influxdb/user_resource_mapping_test.go

package influxdb_test

import (
	"testing"

	"github.com/influxdata/influxdb/v2"
	"github.com/influxdata/influxdb/v2/kit/platform"
	influxdbtesting "github.com/influxdata/influxdb/v2/testing"
	"github.com/stretchr/testify/require"
)

func TestOwnerMappingValidate(t *testing.T) {
	type fields struct {
		ResourceID   platform.ID
		ResourceType influxdb.ResourceType
		UserID       platform.ID
		UserType     influxdb.UserType
	}
	tests := []struct {
		name    string
		fields  fields
		wantErr bool
	}{
		{
			name: "valid mapping",
			fields: fields{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Owner,
				ResourceType: influxdb.DashboardsResourceType,
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
			},
		},
		{
			name: "mapping requires a resourceid",
			fields: fields{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Owner,
				ResourceType: influxdb.DashboardsResourceType,
			},
			wantErr: true,
		},
		{
			name: "mapping requires a userid",
			fields: fields{
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
				UserType:     influxdb.Owner,
				ResourceType: influxdb.DashboardsResourceType,
			},
			wantErr: true,
		},
		{
			name: "mapping requires a usertype",
			fields: fields{
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				ResourceType: influxdb.DashboardsResourceType,
			},
			wantErr: true,
		},
		{
			name: "mapping requires a resourcetype",
			fields: fields{
				ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"),
				UserID:     influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:   influxdb.Owner,
			},
			wantErr: true,
		},
		{
			name: "the usertype provided must be valid",
			fields: fields{
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     "foo",
				ResourceType: influxdb.DashboardsResourceType,
			},
			wantErr: true,
		},
		{
			name: "the resourcetype provided must be valid",
			fields: fields{
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Owner,
				ResourceType: "foo",
			},
			wantErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			m := influxdb.UserResourceMapping{
				ResourceID:   tt.fields.ResourceID,
				ResourceType: tt.fields.ResourceType,
				UserID:       tt.fields.UserID,
				UserType:     tt.fields.UserType,
			}
			if err := m.Validate(); (err != nil) != tt.wantErr {
				t.Errorf("OwnerMapping.Validate() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func TestOwnerMappingToPermissions(t *testing.T) {
	type wants struct {
		perms influxdb.Permission
		err   bool
	}

	ResourceID, _ := platform.IDFromString("020f755c3c082000")

	tests := []struct {
		name  string
		urm   influxdb.UserResourceMapping
		wants wants
	}{
		{
			name: "Org Member Has Permission To Read Org",
			urm: influxdb.UserResourceMapping{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Member,
				ResourceType: influxdb.OrgsResourceType,
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
			},
			wants: wants{
				err:   false,
				perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
		},
		{
			name: "Org Owner Has Permission To Write Org",
			urm: influxdb.UserResourceMapping{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Owner,
				ResourceType: influxdb.OrgsResourceType,
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
			},
			wants: wants{
				err:   false,
				perms: influxdb.Permission{Action: "write", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
		},
		{
			name: "Org Owner Has Permission To Read Org",
			urm: influxdb.UserResourceMapping{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Owner,
				ResourceType: influxdb.OrgsResourceType,
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
			},
			wants: wants{
				err:   false,
				perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}},
		},
		{
			name: "Bucket Member User Has Permission To Read Bucket",
			urm: influxdb.UserResourceMapping{
				UserID:       influxdbtesting.MustIDBase16("debac1e0deadbeef"),
				UserType:     influxdb.Member,
				ResourceType: influxdb.BucketsResourceType,
				ResourceID:   influxdbtesting.MustIDBase16("020f755c3c082000"),
			},
			wants: wants{
				err:   false,
				perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "buckets", ID: ResourceID}}},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			perms, err := tt.urm.ToPermissions()

			require.Contains(t, perms, tt.wants.perms)
			require.Equal(t, tt.wants.err, err != nil)
		})
	}
}