompose implements TestRule {
   private final String weaviateVersion;
   private final boolean withOffloadS3;
 
-  /** Username of the admin user for instances using RBAC. */
-  private final String adminUser;
-
   public WeaviateDockerCompose() {
     this.weaviateVersion = WeaviateDockerImage.WEAVIATE_DOCKER_IMAGE;
     this.withOffloadS3 = false;
-    this.adminUser = null;
   }
 
   public WeaviateDockerCompose(String version) {
     this.weaviateVersion = String.format("semitechnologies/weaviate:%s", version);
     this.withOffloadS3 = false;
-    this.adminUser = null;
   }
 
   public WeaviateDockerCompose(String version, boolean withOffloadS3) {
     this.weaviateVersion = String.format("semitechnologies/weaviate:%s", version);
     this.withOffloadS3 = withOffloadS3;
-    this.adminUser = null;
-  }
-
-  public WeaviateDockerCompose(String version, String adminUser) {
-    this.weaviateVersion = WeaviateDockerImage.WEAVIATE_DOCKER_IMAGE;
-    this.withOffloadS3 = false;
-    this.adminUser = adminUser;
-  }
-
-  /** Create docker-compose deployment with auth and RBAC-authz enabled. */
-  public static WeaviateDockerCompose rbac(String adminUser) {
-    return new WeaviateDockerCompose(WeaviateDockerImage.WEAVIATE_DOCKER_IMAGE, adminUser);
   }
 
   public static class Weaviate extends WeaviateContainer {
@@ -76,27 +59,6 @@ public Weaviate(String dockerImageName, boolean withOffloadS3) {
       withEnv("ENABLE_MODULES", String.join(",", enableModules));
       withCreateContainerCmdModifier(cmd -> cmd.withHostName("weaviate"));
     }
-
-    /** Create Weaviate container with RBAC authz and an admin user. */
-    public Weaviate(String dockerImageName, boolean withOffloadS3, String adminUser) {
-      this(dockerImageName, withOffloadS3);
-      withEnv("AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED", "false");
-      withEnv("AUTHENTICATION_APIKEY_ENABLED", "true");
-      withEnv("AUTHORIZATION_RBAC_ENABLED", "true");
-      withEnv("AUTHENTICATION_APIKEY_USERS", adminUser);
-      withEnv("AUTHENTICATION_APIKEY_ALLOWED_KEYS", makeSecret(adminUser));
-      withEnv("AUTHORIZATION_ADMIN_USERS", adminUser);
-    }
-
-    /**
-     * Generate API secret for a username. When running an instance with
-     * authentication enabled, {@link Weaviate} will use this method to generate
-     * secrets for all users.
-     * Use this method to get a valid API key for a test client.
-     */
-    public static String makeSecret(String user) {
-      return user + "-secret";
-    }
   }
 
   public static class Contextionary extends GenericContainer<Contextionary> {
@@ -138,11 +100,7 @@ public void start() {
     }
     contextionary = new Contextionary();
     contextionary.start();
-    if (adminUser == null) {
-      weaviate = new Weaviate(this.weaviateVersion, this.withOffloadS3);
-    } else {
-      weaviate = new Weaviate(this.weaviateVersion, this.withOffloadS3, this.adminUser);
-    }
+    weaviate = new Weaviate(this.weaviateVersion, this.withOffloadS3);
     weaviate.start();
   }
 
diff --git a/src/test/java/io/weaviate/integration/client/WeaviateWithRbacContainer.java b/src/test/java/io/weaviate/integration/client/WeaviateWithRbacContainer.java
@@ -0,0 +1,36 @@
+package io.weaviate.integration.client;
+
+import org.testcontainers.weaviate.WeaviateContainer;
+
+public class WeaviateWithRbacContainer extends WeaviateContainer {
+
+  public WeaviateWithRbacContainer(String dockerImageName, String admin, String... viewers) {
+    super(dockerImageName);
+
+    withEnv("AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED", "false");
+    withEnv("AUTHENTICATION_APIKEY_ENABLED", "true");
+    withEnv("AUTHORIZATION_RBAC_ENABLED", "true");
+    withEnv("AUTHENTICATION_APIKEY_ALLOWED_KEYS", makeSecret(admin));
+    withEnv("AUTHENTICATION_APIKEY_USERS", admin);
+    withEnv("AUTHORIZATION_ADMIN_USERS", admin);
+    withEnv("PERSISTENCE_DATA_PATH", "./data");
+    withEnv("BACKUP_FILESYSTEM_PATH", "/tmp/backups");
+    withEnv("ENABLE_MODULES", "backup-filesystem");
+    withEnv("CLUSTER_GOSSIP_BIND_PORT", "7100");
+    withEnv("CLUSTER_DATA_BIND_PORT", "7101");
+
+    if (viewers.length > 0) {
+      withEnv("AUTHORIZATION_VIEWER_USERS", String.join(",", viewers));
+    }
+  }
+
+  /**
+   * Generate API secret for a username. When running an instance with
+   * authentication enabled, {@link WeaviateWithRbacContainer} will use this
+   * method to generate secrets for all users.
+   * Use this method to get a valid API key for a test client.
+   */
+  public static String makeSecret(String user) {
+    return user + "-secret";
+  }
+}
diff --git a/src/test/java/io/weaviate/integration/tests/rbac/ClientRbacTestSuite.java b/src/test/java/io/weaviate/integration/tests/rbac/ClientRbacTestSuite.java
@@ -16,6 +16,7 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
+import org.testcontainers.weaviate.WeaviateContainer;
 
 import com.jparams.junit4.JParamsTestRunner;
 import com.jparams.junit4.data.DataMethod;
@@ -32,25 +33,27 @@
 import io.weaviate.client.v1.rbac.model.Role;
 import io.weaviate.client.v1.rbac.model.RolesPermission;
 import io.weaviate.client.v1.rbac.model.TenantsPermission;
-import io.weaviate.integration.client.WeaviateDockerCompose;
-import io.weaviate.integration.client.WeaviateDockerCompose.Weaviate;
+import io.weaviate.integration.client.WeaviateDockerImage;
+import io.weaviate.integration.client.WeaviateWithRbacContainer;
 
 @RunWith(JParamsTestRunner.class)
 public class ClientRbacTestSuite {
 
   private static final String adminRole = "admin";
   private static final String viewerRole = "viewer";
   private static final String adminUser = "john-doe";
-  private static final String API_KEY = Weaviate.makeSecret(adminUser);
+  private static final String API_KEY = WeaviateWithRbacContainer.makeSecret(adminUser);
 
   @Rule
   public TestName currentTest = new TestName();
 
   @ClassRule
-  public static WeaviateDockerCompose compose = WeaviateDockerCompose.rbac(adminUser);
+  public static WeaviateContainer weaviate = new WeaviateWithRbacContainer(
+      WeaviateDockerImage.WEAVIATE_DOCKER_IMAGE,
+      adminUser);
 
   public static Config config() {
-    return new Config("http", compose.getHttpHostAddress());
+    return new Config("http", weaviate.getHttpHostAddress());
   }
 
   public static Object[][] clients() {
@@ -113,9 +116,6 @@ public void testGetAssignedUsers(Supplier<Rbac> rbac) {
     assertEquals(adminUser, users.get(0), "wrong user assinged to " + adminRole + " role");
   }
 
-  // TODO: check if I can create a role with a name that's not a valid URL
-  // paramter
-
   /**
    * Created role should have all of the permissions it was created with.
    * Tests addition and fetching the role to.
