package edgebsl import ( "context" "encoding/json" "io" "net/http" "net/http/httptest" "strings" "testing" "time" "edge-infra.dev/pkg/edge/api/bsl/types" "edge-infra.dev/pkg/edge/api/graph/model" "edge-infra.dev/pkg/edge/bsl" _ "k8s.io/client-go/plugin/pkg/client/auth" "github.com/stretchr/testify/assert" ) const ( testUsername = "test-user" testPassword = "test-password" testSharedKey = "testSharedKey" testSecretKey = "testSecretKey" testOrganization = "test-org" testForemanProject = "test-foreman0" ) func TestGetAllEdgeOrgs(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } orgs, err := b.GetAllEdgeOrgs(context.Background()) assert.NoError(t, err) assert.NotEmpty(t, orgs) assert.Equal(t, 3, len(orgs)) } func TestCreateEdgeOrgGroups(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.CreateEdgeOrgGroups(context.Background(), testOrganization) assert.NoError(t, err) } func TestAssignEdgeOrgAdminRoles(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.AssignRolesToGroups(context.Background(), testOrganization) assert.Nil(t, err) } func TestAssignEdgeBannerAdminRoles(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.AssignRolesToGroups(context.Background(), testOrganization) assert.Nil(t, err) } func TestAssignEdgeBannerViewerRoles(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.AssignRolesToGroups(context.Background(), testOrganization) assert.Nil(t, err) } func TestCreateBSLUser(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } password, err := b.CreateBSLUser(context.Background(), testOrganization, BFFUsername) assert.Nil(t, err) assert.NotEmpty(t, password) } func TestAssignBSLUserToGroup(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.AssignBSLUserToGroup(context.Background(), testOrganization, string(model.RoleEdgeSuperAdmin), BFFUsername) assert.Nil(t, err) } func TestCreateBSLUserPassword(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } err := b.CreateBSLUserPassword(context.Background(), testOrganization, BFFUsername, testPassword) assert.Nil(t, err) } func TestCreateEnterpriseUnitType(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } name := "organization" description := "EU type for Edge Org." err := b.CreateEnterpriseUnitType(context.Background(), testOrganization, name, description) assert.Nil(t, err) } func TestCreateBSLUserAccessKey(t *testing.T) { srv := createBSLServer(t, false) defer srv.Close() b := &BslConfig{ RootURI: srv.URL, AccessKey: &bsl.AccessKey{ SharedKey: testSharedKey, SecretKey: testSecretKey, }, } res, err := b.CreateBSLUserAccessKey(context.Background(), testOrganization, testUsername) assert.Nil(t, err) assert.NotNil(t, res) assert.Equal(t, testSharedKey, res.SharedKey) assert.Equal(t, testSecretKey, res.SecretKey) assert.Equal(t, bsl.CreateFullAccountName(&types.AuthUser{Organization: testOrganization, Username: testUsername}), res.UserID.Username) assert.True(t, res.Active) assert.False(t, res.CreationTimestamp.IsZero()) assert.True(t, res.DeactivationTimestamp.IsZero()) } func TestNewBFFUserRequest(t *testing.T) { actual := newBFFUserRequest(BFFUsername) expected := &BFFUserRequest{ Username: BFFUsername, Email: "bffuser@ncr.com", FullName: "Edge BFF", GivenName: "BFF", FamilyName: "Edge", TelephoneNumber: "000-000-0000", Status: "ACTIVE", Address: &BFFUserAddress{ City: "Atlanta", Country: "USA", PostalCode: "30303", State: "GA", Street: "Spring St", }, } assert.Equal(t, expected, actual) } func TestNewEnterpriseTypeRequest(t *testing.T) { name := "test-ent" description := "test ent description" actual := newEnterpriseTypeRequest(name, description) expected := &EnterpriseType{ Name: name, Description: description, } assert.Equal(t, expected, actual) } func TestNewEdgeOrgGroupMembership(t *testing.T) { groupName := "test-group" username := "test-user" actual := newEdgeOrgGroupMembership(groupName, username) expected := &EdgeOrgGroupMembership{ GroupName: groupName, Members: []EdgeOrgGroupMember{ { Username: username, }, }, } assert.Equal(t, expected, actual) } func TestBFFUserPasswordResetRequest(t *testing.T) { actual := newBFFUserPasswordResetRequest(testUsername, testPassword) expected := &BFFUserPasswordReset{ Username: testUsername, Password: testPassword, } assert.Equal(t, expected, actual) } func TestGenerateBFFUserPassword(t *testing.T) { password, err := generateBFFUserPassword() assert.NoError(t, err) assert.NotEmpty(t, password) } // createBSLServer creates a bsl mock server func createBSLServer(t *testing.T, isIntegrationTest bool) *httptest.Server { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { assert.Equal(t, "application/json", r.Header.Get("Content-Type")) if strings.HasSuffix(r.URL.String(), createBslGroupPath) && r.Method == http.MethodPost { //nolint checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) data := &EdgeOrgGroup{} err = json.Unmarshal(body, data) assert.NoError(t, err) assert.NotEmpty(t, data) w.WriteHeader(http.StatusOK) } else if strings.Contains(r.URL.String(), getEdgeOrgs) && r.Method == http.MethodGet { mockOrgList := []AllEdgeOrgsPageContent{ { DisplayName: "test-1", ID: "test-1", Parent: true, OrganizationName: "/test_root_org/test-prefix-test-1", FullyQualifiedName: "/test_root_org/test-prefix-test-1/", }, { DisplayName: "test-2", ID: "test-2", Parent: true, OrganizationName: "/test_root_org/test-prefix-test-2", FullyQualifiedName: "/test_root_org/test-prefix-test-2/", }, { DisplayName: "test-3", ID: "test-3", Parent: true, OrganizationName: "/test_root_org/test-prefix-test-3", FullyQualifiedName: "/test_root_org/test-prefix-test-3/", }, { DisplayName: "test-4", ID: "test-4", Parent: false, OrganizationName: "/test_root_org/test-prefix-test-4/banner", FullyQualifiedName: "/test_root_org/test-prefix-test-4/banner/", }, } if isIntegrationTest { mockOrgList = []AllEdgeOrgsPageContent{} } checkAuthToken(w, r) edgeOrgs := &AllEdgeOrgs{ PageNumber: 0, PageContent: mockOrgList, } edgeOrgsResponse, err := json.Marshal(edgeOrgs) assert.NoError(t, err) _, err = w.Write(edgeOrgsResponse) assert.NoError(t, err) } else if strings.HasSuffix(r.URL.String(), createBslUserPath) && r.Method == http.MethodPost { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) user := &BFFUserRequest{} err = json.Unmarshal(body, user) assert.NoError(t, err) _, err = w.Write(body) assert.NoError(t, err) } else if strings.HasSuffix(r.URL.String(), grantRoleToRootUser) && r.Method == http.MethodPost { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) edgeOrgMembership := &EdgeOrgGroupMembership{} err = json.Unmarshal(body, edgeOrgMembership) if edgeOrgMembership.GroupName == "EDGE_ORG_ADMIN" { assert.Equal(t, string(model.RoleEdgeOrgAdmin), edgeOrgMembership.GroupName) } else { assert.Equal(t, string(model.RoleEdgeSuperAdmin), edgeOrgMembership.GroupName) } assert.NoError(t, err) w.WriteHeader(http.StatusOK) } else if strings.HasSuffix(r.URL.String(), grantBslRolePath) && r.Method == http.MethodPost { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) _, err = w.Write(body) assert.NoError(t, err) } else if strings.HasSuffix(r.URL.String(), resetBslUserPasswordPath) && r.Method == http.MethodPut { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) user := &BFFUserPasswordReset{} err = json.Unmarshal(body, user) assert.NoError(t, err) w.WriteHeader(http.StatusOK) } else if strings.HasSuffix(r.URL.String(), createEnterpriseUnitType) && r.Method == http.MethodPost { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) w.WriteHeader(http.StatusOK) } else if strings.HasSuffix(r.URL.String(), createUserAccessKeyPath) && r.Method == http.MethodPost { checkAuthToken(w, r) body, err := io.ReadAll(r.Body) assert.NoError(t, err) assert.NotEmpty(t, body) req := &AccessKeyRequest{} err = json.Unmarshal(body, req) assert.NoError(t, err) assert.NotEmpty(t, req.UserID.Username) res := &AccessKeyResponse{ SharedKey: testSharedKey, SecretKey: testSecretKey, UserID: UserID{Username: req.UserID.Username}, Active: true, CreationTimestamp: time.Now(), } edgeOrgsResponse, err := json.Marshal(res) assert.NoError(t, err) _, err = w.Write(edgeOrgsResponse) assert.NoError(t, err) } else if strings.HasSuffix(r.URL.String(), testOrganization) && r.Method == http.MethodGet { checkAuthToken(w, r) edgeOrg := &OrganizationViewData{ ID: "5dcabc872e4f4c37975fa3ff16022910", Description: "", DisplayName: testOrganization, OrganizationName: testOrganization, Parent: true, } edgeOrgsResponse, err := json.Marshal(edgeOrg) assert.NoError(t, err) _, err = w.Write(edgeOrgsResponse) assert.NoError(t, err) } else { w.WriteHeader(http.StatusNotFound) } })) return srv } func checkAuthToken(w http.ResponseWriter, r *http.Request) { authToken := r.Header.Get("Authorization") if authToken == "" { w.WriteHeader(http.StatusForbidden) } }