github.com/Axway/agent-sdk@v1.1.101/pkg/agent/aclupdatejob_test.go (about) 1 package agent 2 3 import ( 4 "encoding/json" 5 "io" 6 "net/http" 7 "net/http/httptest" 8 "strings" 9 "testing" 10 11 v1 "github.com/Axway/agent-sdk/pkg/apic/apiserver/models/api/v1" 12 management "github.com/Axway/agent-sdk/pkg/apic/apiserver/models/management/v1alpha1" 13 "github.com/Axway/agent-sdk/pkg/apic/definitions" 14 "github.com/Axway/agent-sdk/pkg/util" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func generateTestACL(name string, teams []string) *management.AccessControlList { 19 acl := &management.AccessControlList{ 20 ResourceMeta: v1.ResourceMeta{ 21 GroupVersionKind: management.AccessControlListGVK(), 22 Name: name, 23 Title: name, 24 }, 25 Spec: management.AccessControlListSpec{ 26 Rules: []management.AccessRules{ 27 { 28 Access: []management.AccessLevelScope{ 29 { 30 Level: "scope", 31 }, 32 }, 33 }, 34 }, 35 }, 36 } 37 38 // Add all the teams 39 acl.Spec.Subjects = make([]v1.Owner, 0) 40 for _, id := range teams { 41 acl.Spec.Subjects = append(acl.Spec.Subjects, v1.Owner{ 42 Type: v1.TeamOwner, 43 ID: id, 44 }) 45 } 46 return acl 47 } 48 49 func TestACLUpdateHandlerJob(t *testing.T) { 50 testCases := []struct { 51 name string 52 envName string 53 teamSets [][]string 54 aclCached []bool 55 }{ 56 { 57 name: "No ACL-One Team", 58 envName: "Environment", 59 teamSets: [][]string{ 60 {}, 61 {"TeamA"}, 62 {}, 63 }, 64 aclCached: []bool{false, true, true}, 65 }, 66 { 67 name: "Existing ACL-Team Known", 68 envName: "Environment", 69 teamSets: [][]string{ 70 {"TeamA"}, 71 {"TeamA"}, 72 {}, 73 }, 74 aclCached: []bool{true, true, true}, 75 }, 76 { 77 name: "Existing ACL-Only Init Teams", 78 envName: "Environment", 79 teamSets: [][]string{ 80 {"TeamA"}, 81 {"TeamA", "TeamB", "TeamC"}, 82 {}, 83 }, 84 aclCached: []bool{true, true, true}, 85 }, 86 { 87 name: "No ACL-Same Team 3x", 88 envName: "Environment", 89 teamSets: [][]string{ 90 {}, 91 {"TeamA", "TeamA", "TeamA"}, 92 {}, 93 }, 94 aclCached: []bool{false, true, true}, 95 }, 96 { 97 name: "No ACL-Init Teams-New Teams", 98 envName: "Environment", 99 teamSets: [][]string{ 100 {}, 101 {"TeamA"}, 102 {"TeamB", "TeamC"}, 103 }, 104 aclCached: []bool{false, true, true}, 105 }, 106 { 107 name: "Existing ACL-Init Teams-New Teams", 108 envName: "Environment", 109 teamSets: [][]string{ 110 {"TeamA"}, 111 {"TeamA", "TeamB"}, 112 {"TeamC", "TeamD"}, 113 }, 114 aclCached: []bool{true, true, true}, 115 }, 116 } 117 118 for _, test := range testCases { 119 t.Run(test.name, func(t *testing.T) { 120 // initialize the http responses 121 s := httptest.NewServer(http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { 122 if strings.Contains(req.RequestURI, "/auth") { 123 token := "{\"access_token\":\"somevalue\",\"expires_in\": 12235677}" 124 resp.Write([]byte(token)) 125 } 126 if strings.Contains(req.RequestURI, "/apis/management/v1alpha1/environments/"+test.envName+"/accesscontrollists") { 127 aclReturn, _ := io.ReadAll(req.Body) 128 resp.WriteHeader(http.StatusCreated) 129 resp.Write(aclReturn) 130 } 131 })) 132 defer s.Close() 133 134 cfg := createCentralCfg(s.URL, test.envName) 135 resetResources() 136 err := Initialize(cfg) 137 assert.Nil(t, err) 138 139 // create the job to test 140 job := newACLUpdateJob() 141 142 combinedTeams := make([]string, 0) 143 for i, teamList := range test.teamSets { 144 combinedTeams = append(combinedTeams, teamList...) 145 combinedTeams = util.RemoveDuplicateValuesFromStringSlice(combinedTeams) 146 expectedACL := generateTestACL(job.getACLName(), combinedTeams) 147 148 // load api services with the teams 149 for _, team := range combinedTeams { 150 agent.cacheManager.AddAPIService(&v1.ResourceInstance{ 151 ResourceMeta: v1.ResourceMeta{ 152 GroupVersionKind: management.APIServiceGVK(), 153 Name: team, 154 Title: team, 155 SubResources: map[string]interface{}{ 156 definitions.XAgentDetails: map[string]interface{}{ 157 definitions.AttrExternalAPIID: team, 158 }, 159 }, 160 }, 161 Owner: &v1.Owner{ 162 Type: v1.TeamOwner, 163 ID: team, 164 }, 165 }) 166 } 167 168 // adjust the wait time and start the job 169 job.Execute() 170 171 // acl from cache 172 if test.aclCached[i] { 173 var acl management.AccessControlList 174 cachedACL := agent.cacheManager.GetAccessControlList() 175 acl.FromInstance(cachedACL) 176 assert.Equal(t, len(expectedACL.Spec.Subjects), len(acl.Spec.Subjects)) 177 } else { 178 assert.Nil(t, agent.cacheManager.GetAccessControlList()) 179 } 180 } 181 }) 182 } 183 } 184 185 func TestInitializeACLJob(t *testing.T) { 186 tests := []struct { 187 name string 188 loadCache bool 189 returnACL bool 190 apiCalled bool 191 }{ 192 { 193 name: "ACL not in cache or Central", 194 loadCache: false, 195 returnACL: false, 196 apiCalled: true, 197 }, 198 { 199 name: "ACL in cache", 200 loadCache: true, 201 returnACL: false, 202 apiCalled: false, 203 }, 204 { 205 name: "ACL not in cache, on Central", 206 loadCache: false, 207 returnACL: true, 208 apiCalled: true, 209 }, 210 } 211 for _, tt := range tests { 212 t.Run(tt.name, func(t *testing.T) { 213 var expectedACL *management.AccessControlList 214 var apiCalled bool 215 // initialize the http responses 216 s := httptest.NewServer(http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { 217 if strings.Contains(req.RequestURI, "/auth") { 218 token := "{\"access_token\":\"somevalue\",\"expires_in\": 12235677}" 219 resp.Write([]byte(token)) 220 } 221 if strings.Contains(req.RequestURI, "/accesscontrollists") { 222 switch { 223 case tt.returnACL: 224 resp.WriteHeader(http.StatusOK) 225 data, _ := json.Marshal(expectedACL) 226 resp.Write(data) 227 default: 228 resp.WriteHeader(http.StatusNotFound) 229 } 230 apiCalled = true 231 } 232 })) 233 defer s.Close() 234 235 cfg := createCentralCfg(s.URL, "environment") 236 resetResources() 237 err := Initialize(cfg) 238 assert.Nil(t, err) 239 240 job := newACLUpdateJob() 241 expectedACL = generateTestACL(job.getACLName(), []string{"TeamA", "TeamB"}) 242 243 if tt.loadCache { 244 aclInstance, _ := expectedACL.AsInstance() 245 agent.cacheManager.SetAccessControlList(aclInstance) 246 } 247 248 job.initializeACLJob() 249 250 cachedACL := agent.cacheManager.GetAccessControlList() 251 if tt.loadCache || tt.returnACL { 252 assert.NotNil(t, cachedACL) 253 var acl management.AccessControlList 254 acl.FromInstance(cachedACL) 255 assert.True(t, assert.ObjectsAreEqualValues(expectedACL.Spec.Subjects, acl.Spec.Subjects)) 256 } else { 257 assert.Nil(t, cachedACL) 258 } 259 assert.Equal(t, tt.apiCalled, apiCalled) 260 }) 261 } 262 }