server/service/rbac/account_service_test.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package rbac_test

 // initialize
 import (
 	"context"
 	"testing"

 	rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac"
 	"github.com/go-chassis/cari/discovery"
 	"github.com/go-chassis/cari/pkg/errsvc"

 	_ "github.com/apache/servicecomb-service-center/test"

 	"github.com/astaxie/beego"
 	"github.com/go-chassis/cari/rbac"
 	"github.com/stretchr/testify/assert"
 )

 func init() {
 	beego.AppConfig.Set("registry_plugin", "etcd")
 }

 const (
 	testPwd0 = "Ab@00000"
 	testPwd1 = "Ab@11111"
 )

 func newAccount(name string) *rbac.Account {
 	return &rbac.Account{
 		Name:     name,
 		Password: testPwd0,
 		Roles:    []string{rbac.RoleAdmin},
 		Status:   "active",
 	}
 }

 func TestCreateAccount(t *testing.T) {
 	t.Run("create account, should succeed", func(t *testing.T) {
 		a := newAccount("TestCreateAccount_create_account")
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)
 	})
 	t.Run("create account twice, should return: "+rbac.NewError(rbac.ErrAccountConflict, "").Error(), func(t *testing.T) {
 		name := "TestCreateAccount_create_account_twice"
 		a := newAccount(name)
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		a = newAccount(name)
 		err = rbacsvc.CreateAccount(context.TODO(), a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountConflict, svcErr.Code)
 	})
 	t.Run("account has invalid role, should return: "+rbac.NewError(rbac.ErrAccountHasInvalidRole, "").Error(), func(t *testing.T) {
 		a := newAccount("TestCreateAccount_account_has_invalid_role")
 		a.Roles = append(a.Roles, "invalid_role")
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountHasInvalidRole, svcErr.Code)
 	})
 }

 func TestDeleteAccount(t *testing.T) {
 	t.Run("delete account, should succeed", func(t *testing.T) {
 		a := newAccount("TestDeleteAccount_delete_account")
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		exist, err := rbacsvc.AccountExist(context.TODO(), a.Name)
 		assert.Nil(t, err)
 		assert.True(t, exist)
 		err = rbacsvc.DeleteAccount(context.TODO(), a.Name)
 		assert.Nil(t, err)
 		exist, err = rbacsvc.AccountExist(context.TODO(), a.Name)
 		assert.Nil(t, err)
 		assert.False(t, exist)
 	})
 	t.Run("delete no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
 		err := rbacsvc.DeleteAccount(context.TODO(), "TestDeleteAccount_delete_no_exist_account")
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
 	})
 	t.Run("delete root, should return: "+rbac.NewError(rbac.ErrForbidOperateBuildInAccount, "").Error(), func(t *testing.T) {
 		err := rbacsvc.DeleteAccount(context.TODO(), "root")
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrForbidOperateBuildInAccount, svcErr.Code)
 	})
 	t.Run("delete self, should return: "+rbac.NewError(rbac.ErrForbidOperateSelfAccount, "").Error(), func(t *testing.T) {
 		a := newAccount("TestDeleteAccount_delete_self")
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)
 		claims := map[string]interface{}{
 			rbac.ClaimsUser: a.Name,
 		}
 		ctx := context.WithValue(context.TODO(), rbacsvc.CtxRequestClaims, claims)
 		err = rbacsvc.DeleteAccount(ctx, a.Name)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrForbidOperateSelfAccount, svcErr.Code)
 	})
 }

 func TestUpdateAccount(t *testing.T) {
 	t.Run("update account, should succeed", func(t *testing.T) {
 		name := "TestUpdateAccount_update_account"
 		a := newAccount(name)
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		a = newAccount(name)
 		a.Roles = []string{rbac.RoleAdmin, rbac.RoleDeveloper}
 		err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.Nil(t, err)
 		resp, err := rbacsvc.GetAccount(context.TODO(), a.Name)
 		assert.Nil(t, err)
 		assert.Equal(t, 2, len(resp.Roles))
 	})
 	t.Run("update no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
 		name := "TestUpdateAccount_update_no_exist_account"
 		a := newAccount(name)
 		err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
 	})
 	t.Run("update root, should return: "+discovery.NewError(rbac.ErrForbidOperateBuildInAccount, "").Error(), func(t *testing.T) {
 		a := newAccount("root")
 		err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrForbidOperateBuildInAccount, svcErr.Code)
 	})
 	t.Run("account has invalid role, should return: "+rbac.NewError(rbac.ErrAccountHasInvalidRole, "").Error(), func(t *testing.T) {
 		name := "TestUpdateAccount_account_has_invalid_role"
 		a := newAccount(name)
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		a.Roles = append(a.Roles, "invalid_role")
 		err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountHasInvalidRole, svcErr.Code)
 	})
 	t.Run("roles status empty both, should return: "+discovery.NewError(discovery.ErrInvalidParams, "").Error(), func(t *testing.T) {
 		name := "TestUpdateAccount_roles_status_empty_both"
 		a := newAccount(name)
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		a = newAccount(name)
 		a.Roles = nil
 		a.Status = ""
 		err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, discovery.ErrInvalidParams, svcErr.Code)
 	})
 	t.Run("update self, should return: "+rbac.NewError(rbac.ErrForbidOperateSelfAccount, "").Error(), func(t *testing.T) {
 		name := "TestDeleteAccount_update_self"
 		a := newAccount(name)
 		err := rbacsvc.CreateAccount(context.TODO(), a)
 		assert.Nil(t, err)

 		a = newAccount(name)
 		claims := map[string]interface{}{
 			rbac.ClaimsUser: a.Name,
 		}
 		ctx := context.WithValue(context.TODO(), rbacsvc.CtxRequestClaims, claims)
 		err = rbacsvc.UpdateAccount(ctx, a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrForbidOperateSelfAccount, svcErr.Code)
 	})
 }

 func TestEditAccount(t *testing.T) {
 	t.Run("edit no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
 		a := newAccount("TestEditAccount_edit_no_exist_account")
 		err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
 	})
 }

 func TestGetAccount(t *testing.T) {
 	t.Run("get account, should succeed", func(t *testing.T) {
 		a, err := rbacsvc.GetAccount(context.TODO(), "root")
 		assert.Nil(t, err)
 		assert.Equal(t, "root", a.Name)
 	})
 	t.Run("get no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
 		a, err := rbacsvc.GetAccount(context.TODO(), "TestGetAccount_no_exist_account")
 		assert.Nil(t, a)
 		assert.NotNil(t, err)
 		svcErr := err.(*errsvc.Error)
 		assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
 	})
 }
 func TestListAccount(t *testing.T) {
 	t.Run("list account, should succeed", func(t *testing.T) {
 		accounts, n, err := rbacsvc.ListAccount(context.TODO())
 		assert.Nil(t, err)
 		assert.True(t, n > 0)
 		assert.Equal(t, n, int64(len(accounts)))
 	})
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package rbac_test

	// initialize
	import (
	"context"
	"testing"

	rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac"
	"github.com/go-chassis/cari/discovery"
	"github.com/go-chassis/cari/pkg/errsvc"

	_ "github.com/apache/servicecomb-service-center/test"

	"github.com/astaxie/beego"
	"github.com/go-chassis/cari/rbac"
	"github.com/stretchr/testify/assert"
	)

	func init() {
	beego.AppConfig.Set("registry_plugin", "etcd")
	}

	const (
	testPwd0 = "Ab@00000"
	testPwd1 = "Ab@11111"
	)

	func newAccount(name string) *rbac.Account {
	return &rbac.Account{
	Name: name,
	Password: testPwd0,
	Roles: []string{rbac.RoleAdmin},
	Status: "active",
	}
	}

	func TestCreateAccount(t *testing.T) {
	t.Run("create account, should succeed", func(t *testing.T) {
	a := newAccount("TestCreateAccount_create_account")
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)
	})
	t.Run("create account twice, should return: "+rbac.NewError(rbac.ErrAccountConflict, "").Error(), func(t *testing.T) {
	name := "TestCreateAccount_create_account_twice"
	a := newAccount(name)
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	a = newAccount(name)
	err = rbacsvc.CreateAccount(context.TODO(), a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountConflict, svcErr.Code)
	})
	t.Run("account has invalid role, should return: "+rbac.NewError(rbac.ErrAccountHasInvalidRole, "").Error(), func(t *testing.T) {
	a := newAccount("TestCreateAccount_account_has_invalid_role")
	a.Roles = append(a.Roles, "invalid_role")
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountHasInvalidRole, svcErr.Code)
	})
	}

	func TestDeleteAccount(t *testing.T) {
	t.Run("delete account, should succeed", func(t *testing.T) {
	a := newAccount("TestDeleteAccount_delete_account")
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	exist, err := rbacsvc.AccountExist(context.TODO(), a.Name)
	assert.Nil(t, err)
	assert.True(t, exist)
	err = rbacsvc.DeleteAccount(context.TODO(), a.Name)
	assert.Nil(t, err)
	exist, err = rbacsvc.AccountExist(context.TODO(), a.Name)
	assert.Nil(t, err)
	assert.False(t, exist)
	})
	t.Run("delete no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
	err := rbacsvc.DeleteAccount(context.TODO(), "TestDeleteAccount_delete_no_exist_account")
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
	})
	t.Run("delete root, should return: "+rbac.NewError(rbac.ErrForbidOperateBuildInAccount, "").Error(), func(t *testing.T) {
	err := rbacsvc.DeleteAccount(context.TODO(), "root")
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrForbidOperateBuildInAccount, svcErr.Code)
	})
	t.Run("delete self, should return: "+rbac.NewError(rbac.ErrForbidOperateSelfAccount, "").Error(), func(t *testing.T) {
	a := newAccount("TestDeleteAccount_delete_self")
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)
	claims := map[string]interface{}{
	rbac.ClaimsUser: a.Name,
	}
	ctx := context.WithValue(context.TODO(), rbacsvc.CtxRequestClaims, claims)
	err = rbacsvc.DeleteAccount(ctx, a.Name)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrForbidOperateSelfAccount, svcErr.Code)
	})
	}

	func TestUpdateAccount(t *testing.T) {
	t.Run("update account, should succeed", func(t *testing.T) {
	name := "TestUpdateAccount_update_account"
	a := newAccount(name)
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	a = newAccount(name)
	a.Roles = []string{rbac.RoleAdmin, rbac.RoleDeveloper}
	err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.Nil(t, err)
	resp, err := rbacsvc.GetAccount(context.TODO(), a.Name)
	assert.Nil(t, err)
	assert.Equal(t, 2, len(resp.Roles))
	})
	t.Run("update no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
	name := "TestUpdateAccount_update_no_exist_account"
	a := newAccount(name)
	err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
	})
	t.Run("update root, should return: "+discovery.NewError(rbac.ErrForbidOperateBuildInAccount, "").Error(), func(t *testing.T) {
	a := newAccount("root")
	err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrForbidOperateBuildInAccount, svcErr.Code)
	})
	t.Run("account has invalid role, should return: "+rbac.NewError(rbac.ErrAccountHasInvalidRole, "").Error(), func(t *testing.T) {
	name := "TestUpdateAccount_account_has_invalid_role"
	a := newAccount(name)
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	a.Roles = append(a.Roles, "invalid_role")
	err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountHasInvalidRole, svcErr.Code)
	})
	t.Run("roles status empty both, should return: "+discovery.NewError(discovery.ErrInvalidParams, "").Error(), func(t *testing.T) {
	name := "TestUpdateAccount_roles_status_empty_both"
	a := newAccount(name)
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	a = newAccount(name)
	a.Roles = nil
	a.Status = ""
	err = rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, discovery.ErrInvalidParams, svcErr.Code)
	})
	t.Run("update self, should return: "+rbac.NewError(rbac.ErrForbidOperateSelfAccount, "").Error(), func(t *testing.T) {
	name := "TestDeleteAccount_update_self"
	a := newAccount(name)
	err := rbacsvc.CreateAccount(context.TODO(), a)
	assert.Nil(t, err)

	a = newAccount(name)
	claims := map[string]interface{}{
	rbac.ClaimsUser: a.Name,
	}
	ctx := context.WithValue(context.TODO(), rbacsvc.CtxRequestClaims, claims)
	err = rbacsvc.UpdateAccount(ctx, a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrForbidOperateSelfAccount, svcErr.Code)
	})
	}

	func TestEditAccount(t *testing.T) {
	t.Run("edit no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
	a := newAccount("TestEditAccount_edit_no_exist_account")
	err := rbacsvc.UpdateAccount(context.TODO(), a.Name, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
	})
	}

	func TestGetAccount(t *testing.T) {
	t.Run("get account, should succeed", func(t *testing.T) {
	a, err := rbacsvc.GetAccount(context.TODO(), "root")
	assert.Nil(t, err)
	assert.Equal(t, "root", a.Name)
	})
	t.Run("get no exist account, should return: "+rbac.NewError(rbac.ErrAccountNotExist, "").Error(), func(t *testing.T) {
	a, err := rbacsvc.GetAccount(context.TODO(), "TestGetAccount_no_exist_account")
	assert.Nil(t, a)
	assert.NotNil(t, err)
	svcErr := err.(*errsvc.Error)
	assert.Equal(t, rbac.ErrAccountNotExist, svcErr.Code)
	})
	}
	func TestListAccount(t *testing.T) {
	t.Run("list account, should succeed", func(t *testing.T) {
	accounts, n, err := rbacsvc.ListAccount(context.TODO())
	assert.Nil(t, err)
	assert.True(t, n > 0)
	assert.Equal(t, n, int64(len(accounts)))
	})
	}