Extended core support by implementing ACL SETUSER, GETUSER, DRYRUN (#1193)

vladvildanov · web-flow · commit 0e019cc08d0e · 2023-03-15T14:57:12.000+02:00
* Added support for ACL GETUSER, SETUSER, DRYRUN commands

* Change test to support Redis &gt; 6.0.0

* Removed selectors check
diff --git a/examples/Commands/acl_dry_run.php b/examples/Commands/acl_dry_run.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Predis\Client;
+
+require __DIR__ . '/../shared.php';
+
+// Example of ACL DRYRUN command usage:
+
+// 1. Set user with permissions to call only 'SET' command.
+$client = new Client($single_server);
+$response = $client->acl->setUser('Test_dry', '+SET', '~*');
+$created = ($response == 'OK') ? 'Yes' : 'No';
+
+echo "User with username 'Test' was created: {$created}. Permissions only to use SET command\n";
+
+// 2. Dry run 'SET' command under 'Test_dry' user
+$response = $client->acl->dryRun('Test_dry', 'SET', 'foo', 'bar');
+
+echo 'Dry run "SET" command.' . "\n";
+echo 'Response: ' . $response . "\n";
+
+// 3. Dry run 'GET' command under 'Test_dry' user
+$response = $client->acl->dryRun('Test_dry', 'GET', 'foo');
+
+echo 'Dry run "GET" command.' . "\n";
+echo 'Response: ' . $response;
diff --git a/examples/Commands/acl_get_user.php b/examples/Commands/acl_get_user.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Predis\Client;
+
+require __DIR__ . '/../shared.php';
+
+// Example of ACL GETUSER command usage:
+
+// 1. Set user
+$client = new Client($single_server);
+$response = $client->acl->setUser('Test');
+
+// 2. Retrieve user rules:
+
+echo 'Rules: ' . "\n";
+print_r(
+    $client->acl->getUser('Test')
+);
diff --git a/examples/Commands/acl_set_user.php b/examples/Commands/acl_set_user.php
@@ -0,0 +1,24 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Predis\Client;
+
+require __DIR__ . '/../shared.php';
+
+// Example of ACL SETUSER command usage:
+
+// 1. Set user
+$client = new Client($single_server);
+$response = $client->acl->setUser('Test');
+$created = ($response == 'OK') ? 'Yes' : 'No';
+
+echo "User with username 'Test' was created: {$created}";
diff --git a/src/ClientContextInterface.php b/src/ClientContextInterface.php
@@ -17,6 +17,7 @@
 use Predis\Command\Argument\Server\LimitOffsetCount;
 use Predis\Command\Argument\Server\To;
 use Predis\Command\CommandInterface;
+use Predis\Command\Redis\Container\ACL;
 use Predis\Command\Redis\Container\FunctionContainer;
 
 /**
@@ -206,6 +207,7 @@
  *
  * Container commands
  * @property FunctionContainer $function
+ * @property ACL               $acl
  */
 interface ClientContextInterface
 {
diff --git a/src/ClientInterface.php b/src/ClientInterface.php
@@ -18,6 +18,7 @@
 use Predis\Command\Argument\Server\To;
 use Predis\Command\CommandInterface;
 use Predis\Command\FactoryInterface;
+use Predis\Command\Redis\Container\ACL;
 use Predis\Command\Redis\Container\FunctionContainer;
 use Predis\Configuration\OptionsInterface;
 use Predis\Connection\ConnectionInterface;
@@ -224,6 +225,7 @@
  *
  * Container commands
  * @property FunctionContainer $function
+ * @property ACL               $acl
  */
 interface ClientInterface
 {
diff --git a/src/Command/Redis/ACL.php b/src/Command/Redis/ACL.php
@@ -0,0 +1,29 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Predis\Command\Redis;
+
+use Predis\Command\Command as RedisCommand;
+
+/**
+ * @see https://redis.io/commands/?name=ACL
+ *
+ * Container command corresponds to any ACL *.
+ * Represents any ACL command with subcommand as first argument.
+ */
+class ACL extends RedisCommand
+{
+    public function getId()
+    {
+        return 'ACL';
+    }
+}
diff --git a/src/Command/Redis/Container/ACL.php b/src/Command/Redis/Container/ACL.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Predis\Command\Redis\Container;
+
+use Predis\Response\Status;
+
+/**
+ * @method Status dryRun(string $username, string $command, ...$arguments)
+ * @method array  getUser(string $username)
+ * @method Status setUser(string $username, string ...$rules)
+ */
+class ACL extends AbstractContainer
+{
+    public function getContainerCommandId(): string
+    {
+        return 'acl';
+    }
+}
diff --git a/tests/Predis/Command/Redis/ACL_Test.php b/tests/Predis/Command/Redis/ACL_Test.php
@@ -0,0 +1,149 @@
+<?php
+
+/*
+ * This file is part of the Predis package.
+ *
+ * (c) 2009-2020 Daniele Alessandri
+ * (c) 2021-2023 Till Krüss
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Predis\Command\Redis;
+
+use Predis\Response\ServerException;
+
+class ACL_Test extends PredisCommandTestCase
+{
+    /**
+     * {@inheritDoc}
+     */
+    protected function getExpectedCommand(): string
+    {
+        return ACL::class;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected function getExpectedId(): string
+    {
+        return 'ACL';
+    }
+
+    /**
+     * @group disconnected
+     */
+    public function testSetUserFilterArguments(): void
+    {
+        $arguments = ['SETUSER', 'username', 'rule1', 'rule2'];
+        $expected = ['SETUSER', 'username', 'rule1', 'rule2'];
+
+        $command = $this->getCommand();
+        $command->setArguments($arguments);
+
+        $this->assertSameValues($expected, $command->getArguments());
+    }
+
+    /**
+     * @group disconnected
+     */
+    public function testDryRunFilterArguments(): void
+    {
+        $arguments = ['DRYRUN', 'username', 'command', 'arg1', 'arg2'];
+        $expected = ['DRYRUN', 'username', 'command', 'arg1', 'arg2'];
+
+        $command = $this->getCommand();
+        $command->setArguments($arguments);
+
+        $this->assertSameValues($expected, $command->getArguments());
+    }
+
+    /**
+     * @group disconnected
+     */
+    public function testGetUserFilterArguments(): void
+    {
+        $arguments = ['GETUSER', 'username'];
+        $expected = ['GETUSER', 'username'];
+
+        $command = $this->getCommand();
+        $command->setArguments($arguments);
+
+        $this->assertSameValues($expected, $command->getArguments());
+    }
+
+    /**
+     * @group connected
+     * @return void
+     * @requiresRedisVersion >= 6.0.0
+     */
+    public function testSetUserCreatesACLUser(): void
+    {
+        $redis = $this->getClient();
+
+        $this->assertEquals('OK', $redis->acl->setUser('Test'));
+    }
+
+    /**
+     * @group connected
+     * @return void
+     * @requiresRedisVersion >= 7.0.0
+     */
+    public function testDryRunSimulateExecutionOfGivenCommandByUser(): void
+    {
+        $redis = $this->getClient();
+
+        $this->assertEquals('OK', $redis->acl->setUser('Test', '+SET', '~*'));
+        $this->assertEquals(
+            'OK',
+            $redis->acl->dryRun('Test', 'SET', 'foo', 'bar')
+        );
+        $this->assertEquals(
+            "This user has no permissions to run the 'get' command",
+            $redis->acl->dryRun('Test', 'GET', 'foo')
+        );
+    }
+
+    /**
+     * @group connected
+     * @return void
+     * @requiresRedisVersion >= 6.0.0
+     */
+    public function testGetUserReturnsUserDefinedRules(): void
+    {
+        $redis = $this->getClient();
+
+        $this->assertEquals(
+            'OK',
+            $redis->acl->setUser(
+                'alan',
+                'allkeys',
+                '+@string',
+                '+@set',
+                '-SADD',
+                '>alanpassword'
+            )
+        );
+
+        foreach (['flags', 'passwords', 'commands', 'keys', 'channels'] as $key) {
+            $this->assertContains($key, $redis->acl->getUser('alan'));
+        }
+    }
+
+    /**
+     * @group connected
+     * @return void
+     * @requiresRedisVersion >= 6.0.0
+     */
+    public function testSetUserThrowsExceptionOnIncorrectRuleProvided(): void
+    {
+        $redis = $this->getClient();
+
+        $this->expectException(ServerException::class);
+        $this->expectExceptionMessage("ERR Error in ACL SETUSER modifier 'foobar'");
+
+        $redis->acl->setUser('Test', 'foobar');
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`use Predis\Command\Argument\Server\LimitOffsetCount;`
`18`	`18`	`use Predis\Command\Argument\Server\To;`
`19`	`19`	`use Predis\Command\CommandInterface;`
	`20`	`+use Predis\Command\Redis\Container\ACL;`
`20`	`21`	`use Predis\Command\Redis\Container\FunctionContainer;`
`21`	`22`
`22`	`23`	`/**`
`@@ -206,6 +207,7 @@`
`206`	`207`	`*`
`207`	`208`	`* Container commands`
`208`	`209`	`* @property FunctionContainer $function`
	`210`	`+ * @property ACL $acl`
`209`	`211`	`*/`
`210`	`212`	`interface ClientContextInterface`
`211`	`213`	`{`