github.com/IBM-Cloud/bluemix-go@v0.0.0-20240314082800-4e02a69b84b2/api/iampap/iampapv1/iam_policy_test.go (about)

     1  package iampapv1
     2  
     3  import (
     4  	"log"
     5  	"net/http"
     6  
     7  	bluemix "github.com/IBM-Cloud/bluemix-go"
     8  	"github.com/IBM-Cloud/bluemix-go/client"
     9  	"github.com/IBM-Cloud/bluemix-go/session"
    10  	"github.com/onsi/gomega/ghttp"
    11  
    12  	. "github.com/onsi/ginkgo"
    13  	. "github.com/onsi/gomega"
    14  )
    15  
    16  var _ = Describe("Policy", func() {
    17  	var server *ghttp.Server
    18  	AfterEach(func() {
    19  		server.Close()
    20  	})
    21  
    22  	Describe("Create", func() {
    23  		Context("When creation is successful", func() {
    24  			BeforeEach(func() {
    25  				server = ghttp.NewServer()
    26  				server.AppendHandlers(
    27  					ghttp.CombineHandlers(
    28  						ghttp.VerifyRequest(http.MethodPost, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"),
    29  						ghttp.VerifyBody([]byte(`{"roles":[{"id":"crn:v1:bluemix:public:iam::::role:Viewer"}],"resources":[{"serviceName":"metrics-service"}]}`)),
    30  						ghttp.RespondWith(http.StatusCreated, `{
    31  
    32    							"id": "81796686-5766-42ec-bd16-84894cc7f6ce",
    33    							"roles": [
    34      							{
    35        								"id": "crn:v1:bluemix:public:iam::::role:Viewer",
    36        								"displayName": "Viewer",
    37      	  							"description": "Viewers can take actions that do not change state (i.e. read only)."
    38      							}
    39  							],
    40   						    "resources": [
    41      							{
    42        								"serviceName": "metrics-service",
    43        								"accountId": "f4755e41794cfa89cb078e865975f8e5"
    44      							}
    45    							],
    46    							"links": {
    47      							"href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce",
    48      							"link": "self"
    49    							}
    50  						
    51  						}`),
    52  					),
    53  				)
    54  			})
    55  
    56  			It("should return Policy created", func() {
    57  				var role = []Roles{
    58  					Roles{
    59  						ID: "crn:v1:bluemix:public:iam::::role:Viewer",
    60  					},
    61  				}
    62  				var resource = []Resources{
    63  					Resources{
    64  						ServiceName: "metrics-service",
    65  					},
    66  				}
    67  				var iamAccessInfo = AccessPolicyRequest{
    68  					Roles:     role,
    69  					Resources: resource,
    70  				}
    71  				myPolicy, _, err := newPolicy(server.URL()).Create("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", iamAccessInfo)
    72  				Expect(err).NotTo(HaveOccurred())
    73  				Expect(myPolicy).ShouldNot(BeNil())
    74  				Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce"))
    75  				Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Viewer"))
    76  				Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Viewer"))
    77  				Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service"))
    78  				Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5"))
    79  			})
    80  		})
    81  		Context("When creation is unsuccessful", func() {
    82  			BeforeEach(func() {
    83  				server = ghttp.NewServer()
    84  				server.SetAllowUnhandledRequests(true)
    85  				server.AppendHandlers(
    86  					ghttp.CombineHandlers(
    87  						ghttp.VerifyRequest(http.MethodPost, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"),
    88  						ghttp.VerifyBody([]byte(`{"roles":[{"id":"crn:v1:bluemix:public:iam::::role:Viewer"}],"resources":[{"serviceName":"metrics-service"}]}`)),
    89  						ghttp.RespondWith(http.StatusInternalServerError, `Failed to create policy`),
    90  					),
    91  				)
    92  			})
    93  
    94  			It("should return error during policy creation", func() {
    95  				var role = []Roles{
    96  					Roles{
    97  						ID: "crn:v1:bluemix:public:iam::::role:Viewer",
    98  					},
    99  				}
   100  				var resource = []Resources{
   101  					Resources{
   102  						ServiceName: "metrics-service",
   103  					},
   104  				}
   105  				var iamAccessInfo = AccessPolicyRequest{
   106  					Roles:     role,
   107  					Resources: resource,
   108  				}
   109  				myPolicy, _, err := newPolicy(server.URL()).Create("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", iamAccessInfo)
   110  				Expect(err).To(HaveOccurred())
   111  				Expect(myPolicy).ShouldNot(BeNil())
   112  			})
   113  		})
   114  	})
   115  
   116  	Describe("Get", func() {
   117  		Context("When get is successful", func() {
   118  			BeforeEach(func() {
   119  				server = ghttp.NewServer()
   120  				server.AppendHandlers(
   121  					ghttp.CombineHandlers(
   122  						ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   123  						ghttp.RespondWith(http.StatusCreated, `{
   124  
   125    							"id": "81796686-5766-42ec-bd16-84894cc7f6ce",
   126    							"roles": [
   127      							{
   128        								"id": "crn:v1:bluemix:public:iam::::role:Viewer",
   129        								"displayName": "Viewer",
   130      	  							"description": "Viewers can take actions that do not change state (i.e. read only)."
   131      							}
   132  							],
   133   						    "resources": [
   134      							{
   135        								"serviceName": "metrics-service",
   136        								"accountId": "f4755e41794cfa89cb078e865975f8e5"
   137      							}
   138    							],
   139    							"links": {
   140      							"href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce",
   141      							"link": "self"
   142    							}
   143  						
   144  						}`),
   145  					),
   146  				)
   147  			})
   148  
   149  			It("should return Policy get", func() {
   150  				myPolicy, err := newPolicy(server.URL()).Get("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce")
   151  				Expect(err).NotTo(HaveOccurred())
   152  				Expect(myPolicy).ShouldNot(BeNil())
   153  				Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce"))
   154  				Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Viewer"))
   155  				Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Viewer"))
   156  				Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service"))
   157  				Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5"))
   158  			})
   159  		})
   160  		Context("When get is unsuccessful", func() {
   161  			BeforeEach(func() {
   162  				server = ghttp.NewServer()
   163  				server.SetAllowUnhandledRequests(true)
   164  				server.AppendHandlers(
   165  					ghttp.CombineHandlers(
   166  						ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   167  						ghttp.RespondWith(http.StatusInternalServerError, `Failed to get policy`),
   168  					),
   169  				)
   170  			})
   171  
   172  			It("should return error during policy get", func() {
   173  				myPolicy, err := newPolicy(server.URL()).Get("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce")
   174  				Expect(err).To(HaveOccurred())
   175  				Expect(myPolicy).ShouldNot(BeNil())
   176  			})
   177  		})
   178  	})
   179  
   180  	Describe("Update", func() {
   181  		Context("When update is successful", func() {
   182  			BeforeEach(func() {
   183  				server = ghttp.NewServer()
   184  				server.AppendHandlers(
   185  					ghttp.CombineHandlers(
   186  						ghttp.VerifyRequest(http.MethodPut, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   187  						ghttp.RespondWith(http.StatusCreated, `{
   188  
   189    							"id": "81796686-5766-42ec-bd16-84894cc7f6ce",
   190    							"roles": [
   191      							{
   192        								"id": "crn:v1:bluemix:public:iam::::role:Editor",
   193        								"displayName": "Editor",
   194      	  							"description": "Editor's can take actions that change state."
   195      							}
   196  							],
   197   						    "resources": [
   198      							{
   199        								"serviceName": "metrics-service",
   200        								"accountId": "f4755e41794cfa89cb078e865975f8e5"
   201      							}
   202    							],
   203    							"links": {
   204      							"href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce",
   205      							"link": "self"
   206    							}
   207  						
   208  						}`),
   209  					),
   210  				)
   211  			})
   212  
   213  			It("should return Policy updated", func() {
   214  				var role = []Roles{
   215  					Roles{
   216  						ID: "crn:v1:bluemix:public:iam::::role:Editor",
   217  					},
   218  				}
   219  				var resource = []Resources{
   220  					Resources{
   221  						ServiceName: "metrics-service",
   222  					},
   223  				}
   224  				var iamAccessInfo = AccessPolicyRequest{
   225  					Roles:     role,
   226  					Resources: resource,
   227  				}
   228  				myPolicy, _, err := newPolicy(server.URL()).Update("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce", "W/'206-7VpPyt7UYHmZdu7/wv3cBg'", iamAccessInfo)
   229  				Expect(err).NotTo(HaveOccurred())
   230  				Expect(myPolicy).ShouldNot(BeNil())
   231  				Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce"))
   232  				Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Editor"))
   233  				Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Editor"))
   234  				Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service"))
   235  				Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5"))
   236  			})
   237  		})
   238  		Context("When update is Failed", func() {
   239  			BeforeEach(func() {
   240  				server = ghttp.NewServer()
   241  				server.SetAllowUnhandledRequests(true)
   242  				server.AppendHandlers(
   243  					ghttp.CombineHandlers(
   244  						ghttp.VerifyRequest(http.MethodPut, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   245  						ghttp.RespondWith(http.StatusInternalServerError, `Failed to update policy`),
   246  					),
   247  				)
   248  			})
   249  
   250  			It("should return error during policy update", func() {
   251  				var role = []Roles{
   252  					Roles{
   253  						ID: "crn:v1:bluemix:public:iam::::role:Editor",
   254  					},
   255  				}
   256  				var resource = []Resources{
   257  					Resources{
   258  						ServiceName: "metrics-service",
   259  					},
   260  				}
   261  				var iamAccessInfo = AccessPolicyRequest{
   262  					Roles:     role,
   263  					Resources: resource,
   264  				}
   265  				myPolicy, _, err := newPolicy(server.URL()).Update("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce", "W/'206-7VpPyt7UYHmZdu7/wv3cBg'", iamAccessInfo)
   266  				Expect(err).To(HaveOccurred())
   267  				Expect(myPolicy).ShouldNot(BeNil())
   268  			})
   269  		})
   270  	})
   271  
   272  	Describe("List", func() {
   273  		Context("When List is successful", func() {
   274  			BeforeEach(func() {
   275  				server = ghttp.NewServer()
   276  				server.AppendHandlers(
   277  					ghttp.CombineHandlers(
   278  						ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"),
   279  						ghttp.RespondWith(http.StatusCreated, `{
   280  							"policies": [
   281      							{
   282        							"id": "a5ccf06f-c883-4806-a7ee-7eb2bf256d8e",
   283        							"roles": [
   284          							{
   285            								"id": "crn:v1:bluemix:public:iam::::role:Operator",
   286            								"displayName": "Operator",
   287           							 	"description": "Operators can take actions required to configure and operate resources."
   288          							}
   289       						 	],
   290       							"resources": [
   291          							{
   292            								"serviceName": "key-protect",
   293            								"accountId": "f4755e41794cfa89cb078e865975f8e5",
   294            								"region": "us-south"
   295          							}
   296        							],
   297        							"links": {
   298          							"href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/a5ccf06f-c883-4806-a7ee-7eb2bf256d8e",
   299          							"link": "self"
   300        							}
   301      						},
   302      						{
   303        						"id": "d7344b3e-dcda-487d-b545-5b1b089a7e85",
   304        						"roles": [
   305          						{
   306           							 "id": "crn:v1:bluemix:public:iam::::role:Editor",
   307            							"displayName": "Editor",
   308            							"description": "Editors can take actions that can modify the state and create/delete sub-resources."
   309          						}
   310        						],
   311        						"resources": [
   312          						{
   313           							 "serviceName": "genesis",
   314            							"accountId": "f4755e41794cfa89cb078e865975f8e5"
   315         							 }
   316       						 ],
   317        						"links": {
   318          							"href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/d7344b3e-dcda-487d-b545-5b1b089a7e85",
   319          							"link": "self"
   320        							}
   321      						}]	
   322       						
   323  						}`),
   324  					),
   325  				)
   326  			})
   327  
   328  			It("should return Policy list", func() {
   329  				myPolicy, err := newPolicy(server.URL()).List("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J")
   330  				Expect(err).NotTo(HaveOccurred())
   331  				Expect(myPolicy).ShouldNot(BeNil())
   332  				Expect(myPolicy.Policies[0].ID).Should(Equal("a5ccf06f-c883-4806-a7ee-7eb2bf256d8e"))
   333  				Expect(myPolicy.Policies[0].Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Operator"))
   334  				Expect(myPolicy.Policies[0].Roles[0].DisplayName).Should(Equal("Operator"))
   335  				Expect(myPolicy.Policies[0].Resources[0].ServiceName).Should(Equal("key-protect"))
   336  				Expect(myPolicy.Policies[0].Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5"))
   337  			})
   338  		})
   339  		Context("When list is unsuccessful", func() {
   340  			BeforeEach(func() {
   341  				server = ghttp.NewServer()
   342  				server.SetAllowUnhandledRequests(true)
   343  				server.AppendHandlers(
   344  					ghttp.CombineHandlers(
   345  						ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"),
   346  						ghttp.RespondWith(http.StatusInternalServerError, `Failed to List`),
   347  					),
   348  				)
   349  			})
   350  
   351  			It("should return error during policy list", func() {
   352  				myPolicy, err := newPolicy(server.URL()).List("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J")
   353  				Expect(err).To(HaveOccurred())
   354  				Expect(myPolicy).ShouldNot(BeNil())
   355  			})
   356  		})
   357  	})
   358  
   359  	Describe("Delete", func() {
   360  		Context("When delete is successful", func() {
   361  			BeforeEach(func() {
   362  				server = ghttp.NewServer()
   363  				server.AppendHandlers(
   364  					ghttp.CombineHandlers(
   365  						ghttp.VerifyRequest(http.MethodDelete, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   366  						ghttp.RespondWith(http.StatusCreated, `{
   367  						}`),
   368  					),
   369  				)
   370  			})
   371  
   372  			It("should return Policy", func() {
   373  				err := newPolicy(server.URL()).Delete("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce")
   374  				Expect(err).NotTo(HaveOccurred())
   375  			})
   376  		})
   377  		Context("When delete is Failed", func() {
   378  			BeforeEach(func() {
   379  				server = ghttp.NewServer()
   380  				server.SetAllowUnhandledRequests(true)
   381  				server.AppendHandlers(
   382  					ghttp.CombineHandlers(
   383  						ghttp.VerifyRequest(http.MethodDelete, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"),
   384  						ghttp.RespondWith(http.StatusInternalServerError, `Failed to delete policy`),
   385  					),
   386  				)
   387  			})
   388  
   389  			It("should return error during policy delete", func() {
   390  				err := newPolicy(server.URL()).Delete("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce")
   391  				Expect(err).To(HaveOccurred())
   392  			})
   393  		})
   394  	})
   395  })
   396  
   397  func newPolicy(url string) IAMPolicy {
   398  
   399  	sess, err := session.New()
   400  	if err != nil {
   401  		log.Fatal(err)
   402  	}
   403  	conf := sess.Config.Copy()
   404  	conf.Endpoint = &url
   405  	client := client.Client{
   406  		Config:      conf,
   407  		ServiceName: bluemix.IAMPAPService,
   408  	}
   409  	return newIAMPolicyAPI(&client)
   410  }