forked from grafana/grafana
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmodels_test.go
129 lines (121 loc) · 3.67 KB
/
models_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package accesscontrol
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestSaveExternalServiceRoleCommand_Validate(t *testing.T) {
tests := []struct {
name string
cmd SaveExternalServiceRoleCommand
wantID string
wantPermissions []Permission
wantErr bool
}{
{
name: "invalid no permissions",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{},
},
wantErr: true,
},
{
name: "invalid service account id",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: -1,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: true,
},
{
name: "invalid no Ext Service ID",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ServiceAccountID: 2,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: true,
},
{
name: "slugify the external service ID correctly",
cmd: SaveExternalServiceRoleCommand{
ExternalServiceID: "ThisIs a Very Strange ___ App Name?",
AssignmentOrgID: 1,
ServiceAccountID: 2,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: false,
wantID: "thisis-a-very-strange-app-name",
},
{
name: "invalid empty Action",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{{Action: "", Scope: "users:id:1"}},
},
wantID: "app-1",
wantErr: true,
},
{
name: "permission deduplication",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{
{Action: "users:read", Scope: "users:id:1"},
{Action: "users:read", Scope: "users:id:1"},
},
},
wantErr: false,
wantID: "app-1",
wantPermissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.cmd.Validate()
if tt.wantErr {
require.Error(t, err)
return
}
require.NoError(t, err)
require.Equal(t, tt.wantID, tt.cmd.ExternalServiceID)
if tt.wantPermissions != nil {
require.ElementsMatch(t, tt.wantPermissions, tt.cmd.Permissions)
}
})
}
}
func TestPermission_ScopeSplit(t *testing.T) {
type testCase struct {
desc string
scope string
kind string
attribute string
identifier string
}
tests := []testCase{
{desc: "all fields should be empty for empty scope", scope: "", kind: "", attribute: "", identifier: ""},
{desc: "all fields should be set to * for wildcard", scope: "*", kind: "*", attribute: "*", identifier: "*"},
{desc: "kind should be specified and attribute and identifier should be * for a wildcard with kind prefix", scope: "dashboards:*", kind: "dashboards", attribute: "*", identifier: "*"},
{desc: "all fields should be set correctly", scope: "dashboards:uid:123", kind: "dashboards", attribute: "uid", identifier: "123"},
{desc: "can handle a case with : in the uid", scope: "datasources:uid:weird:name", kind: "datasources", attribute: "uid", identifier: "weird:name"},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
p := Permission{Scope: tt.scope}
kind, attribute, identifier := p.SplitScope()
assert.Equal(t, tt.kind, kind)
assert.Equal(t, tt.attribute, attribute)
assert.Equal(t, tt.identifier, identifier)
})
}
}