1 package clustersecrets
2
3 import (
4 "context"
5 "database/sql/driver"
6 "testing"
7 "time"
8
9 "github.com/DATA-DOG/go-sqlmock"
10 "github.com/stretchr/testify/require"
11
12 configType "edge-infra.dev/pkg/edge/api/types"
13
14 "edge-infra.dev/pkg/edge/api/bsl/types"
15 "edge-infra.dev/pkg/edge/api/graph/model"
16 "edge-infra.dev/pkg/edge/api/middleware"
17 )
18
19 var (
20 mockClusterEdgeID = "b1659eaf-0c7a-466e-8a24-de08118b71c7"
21 mockClusterEdgeID1 = "d2f8e022-0a4e-4ca9-8e31-feefdd21fd33"
22 mockLeaseID = "0d2395ec-4a07-4cdd-813d-08e8f754bd0a"
23 mockLeaseID1 = "7bb9f433-62bf-48c9-a7d0-a01cd3fe992b"
24 fetchClusterSecretLeaseColumns = []string{"cluster_secret_lease_edge_id", "lease_expiration", "lease_owners_username"}
25 testuser = "testuser"
26 secretTypes = []string{"breakglass"}
27 fetchLeaseSecretTypes = []string{"secret_type"}
28 )
29
30 func TestFetchLease(t *testing.T) {
31 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
32 require.NoError(t, err)
33 defer db.Close()
34 config := &configType.Config{
35 EdgeOptInSecurityCompliance: true,
36 EdgeMaxLeaseValidityPeriod: "48h",
37 }
38 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
39 Username: testuser,
40 })
41 user := middleware.ForContext(ctx)
42 expirationTime := time.Now().UTC().Add(48 * time.Hour).Format(time.RFC3339)
43
44 mockFetchLeaseQuery(mock, expirationTime, user.Username, mockLeaseID, mockClusterEdgeID)
45 mockFetchSecretLeaseTypesQuery(mock, mockLeaseID, mockClusterEdgeID)
46 clusterSecretService := NewClusterSecretService(db, nil, config)
47 lease, err := clusterSecretService.FetchLease(ctx, mockClusterEdgeID)
48
49 require.NoError(t, err)
50 require.Equal(t, testuser, lease.Owner)
51 require.Equal(t, expirationTime, lease.ExpiresAt)
52 require.Equal(t, secretTypes, lease.SecretTypes)
53 require.NoError(t, mock.ExpectationsWereMet())
54 }
55
56 func mockFetchLeaseQuery(mock sqlmock.Sqlmock, leaseExpiration string, username string, leaseID string, clusterEdgeID string) {
57 rows := mock.NewRows(fetchClusterSecretLeaseColumns).AddRow(leaseID, leaseExpiration, username)
58 mock.ExpectQuery(FetchLeaseQuery).WithArgs(clusterEdgeID).WillReturnRows(rows)
59 }
60
61 func mockFetchSecretLeaseTypesQuery(mock sqlmock.Sqlmock, leaseID string, clusterEdgeID string) {
62 rows := mock.NewRows(fetchLeaseSecretTypes).AddRow(model.ClusterSecretTypeBreakglass)
63 mock.ExpectQuery(FetchLeaseSecretTypesQuery).WithArgs(clusterEdgeID, leaseID).WillReturnRows(rows)
64 }
65
66 func TestObtainLease(t *testing.T) {
67 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
68 require.NoError(t, err)
69 defer db.Close()
70
71 config := &configType.Config{
72 EdgeOptInSecurityCompliance: true,
73 EdgeMaxLeaseValidityPeriod: "48h",
74 }
75 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
76 Username: testuser,
77 })
78 user := middleware.ForContext(ctx)
79 mockFetchLeaseQuery(mock, time.Now().UTC().Add(-time.Hour*48).Format(time.RFC3339), user.Username, mockLeaseID1, mockClusterEdgeID1)
80 mockFetchSecretLeaseTypesQuery(mock, mockLeaseID1, mockClusterEdgeID1)
81 mockObtainLeaseQuery(mock, time.Now().UTC().Add(time.Hour*48).Format(time.RFC3339), user.Username, mockClusterEdgeID1, sqlmock.NewResult(1, 1))
82
83 clusterSecretService := NewClusterSecretService(db, nil, config)
84 newLease, err := clusterSecretService.ObtainLease(ctx, mockClusterEdgeID1)
85 require.True(t, newLease)
86 require.NoError(t, err)
87 require.NoError(t, mock.ExpectationsWereMet())
88 }
89
90 func mockObtainLeaseQuery(mock sqlmock.Sqlmock, expirationTime string, username string, clusterEdgeID string, result driver.Result) {
91 args := []driver.Value{
92 expirationTime,
93 username,
94 time.Now().UTC().Format(time.RFC3339),
95 clusterEdgeID,
96 }
97 mock.ExpectExec(ObtainLeaseQuery).WithArgs(args...).WillReturnResult(result)
98 }
99
100 func TestReleaseLease(t *testing.T) {
101 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
102 require.NoError(t, err)
103 defer db.Close()
104 config := &configType.Config{
105 EdgeOptInSecurityCompliance: true,
106 EdgeMaxLeaseValidityPeriod: "48h",
107 }
108 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
109 Username: testuser,
110 })
111 user := middleware.ForContext(ctx)
112
113 mockExpireLeaseQuery(mock, sqlmock.NewResult(1, 1))
114
115 clusterSecretService := NewClusterSecretService(db, nil, config)
116 err = clusterSecretService.RevokeLease(ctx, mockClusterEdgeID, user.Username)
117 require.NoError(t, err)
118 require.NoError(t, mock.ExpectationsWereMet())
119 }
120
121 func mockExpireLeaseQuery(mock sqlmock.Sqlmock, result driver.Result) {
122 args := []driver.Value{
123 time.Now().UTC().Format(time.RFC3339),
124 time.Now().UTC().Format(time.RFC3339),
125 mockClusterEdgeID,
126 testuser,
127 }
128 mock.ExpectExec(ExpireLeaseQuery).WithArgs(args...).WillReturnResult(result)
129 }
130
131 func TestRevokeLease(t *testing.T) {
132 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
133 require.NoError(t, err)
134 defer db.Close()
135 config := &configType.Config{
136 EdgeOptInSecurityCompliance: true,
137 EdgeMaxLeaseValidityPeriod: "48h",
138 }
139 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
140 Username: "admin",
141 })
142
143 mockExpireLeaseQuery(mock, sqlmock.NewResult(1, 1))
144
145 clusterSecretService := NewClusterSecretService(db, nil, config)
146 err = clusterSecretService.RevokeLease(ctx, mockClusterEdgeID, testuser)
147 require.NoError(t, err)
148 require.NoError(t, mock.ExpectationsWereMet())
149 }
150
151 func TestRemoveUserFromLease(t *testing.T) {
152 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
153 require.NoError(t, err)
154 defer db.Close()
155 config := &configType.Config{
156 EdgeOptInSecurityCompliance: true,
157 EdgeMaxLeaseValidityPeriod: "48h",
158 }
159 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
160 Username: "admin",
161 })
162
163 mockRemoveUserFromQuery(mock, sqlmock.NewResult(1, 1))
164
165 clusterSecretService := NewClusterSecretService(db, nil, config)
166 err = clusterSecretService.RemoveUserFromLease(ctx, mockClusterEdgeID)
167 require.NoError(t, err)
168 require.NoError(t, mock.ExpectationsWereMet())
169 }
170
171 func mockRemoveUserFromQuery(mock sqlmock.Sqlmock, result driver.Result) {
172 args := []driver.Value{
173 time.Now().UTC().Format(time.RFC3339),
174 mockClusterEdgeID,
175 }
176 mock.ExpectExec(RemoveUserFromLeaseQuery).WithArgs(args...).WillReturnResult(result)
177 }
178
179 func TestCreateLease(t *testing.T) {
180 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
181 require.NoError(t, err)
182 defer db.Close()
183 config := &configType.Config{
184 EdgeOptInSecurityCompliance: true,
185 EdgeMaxLeaseValidityPeriod: "48h",
186 }
187 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
188 Username: "admin",
189 })
190
191 mockCreateLeaseQuery(mock, sqlmock.NewResult(1, 1))
192
193 clusterSecretService := NewClusterSecretService(db, nil, config)
194 _, err = clusterSecretService.CreateLease(ctx, mockClusterEdgeID)
195 require.NoError(t, err)
196 require.NoError(t, mock.ExpectationsWereMet())
197 }
198
199 func mockCreateLeaseQuery(mock sqlmock.Sqlmock, result driver.Result) {
200 args := []driver.Value{
201 sqlmock.AnyArg(),
202 mockClusterEdgeID,
203 time.Now().UTC().Format(time.RFC3339),
204 time.Now().UTC().Format(time.RFC3339),
205 time.Now().UTC().Format(time.RFC3339),
206 }
207 mock.ExpectExec(CreateClusterSecretLeaseQuery).WithArgs(args...).WillReturnResult(result)
208 }
209
210 func TestFetchLeaseID(t *testing.T) {
211 db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual))
212 require.NoError(t, err)
213 defer db.Close()
214 config := &configType.Config{
215 EdgeOptInSecurityCompliance: true,
216 EdgeMaxLeaseValidityPeriod: "48h",
217 }
218 ctx := middleware.NewContext(context.Background(), &types.AuthUser{
219 Username: "admin",
220 })
221
222 mockFetchLeaseIDQuery(mock, mockLeaseID, mockClusterEdgeID)
223
224 clusterSecretService := NewClusterSecretService(db, nil, config)
225 leaseID, err := clusterSecretService.FetchLeaseID(ctx, mockClusterEdgeID)
226 require.NoError(t, err)
227 require.Equal(t, leaseID, mockLeaseID)
228
229 require.NoError(t, mock.ExpectationsWereMet())
230 }
231
232 func mockFetchLeaseIDQuery(mock sqlmock.Sqlmock, leaseID string, clusterEdgeID string) {
233 rows := mock.NewRows([]string{"cluster_secret_lease_edge_id"}).AddRow(leaseID)
234 mock.ExpectQuery(FetchLeaseIDQuery).WithArgs(clusterEdgeID).WillReturnRows(rows)
235 }
236
View as plain text