1
16
17 package integration
18
19 import (
20 "context"
21 "testing"
22
23 "github.com/okta/okta-sdk-golang/v2/okta"
24 "github.com/okta/okta-sdk-golang/v2/tests"
25
26 "github.com/stretchr/testify/assert"
27 "github.com/stretchr/testify/require"
28 )
29
30 const ADMIN_GROUP_NAME = "Assign Admin Role To Group"
31
32 func Test_can_add_an_admin_role_to_user(t *testing.T) {
33 ctx, client, err := tests.NewClient(context.TODO())
34 require.NoError(t, err)
35 p := &okta.PasswordCredential{
36 Value: "Abcd1234",
37 }
38 uc := &okta.UserCredentials{
39 Password: p,
40 }
41 profile := okta.UserProfile{}
42 profile["firstName"] = "John"
43 profile["lastName"] = "add_admin_role"
44 profile["email"] = randomEmail()
45 profile["login"] = profile["email"]
46 u := &okta.CreateUserRequest{
47 Credentials: uc,
48 Profile: &profile,
49 }
50
51 user, _, err := client.User.CreateUser(ctx, *u, nil)
52 require.NoError(t, err, "Creating a new user should not error")
53 role := okta.AssignRoleRequest{
54 Type: "SUPER_ADMIN",
55 }
56 createdRole, response, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
57 require.NoError(t, err, "adding role to user must not error")
58 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
59 require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
60 assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
61 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
62
63 assert.NotEmpty(t, createdRole.Id, "id should not be empty")
64 assert.NotEmpty(t, createdRole.Label, "label should not be empty")
65 assert.NotEmpty(t, createdRole.Type, "type should not be empty")
66 assert.NotEmpty(t, createdRole.Status, "status should not be empty")
67 assert.NotEmpty(t, createdRole.Created, "created should not be empty")
68 assert.NotEmpty(t, createdRole.LastUpdated, "lastUpdated should not be empty")
69
70 _, err = client.User.DeactivateUser(ctx, user.Id, nil)
71 require.NoError(t, err, "Should not error when deactivating")
72
73 _, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
74 require.NoError(t, err, "Should not error when deleting")
75 }
76
77 func Test_can_add_an_admin_role_to_group(t *testing.T) {
78 ctx, client, err := tests.NewClient(context.TODO())
79 require.NoError(t, err)
80 gp := &okta.GroupProfile{
81 Name: testName(ADMIN_GROUP_NAME),
82 }
83 g := &okta.Group{
84 Profile: gp,
85 }
86 group, _, err := client.Group.CreateGroup(ctx, *g)
87 require.NoError(t, err, "Should not error when creating a group")
88 role := okta.AssignRoleRequest{
89 Type: "ORG_ADMIN",
90 }
91 createdRole, response, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
92 require.NoError(t, err, "adding role to user must not error")
93 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
94 require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
95 assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
96 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
97
98 assert.NotEmpty(t, createdRole.Id, "id should not be empty")
99 assert.NotEmpty(t, createdRole.Label, "label should not be empty")
100 assert.NotEmpty(t, createdRole.Type, "type should not be empty")
101 assert.NotEmpty(t, createdRole.Status, "status should not be empty")
102 assert.NotEmpty(t, createdRole.Created, "created should not be empty")
103 assert.NotEmpty(t, createdRole.LastUpdated, "lastUpdated should not be empty")
104
105 _, err = client.Group.DeleteGroup(ctx, group.Id)
106 require.NoError(t, err, "Should not error when deleting a group")
107 }
108
109 func Test_can_remove_an_admin_role_to_user(t *testing.T) {
110 ctx, client, err := tests.NewClient(context.TODO())
111 require.NoError(t, err)
112 p := &okta.PasswordCredential{
113 Value: "Abcd1234",
114 }
115 uc := &okta.UserCredentials{
116 Password: p,
117 }
118 profile := okta.UserProfile{}
119 profile["firstName"] = "John"
120 profile["lastName"] = "delete_admin_role"
121 profile["email"] = randomEmail()
122 profile["login"] = profile["email"]
123 u := &okta.CreateUserRequest{
124 Credentials: uc,
125 Profile: &profile,
126 }
127
128 user, _, err := client.User.CreateUser(ctx, *u, nil)
129 require.NoError(t, err, "Creating a new user should not error")
130 role := okta.AssignRoleRequest{
131 Type: "SUPER_ADMIN",
132 }
133 createdRole, response, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
134 require.NoError(t, err, "adding role to user must not error")
135 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
136 require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
137 assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
138 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
139
140 response, err = client.User.RemoveRoleFromUser(ctx, user.Id, createdRole.Id)
141 require.NoError(t, err, "removing role from user must not error")
142 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
143 assert.Equal(t, 204, response.StatusCode, "did not return a 204")
144
145 _, err = client.User.DeactivateUser(ctx, user.Id, nil)
146 require.NoError(t, err, "Should not error when deactivating")
147
148 _, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
149 require.NoError(t, err, "Should not error when deleting")
150 }
151
152 func Test_can_remove_an_admin_role_to_group(t *testing.T) {
153 ctx, client, err := tests.NewClient(context.TODO())
154 require.NoError(t, err)
155 gp := &okta.GroupProfile{
156 Name: testName(ADMIN_GROUP_NAME),
157 }
158 g := &okta.Group{
159 Profile: gp,
160 }
161 group, _, err := client.Group.CreateGroup(ctx, *g)
162 require.NoError(t, err, "Should not error when creating a group")
163 role := okta.AssignRoleRequest{
164 Type: "ORG_ADMIN",
165 }
166 createdRole, response, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
167 require.NoError(t, err, "adding role to user must not error")
168 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
169 require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
170 assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
171 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
172
173 response, err = client.Group.RemoveRoleFromGroup(ctx, group.Id, createdRole.Id)
174 require.NoError(t, err, "removing role from group must not error")
175 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
176 assert.Equal(t, 204, response.StatusCode, "did not return a 204")
177
178 _, err = client.Group.DeleteGroup(ctx, group.Id)
179 require.NoError(t, err, "Should not error when deleting a group")
180 }
181
182 func Test_can_list_roles_assigned_to_a_user(t *testing.T) {
183 ctx, client, err := tests.NewClient(context.TODO())
184 require.NoError(t, err)
185 p := &okta.PasswordCredential{
186 Value: "Abcd1234",
187 }
188 uc := &okta.UserCredentials{
189 Password: p,
190 }
191 profile := okta.UserProfile{}
192 profile["firstName"] = "John"
193 profile["lastName"] = "list_roles"
194 profile["email"] = randomEmail()
195 profile["login"] = profile["email"]
196 u := &okta.CreateUserRequest{
197 Credentials: uc,
198 Profile: &profile,
199 }
200
201 user, _, err := client.User.CreateUser(ctx, *u, nil)
202 require.NoError(t, err, "Creating a new user should not error")
203
204 role := okta.AssignRoleRequest{
205 Type: "SUPER_ADMIN",
206 }
207
208 _, _, err = client.User.AssignRoleToUser(ctx, user.Id, role, nil)
209 require.NoError(t, err, "adding role to user must not error")
210
211 roles, response, err := client.User.ListAssignedRolesForUser(ctx, user.Id, nil)
212
213 require.NoError(t, err, "listing administrator roles must not error")
214 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
215 require.IsType(t, []*okta.Role{}, roles, "did not return `[]*okta.Role` as first variable")
216 assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
217 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
218
219 assert.NotEmpty(t, roles, "listing roles result should not be empty")
220
221 assert.NotEmpty(t, roles[0].Id, "id should not be empty")
222 assert.NotEmpty(t, roles[0].Label, "label should not be empty")
223 assert.NotEmpty(t, roles[0].Type, "type should not be empty")
224 assert.NotEmpty(t, roles[0].Status, "status should not be empty")
225 assert.NotEmpty(t, roles[0].Created, "created should not be empty")
226 assert.NotEmpty(t, roles[0].LastUpdated, "lastUpdated should not be empty")
227 assert.NotEmpty(t, roles[0].AssignmentType, "assignmentType should not be empty")
228
229 _, err = client.User.DeactivateUser(ctx, user.Id, nil)
230 require.NoError(t, err, "Should not error when deactivating")
231
232 _, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
233 require.NoError(t, err, "Should not error when deleting")
234 }
235
236 func Test_can_list_roles_assigned_to_a_group(t *testing.T) {
237 ctx, client, err := tests.NewClient(context.TODO())
238 require.NoError(t, err)
239 gp := &okta.GroupProfile{
240 Name: testName(ADMIN_GROUP_NAME),
241 }
242 g := &okta.Group{
243 Profile: gp,
244 }
245 group, _, err := client.Group.CreateGroup(ctx, *g)
246 require.NoError(t, err, "Should not error when creating a group")
247 role := okta.AssignRoleRequest{
248 Type: "ORG_ADMIN",
249 }
250 _, _, err = client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
251 require.NoError(t, err, "adding role to user must not error")
252
253 roles, response, err := client.Group.ListGroupAssignedRoles(ctx, group.Id, nil)
254
255 require.NoError(t, err, "listing administrator roles must not error")
256 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
257 require.IsType(t, []*okta.Role{}, roles, "did not return `[]*okta.Role` as first variable")
258 assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
259 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
260
261 assert.NotEmpty(t, roles, "listing roles result should not be empty")
262
263 assert.NotEmpty(t, roles[0].Id, "id should not be empty")
264 assert.NotEmpty(t, roles[0].Label, "label should not be empty")
265 assert.NotEmpty(t, roles[0].Type, "type should not be empty")
266 assert.NotEmpty(t, roles[0].Status, "status should not be empty")
267 assert.NotEmpty(t, roles[0].Created, "created should not be empty")
268 assert.NotEmpty(t, roles[0].LastUpdated, "lastUpdated should not be empty")
269 assert.NotEmpty(t, roles[0].AssignmentType, "assignmentType should not be empty")
270
271 _, err = client.Group.DeleteGroup(ctx, group.Id)
272 require.NoError(t, err, "Should not error when deleting a group")
273 }
274
275 func Test_can_add_group_targets_for_the_group_administrator_role_given_to_a_user(t *testing.T) {
276 ctx, client, err := tests.NewClient(context.TODO())
277 require.NoError(t, err)
278 p := &okta.PasswordCredential{
279 Value: "Abcd1234",
280 }
281 uc := &okta.UserCredentials{
282 Password: p,
283 }
284 profile := okta.UserProfile{}
285 profile["firstName"] = "John"
286 profile["lastName"] = "add-group-targets"
287 profile["email"] = randomEmail()
288 profile["login"] = profile["email"]
289 u := &okta.CreateUserRequest{
290 Credentials: uc,
291 Profile: &profile,
292 }
293
294 user, _, err := client.User.CreateUser(ctx, *u, nil)
295 require.NoError(t, err, "Creating a new user should not error")
296
297 role := okta.AssignRoleRequest{
298 Type: "USER_ADMIN",
299 }
300
301 gp := &okta.GroupProfile{
302 Name: testName(ADMIN_GROUP_NAME),
303 }
304 g := &okta.Group{
305 Profile: gp,
306 }
307 group, _, err := client.Group.CreateGroup(ctx, *g)
308 require.NoError(t, err, "Should not error when creating a group")
309
310 addedRole, _, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
311 require.NoError(t, err, "adding role to user must not error")
312
313 response, err := client.User.AddGroupTargetToRole(ctx, user.Id, addedRole.Id, group.Id)
314 require.NoError(t, err, "list group assignments must not error")
315 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
316 assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
317 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
318
319 _, err = client.User.DeactivateUser(ctx, user.Id, nil)
320 require.NoError(t, err, "Should not error when deactivating")
321
322 _, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
323 require.NoError(t, err, "Should not error when deleting")
324
325 _, err = client.Group.DeleteGroup(ctx, group.Id)
326 require.NoError(t, err, "Should not error when deleting a group")
327 }
328
329 func Test_can_add_group_targets_for_the_group_administrator_role_given_to_a_group(t *testing.T) {
330 ctx, client, err := tests.NewClient(context.TODO())
331 require.NoError(t, err)
332
333 role := okta.AssignRoleRequest{
334 Type: "USER_ADMIN",
335 }
336
337 gp := &okta.GroupProfile{
338 Name: testName(ADMIN_GROUP_NAME),
339 }
340 g := &okta.Group{
341 Profile: gp,
342 }
343 group, _, err := client.Group.CreateGroup(ctx, *g)
344 require.NoError(t, err, "Should not error when creating a group")
345
346 addedRole, _, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
347 require.NoError(t, err, "adding role to user must not error")
348
349 response, err := client.Group.AddGroupTargetToGroupAdministratorRoleForGroup(ctx, group.Id, addedRole.Id, group.Id)
350 require.NoError(t, err, "list group assignments must not error")
351 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
352 assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
353 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
354
355 _, err = client.Group.DeleteGroup(ctx, group.Id)
356 require.NoError(t, err, "Should not error when deleting a group")
357 }
358
359 func Test_can_list_group_targets_for_the_group_administrator_role_given_to_a_user(t *testing.T) {
360 ctx, client, err := tests.NewClient(context.TODO())
361 require.NoError(t, err)
362 p := &okta.PasswordCredential{
363 Value: "Abcd1234",
364 }
365 uc := &okta.UserCredentials{
366 Password: p,
367 }
368 profile := okta.UserProfile{}
369 profile["firstName"] = "John"
370 profile["lastName"] = "add-group-targets"
371 profile["email"] = randomEmail()
372 profile["login"] = profile["email"]
373 u := &okta.CreateUserRequest{
374 Credentials: uc,
375 Profile: &profile,
376 }
377
378 user, _, err := client.User.CreateUser(ctx, *u, nil)
379 require.NoError(t, err, "Creating a new user should not error")
380
381 role := okta.AssignRoleRequest{
382 Type: "USER_ADMIN",
383 }
384
385 gp := &okta.GroupProfile{
386 Name: testName(ADMIN_GROUP_NAME),
387 }
388 g := &okta.Group{
389 Profile: gp,
390 }
391 group, _, err := client.Group.CreateGroup(ctx, *g)
392 require.NoError(t, err, "Should not error when creating a group")
393
394 addedRole, _, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
395 require.NoError(t, err, "adding role to user must not error")
396
397 response, err := client.User.AddGroupTargetToRole(ctx, user.Id, addedRole.Id, group.Id)
398 require.NoError(t, err, "list group assignments must not error")
399 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
400 assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
401 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
402
403 listRoles, response, err := client.User.ListGroupTargetsForRole(ctx, user.Id, addedRole.Id, nil)
404 require.NoError(t, err, "list group assignments must not error")
405 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
406 require.IsType(t, []*okta.Group{}, listRoles, "did not return `[]*okta.Group` type as first variable")
407 assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
408 assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups", response.Response.Request.URL.Path, "path for request was incorrect")
409
410 assert.NotEmpty(t, listRoles[0].Id, "id should not be empty")
411 assert.NotEmpty(t, listRoles[0].ObjectClass, "objectClass should not be empty")
412 assert.NotEmpty(t, listRoles[0].Profile, "profile should not be empty")
413 assert.IsType(t, &okta.GroupProfile{}, listRoles[0].Profile, "profile should be instance of *okta.GroupProfile")
414
415 _, err = client.User.DeactivateUser(ctx, user.Id, nil)
416 require.NoError(t, err, "Should not error when deactivating")
417
418 _, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
419 require.NoError(t, err, "Should not error when deleting")
420
421 _, err = client.Group.DeleteGroup(ctx, group.Id)
422 require.NoError(t, err, "Should not error when deleting a group")
423 }
424
425 func Test_can_list_group_targets_for_the_group_administrator_role_given_to_a_group(t *testing.T) {
426 ctx, client, err := tests.NewClient(context.TODO())
427 require.NoError(t, err)
428
429 role := okta.AssignRoleRequest{
430 Type: "USER_ADMIN",
431 }
432
433 gp := &okta.GroupProfile{
434 Name: testName(ADMIN_GROUP_NAME),
435 }
436 g := &okta.Group{
437 Profile: gp,
438 }
439 group, _, err := client.Group.CreateGroup(ctx, *g)
440 require.NoError(t, err, "Should not error when creating a group")
441
442 addedRole, _, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
443 require.NoError(t, err, "adding role to user must not error")
444
445 response, err := client.Group.AddGroupTargetToGroupAdministratorRoleForGroup(ctx, group.Id, addedRole.Id, group.Id)
446 require.NoError(t, err, "list group assignments must not error")
447 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
448 assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
449 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
450
451 listRoles, response, err := client.Group.ListGroupTargetsForGroupRole(ctx, group.Id, addedRole.Id, nil)
452 require.NoError(t, err, "list group assignments must not error")
453 require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
454 require.IsType(t, []*okta.Group{}, listRoles, "did not return `[]*okta.Group` type as first variable")
455 assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
456 assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups", response.Response.Request.URL.Path, "path for request was incorrect")
457
458 assert.NotEmpty(t, listRoles[0].Id, "id should not be empty")
459 assert.NotEmpty(t, listRoles[0].ObjectClass, "objectClass should not be empty")
460 assert.NotEmpty(t, listRoles[0].Profile, "profile should not be empty")
461 assert.IsType(t, &okta.GroupProfile{}, listRoles[0].Profile, "profile should be instance of *okta.GroupProfile")
462
463 _, err = client.Group.DeleteGroup(ctx, group.Id)
464 require.NoError(t, err, "Should not error when deleting a group")
465 }
466
View as plain text