2019-01-08 00:37:16 +00:00
|
|
|
package influxdb_test
|
2018-07-30 21:46:30 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
2018-09-12 11:25:17 +00:00
|
|
|
|
2020-04-03 17:39:20 +00:00
|
|
|
"github.com/influxdata/influxdb/v2"
|
2021-09-13 19:12:35 +00:00
|
|
|
"github.com/influxdata/influxdb/v2/kit/platform"
|
2020-06-26 23:54:09 +00:00
|
|
|
influxdbtesting "github.com/influxdata/influxdb/v2/testing"
|
2020-03-26 01:50:37 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2018-07-30 21:46:30 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestOwnerMappingValidate(t *testing.T) {
|
|
|
|
|
type fields struct {
|
2021-03-30 18:10:02 +00:00
|
|
|
ResourceID platform.ID
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceType influxdb.ResourceType
|
2021-03-30 18:10:02 +00:00
|
|
|
UserID platform.ID
|
2020-06-26 23:54:09 +00:00
|
|
|
UserType influxdb.UserType
|
2018-07-30 21:46:30 +00:00
|
|
|
}
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
fields fields
|
|
|
|
|
wantErr bool
|
|
|
|
|
}{
|
2018-12-03 16:07:08 +00:00
|
|
|
{
|
|
|
|
|
name: "valid mapping",
|
|
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
|
|
|
|
ResourceType: influxdb.DashboardsResourceType,
|
|
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
2018-12-03 16:07:08 +00:00
|
|
|
},
|
|
|
|
|
},
|
2018-07-30 21:46:30 +00:00
|
|
|
{
|
|
|
|
|
name: "mapping requires a resourceid",
|
|
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
|
|
|
|
ResourceType: influxdb.DashboardsResourceType,
|
2018-07-30 21:46:30 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
2018-10-04 21:08:31 +00:00
|
|
|
name: "mapping requires a userid",
|
2018-07-30 21:46:30 +00:00
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
|
|
|
|
UserType: influxdb.Owner,
|
|
|
|
|
ResourceType: influxdb.DashboardsResourceType,
|
2018-07-30 21:46:30 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "mapping requires a usertype",
|
2018-10-04 21:08:31 +00:00
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
ResourceType: influxdb.DashboardsResourceType,
|
2018-10-04 21:08:31 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "mapping requires a resourcetype",
|
2018-07-30 21:46:30 +00:00
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
2018-07-30 21:46:30 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "the usertype provided must be valid",
|
|
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
2019-01-15 16:09:58 +00:00
|
|
|
UserType: "foo",
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceType: influxdb.DashboardsResourceType,
|
2018-10-04 21:08:31 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "the resourcetype provided must be valid",
|
|
|
|
|
fields: fields{
|
2020-06-26 23:54:09 +00:00
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
2019-01-15 16:09:58 +00:00
|
|
|
ResourceType: "foo",
|
2018-07-30 21:46:30 +00:00
|
|
|
},
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2020-06-26 23:54:09 +00:00
|
|
|
m := influxdb.UserResourceMapping{
|
2019-01-15 16:09:58 +00:00
|
|
|
ResourceID: tt.fields.ResourceID,
|
|
|
|
|
ResourceType: tt.fields.ResourceType,
|
|
|
|
|
UserID: tt.fields.UserID,
|
|
|
|
|
UserType: tt.fields.UserType,
|
2018-07-30 21:46:30 +00:00
|
|
|
}
|
|
|
|
|
if err := m.Validate(); (err != nil) != tt.wantErr {
|
|
|
|
|
t.Errorf("OwnerMapping.Validate() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-03-26 01:50:37 +00:00
|
|
|
|
|
|
|
|
func TestOwnerMappingToPermissions(t *testing.T) {
|
|
|
|
|
type wants struct {
|
2020-06-26 23:54:09 +00:00
|
|
|
perms influxdb.Permission
|
2020-03-26 01:50:37 +00:00
|
|
|
err bool
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-30 18:10:02 +00:00
|
|
|
ResourceID, _ := platform.IDFromString("020f755c3c082000")
|
2020-03-26 01:50:37 +00:00
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
2020-06-26 23:54:09 +00:00
|
|
|
urm influxdb.UserResourceMapping
|
2020-03-26 01:50:37 +00:00
|
|
|
wants wants
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "Org Member Has Permission To Read Org",
|
2020-06-26 23:54:09 +00:00
|
|
|
urm: influxdb.UserResourceMapping{
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Member,
|
|
|
|
|
ResourceType: influxdb.OrgsResourceType,
|
|
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
2020-03-26 01:50:37 +00:00
|
|
|
},
|
|
|
|
|
wants: wants{
|
|
|
|
|
err: false,
|
|
|
|
|
perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "Org Owner Has Permission To Write Org",
|
2020-06-26 23:54:09 +00:00
|
|
|
urm: influxdb.UserResourceMapping{
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
|
|
|
|
ResourceType: influxdb.OrgsResourceType,
|
|
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
2020-03-26 01:50:37 +00:00
|
|
|
},
|
|
|
|
|
wants: wants{
|
|
|
|
|
err: false,
|
|
|
|
|
perms: influxdb.Permission{Action: "write", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "Org Owner Has Permission To Read Org",
|
2020-06-26 23:54:09 +00:00
|
|
|
urm: influxdb.UserResourceMapping{
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Owner,
|
|
|
|
|
ResourceType: influxdb.OrgsResourceType,
|
|
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
2020-03-26 01:50:37 +00:00
|
|
|
},
|
|
|
|
|
wants: wants{
|
|
|
|
|
err: false,
|
|
|
|
|
perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "Bucket Member User Has Permission To Read Bucket",
|
2020-06-26 23:54:09 +00:00
|
|
|
urm: influxdb.UserResourceMapping{
|
|
|
|
|
UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"),
|
|
|
|
|
UserType: influxdb.Member,
|
|
|
|
|
ResourceType: influxdb.BucketsResourceType,
|
|
|
|
|
ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
|
2020-03-26 01:50:37 +00:00
|
|
|
},
|
|
|
|
|
wants: wants{
|
|
|
|
|
err: false,
|
|
|
|
|
perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "buckets", ID: ResourceID}}},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
perms, err := tt.urm.ToPermissions()
|
|
|
|
|
|
|
|
|
|
require.Contains(t, perms, tt.wants.perms)
|
|
|
|
|
require.Equal(t, tt.wants.err, err != nil)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
