Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/authorizer/scraper_test.go

660 lines
16 KiB
Go
Raw Normal View History

feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
package authorizer_test
import (
"bytes"
"context"
"sort"
"testing"
"github.com/google/go-cmp/cmp"
refactor: rewrite imports to include the /v2 suffix for version 2
2020-04-03 17:39:20 +00:00
"github.com/influxdata/influxdb/v2"
"github.com/influxdata/influxdb/v2/authorizer"
influxdbcontext "github.com/influxdata/influxdb/v2/context"
fix: more expressive errors (#22448) * fix: more expressive errors Closes #22446 * fix: server only logging for untyped errors * chore: fix formatting
2021-09-13 19:12:35 +00:00
"github.com/influxdata/influxdb/v2/kit/platform"
"github.com/influxdata/influxdb/v2/kit/platform/errors"
refactor: rewrite imports to include the /v2 suffix for version 2
2020-04-03 17:39:20 +00:00
"github.com/influxdata/influxdb/v2/mock"
influxdbtesting "github.com/influxdata/influxdb/v2/testing"
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
)
var scraperCmpOptions = cmp.Options{
cmp.Comparer(func(x, y []byte) bool {
return bytes.Equal(x, y)
}),
cmp.Transformer("Sort", func(in []influxdb.ScraperTarget) []influxdb.ScraperTarget {
out := append([]influxdb.ScraperTarget(nil), in...) // Copy input to avoid mutating it
sort.Slice(out, func(i, j int) bool {
return out[i].ID.String() > out[j].ID.String()
})
return out
}),
}
func TestScraperTargetStoreService_GetTargetByID(t *testing.T) {
type fields struct {
ScraperTargetStoreService influxdb.ScraperTargetStoreService
}
type args struct {
permission influxdb.Permission
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
id platform.ID
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}
type wants struct {
err error
}
tests := []struct {
name string
fields fields
args args
wants wants
}{
{
name: "authorized to access id",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctx context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
ID: id,
OrgID: 10,
}, nil
},
},
},
args: args{
permission: influxdb.Permission{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
id: 1,
},
wants: wants{
err: nil,
},
},
{
name: "unauthorized to access id",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctx context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
ID: id,
OrgID: 10,
}, nil
},
},
},
args: args{
permission: influxdb.Permission{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(2),
},
},
id: 1,
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Msg: "read:orgs/000000000000000a/scrapers/0000000000000001 is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
s := authorizer.NewScraperTargetStoreService(tt.fields.ScraperTargetStoreService, mock.NewUserResourceMappingService(), mock.NewOrganizationService())
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
ctx := context.Background()
refactor(tenant): move bucket and urm auth layers to tenant service (#17474) Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 18:13:27 +00:00
ctx = influxdbcontext.SetAuthorizer(ctx, mock.NewMockAuthorizer(false, []influxdb.Permission{tt.args.permission}))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
_, err := s.GetTargetByID(ctx, tt.args.id)
influxdbtesting.ErrorsEqual(t, err, tt.wants.err)
})
}
}
func TestScraperTargetStoreService_ListTargets(t *testing.T) {
type fields struct {
ScraperTargetStoreService influxdb.ScraperTargetStoreService
}
type args struct {
permission influxdb.Permission
}
type wants struct {
err error
scrapers []influxdb.ScraperTarget
}
tests := []struct {
name string
fields fields
args args
wants wants
}{
{
name: "authorized to see all scrapers",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
ListTargetsF: func(ctx context.Context, filter influxdb.ScraperTargetFilter) ([]influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return []influxdb.ScraperTarget{
{
ID: 1,
OrgID: 10,
},
{
ID: 2,
OrgID: 10,
},
{
ID: 3,
OrgID: 11,
},
}, nil
},
},
},
args: args{
permission: influxdb.Permission{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
},
},
},
wants: wants{
scrapers: []influxdb.ScraperTarget{
{
ID: 1,
OrgID: 10,
},
{
ID: 2,
OrgID: 10,
},
{
ID: 3,
OrgID: 11,
},
},
},
},
{
name: "authorized to access a single orgs scrapers",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
ListTargetsF: func(ctx context.Context, filter influxdb.ScraperTargetFilter) ([]influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return []influxdb.ScraperTarget{
{
ID: 1,
OrgID: 10,
},
{
ID: 2,
OrgID: 10,
},
{
ID: 3,
OrgID: 11,
},
}, nil
},
},
},
args: args{
permission: influxdb.Permission{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
OrgID: influxdbtesting.IDPtr(10),
},
},
},
wants: wants{
scrapers: []influxdb.ScraperTarget{
{
ID: 1,
OrgID: 10,
},
{
ID: 2,
OrgID: 10,
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
s := authorizer.NewScraperTargetStoreService(tt.fields.ScraperTargetStoreService, mock.NewUserResourceMappingService(),
mock.NewOrganizationService())
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
ctx := context.Background()
refactor(tenant): move bucket and urm auth layers to tenant service (#17474) Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 18:13:27 +00:00
ctx = influxdbcontext.SetAuthorizer(ctx, mock.NewMockAuthorizer(false, []influxdb.Permission{tt.args.permission}))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
ts, err := s.ListTargets(ctx, influxdb.ScraperTargetFilter{})
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
influxdbtesting.ErrorsEqual(t, err, tt.wants.err)
if diff := cmp.Diff(ts, tt.wants.scrapers, scraperCmpOptions...); diff != "" {
t.Errorf("scrapers are different -got/+want\ndiff %s", diff)
}
})
}
}
func TestScraperTargetStoreService_UpdateTarget(t *testing.T) {
type fields struct {
ScraperTargetStoreService influxdb.ScraperTargetStoreService
}
type args struct {
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
id platform.ID
bucketID platform.ID
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
permissions []influxdb.Permission
}
type wants struct {
err error
}
tests := []struct {
name string
fields fields
args args
wants wants
}{
{
name: "authorized to update scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctc context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
ID: 1,
OrgID: 10,
BucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}, nil
},
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
UpdateTargetF: func(ctx context.Context, upd *influxdb.ScraperTarget, userID platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
ID: 1,
OrgID: 10,
BucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}, nil
},
},
},
args: args{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
id: 1,
bucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.BucketsResourceType,
ID: influxdbtesting.IDPtr(100),
},
},
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
wants: wants{
err: nil,
},
},
{
name: "unauthorized to update scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctc context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
ID: 1,
OrgID: 10,
BucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}, nil
},
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
UpdateTargetF: func(ctx context.Context, upd *influxdb.ScraperTarget, userID platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
ID: 1,
OrgID: 10,
BucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}, nil
},
},
},
args: args{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
id: 1,
bucketID: 100,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
},
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Msg: "write:orgs/000000000000000a/scrapers/0000000000000001 is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
{
name: "unauthorized to write to bucket",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctc context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
return &influxdb.ScraperTarget{
ID: 1,
OrgID: 10,
BucketID: 100,
}, nil
},
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
UpdateTargetF: func(ctx context.Context, upd *influxdb.ScraperTarget, userID platform.ID) (*influxdb.ScraperTarget, error) {
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
return &influxdb.ScraperTarget{
ID: 1,
OrgID: 10,
BucketID: 100,
}, nil
},
},
},
args: args{
id: 1,
bucketID: 100,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
},
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Msg: "write:orgs/000000000000000a/buckets/0000000000000064 is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
},
},
},
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
s := authorizer.NewScraperTargetStoreService(tt.fields.ScraperTargetStoreService, mock.NewUserResourceMappingService(),
mock.NewOrganizationService())
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
ctx := context.Background()
refactor(tenant): move bucket and urm auth layers to tenant service (#17474) Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 18:13:27 +00:00
ctx = influxdbcontext.SetAuthorizer(ctx, mock.NewMockAuthorizer(false, tt.args.permissions))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
_, err := s.UpdateTarget(ctx, &influxdb.ScraperTarget{ID: tt.args.id, BucketID: tt.args.bucketID}, platform.ID(1))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
influxdbtesting.ErrorsEqual(t, err, tt.wants.err)
})
}
}
func TestScraperTargetStoreService_RemoveTarget(t *testing.T) {
type fields struct {
ScraperTargetStoreService influxdb.ScraperTargetStoreService
}
type args struct {
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
id platform.ID
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
permissions []influxdb.Permission
}
type wants struct {
err error
}
tests := []struct {
name string
fields fields
args args
wants wants
}{
{
name: "authorized to delete scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctc context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
ID: 1,
OrgID: 10,
}, nil
},
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
RemoveTargetF: func(ctx context.Context, id platform.ID) error {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return nil
},
},
},
args: args{
id: 1,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
},
},
wants: wants{
err: nil,
},
},
{
name: "unauthorized to delete scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
GetTargetByIDF: func(ctc context.Context, id platform.ID) (*influxdb.ScraperTarget, error) {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return &influxdb.ScraperTarget{
ID: 1,
OrgID: 10,
}, nil
},
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
RemoveTargetF: func(ctx context.Context, id platform.ID) error {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return nil
},
},
},
args: args{
id: 1,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.ReadAction,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
},
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Msg: "write:orgs/000000000000000a/scrapers/0000000000000001 is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
s := authorizer.NewScraperTargetStoreService(tt.fields.ScraperTargetStoreService, mock.NewUserResourceMappingService(),
mock.NewOrganizationService())
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
ctx := context.Background()
refactor(tenant): move bucket and urm auth layers to tenant service (#17474) Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 18:13:27 +00:00
ctx = influxdbcontext.SetAuthorizer(ctx, mock.NewMockAuthorizer(false, tt.args.permissions))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
err := s.RemoveTarget(ctx, tt.args.id)
influxdbtesting.ErrorsEqual(t, err, tt.wants.err)
})
}
}
func TestScraperTargetStoreService_AddTarget(t *testing.T) {
type fields struct {
ScraperTargetStoreService influxdb.ScraperTargetStoreService
}
type args struct {
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
permissions []influxdb.Permission
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
orgID platform.ID
bucketID platform.ID
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}
type wants struct {
err error
}
tests := []struct {
name string
fields fields
args args
wants wants
}{
{
name: "authorized to create scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
AddTargetF: func(ctx context.Context, st *influxdb.ScraperTarget, userID platform.ID) error {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return nil
},
},
},
args: args{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
orgID: 10,
bucketID: 100,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
OrgID: influxdbtesting.IDPtr(10),
},
},
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.BucketsResourceType,
ID: influxdbtesting.IDPtr(100),
},
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
wants: wants{
err: nil,
},
},
{
name: "unauthorized to create scraper",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
AddTargetF: func(ctx context.Context, st *influxdb.ScraperTarget, userID platform.ID) error {
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
return nil
},
},
},
args: args{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
orgID: 10,
bucketID: 100,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.BucketsResourceType,
ID: influxdbtesting.IDPtr(100),
},
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
Msg: "write:orgs/000000000000000a/scrapers is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
},
},
},
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
{
name: "unauthorized to write to bucket",
fields: fields{
ScraperTargetStoreService: &mock.ScraperTargetStoreService{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
AddTargetF: func(ctx context.Context, st *influxdb.ScraperTarget, userID platform.ID) error {
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
return nil
},
},
},
args: args{
orgID: 10,
bucketID: 100,
permissions: []influxdb.Permission{
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.ScraperResourceType,
OrgID: influxdbtesting.IDPtr(10),
},
},
{
refactor(authorizer): auth micro framework
2020-03-16 14:29:17 +00:00
Action: influxdb.WriteAction,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Resource: influxdb.Resource{
Type: influxdb.BucketsResourceType,
ID: influxdbtesting.IDPtr(1),
},
},
},
},
wants: wants{
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err: &errors.Error{
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
Msg: "write:orgs/000000000000000a/buckets/0000000000000064 is unauthorized",
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
Code: errors.EUnauthorized,
check write bucket permission when creating a scraper
2019-05-15 10:20:08 +00:00
},
},
},
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat(influxdb): add scraper filter
2019-04-12 16:45:48 +00:00
s := authorizer.NewScraperTargetStoreService(tt.fields.ScraperTargetStoreService, mock.NewUserResourceMappingService(),
mock.NewOrganizationService())
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
ctx := context.Background()
refactor(tenant): move bucket and urm auth layers to tenant service (#17474) Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 18:13:27 +00:00
ctx = influxdbcontext.SetAuthorizer(ctx, mock.NewMockAuthorizer(false, tt.args.permissions))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com>
2021-03-30 18:10:02 +00:00
err := s.AddTarget(ctx, &influxdb.ScraperTarget{OrgID: tt.args.orgID, BucketID: tt.args.bucketID}, platform.ID(1))
feat(authorizer): add scraper authorizer
2019-01-17 18:57:01 +00:00
influxdbtesting.ErrorsEqual(t, err, tt.wants.err)
})
}
}