From f594b5f277385c160295e4bd5c0d327ef64dcd89 Mon Sep 17 00:00:00 2001 From: Kian Parvin Date: Thu, 29 Aug 2024 17:28:57 +0200 Subject: [PATCH] add app layer test --- internal/jimm/cloudcredential_test.go | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/internal/jimm/cloudcredential_test.go b/internal/jimm/cloudcredential_test.go index 775b48d23..f711a7ed3 100644 --- a/internal/jimm/cloudcredential_test.go +++ b/internal/jimm/cloudcredential_test.go @@ -5,6 +5,7 @@ package jimm_test import ( "context" "database/sql" + "fmt" "sync" "testing" "time" @@ -1538,6 +1539,10 @@ cloud-credentials: client-id: 1234 private-key: super-secret project-id: 5678 +- name: cred-2 + cloud: test-cloud + owner: bob@canonical.com + auth-type: certificate users: - username: alice@canonical.com controller-access: superuser @@ -1549,6 +1554,7 @@ var getCloudCredentialAttributesTests = []struct { username string hidden bool jimmAdmin bool + cred string expectAttributes map[string]string expectRedacted []string expectError string @@ -1557,16 +1563,25 @@ var getCloudCredentialAttributesTests = []struct { name: "OwnerNoHidden", username: "bob@canonical.com", jimmAdmin: true, + cred: "cred-1", expectAttributes: map[string]string{ "client-email": "bob@example.com", "client-id": "1234", "project-id": "5678", }, expectRedacted: []string{"private-key"}, +}, { + name: "OwnerNoAttributes", + username: "bob@canonical.com", + jimmAdmin: true, + cred: "cred-2", + expectAttributes: nil, + expectRedacted: nil, }, { name: "OwnerWithHidden", username: "bob@canonical.com", hidden: true, + cred: "cred-1", expectAttributes: map[string]string{ "client-email": "bob@example.com", "client-id": "1234", @@ -1577,6 +1592,7 @@ var getCloudCredentialAttributesTests = []struct { name: "SuperUserNoHidden", username: "alice@canonical.com", jimmAdmin: true, + cred: "cred-1", expectAttributes: map[string]string{ "client-email": "bob@example.com", "client-id": "1234", @@ -1588,11 +1604,13 @@ var getCloudCredentialAttributesTests = []struct { username: "alice@canonical.com", hidden: true, jimmAdmin: true, + cred: "cred-1", expectError: `unauthorized`, expectErrorCode: errors.CodeUnauthorized, }, { name: "OtherUserUnauthorized", username: "charlie@canonical.com", + cred: "cred-1", expectError: `unauthorized`, expectErrorCode: errors.CodeUnauthorized, }} @@ -1623,7 +1641,8 @@ func TestGetCloudCredentialAttributes(t *testing.T) { env.PopulateDBAndPermissions(c, j.ResourceTag(), j.Database, client) u := env.User("bob@canonical.com").DBObject(c, j.Database) userBob := openfga.NewUser(&u, client) - cred, err := j.GetCloudCredential(ctx, userBob, names.NewCloudCredentialTag("test-cloud/bob@canonical.com/cred-1")) + credTag := fmt.Sprintf("test-cloud/bob@canonical.com/%s", test.cred) + cred, err := j.GetCloudCredential(ctx, userBob, names.NewCloudCredentialTag(credTag)) c.Assert(err, qt.IsNil) u = env.User(test.username).DBObject(c, j.Database)