1 package rulestest
2
3 import (
4 "fmt"
5 "net/http"
6 "testing"
7
8 "edge-infra.dev/test/f2"
9 "edge-infra.dev/test/f2/x/postgres"
10
11 "github.com/gin-gonic/gin"
12 "github.com/stretchr/testify/require"
13 )
14
15 const (
16 insertCommandQuery = `INSERT INTO ea_rules_commands (command_id, name) VALUES ('%s','%s');`
17 insertPrivilegeQuery = `INSERT INTO ea_rules_privileges (privilege_id, name) VALUES ('%s','%s');`
18 insertDefaultRule = `INSERT INTO ea_rules_default (command_id, privilege_id) VALUES ('%s','%s');`
19 )
20
21 var (
22 deleteTestPrivs = [][]string{
23 {uuid1, "basic"},
24 {uuid2, "read"},
25 {uuid3, "write"},
26 {uuid4, "admin"},
27 }
28 deleteTestCommands = [][]string{
29 {uuid1, "ls"},
30 {uuid2, "echo"},
31 {uuid3, "touch"},
32 {uuid4, "kubectl"},
33 }
34 deleteTestDefaultRules = [][]string{
35 {deleteTestCommands[0][0], deleteTestPrivs[0][0]},
36 {deleteTestCommands[1][0], deleteTestPrivs[0][0]},
37 {deleteTestCommands[1][0], deleteTestPrivs[1][0]},
38 {deleteTestCommands[2][0], deleteTestPrivs[1][0]},
39 {deleteTestCommands[2][0], deleteTestPrivs[2][0]},
40 {deleteTestCommands[3][0], deleteTestPrivs[3][0]},
41 }
42 )
43
44 func deleteTestSeedData(query string, data [][]string) []string {
45 res := []string{}
46 for _, args := range data {
47 res = append(res, fmt.Sprintf(query, args[0], args[1]))
48 }
49 return res
50 }
51
52 func TestDeleteDefaultRuleEndpoints(t *testing.T) {
53 var (
54
55 rulesEngine *gin.Engine
56 )
57
58 feat := f2.NewFeature("Admin Delete Default Rules").
59 Setup("Create Rules Engine server", func(ctx f2.Context, t *testing.T) f2.Context {
60 var db = postgres.FromContextT(ctx, t).DB()
61 rulesEngine, _ = setupRulesEngine(t, db)
62 return ctx
63 }).
64 Setup("Add privilege data", func(ctx f2.Context, t *testing.T) f2.Context {
65 var (
66 db = postgres.FromContextT(ctx, t).DB()
67 )
68 queries := deleteTestSeedData(insertPrivilegeQuery, deleteTestPrivs)
69 for _, q := range queries {
70 _, err := db.ExecContext(ctx, q)
71 require.NoError(t, err)
72 }
73 return ctx
74 }).
75 Setup("Add command data", func(ctx f2.Context, t *testing.T) f2.Context {
76 var (
77 db = postgres.FromContextT(ctx, t).DB()
78 )
79 queries := deleteTestSeedData(insertCommandQuery, deleteTestCommands)
80 for _, q := range queries {
81 _, err := db.ExecContext(ctx, q)
82 require.NoError(t, err)
83 }
84 return ctx
85 }).
86 Setup("Add default rules data", func(ctx f2.Context, t *testing.T) f2.Context {
87 var (
88 db = postgres.FromContextT(ctx, t).DB()
89 )
90 queries := deleteTestSeedData(insertDefaultRule, deleteTestDefaultRules)
91 for _, q := range queries {
92 _, err := db.ExecContext(ctx, q)
93 require.NoError(t, err)
94 }
95 return ctx
96 }).
97 Test("Delete rule for command with multiple privileges", func(ctx f2.Context, t *testing.T) f2.Context {
98 test := testCase{
99 url: "/admin/rules/default/commands/echo/privileges/basic",
100 method: http.MethodDelete,
101
102 expectedStatus: http.StatusOK,
103 expectedOut: "",
104 }
105 return testEndpoint(ctx, t, rulesEngine, test)
106 }).
107 Test("Delete rule for command with one privilege", func(ctx f2.Context, t *testing.T) f2.Context {
108 test := testCase{
109 url: "/admin/rules/default/commands/kubectl/privileges/admin",
110 method: http.MethodDelete,
111
112 expectedStatus: http.StatusOK,
113 expectedOut: "",
114 }
115 return testEndpoint(ctx, t, rulesEngine, test)
116 }).
117 Test("Delete rule with unknown command", func(ctx f2.Context, t *testing.T) f2.Context {
118 test := testCase{
119 url: "/admin/rules/default/commands/unknown-command/privileges/basic",
120 method: http.MethodDelete,
121
122 expectedStatus: http.StatusNotFound,
123 expectedOut: `{
124 "errors": [
125 {
126 "type":"Unknown Command",
127 "command":"unknown-command"
128 }
129 ]
130 }`,
131 }
132 return testEndpoint(ctx, t, rulesEngine, test)
133 }).
134 Test("Delete rule with unknown privilege", func(ctx f2.Context, t *testing.T) f2.Context {
135 test := testCase{
136 url: "/admin/rules/default/commands/ls/privileges/unknown-privilege",
137 method: http.MethodDelete,
138
139 expectedStatus: http.StatusNotFound,
140 expectedOut: `{
141 "errors": [
142 {
143 "type":"Unknown Privilege",
144 "privilege":"unknown-privilege"
145 }
146 ]
147 }`,
148 }
149 return testEndpoint(ctx, t, rulesEngine, test)
150 }).
151 Test("Delete rule with unknown command and privilege", func(ctx f2.Context, t *testing.T) f2.Context {
152 test := testCase{
153 url: "/admin/rules/default/commands/unknown-command/privileges/unknown-privilege",
154 method: http.MethodDelete,
155
156 expectedStatus: http.StatusNotFound,
157 expectedOut: `{
158 "errors": [
159 {
160 "type":"Unknown Command",
161 "command":"unknown-command"
162 },
163 {
164 "type":"Unknown Privilege",
165 "privilege":"unknown-privilege"
166 }
167 ]
168 }`,
169 }
170 return testEndpoint(ctx, t, rulesEngine, test)
171 }).
172 Test("Delete non-existent rule with valid parameters", func(ctx f2.Context, t *testing.T) f2.Context {
173 test := testCase{
174 url: "/admin/rules/default/commands/kubectl/privileges/basic",
175 method: http.MethodDelete,
176
177 expectedStatus: http.StatusNotFound,
178 expectedOut: `{
179 "errors": [
180 {
181 "type":"Unknown Rule association",
182 "command":"kubectl",
183 "privilege":"basic"
184 }
185 ]
186 }`,
187 }
188 return testEndpoint(ctx, t, rulesEngine, test)
189 }).
190 Test("Confirm Expected State", func(ctx f2.Context, t *testing.T) f2.Context {
191 test := testCase{
192 url: "/admin/rules/default/commands",
193 method: http.MethodGet,
194
195 expectedStatus: http.StatusOK,
196 expectedOut: fmt.Sprintf(`[
197 {
198 "command": {
199 "name":"ls",
200 "id":"%s"
201 },
202 "privileges": [
203 {
204 "name":"basic",
205 "id":"%s"
206 }
207 ]
208 },
209 {
210 "command": {
211 "name":"echo",
212 "id":"%s"
213 },
214 "privileges": [
215 {
216 "name":"read",
217 "id":"%s"
218 }
219 ]
220 },
221 {
222 "command": {
223 "name":"touch",
224 "id":"%s"
225 },
226 "privileges": [
227 {
228 "name":"read",
229 "id":"%s"
230 },
231 {
232 "name":"write",
233 "id":"%s"
234 }
235 ]
236 }
237 ]`, uuid1, uuid1, uuid2, uuid2, uuid3, uuid2, uuid3),
238 }
239 return testEndpoint(ctx, t, rulesEngine, test)
240 }).
241 Feature()
242
243
244 f.Test(t, feat)
245 }
246
View as plain text