1 package iam_test
2
3 import (
4 "context"
5 "log"
6 "net/http"
7 "os"
8 "testing"
9
10 "github.com/stretchr/testify/assert"
11 "google.golang.org/api/cloudresourcemanager/v1"
12 "google.golang.org/api/option"
13
14 "edge-infra.dev/pkg/lib/gcp/iam"
15 "edge-infra.dev/pkg/lib/gcp/iam/utils"
16 )
17
18 const (
19 testProject = "test"
20 projectID = "projects/test"
21 testServiceAccountEmail = "test-app@appspot.gserviceaccount.com"
22 testOauth2ClientID = "test-oauth-2-client-id"
23 displayName = "test-sa"
24 description = "Test Service Account"
25 accountID = "test-account-id"
26 roleName = "test-role"
27 roleTitle = "Test Role"
28 roleDescription = "Test Role Description"
29 )
30
31 var (
32 rolePermissions = []string{"compute.addresses.get", "compute.autoscalers.get", "compute.backendBuckets.get"}
33 )
34
35 var (
36 hc *http.Client
37 iamservice *iam.IAMService
38 crmservice *iam.CloudResourceManagerService
39 closer func()
40 )
41
42 func TestMain(m *testing.M) {
43 hc, closer = utils.NewIAMTestServer(projectID, testProject, testServiceAccountEmail, testOauth2ClientID)
44 ctx := context.Background()
45 iamService, err := iam.NewIAMService(ctx, option.WithHTTPClient(hc))
46 if err != nil {
47 log.Fatal(err)
48 }
49 crmService, err := iam.NewCRMService(ctx, option.WithHTTPClient(hc))
50 if err != nil {
51 log.Fatal(err)
52 }
53 iamservice = iamService
54 crmservice = crmService
55 run := m.Run()
56 closer()
57 os.Exit(run)
58 }
59
60 func TestCreateServiceAccount(t *testing.T) {
61 ctx := context.Background()
62 assert.NotNil(t, iamservice)
63 sa := iam.NewServiceAccount(displayName, description)
64 actualSARequest := iam.NewServiceAccountRequest(accountID, sa)
65 sa, err := iamservice.CreateServiceAccount(ctx, projectID, actualSARequest)
66 assert.NoError(t, err)
67 assert.NotEmpty(t, sa)
68 }
69
70 func TestGetServiceAccount(t *testing.T) {
71 ctx := context.Background()
72 assert.NotNil(t, iamservice)
73 sa, err := iamservice.GetServiceAccount(ctx, projectID)
74 assert.NoError(t, err)
75 assert.NotEmpty(t, sa)
76 }
77
78 func TestCreateServiceAccountKey(t *testing.T) {
79 ctx := context.Background()
80 assert.NotNil(t, iamservice)
81 saKeyRequest := iam.NewServiceAccountKeyRequest()
82 saKey, err := iamservice.CreateServiceAccountKey(ctx, projectID, saKeyRequest)
83 assert.NoError(t, err)
84 assert.NotEmpty(t, saKey)
85 }
86
87 func TestCreateIamRole(t *testing.T) {
88 ctx := context.Background()
89 assert.NotNil(t, iamservice)
90 role := iam.CreateRole(roleTitle, roleDescription, rolePermissions)
91 roleRequest := iam.CreateRoleRequest(roleName, role)
92 roleResponse, err := iamservice.CreateRole(ctx, projectID, roleRequest)
93 assert.NoError(t, err)
94 assert.NotEmpty(t, roleResponse)
95 }
96
97 func TestGetPolicy(t *testing.T) {
98 ctx := context.Background()
99 assert.NotNil(t, crmservice)
100 policy, err := crmservice.GetPolicy(ctx, testProject)
101 assert.NoError(t, err)
102 assert.NotEmpty(t, policy)
103 }
104
105 func TestSetPolicy(t *testing.T) {
106 ctx := context.Background()
107 assert.NotNil(t, crmservice)
108 expectedPolicy := &cloudresourcemanager.Policy{
109 Bindings: []*cloudresourcemanager.Binding{
110 {
111 Role: "roles/test.testRole",
112 Members: []string{"testsa@test.com"},
113 },
114 },
115 }
116 policy, err := crmservice.SetPolicy(ctx, testProject, expectedPolicy)
117 assert.NoError(t, err)
118 assert.NotEmpty(t, policy)
119 }
120
View as plain text