package rulestest import ( "fmt" "net/http" "testing" "edge-infra.dev/test/f2" "edge-infra.dev/test/f2/x/postgres" "github.com/gin-gonic/gin" "github.com/stretchr/testify/require" ) const ( insertCommandQuery = `INSERT INTO ea_rules_commands (command_id, name) VALUES ('%s','%s');` insertPrivilegeQuery = `INSERT INTO ea_rules_privileges (privilege_id, name) VALUES ('%s','%s');` insertDefaultRule = `INSERT INTO ea_rules_default (command_id, privilege_id) VALUES ('%s','%s');` ) var ( deleteTestPrivs = [][]string{ {uuid1, "basic"}, {uuid2, "read"}, {uuid3, "write"}, {uuid4, "admin"}, } deleteTestCommands = [][]string{ {uuid1, "ls"}, {uuid2, "echo"}, {uuid3, "touch"}, {uuid4, "kubectl"}, } deleteTestDefaultRules = [][]string{ {deleteTestCommands[0][0], deleteTestPrivs[0][0]}, {deleteTestCommands[1][0], deleteTestPrivs[0][0]}, {deleteTestCommands[1][0], deleteTestPrivs[1][0]}, {deleteTestCommands[2][0], deleteTestPrivs[1][0]}, {deleteTestCommands[2][0], deleteTestPrivs[2][0]}, {deleteTestCommands[3][0], deleteTestPrivs[3][0]}, } ) func deleteTestSeedData(query string, data [][]string) []string { res := []string{} for _, args := range data { res = append(res, fmt.Sprintf(query, args[0], args[1])) } return res } func TestDeleteDefaultRuleEndpoints(t *testing.T) { var ( // buf *bytes.Buffer rulesEngine *gin.Engine ) feat := f2.NewFeature("Admin Delete Default Rules"). Setup("Create Rules Engine server", func(ctx f2.Context, t *testing.T) f2.Context { var db = postgres.FromContextT(ctx, t).DB() rulesEngine, _ = setupRulesEngine(t, db) return ctx }). Setup("Add privilege data", func(ctx f2.Context, t *testing.T) f2.Context { var ( db = postgres.FromContextT(ctx, t).DB() ) queries := deleteTestSeedData(insertPrivilegeQuery, deleteTestPrivs) for _, q := range queries { _, err := db.ExecContext(ctx, q) require.NoError(t, err) } return ctx }). Setup("Add command data", func(ctx f2.Context, t *testing.T) f2.Context { var ( db = postgres.FromContextT(ctx, t).DB() ) queries := deleteTestSeedData(insertCommandQuery, deleteTestCommands) for _, q := range queries { _, err := db.ExecContext(ctx, q) require.NoError(t, err) } return ctx }). Setup("Add default rules data", func(ctx f2.Context, t *testing.T) f2.Context { var ( db = postgres.FromContextT(ctx, t).DB() ) queries := deleteTestSeedData(insertDefaultRule, deleteTestDefaultRules) for _, q := range queries { _, err := db.ExecContext(ctx, q) require.NoError(t, err) } return ctx }). Test("Delete rule for command with multiple privileges", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/echo/privileges/basic", method: http.MethodDelete, expectedStatus: http.StatusOK, expectedOut: "", } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Delete rule for command with one privilege", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/kubectl/privileges/admin", method: http.MethodDelete, expectedStatus: http.StatusOK, expectedOut: "", } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Delete rule with unknown command", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/unknown-command/privileges/basic", method: http.MethodDelete, expectedStatus: http.StatusNotFound, expectedOut: `{ "errors": [ { "type":"Unknown Command", "command":"unknown-command" } ] }`, } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Delete rule with unknown privilege", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/ls/privileges/unknown-privilege", method: http.MethodDelete, expectedStatus: http.StatusNotFound, expectedOut: `{ "errors": [ { "type":"Unknown Privilege", "privilege":"unknown-privilege" } ] }`, } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Delete rule with unknown command and privilege", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/unknown-command/privileges/unknown-privilege", method: http.MethodDelete, expectedStatus: http.StatusNotFound, expectedOut: `{ "errors": [ { "type":"Unknown Command", "command":"unknown-command" }, { "type":"Unknown Privilege", "privilege":"unknown-privilege" } ] }`, } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Delete non-existent rule with valid parameters", func(ctx f2.Context, t *testing.T) f2.Context { test := testCase{ url: "/admin/rules/default/commands/kubectl/privileges/basic", method: http.MethodDelete, expectedStatus: http.StatusNotFound, expectedOut: `{ "errors": [ { "type":"Unknown Rule association", "command":"kubectl", "privilege":"basic" } ] }`, } return testEndpoint(ctx, t, rulesEngine, test) }). Test("Confirm Expected State", func(ctx f2.Context, t *testing.T) f2.Context { // Make sure this is up to date if we add more tests test := testCase{ url: "/admin/rules/default/commands", method: http.MethodGet, expectedStatus: http.StatusOK, expectedOut: fmt.Sprintf(`[ { "command": { "name":"ls", "id":"%s" }, "privileges": [ { "name":"basic", "id":"%s" } ] }, { "command": { "name":"echo", "id":"%s" }, "privileges": [ { "name":"read", "id":"%s" } ] }, { "command": { "name":"touch", "id":"%s" }, "privileges": [ { "name":"read", "id":"%s" }, { "name":"write", "id":"%s" } ] } ]`, uuid1, uuid1, uuid2, uuid2, uuid3, uuid2, uuid3), } return testEndpoint(ctx, t, rulesEngine, test) }). Feature() // Run the tests f.Test(t, feat) }