github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-10 02:16:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ea4e264e5068676adb2ffffbfa7603905a97018
paralus/pkg/service/role_test.go
Abin Simon 89379fe07f Fix tests after audit log changes
2022-04-08 17:42:26 +05:30

354 lines
16 KiB
Go
Raw Blame History

package service
import (
"context"
"fmt"
"testing"
"github.com/DATA-DOG/go-sqlmock"
v3 "github.com/RafayLabs/rcloud-base/proto/types/commonpb/v3"
rolev3 "github.com/RafayLabs/rcloud-base/proto/types/rolepb/v3"
"github.com/google/uuid"
)
func performRoleBasicChecks(t *testing.T, role *rolev3.Role, ruuid string) {
_, err := uuid.Parse(role.GetMetadata().GetOrganization())
if err == nil {
t.Error("org in metadata should be name not id")
}
_, err = uuid.Parse(role.GetMetadata().GetPartner())
if err == nil {
t.Error("partner in metadata should be name not id")
}
if role.GetMetadata().GetName() != "role-"+ruuid {
t.Error("invalid name returned")
}
}
func performRoleBasicAuthzChecks(t *testing.T, mazc mockAuthzClient, ruuid string) {
if len(mazc.drpm) > 0 {
if mazc.drpm[len(mazc.drpm)-1].Role != "role-"+ruuid {
t.Errorf("incorrect role sent to authz; expected '%v' got '%v'", "role-"+ruuid, mazc.drpm[len(mazc.drpm)-1].Role)
}
}
if len(mazc.crpm) > 0 {
if len(mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList) != 1 {
t.Errorf("invalid number of roles sent to authz; expected 1, got '%v'", len(mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList))
}
if mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Role != "role-"+ruuid {
t.Errorf("incorrect role sent to authz; expected '%v' got '%v'", "role-"+ruuid, mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Role)
}
if len(mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Permission) != 1 {
t.Errorf("incorrect number of permissions sent to authz; expected '1', got '%v'", len(mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Permission))
}
if mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Permission[0] != "ops_star.all" {
t.Errorf("incorrect permissions sent to authz; expected 'ops_star.all', got '%v'", mazc.crpm[len(mazc.crpm)-1].RolePermissionMappingList[0].Permission[0])
}
}
}
func TestCreateRole(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "resourcerole"."id" FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`).
WillReturnError(fmt.Errorf("no data available"))
mock.ExpectBegin()
// TODO: more precise checks
mock.ExpectQuery(`INSERT INTO "authsrv_resourcerole"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ruuid))
mock.ExpectCommit()
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system"},
}
role, err := rs.Create(context.Background(), role)
if err != nil {
t.Fatal("could not create group:", err)
}
performRoleBasicChecks(t, role, ruuid)
}
func TestCreateRoleWithPermissions(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "resourcerole"."id" FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`).
WillReturnError(fmt.Errorf("no data available"))
mock.ExpectBegin()
mock.ExpectQuery(`INSERT INTO "authsrv_resourcerole"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ruuid))
mock.ExpectQuery(`SELECT "resourcepermission"."id" FROM "authsrv_resourcepermission" AS "resourcepermission" WHERE .name = 'ops_star.all'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(uuid.New().String()))
mock.ExpectQuery(`INSERT INTO "authsrv_resourcerolepermission"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(uuid.New().String()))
mock.ExpectCommit()
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}},
}
role, err := rs.Create(context.Background(), role)
if err != nil {
t.Fatal("could not create group:", err)
}
performRoleBasicChecks(t, role, ruuid)
}
func TestCreateRoleDuplicate(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(` SELECT "resourcerole"."id" FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ruuid))
mock.ExpectBegin()
// TODO: more precise checks
mock.ExpectQuery(`INSERT INTO "authsrv_resourcerole"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ruuid))
mock.ExpectCommit()
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system"},
}
_, err := rs.Create(context.Background(), role)
if err == nil {
t.Error("should not be able to recreate group with same name")
}
}
func TestUpdateRole(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .*FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name", "organization_id", "partner_id"}).AddRow(ruuid, "role-"+ruuid, ouuid, puuid))
mock.ExpectBegin()
mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET "name" = 'role-` + ruuid + `', .*"organization_id" = '` + ouuid + `', "partner_id" = '` + puuid + `', "is_global" = TRUE, "scope" = 'system' WHERE .id = '` + ruuid + `'.`).
WillReturnResult(sqlmock.NewResult(1, 1))
mock.ExpectExec(`UPDATE "authsrv_resourcerolepermission" AS "resourcerolepermission" SET trash = TRUE WHERE ."resource_role_id" = '` + ruuid + `'.`).
WillReturnResult(sqlmock.NewResult(1, 1))
mock.ExpectQuery(`SELECT "resourcepermission"."id" FROM "authsrv_resourcepermission" AS "resourcepermission" WHERE .name = 'ops_star.all'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("ops_star.all"))
mock.ExpectQuery(`INSERT INTO "authsrv_resourcerolepermission"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ruuid))
mock.ExpectCommit()
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}},
}
role, err := rs.Update(context.Background(), role)
if err != nil {
t.Fatal("could not update role:", err)
}
performRoleBasicChecks(t, role, ruuid)
}
func TestRoleDelete(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .* FROM "authsrv_resourcerole" AS "resourcerole" WHERE`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(ruuid, "role-"+ruuid))
mock.ExpectBegin()
mock.ExpectExec(`UPDATE "authsrv_resourcerolepermission" AS "resourcerolepermission" SET trash = TRUE WHERE ."resource_role_id" = '` + ruuid + `'.`).
WillReturnResult(sqlmock.NewResult(1, 1))
mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET trash = TRUE WHERE .id = '` + ruuid + `'.`).
WillReturnResult(sqlmock.NewResult(1, 1))
mock.ExpectCommit()
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
}
_, err := rs.Delete(context.Background(), role)
if err != nil {
t.Error("could not delete role:", err)
}
}
func TestRoleDeleteNonExist(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .* FROM "authsrv_resourcerole" AS "resourcerole" WHERE`).
WithArgs().WillReturnError(fmt.Errorf("No data available"))
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
}
_, err := rs.Delete(context.Background(), role)
if err == nil {
t.Error("deleted non existent role")
}
}
func TestRoleGetByName(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
rruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .* FROM "authsrv_resourcerole" AS "resourcerole" WHERE .*name = 'role-` + ruuid + `'`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(ruuid, "role-"+ruuid))
mock.ExpectQuery(`SELECT authsrv_resourcepermission.name as name FROM "authsrv_resourcepermission" JOIN authsrv_resourcerolepermission ON authsrv_resourcerolepermission.resource_permission_id=authsrv_resourcepermission.id WHERE .authsrv_resourcerolepermission.resource_role_id = '` + ruuid + `'`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(rruuid, "resourcerole-"+rruuid))
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
}
role, err := rs.GetByName(context.Background(), role)
if err != nil {
t.Fatal("could not get role:", err)
}
performRoleBasicChecks(t, role, ruuid)
}
func TestRoleGetById(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid := uuid.New().String()
rruuid := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .* FROM "authsrv_resourcerole" AS "resourcerole" WHERE .*id = '` + ruuid + `'`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(ruuid, "role-"+ruuid))
mock.ExpectQuery(`SELECT authsrv_resourcepermission.name as name FROM "authsrv_resourcepermission" JOIN authsrv_resourcerolepermission ON authsrv_resourcerolepermission.resource_permission_id=authsrv_resourcepermission.id WHERE .authsrv_resourcerolepermission.resource_role_id = '` + ruuid + `'`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).AddRow(rruuid, "resourcerole-"+rruuid))
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Id: ruuid},
}
role, err := rs.GetByID(context.Background(), role)
if err != nil {
t.Fatal("could not get role:", err)
}
performRoleBasicChecks(t, role, ruuid)
}
func TestRoleList(t *testing.T) {
db, mock := getDB(t)
defer db.Close()
mazc := mockAuthzClient{}
rs := NewRoleService(db, &mazc, getLogger())
ruuid1 := uuid.New().String()
ruuid2 := uuid.New().String()
puuid := uuid.New().String()
ouuid := uuid.New().String()
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .*FROM "authsrv_resourcerole" AS "resourcerole" WHERE .partner_id = '` + puuid + `'. AND .organization_id = '` + ouuid + `'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name"}).
AddRow(ruuid1, "role-"+ruuid1).AddRow(ruuid2, "role-"+ruuid2))
mock.ExpectQuery(`SELECT authsrv_resourcepermission.name as name FROM "authsrv_resourcepermission" JOIN authsrv_resourcerolepermission ON authsrv_resourcerolepermission.resource_permission_id=authsrv_resourcepermission.id WHERE .authsrv_resourcerolepermission.resource_role_id = '` + ruuid1 + `'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
AddRow("ops_star.all"))
mock.ExpectQuery(`SELECT authsrv_resourcepermission.name as name FROM "authsrv_resourcepermission" JOIN authsrv_resourcerolepermission ON authsrv_resourcerolepermission.resource_permission_id=authsrv_resourcepermission.id WHERE .authsrv_resourcerolepermission.resource_role_id = '` + ruuid2 + `'.`).
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
AddRow("ops_star.all"))
role := &rolev3.Role{
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid},
}
rolelist, err := rs.List(context.Background(), role)
if err != nil {
t.Fatal("could not list roles:", err)
}
if rolelist.Metadata.Count != 2 {
t.Errorf("incorrect number of roles returned, expected 2; got %v", rolelist.Metadata.Count)
}
if rolelist.Items[0].Metadata.Name != "role-"+ruuid1 || rolelist.Items[1].Metadata.Name != "role-"+ruuid2 {
t.Errorf("incorrect role names returned when listing")
}
}
Reference in New Issue View Git Blame Copy Permalink