apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57111 Commits
5979 Branches
596 Tags
1.7 GiB
 
 
 
 
 
 
Tag: Branch: Tree: ff7ba54cbc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ff7ba54cbc'
${ noResults }
grafana/pkg/services/accesscontrol/models_test.go

129 lines
3.7 KiB
Raw Blame History

package accesscontrol
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestSaveExternalServiceRoleCommand_Validate(t *testing.T) {
tests := []struct {
name string
cmd SaveExternalServiceRoleCommand
wantID string
wantPermissions []Permission
wantErr bool
}{
{
name: "invalid no permissions",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{},
},
wantErr: true,
},
{
name: "invalid service account id",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: -1,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: true,
},
{
name: "invalid no Ext Service ID",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ServiceAccountID: 2,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: true,
},
{
name: "slugify the external service ID correctly",
cmd: SaveExternalServiceRoleCommand{
ExternalServiceID: "ThisIs a Very Strange ___ App Name?",
AssignmentOrgID: 1,
ServiceAccountID: 2,
Permissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
wantErr: false,
wantID: "thisis-a-very-strange-app-name",
},
{
name: "invalid empty Action",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{{Action: "", Scope: "users:id:1"}},
},
wantID: "app-1",
wantErr: true,
},
{
name: "permission deduplication",
cmd: SaveExternalServiceRoleCommand{
AssignmentOrgID: 1,
ExternalServiceID: "app 1",
ServiceAccountID: 2,
Permissions: []Permission{
{Action: "users:read", Scope: "users:id:1"},
{Action: "users:read", Scope: "users:id:1"},
},
},
wantErr: false,
wantID: "app-1",
wantPermissions: []Permission{{Action: "users:read", Scope: "users:id:1"}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.cmd.Validate()
if tt.wantErr {
require.Error(t, err)
return
}
require.NoError(t, err)
require.Equal(t, tt.wantID, tt.cmd.ExternalServiceID)
if tt.wantPermissions != nil {
require.ElementsMatch(t, tt.wantPermissions, tt.cmd.Permissions)
}
})
}
}
func TestPermission_ScopeSplit(t *testing.T) {
type testCase struct {
desc string
scope string
kind string
attribute string
identifier string
}
tests := []testCase{
{desc: "all fields should be empty for empty scope", scope: "", kind: "", attribute: "", identifier: ""},
{desc: "all fields should be set to * for wildcard", scope: "*", kind: "*", attribute: "*", identifier: "*"},
{desc: "kind should be specified and attribute and identifier should be * for a wildcard with kind prefix", scope: "dashboards:*", kind: "dashboards", attribute: "*", identifier: "*"},
{desc: "all fields should be set correctly", scope: "dashboards:uid:123", kind: "dashboards", attribute: "uid", identifier: "123"},
{desc: "can handle a case with : in the uid", scope: "datasources:uid:weird:name", kind: "datasources", attribute: "uid", identifier: "weird:name"},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
p := Permission{Scope: tt.scope}
kind, attribute, identifier := p.SplitScope()
assert.Equal(t, tt.kind, kind)
assert.Equal(t, tt.attribute, attribute)
assert.Equal(t, tt.identifier, identifier)
})
}
}