1 package edgebsl
2
3 import (
4 "context"
5 "encoding/json"
6 "io"
7 "net/http"
8 "net/http/httptest"
9 "strings"
10 "testing"
11 "time"
12
13 "edge-infra.dev/pkg/edge/api/bsl/types"
14 "edge-infra.dev/pkg/edge/api/graph/model"
15 "edge-infra.dev/pkg/edge/bsl"
16
17 _ "k8s.io/client-go/plugin/pkg/client/auth"
18
19 "github.com/stretchr/testify/assert"
20 )
21
22 const (
23 testUsername = "test-user"
24 testPassword = "test-password"
25 testSharedKey = "testSharedKey"
26 testSecretKey = "testSecretKey"
27 testOrganization = "test-org"
28 testForemanProject = "test-foreman0"
29 )
30
31 func TestGetAllEdgeOrgs(t *testing.T) {
32 srv := createBSLServer(t, false)
33 defer srv.Close()
34 b := &BslConfig{
35 RootURI: srv.URL,
36 AccessKey: &bsl.AccessKey{
37 SharedKey: testSharedKey,
38 SecretKey: testSecretKey,
39 },
40 }
41 orgs, err := b.GetAllEdgeOrgs(context.Background())
42 assert.NoError(t, err)
43 assert.NotEmpty(t, orgs)
44 assert.Equal(t, 3, len(orgs))
45 }
46
47 func TestCreateEdgeOrgGroups(t *testing.T) {
48 srv := createBSLServer(t, false)
49 defer srv.Close()
50 b := &BslConfig{
51 RootURI: srv.URL,
52 AccessKey: &bsl.AccessKey{
53 SharedKey: testSharedKey,
54 SecretKey: testSecretKey,
55 },
56 }
57 err := b.CreateEdgeOrgGroups(context.Background(), testOrganization)
58 assert.NoError(t, err)
59 }
60
61 func TestAssignEdgeOrgAdminRoles(t *testing.T) {
62 srv := createBSLServer(t, false)
63 defer srv.Close()
64 b := &BslConfig{
65 RootURI: srv.URL,
66 AccessKey: &bsl.AccessKey{
67 SharedKey: testSharedKey,
68 SecretKey: testSecretKey,
69 },
70 }
71 err := b.AssignRolesToGroups(context.Background(), testOrganization)
72 assert.Nil(t, err)
73 }
74
75 func TestAssignEdgeBannerAdminRoles(t *testing.T) {
76 srv := createBSLServer(t, false)
77 defer srv.Close()
78 b := &BslConfig{
79 RootURI: srv.URL,
80 AccessKey: &bsl.AccessKey{
81 SharedKey: testSharedKey,
82 SecretKey: testSecretKey,
83 },
84 }
85 err := b.AssignRolesToGroups(context.Background(), testOrganization)
86 assert.Nil(t, err)
87 }
88
89 func TestAssignEdgeBannerViewerRoles(t *testing.T) {
90 srv := createBSLServer(t, false)
91 defer srv.Close()
92 b := &BslConfig{
93 RootURI: srv.URL,
94 AccessKey: &bsl.AccessKey{
95 SharedKey: testSharedKey,
96 SecretKey: testSecretKey,
97 },
98 }
99 err := b.AssignRolesToGroups(context.Background(), testOrganization)
100 assert.Nil(t, err)
101 }
102
103 func TestCreateBSLUser(t *testing.T) {
104 srv := createBSLServer(t, false)
105 defer srv.Close()
106 b := &BslConfig{
107 RootURI: srv.URL,
108 AccessKey: &bsl.AccessKey{
109 SharedKey: testSharedKey,
110 SecretKey: testSecretKey,
111 },
112 }
113 password, err := b.CreateBSLUser(context.Background(), testOrganization, BFFUsername)
114 assert.Nil(t, err)
115 assert.NotEmpty(t, password)
116 }
117
118 func TestAssignBSLUserToGroup(t *testing.T) {
119 srv := createBSLServer(t, false)
120 defer srv.Close()
121 b := &BslConfig{
122 RootURI: srv.URL,
123 AccessKey: &bsl.AccessKey{
124 SharedKey: testSharedKey,
125 SecretKey: testSecretKey,
126 },
127 }
128 err := b.AssignBSLUserToGroup(context.Background(), testOrganization, string(model.RoleEdgeSuperAdmin), BFFUsername)
129 assert.Nil(t, err)
130 }
131
132 func TestCreateBSLUserPassword(t *testing.T) {
133 srv := createBSLServer(t, false)
134 defer srv.Close()
135 b := &BslConfig{
136 RootURI: srv.URL,
137 AccessKey: &bsl.AccessKey{
138 SharedKey: testSharedKey,
139 SecretKey: testSecretKey,
140 },
141 }
142 err := b.CreateBSLUserPassword(context.Background(), testOrganization, BFFUsername, testPassword)
143 assert.Nil(t, err)
144 }
145
146 func TestCreateEnterpriseUnitType(t *testing.T) {
147 srv := createBSLServer(t, false)
148 defer srv.Close()
149 b := &BslConfig{
150 RootURI: srv.URL,
151 AccessKey: &bsl.AccessKey{
152 SharedKey: testSharedKey,
153 SecretKey: testSecretKey,
154 },
155 }
156 name := "organization"
157 description := "EU type for Edge Org."
158 err := b.CreateEnterpriseUnitType(context.Background(), testOrganization, name, description)
159 assert.Nil(t, err)
160 }
161
162 func TestCreateBSLUserAccessKey(t *testing.T) {
163 srv := createBSLServer(t, false)
164 defer srv.Close()
165 b := &BslConfig{
166 RootURI: srv.URL,
167 AccessKey: &bsl.AccessKey{
168 SharedKey: testSharedKey,
169 SecretKey: testSecretKey,
170 },
171 }
172 res, err := b.CreateBSLUserAccessKey(context.Background(), testOrganization, testUsername)
173 assert.Nil(t, err)
174 assert.NotNil(t, res)
175 assert.Equal(t, testSharedKey, res.SharedKey)
176 assert.Equal(t, testSecretKey, res.SecretKey)
177 assert.Equal(t, bsl.CreateFullAccountName(&types.AuthUser{Organization: testOrganization, Username: testUsername}), res.UserID.Username)
178 assert.True(t, res.Active)
179 assert.False(t, res.CreationTimestamp.IsZero())
180 assert.True(t, res.DeactivationTimestamp.IsZero())
181 }
182
183 func TestNewBFFUserRequest(t *testing.T) {
184 actual := newBFFUserRequest(BFFUsername)
185 expected := &BFFUserRequest{
186 Username: BFFUsername,
187 Email: "bffuser@ncr.com",
188 FullName: "Edge BFF",
189 GivenName: "BFF",
190 FamilyName: "Edge",
191 TelephoneNumber: "000-000-0000",
192 Status: "ACTIVE",
193 Address: &BFFUserAddress{
194 City: "Atlanta",
195 Country: "USA",
196 PostalCode: "30303",
197 State: "GA",
198 Street: "Spring St",
199 },
200 }
201 assert.Equal(t, expected, actual)
202 }
203
204 func TestNewEnterpriseTypeRequest(t *testing.T) {
205 name := "test-ent"
206 description := "test ent description"
207 actual := newEnterpriseTypeRequest(name, description)
208 expected := &EnterpriseType{
209 Name: name,
210 Description: description,
211 }
212 assert.Equal(t, expected, actual)
213 }
214
215 func TestNewEdgeOrgGroupMembership(t *testing.T) {
216 groupName := "test-group"
217 username := "test-user"
218 actual := newEdgeOrgGroupMembership(groupName, username)
219 expected := &EdgeOrgGroupMembership{
220 GroupName: groupName,
221 Members: []EdgeOrgGroupMember{
222 {
223 Username: username,
224 },
225 },
226 }
227 assert.Equal(t, expected, actual)
228 }
229
230 func TestBFFUserPasswordResetRequest(t *testing.T) {
231 actual := newBFFUserPasswordResetRequest(testUsername, testPassword)
232 expected := &BFFUserPasswordReset{
233 Username: testUsername,
234 Password: testPassword,
235 }
236 assert.Equal(t, expected, actual)
237 }
238
239 func TestGenerateBFFUserPassword(t *testing.T) {
240 password, err := generateBFFUserPassword()
241 assert.NoError(t, err)
242 assert.NotEmpty(t, password)
243 }
244
245
246 func createBSLServer(t *testing.T, isIntegrationTest bool) *httptest.Server {
247 srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
248 assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
249
250 if strings.HasSuffix(r.URL.String(), createBslGroupPath) && r.Method == http.MethodPost {
251 checkAuthToken(w, r)
252 body, err := io.ReadAll(r.Body)
253 assert.NoError(t, err)
254 assert.NotEmpty(t, body)
255 data := &EdgeOrgGroup{}
256 err = json.Unmarshal(body, data)
257 assert.NoError(t, err)
258 assert.NotEmpty(t, data)
259 w.WriteHeader(http.StatusOK)
260 } else if strings.Contains(r.URL.String(), getEdgeOrgs) && r.Method == http.MethodGet {
261 mockOrgList := []AllEdgeOrgsPageContent{
262 {
263 DisplayName: "test-1",
264 ID: "test-1",
265 Parent: true,
266 OrganizationName: "/test_root_org/test-prefix-test-1",
267 FullyQualifiedName: "/test_root_org/test-prefix-test-1/",
268 },
269 {
270 DisplayName: "test-2",
271 ID: "test-2",
272 Parent: true,
273 OrganizationName: "/test_root_org/test-prefix-test-2",
274 FullyQualifiedName: "/test_root_org/test-prefix-test-2/",
275 },
276 {
277 DisplayName: "test-3",
278 ID: "test-3",
279 Parent: true,
280 OrganizationName: "/test_root_org/test-prefix-test-3",
281 FullyQualifiedName: "/test_root_org/test-prefix-test-3/",
282 },
283 {
284 DisplayName: "test-4",
285 ID: "test-4",
286 Parent: false,
287 OrganizationName: "/test_root_org/test-prefix-test-4/banner",
288 FullyQualifiedName: "/test_root_org/test-prefix-test-4/banner/",
289 },
290 }
291
292 if isIntegrationTest {
293 mockOrgList = []AllEdgeOrgsPageContent{}
294 }
295
296 checkAuthToken(w, r)
297 edgeOrgs := &AllEdgeOrgs{
298 PageNumber: 0,
299 PageContent: mockOrgList,
300 }
301 edgeOrgsResponse, err := json.Marshal(edgeOrgs)
302 assert.NoError(t, err)
303 _, err = w.Write(edgeOrgsResponse)
304 assert.NoError(t, err)
305 } else if strings.HasSuffix(r.URL.String(), createBslUserPath) && r.Method == http.MethodPost {
306 checkAuthToken(w, r)
307 body, err := io.ReadAll(r.Body)
308 assert.NoError(t, err)
309 assert.NotEmpty(t, body)
310 user := &BFFUserRequest{}
311 err = json.Unmarshal(body, user)
312 assert.NoError(t, err)
313 _, err = w.Write(body)
314 assert.NoError(t, err)
315 } else if strings.HasSuffix(r.URL.String(), grantRoleToRootUser) && r.Method == http.MethodPost {
316 checkAuthToken(w, r)
317 body, err := io.ReadAll(r.Body)
318 assert.NoError(t, err)
319 assert.NotEmpty(t, body)
320 edgeOrgMembership := &EdgeOrgGroupMembership{}
321 err = json.Unmarshal(body, edgeOrgMembership)
322 if edgeOrgMembership.GroupName == "EDGE_ORG_ADMIN" {
323 assert.Equal(t, string(model.RoleEdgeOrgAdmin), edgeOrgMembership.GroupName)
324 } else {
325 assert.Equal(t, string(model.RoleEdgeSuperAdmin), edgeOrgMembership.GroupName)
326 }
327 assert.NoError(t, err)
328 w.WriteHeader(http.StatusOK)
329 } else if strings.HasSuffix(r.URL.String(), grantBslRolePath) && r.Method == http.MethodPost {
330 checkAuthToken(w, r)
331 body, err := io.ReadAll(r.Body)
332 assert.NoError(t, err)
333 assert.NotEmpty(t, body)
334 _, err = w.Write(body)
335 assert.NoError(t, err)
336 } else if strings.HasSuffix(r.URL.String(), resetBslUserPasswordPath) && r.Method == http.MethodPut {
337 checkAuthToken(w, r)
338 body, err := io.ReadAll(r.Body)
339 assert.NoError(t, err)
340 assert.NotEmpty(t, body)
341 user := &BFFUserPasswordReset{}
342 err = json.Unmarshal(body, user)
343 assert.NoError(t, err)
344 w.WriteHeader(http.StatusOK)
345 } else if strings.HasSuffix(r.URL.String(), createEnterpriseUnitType) && r.Method == http.MethodPost {
346 checkAuthToken(w, r)
347 body, err := io.ReadAll(r.Body)
348 assert.NoError(t, err)
349 assert.NotEmpty(t, body)
350 w.WriteHeader(http.StatusOK)
351 } else if strings.HasSuffix(r.URL.String(), createUserAccessKeyPath) && r.Method == http.MethodPost {
352 checkAuthToken(w, r)
353 body, err := io.ReadAll(r.Body)
354 assert.NoError(t, err)
355 assert.NotEmpty(t, body)
356 req := &AccessKeyRequest{}
357 err = json.Unmarshal(body, req)
358 assert.NoError(t, err)
359 assert.NotEmpty(t, req.UserID.Username)
360 res := &AccessKeyResponse{
361 SharedKey: testSharedKey,
362 SecretKey: testSecretKey,
363 UserID: UserID{Username: req.UserID.Username},
364 Active: true,
365 CreationTimestamp: time.Now(),
366 }
367 edgeOrgsResponse, err := json.Marshal(res)
368 assert.NoError(t, err)
369 _, err = w.Write(edgeOrgsResponse)
370 assert.NoError(t, err)
371 } else if strings.HasSuffix(r.URL.String(), testOrganization) && r.Method == http.MethodGet {
372 checkAuthToken(w, r)
373 edgeOrg := &OrganizationViewData{
374 ID: "5dcabc872e4f4c37975fa3ff16022910",
375 Description: "",
376 DisplayName: testOrganization,
377 OrganizationName: testOrganization,
378 Parent: true,
379 }
380 edgeOrgsResponse, err := json.Marshal(edgeOrg)
381 assert.NoError(t, err)
382 _, err = w.Write(edgeOrgsResponse)
383 assert.NoError(t, err)
384 } else {
385 w.WriteHeader(http.StatusNotFound)
386 }
387 }))
388 return srv
389 }
390
391 func checkAuthToken(w http.ResponseWriter, r *http.Request) {
392 authToken := r.Header.Get("Authorization")
393 if authToken == "" {
394 w.WriteHeader(http.StatusForbidden)
395 }
396 }
397
View as plain text