package iam_test import ( "context" "log" "net/http" "os" "testing" "github.com/stretchr/testify/assert" "google.golang.org/api/cloudresourcemanager/v1" "google.golang.org/api/option" "edge-infra.dev/pkg/lib/gcp/iam" "edge-infra.dev/pkg/lib/gcp/iam/utils" ) const ( testProject = "test" projectID = "projects/test" testServiceAccountEmail = "test-app@appspot.gserviceaccount.com" testOauth2ClientID = "test-oauth-2-client-id" displayName = "test-sa" description = "Test Service Account" accountID = "test-account-id" roleName = "test-role" roleTitle = "Test Role" roleDescription = "Test Role Description" ) var ( rolePermissions = []string{"compute.addresses.get", "compute.autoscalers.get", "compute.backendBuckets.get"} ) var ( hc *http.Client iamservice *iam.IAMService crmservice *iam.CloudResourceManagerService closer func() ) func TestMain(m *testing.M) { hc, closer = utils.NewIAMTestServer(projectID, testProject, testServiceAccountEmail, testOauth2ClientID) ctx := context.Background() iamService, err := iam.NewIAMService(ctx, option.WithHTTPClient(hc)) if err != nil { log.Fatal(err) } crmService, err := iam.NewCRMService(ctx, option.WithHTTPClient(hc)) if err != nil { log.Fatal(err) } iamservice = iamService crmservice = crmService run := m.Run() closer() os.Exit(run) } func TestCreateServiceAccount(t *testing.T) { ctx := context.Background() assert.NotNil(t, iamservice) sa := iam.NewServiceAccount(displayName, description) actualSARequest := iam.NewServiceAccountRequest(accountID, sa) sa, err := iamservice.CreateServiceAccount(ctx, projectID, actualSARequest) assert.NoError(t, err) assert.NotEmpty(t, sa) } func TestGetServiceAccount(t *testing.T) { ctx := context.Background() assert.NotNil(t, iamservice) sa, err := iamservice.GetServiceAccount(ctx, projectID) assert.NoError(t, err) assert.NotEmpty(t, sa) } func TestCreateServiceAccountKey(t *testing.T) { ctx := context.Background() assert.NotNil(t, iamservice) saKeyRequest := iam.NewServiceAccountKeyRequest() saKey, err := iamservice.CreateServiceAccountKey(ctx, projectID, saKeyRequest) assert.NoError(t, err) assert.NotEmpty(t, saKey) } func TestCreateIamRole(t *testing.T) { ctx := context.Background() assert.NotNil(t, iamservice) role := iam.CreateRole(roleTitle, roleDescription, rolePermissions) roleRequest := iam.CreateRoleRequest(roleName, role) roleResponse, err := iamservice.CreateRole(ctx, projectID, roleRequest) assert.NoError(t, err) assert.NotEmpty(t, roleResponse) } func TestGetPolicy(t *testing.T) { ctx := context.Background() assert.NotNil(t, crmservice) policy, err := crmservice.GetPolicy(ctx, testProject) assert.NoError(t, err) assert.NotEmpty(t, policy) } func TestSetPolicy(t *testing.T) { ctx := context.Background() assert.NotNil(t, crmservice) expectedPolicy := &cloudresourcemanager.Policy{ Bindings: []*cloudresourcemanager.Binding{ { Role: "roles/test.testRole", Members: []string{"testsa@test.com"}, }, }, } policy, err := crmservice.SetPolicy(ctx, testProject, expectedPolicy) assert.NoError(t, err) assert.NotEmpty(t, policy) }