mirror of
https://github.com/paralus/paralus.git
synced 2026-05-08 01:17:08 +00:00
df810ab45a
This was done inorder to support transactions which will be done in the next PR. This is the first step towards that.
415 lines
22 KiB
Go
415 lines
22 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/DATA-DOG/go-sqlmock"
|
|
"github.com/RafaySystems/rcloud-base/pkg/common"
|
|
v3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
|
|
userv3 "github.com/RafaySystems/rcloud-base/proto/types/userpb/v3"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func performUserBasicChecks(t *testing.T, user *userv3.User, uuuid string) {
|
|
_, err := uuid.Parse(user.GetMetadata().GetOrganization())
|
|
if err == nil {
|
|
t.Error("org in metadata should be name not id")
|
|
}
|
|
_, err = uuid.Parse(user.GetMetadata().GetPartner())
|
|
if err == nil {
|
|
t.Error("partner in metadata should be name not id")
|
|
}
|
|
}
|
|
|
|
func performUserBasicAuthzChecks(t *testing.T, mazc mockAuthzClient, uuuid string, roles []*userv3.ProjectNamespaceRole) {
|
|
if len(mazc.cp) > 0 {
|
|
for i, u := range mazc.cp[len(mazc.cp)-1].Policies {
|
|
if u.Sub != "u:user-"+uuuid {
|
|
t.Errorf("invalid sub in policy sent to authz; expected '%v', got '%v'", "u:user-"+uuuid, u.Sub)
|
|
}
|
|
if u.Obj != roles[i].Role {
|
|
t.Errorf("invalid obj in policy sent to authz; expected '%v', got '%v'", roles[i].Role, u.Obj)
|
|
}
|
|
if roles[i].Namespace != nil {
|
|
if u.Ns != fmt.Sprint(*roles[i].Namespace) {
|
|
t.Errorf("invalid ns in policy sent to authz; expected '%v', got '%v'", fmt.Sprint(roles[i].Namespace), u.Ns)
|
|
}
|
|
} else {
|
|
if u.Ns != "*" {
|
|
t.Errorf("invalid ns in policy sent to authz; expected '%v', got '%v'", "*", u.Ns)
|
|
}
|
|
}
|
|
if roles[i].Project != nil {
|
|
if u.Proj != *roles[i].Project {
|
|
t.Errorf("invalid proj in policy sent to authz; expected '%v', got '%v'", roles[i].Project, u.Proj)
|
|
}
|
|
} else {
|
|
if u.Proj != "*" {
|
|
t.Errorf("invalid proj in policy sent to authz; expected '%v', got '%v'", "*", u.Proj)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestCreateUser(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
|
|
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "user-" + uuuid},
|
|
Spec: &userv3.UserSpec{},
|
|
}
|
|
user, err := us.Create(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not create user:", err)
|
|
}
|
|
performUserBasicChecks(t, user, uuuid)
|
|
if user.GetMetadata().GetName() != "user-"+uuuid {
|
|
t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName())
|
|
}
|
|
performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0)
|
|
}
|
|
|
|
func TestCreateUserWithRole(t *testing.T) {
|
|
pruuid := uuid.New().String()
|
|
prname := "project-" + pruuid
|
|
ruuid := uuid.New().String()
|
|
rname := "project-" + ruuid
|
|
var namespaceid int64 = 7
|
|
tt := []struct {
|
|
name string
|
|
roles []*userv3.ProjectNamespaceRole
|
|
dbname string
|
|
shouldfail bool
|
|
}{
|
|
{"just role", []*userv3.ProjectNamespaceRole{{Role: rname}}, "authsrv_accountresourcerole", false},
|
|
{"just project", []*userv3.ProjectNamespaceRole{{Project: &prname}}, "authsrv_accountrole", true}, // no role creation without role
|
|
{"just namespace", []*userv3.ProjectNamespaceRole{{Namespace: &namespaceid}}, "authsrv_accountrole", true}, // no role creation without role,
|
|
{"project and namespace", []*userv3.ProjectNamespaceRole{{Project: &prname, Namespace: &namespaceid}}, "authsrv_accountrole", true}, // no role creation without role,
|
|
{"project and role", []*userv3.ProjectNamespaceRole{{Project: &prname, Role: rname}}, "authsrv_projectaccountresourcerole", false},
|
|
{"project role namespace", []*userv3.ProjectNamespaceRole{{Project: &prname, Namespace: &namespaceid, Role: rname}}, "authsrv_projectaccountnamespacerole", false},
|
|
}
|
|
|
|
for _, tc := range tt {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
pruuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
|
|
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
|
|
mock.ExpectQuery(`SELECT "resourcerole"."id" FROM "authsrv_resourcerole" AS "resourcerole"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(pruuid))
|
|
if tc.roles[0].Project != nil {
|
|
mock.ExpectQuery(`SELECT "project"."id" FROM "authsrv_project" AS "project"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(pruuid))
|
|
}
|
|
mock.ExpectQuery(fmt.Sprintf(`INSERT INTO "%v"`, tc.dbname)).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(uuid.New().String()))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "user-" + uuuid},
|
|
Spec: &userv3.UserSpec{ProjectNamespaceRoles: tc.roles},
|
|
}
|
|
user, err := us.Create(context.Background(), user)
|
|
if tc.shouldfail {
|
|
if err == nil {
|
|
// TODO: check for proper error messages
|
|
t.Fatal("expected user not to be created, but was created")
|
|
} else {
|
|
return
|
|
}
|
|
}
|
|
if err != nil {
|
|
t.Fatal("could not create user:", err)
|
|
}
|
|
performUserBasicChecks(t, user, uuuid)
|
|
if user.GetMetadata().GetName() != "user-"+uuuid {
|
|
t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName())
|
|
}
|
|
|
|
performBasicAuthProviderChecks(t, *ap, 1, 0, 1, 0)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestUpdateUser(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
|
|
pruuid := uuid.New().String()
|
|
prname := "project-" + pruuid
|
|
ruuid := uuid.New().String()
|
|
rname := "project-" + ruuid
|
|
var namespaceid int64 = 7
|
|
|
|
// performing update
|
|
mock.ExpectQuery(`SELECT "identities"."id" FROM "identities" WHERE .*traits ->> 'email' = 'user-` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "traits"}).AddRow(uuuid, []byte(`{"email":"johndoe@provider.com"}`)))
|
|
mock.ExpectQuery(`SELECT "partner"."id" FROM "authsrv_partner" AS "partner"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(puuid))
|
|
mock.ExpectQuery(`SELECT "organization"."id" FROM "authsrv_organization" AS "organization"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(ouuid))
|
|
mock.ExpectExec(`UPDATE "authsrv_accountresourcerole" AS "accountresourcerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
mock.ExpectExec(`UPDATE "authsrv_projectaccountresourcerole" AS "projectaccountresourcerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
mock.ExpectExec(`UPDATE "authsrv_projectaccountnamespacerole" AS "projectaccountnamespacerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
mock.ExpectQuery(`SELECT "resourcerole"."id" FROM "authsrv_resourcerole" AS "resourcerole"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(pruuid))
|
|
mock.ExpectQuery(`SELECT "project"."id" FROM "authsrv_project" AS "project"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(pruuid))
|
|
mock.ExpectQuery(`INSERT INTO "authsrv_projectaccountnamespacerole"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(uuid.New().String()))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "user-" + uuuid},
|
|
Spec: &userv3.UserSpec{ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Project: &prname, Namespace: &namespaceid, Role: rname}}},
|
|
}
|
|
user, err := us.Update(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not create user:", err)
|
|
}
|
|
performUserBasicChecks(t, user, uuuid)
|
|
if user.GetMetadata().GetName() != "user-"+uuuid {
|
|
t.Errorf("expected name 'user-%v'; got '%v'", uuuid, user.GetMetadata().GetName())
|
|
}
|
|
performBasicAuthProviderChecks(t, *ap, 0, 1, 0, 0)
|
|
}
|
|
|
|
func TestUserGetByName(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
guuid := uuid.New().String()
|
|
ruuid := uuid.New().String()
|
|
pruuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "identities"."id", .* FROM "identities" WHERE .*traits ->> 'email' = 'user-` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "traits"}).AddRow(uuuid, []byte(`{"email":"johndoe@provider.com", "first_name": "John", "last_name": "Doe", "organization_id": "`+ouuid+`", "partner_id": "`+puuid+`", "description": "My awesome user"}`)))
|
|
mock.ExpectQuery(`SELECT "group"."id".* FROM "authsrv_group" AS "group" JOIN authsrv_groupaccount ON authsrv_groupaccount.group_id="group".id WHERE .authsrv_groupaccount.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
|
|
AddRow("group-" + guuid).AddRow("group2-" + guuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role FROM "authsrv_accountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id WHERE .authsrv_accountresourcerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role"}).AddRow("role-" + ruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project FROM "authsrv_projectaccountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id WHERE .authsrv_projectaccountresourcerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project"}).AddRow("role-"+ruuid, "project-"+pruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project, namespace_id as namespace FROM "authsrv_projectaccountnamespacerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id WHERE .authsrv_projectaccountnamespacerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project", "namespace"}).AddRow("role-"+ruuid, "project-"+pruuid, 9))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "user-" + uuuid},
|
|
}
|
|
user, err := us.GetByName(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not get user:", err)
|
|
}
|
|
performUserBasicChecks(t, user, uuuid)
|
|
if user.GetMetadata().GetName() != "johndoe@provider.com" {
|
|
t.Errorf("invalid email for user, expected johndoe@provider.com; got '%v'", user.GetMetadata().GetName())
|
|
}
|
|
if len(user.GetSpec().GetGroups()) != 2 {
|
|
t.Errorf("invalid number of groups returned for user, expected 2; got '%v'", len(user.GetSpec().GetGroups()))
|
|
}
|
|
if len(user.GetSpec().GetProjectNamespaceRoles()) != 3 {
|
|
t.Errorf("invalid number of roles returned for user, expected 3; got '%v'", len(user.GetSpec().GetProjectNamespaceRoles()))
|
|
}
|
|
if user.GetSpec().GetProjectNamespaceRoles()[2].GetNamespace() != 9 {
|
|
t.Errorf("invalid namespace in role returned for user, expected 9; got '%v'", user.GetSpec().GetProjectNamespaceRoles()[2].Namespace)
|
|
}
|
|
performBasicAuthProviderChecks(t, *ap, 0, 0, 0, 0)
|
|
}
|
|
|
|
func TestUserGetById(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
guuid := uuid.New().String()
|
|
ruuid := uuid.New().String()
|
|
pruuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "identities"."id",.* FROM "identities" WHERE .*id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "traits"}).AddRow(uuuid, []byte(`{"email":"johndoe@provider.com", "first_name": "John", "last_name": "Doe", "organization_id": "`+ouuid+`", "partner_id": "`+puuid+`", "description": "My awesome user"}`)))
|
|
mock.ExpectQuery(`SELECT "group"."id".* FROM "authsrv_group" AS "group" JOIN authsrv_groupaccount ON authsrv_groupaccount.group_id="group".id WHERE .authsrv_groupaccount.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
|
|
AddRow("group-" + guuid).AddRow("group2-" + guuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role FROM "authsrv_accountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id WHERE .authsrv_accountresourcerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role"}).AddRow("role-" + ruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project FROM "authsrv_projectaccountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id WHERE .authsrv_projectaccountresourcerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project"}).AddRow("role-"+ruuid, "project-"+pruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project, namespace_id as namespace FROM "authsrv_projectaccountnamespacerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id WHERE .authsrv_projectaccountnamespacerole.account_id = '` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project", "namespace"}).AddRow("role-"+ruuid, "project-"+pruuid, 9))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Id: uuuid},
|
|
}
|
|
user, err := us.GetByID(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not get user:", err)
|
|
}
|
|
performUserBasicChecks(t, user, uuuid)
|
|
if len(user.GetSpec().GetGroups()) != 2 {
|
|
t.Errorf("invalid number of groups returned for user, expected 2; got '%v'", len(user.GetSpec().GetGroups()))
|
|
}
|
|
if len(user.GetSpec().GetProjectNamespaceRoles()) != 3 {
|
|
t.Errorf("invalid number of roles returned for user, expected 3; got '%v'", len(user.GetSpec().GetProjectNamespaceRoles()))
|
|
}
|
|
if user.GetSpec().GetProjectNamespaceRoles()[2].GetNamespace() != 9 {
|
|
t.Errorf("invalid namespace in role returned for user, expected 9; got '%v'", user.GetSpec().GetProjectNamespaceRoles()[2].Namespace)
|
|
}
|
|
|
|
performBasicAuthProviderChecks(t, *ap, 0, 0, 0, 0)
|
|
}
|
|
|
|
func TestUserList(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid1 := uuid.New().String()
|
|
uuuid2 := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
guuid := uuid.New().String()
|
|
ruuid := uuid.New().String()
|
|
pruuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "identities"."id",.* FROM "identities"`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "traits"}).
|
|
AddRow(uuuid1, []byte(`{"email":"johndoe@provider.com", "first_name": "John", "last_name": "Doe", "organization_id": "`+ouuid+`", "partner_id": "`+puuid+`", "description": "My awesome user"}`)).
|
|
AddRow(uuuid2, []byte(`{"email":"johndoe@provider.com", "first_name": "John", "last_name": "Doe", "organization_id": "`+ouuid+`", "partner_id": "`+puuid+`", "description": "My awesome user"}`)))
|
|
|
|
mock.ExpectQuery(`SELECT "group"."id".* FROM "authsrv_group" AS "group" JOIN authsrv_groupaccount ON authsrv_groupaccount.group_id="group".id WHERE .authsrv_groupaccount.account_id = '` + uuuid1 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
|
|
AddRow("group-" + guuid).AddRow("group2-" + guuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role FROM "authsrv_accountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id WHERE .authsrv_accountresourcerole.account_id = '` + uuuid1 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role"}).AddRow("role-" + ruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project FROM "authsrv_projectaccountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id WHERE .authsrv_projectaccountresourcerole.account_id = '` + uuuid1 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project"}).AddRow("role-"+ruuid, "project-"+pruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project, namespace_id as namespace FROM "authsrv_projectaccountnamespacerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id WHERE .authsrv_projectaccountnamespacerole.account_id = '` + uuuid1 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project", "namespace"}).AddRow("role-"+ruuid, "project-"+pruuid, 9))
|
|
|
|
mock.ExpectQuery(`SELECT "group"."id".* FROM "authsrv_group" AS "group" JOIN authsrv_groupaccount ON authsrv_groupaccount.group_id="group".id WHERE .authsrv_groupaccount.account_id = '` + uuuid2 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"name"}).
|
|
AddRow("group-" + guuid).AddRow("group2-" + guuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role FROM "authsrv_accountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id WHERE .authsrv_accountresourcerole.account_id = '` + uuuid2 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role"}).AddRow("role-" + ruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project FROM "authsrv_projectaccountresourcerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id WHERE .authsrv_projectaccountresourcerole.account_id = '` + uuuid2 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project"}).AddRow("role-"+ruuid, "project-"+pruuid))
|
|
mock.ExpectQuery(`SELECT authsrv_resourcerole.name as role, authsrv_project.name as project, namespace_id as namespace FROM "authsrv_projectaccountnamespacerole" JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id WHERE .authsrv_projectaccountnamespacerole.account_id = '` + uuuid2 + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"role", "project", "namespace"}).AddRow("role-"+ruuid, "project-"+pruuid, 9))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid},
|
|
}
|
|
userlist, err := us.List(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not list users:", err)
|
|
}
|
|
if userlist.Metadata.Count != 2 {
|
|
t.Errorf("incorrect number of users returned, expected 2; got %v", userlist.Metadata.Count)
|
|
}
|
|
if userlist.Items[0].Metadata.Name != "johndoe@provider.com" || userlist.Items[1].Metadata.Name != "johndoe@provider.com" {
|
|
t.Errorf("incorrect user names returned when listing; expected '%v' and '%v'; got '%v' and '%v'", "johndoe@provider.com", "johndoe@provider.com", userlist.Items[0].Metadata.Name, userlist.Items[1].Metadata.Name)
|
|
}
|
|
if len(userlist.Items[0].GetSpec().GetGroups()) != 2 {
|
|
t.Errorf("invalid number of groups returned for user, expected 2; got '%v'", len(userlist.Items[0].GetSpec().GetGroups()))
|
|
}
|
|
|
|
if len(userlist.Items[0].GetSpec().GetProjectNamespaceRoles()) != 3 {
|
|
t.Errorf("invalid number of roles returned for user, expected 3; got '%v'", len(userlist.Items[0].GetSpec().GetProjectNamespaceRoles()))
|
|
}
|
|
if userlist.Items[0].GetSpec().GetProjectNamespaceRoles()[2].GetNamespace() != 9 {
|
|
t.Errorf("invalid namespace in role returned for user, expected 9; got '%v'", userlist.Items[0].GetSpec().GetProjectNamespaceRoles()[2].Namespace)
|
|
}
|
|
|
|
performBasicAuthProviderChecks(t, *ap, 0, 0, 0, 0)
|
|
}
|
|
|
|
func TestUserDelete(t *testing.T) {
|
|
db, mock := getDB(t)
|
|
defer db.Close()
|
|
|
|
ap := &mockAuthProvider{}
|
|
mazc := mockAuthzClient{}
|
|
us := NewUserService(ap, db, &mazc, nil, common.CliConfigDownloadData{})
|
|
|
|
uuuid := uuid.New().String()
|
|
puuid := uuid.New().String()
|
|
ouuid := uuid.New().String()
|
|
|
|
mock.ExpectQuery(`SELECT "identities"."id" FROM "identities" WHERE .*traits ->> 'email' = 'user-` + uuuid + `'`).
|
|
WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "traits"}).AddRow(uuuid, []byte(`{"email":"johndoe@provider.com"}`)))
|
|
mock.ExpectExec(`UPDATE "authsrv_accountresourcerole" AS "accountresourcerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
mock.ExpectExec(`UPDATE "authsrv_projectaccountresourcerole" AS "projectaccountresourcerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
mock.ExpectExec(`UPDATE "authsrv_projectaccountnamespacerole" AS "projectaccountnamespacerole" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
// User delete is via kratos
|
|
mock.ExpectExec(`UPDATE "authsrv_groupaccount" AS "groupaccount" SET trash = TRUE WHERE`).
|
|
WillReturnResult(sqlmock.NewResult(1, 1))
|
|
|
|
user := &userv3.User{
|
|
Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "user-" + uuuid},
|
|
}
|
|
_, err := us.Delete(context.Background(), user)
|
|
if err != nil {
|
|
t.Fatal("could not delete user:", err)
|
|
}
|
|
|
|
performBasicAuthProviderChecks(t, *ap, 0, 0, 0, 1)
|
|
}
|