github.com/IBM-Cloud/bluemix-go@v0.0.0-20240314082800-4e02a69b84b2/api/iampap/iampapv1/iam_policy_test.go (about) 1 package iampapv1 2 3 import ( 4 "log" 5 "net/http" 6 7 bluemix "github.com/IBM-Cloud/bluemix-go" 8 "github.com/IBM-Cloud/bluemix-go/client" 9 "github.com/IBM-Cloud/bluemix-go/session" 10 "github.com/onsi/gomega/ghttp" 11 12 . "github.com/onsi/ginkgo" 13 . "github.com/onsi/gomega" 14 ) 15 16 var _ = Describe("Policy", func() { 17 var server *ghttp.Server 18 AfterEach(func() { 19 server.Close() 20 }) 21 22 Describe("Create", func() { 23 Context("When creation is successful", func() { 24 BeforeEach(func() { 25 server = ghttp.NewServer() 26 server.AppendHandlers( 27 ghttp.CombineHandlers( 28 ghttp.VerifyRequest(http.MethodPost, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"), 29 ghttp.VerifyBody([]byte(`{"roles":[{"id":"crn:v1:bluemix:public:iam::::role:Viewer"}],"resources":[{"serviceName":"metrics-service"}]}`)), 30 ghttp.RespondWith(http.StatusCreated, `{ 31 32 "id": "81796686-5766-42ec-bd16-84894cc7f6ce", 33 "roles": [ 34 { 35 "id": "crn:v1:bluemix:public:iam::::role:Viewer", 36 "displayName": "Viewer", 37 "description": "Viewers can take actions that do not change state (i.e. read only)." 38 } 39 ], 40 "resources": [ 41 { 42 "serviceName": "metrics-service", 43 "accountId": "f4755e41794cfa89cb078e865975f8e5" 44 } 45 ], 46 "links": { 47 "href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce", 48 "link": "self" 49 } 50 51 }`), 52 ), 53 ) 54 }) 55 56 It("should return Policy created", func() { 57 var role = []Roles{ 58 Roles{ 59 ID: "crn:v1:bluemix:public:iam::::role:Viewer", 60 }, 61 } 62 var resource = []Resources{ 63 Resources{ 64 ServiceName: "metrics-service", 65 }, 66 } 67 var iamAccessInfo = AccessPolicyRequest{ 68 Roles: role, 69 Resources: resource, 70 } 71 myPolicy, _, err := newPolicy(server.URL()).Create("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", iamAccessInfo) 72 Expect(err).NotTo(HaveOccurred()) 73 Expect(myPolicy).ShouldNot(BeNil()) 74 Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce")) 75 Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Viewer")) 76 Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Viewer")) 77 Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service")) 78 Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5")) 79 }) 80 }) 81 Context("When creation is unsuccessful", func() { 82 BeforeEach(func() { 83 server = ghttp.NewServer() 84 server.SetAllowUnhandledRequests(true) 85 server.AppendHandlers( 86 ghttp.CombineHandlers( 87 ghttp.VerifyRequest(http.MethodPost, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"), 88 ghttp.VerifyBody([]byte(`{"roles":[{"id":"crn:v1:bluemix:public:iam::::role:Viewer"}],"resources":[{"serviceName":"metrics-service"}]}`)), 89 ghttp.RespondWith(http.StatusInternalServerError, `Failed to create policy`), 90 ), 91 ) 92 }) 93 94 It("should return error during policy creation", func() { 95 var role = []Roles{ 96 Roles{ 97 ID: "crn:v1:bluemix:public:iam::::role:Viewer", 98 }, 99 } 100 var resource = []Resources{ 101 Resources{ 102 ServiceName: "metrics-service", 103 }, 104 } 105 var iamAccessInfo = AccessPolicyRequest{ 106 Roles: role, 107 Resources: resource, 108 } 109 myPolicy, _, err := newPolicy(server.URL()).Create("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", iamAccessInfo) 110 Expect(err).To(HaveOccurred()) 111 Expect(myPolicy).ShouldNot(BeNil()) 112 }) 113 }) 114 }) 115 116 Describe("Get", func() { 117 Context("When get is successful", func() { 118 BeforeEach(func() { 119 server = ghttp.NewServer() 120 server.AppendHandlers( 121 ghttp.CombineHandlers( 122 ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 123 ghttp.RespondWith(http.StatusCreated, `{ 124 125 "id": "81796686-5766-42ec-bd16-84894cc7f6ce", 126 "roles": [ 127 { 128 "id": "crn:v1:bluemix:public:iam::::role:Viewer", 129 "displayName": "Viewer", 130 "description": "Viewers can take actions that do not change state (i.e. read only)." 131 } 132 ], 133 "resources": [ 134 { 135 "serviceName": "metrics-service", 136 "accountId": "f4755e41794cfa89cb078e865975f8e5" 137 } 138 ], 139 "links": { 140 "href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce", 141 "link": "self" 142 } 143 144 }`), 145 ), 146 ) 147 }) 148 149 It("should return Policy get", func() { 150 myPolicy, err := newPolicy(server.URL()).Get("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce") 151 Expect(err).NotTo(HaveOccurred()) 152 Expect(myPolicy).ShouldNot(BeNil()) 153 Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce")) 154 Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Viewer")) 155 Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Viewer")) 156 Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service")) 157 Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5")) 158 }) 159 }) 160 Context("When get is unsuccessful", func() { 161 BeforeEach(func() { 162 server = ghttp.NewServer() 163 server.SetAllowUnhandledRequests(true) 164 server.AppendHandlers( 165 ghttp.CombineHandlers( 166 ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 167 ghttp.RespondWith(http.StatusInternalServerError, `Failed to get policy`), 168 ), 169 ) 170 }) 171 172 It("should return error during policy get", func() { 173 myPolicy, err := newPolicy(server.URL()).Get("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce") 174 Expect(err).To(HaveOccurred()) 175 Expect(myPolicy).ShouldNot(BeNil()) 176 }) 177 }) 178 }) 179 180 Describe("Update", func() { 181 Context("When update is successful", func() { 182 BeforeEach(func() { 183 server = ghttp.NewServer() 184 server.AppendHandlers( 185 ghttp.CombineHandlers( 186 ghttp.VerifyRequest(http.MethodPut, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 187 ghttp.RespondWith(http.StatusCreated, `{ 188 189 "id": "81796686-5766-42ec-bd16-84894cc7f6ce", 190 "roles": [ 191 { 192 "id": "crn:v1:bluemix:public:iam::::role:Editor", 193 "displayName": "Editor", 194 "description": "Editor's can take actions that change state." 195 } 196 ], 197 "resources": [ 198 { 199 "serviceName": "metrics-service", 200 "accountId": "f4755e41794cfa89cb078e865975f8e5" 201 } 202 ], 203 "links": { 204 "href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce", 205 "link": "self" 206 } 207 208 }`), 209 ), 210 ) 211 }) 212 213 It("should return Policy updated", func() { 214 var role = []Roles{ 215 Roles{ 216 ID: "crn:v1:bluemix:public:iam::::role:Editor", 217 }, 218 } 219 var resource = []Resources{ 220 Resources{ 221 ServiceName: "metrics-service", 222 }, 223 } 224 var iamAccessInfo = AccessPolicyRequest{ 225 Roles: role, 226 Resources: resource, 227 } 228 myPolicy, _, err := newPolicy(server.URL()).Update("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce", "W/'206-7VpPyt7UYHmZdu7/wv3cBg'", iamAccessInfo) 229 Expect(err).NotTo(HaveOccurred()) 230 Expect(myPolicy).ShouldNot(BeNil()) 231 Expect(myPolicy.ID).Should(Equal("81796686-5766-42ec-bd16-84894cc7f6ce")) 232 Expect(myPolicy.Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Editor")) 233 Expect(myPolicy.Roles[0].DisplayName).Should(Equal("Editor")) 234 Expect(myPolicy.Resources[0].ServiceName).Should(Equal("metrics-service")) 235 Expect(myPolicy.Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5")) 236 }) 237 }) 238 Context("When update is Failed", func() { 239 BeforeEach(func() { 240 server = ghttp.NewServer() 241 server.SetAllowUnhandledRequests(true) 242 server.AppendHandlers( 243 ghttp.CombineHandlers( 244 ghttp.VerifyRequest(http.MethodPut, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 245 ghttp.RespondWith(http.StatusInternalServerError, `Failed to update policy`), 246 ), 247 ) 248 }) 249 250 It("should return error during policy update", func() { 251 var role = []Roles{ 252 Roles{ 253 ID: "crn:v1:bluemix:public:iam::::role:Editor", 254 }, 255 } 256 var resource = []Resources{ 257 Resources{ 258 ServiceName: "metrics-service", 259 }, 260 } 261 var iamAccessInfo = AccessPolicyRequest{ 262 Roles: role, 263 Resources: resource, 264 } 265 myPolicy, _, err := newPolicy(server.URL()).Update("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce", "W/'206-7VpPyt7UYHmZdu7/wv3cBg'", iamAccessInfo) 266 Expect(err).To(HaveOccurred()) 267 Expect(myPolicy).ShouldNot(BeNil()) 268 }) 269 }) 270 }) 271 272 Describe("List", func() { 273 Context("When List is successful", func() { 274 BeforeEach(func() { 275 server = ghttp.NewServer() 276 server.AppendHandlers( 277 ghttp.CombineHandlers( 278 ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"), 279 ghttp.RespondWith(http.StatusCreated, `{ 280 "policies": [ 281 { 282 "id": "a5ccf06f-c883-4806-a7ee-7eb2bf256d8e", 283 "roles": [ 284 { 285 "id": "crn:v1:bluemix:public:iam::::role:Operator", 286 "displayName": "Operator", 287 "description": "Operators can take actions required to configure and operate resources." 288 } 289 ], 290 "resources": [ 291 { 292 "serviceName": "key-protect", 293 "accountId": "f4755e41794cfa89cb078e865975f8e5", 294 "region": "us-south" 295 } 296 ], 297 "links": { 298 "href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/a5ccf06f-c883-4806-a7ee-7eb2bf256d8e", 299 "link": "self" 300 } 301 }, 302 { 303 "id": "d7344b3e-dcda-487d-b545-5b1b089a7e85", 304 "roles": [ 305 { 306 "id": "crn:v1:bluemix:public:iam::::role:Editor", 307 "displayName": "Editor", 308 "description": "Editors can take actions that can modify the state and create/delete sub-resources." 309 } 310 ], 311 "resources": [ 312 { 313 "serviceName": "genesis", 314 "accountId": "f4755e41794cfa89cb078e865975f8e5" 315 } 316 ], 317 "links": { 318 "href": "https://iampap.stage1.ng.bluemix.net/acms/v1/scopes/a%252ff4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/d7344b3e-dcda-487d-b545-5b1b089a7e85", 319 "link": "self" 320 } 321 }] 322 323 }`), 324 ), 325 ) 326 }) 327 328 It("should return Policy list", func() { 329 myPolicy, err := newPolicy(server.URL()).List("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J") 330 Expect(err).NotTo(HaveOccurred()) 331 Expect(myPolicy).ShouldNot(BeNil()) 332 Expect(myPolicy.Policies[0].ID).Should(Equal("a5ccf06f-c883-4806-a7ee-7eb2bf256d8e")) 333 Expect(myPolicy.Policies[0].Roles[0].ID).Should(Equal("crn:v1:bluemix:public:iam::::role:Operator")) 334 Expect(myPolicy.Policies[0].Roles[0].DisplayName).Should(Equal("Operator")) 335 Expect(myPolicy.Policies[0].Resources[0].ServiceName).Should(Equal("key-protect")) 336 Expect(myPolicy.Policies[0].Resources[0].AccountId).Should(Equal("f4755e41794cfa89cb078e865975f8e5")) 337 }) 338 }) 339 Context("When list is unsuccessful", func() { 340 BeforeEach(func() { 341 server = ghttp.NewServer() 342 server.SetAllowUnhandledRequests(true) 343 server.AppendHandlers( 344 ghttp.CombineHandlers( 345 ghttp.VerifyRequest(http.MethodGet, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies"), 346 ghttp.RespondWith(http.StatusInternalServerError, `Failed to List`), 347 ), 348 ) 349 }) 350 351 It("should return error during policy list", func() { 352 myPolicy, err := newPolicy(server.URL()).List("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J") 353 Expect(err).To(HaveOccurred()) 354 Expect(myPolicy).ShouldNot(BeNil()) 355 }) 356 }) 357 }) 358 359 Describe("Delete", func() { 360 Context("When delete is successful", func() { 361 BeforeEach(func() { 362 server = ghttp.NewServer() 363 server.AppendHandlers( 364 ghttp.CombineHandlers( 365 ghttp.VerifyRequest(http.MethodDelete, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 366 ghttp.RespondWith(http.StatusCreated, `{ 367 }`), 368 ), 369 ) 370 }) 371 372 It("should return Policy", func() { 373 err := newPolicy(server.URL()).Delete("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce") 374 Expect(err).NotTo(HaveOccurred()) 375 }) 376 }) 377 Context("When delete is Failed", func() { 378 BeforeEach(func() { 379 server = ghttp.NewServer() 380 server.SetAllowUnhandledRequests(true) 381 server.AppendHandlers( 382 ghttp.CombineHandlers( 383 ghttp.VerifyRequest(http.MethodDelete, "/acms/v1/scopes/a/f4755e41794cfa89cb078e865975f8e5/users/IBMid-270000W34J/policies/81796686-5766-42ec-bd16-84894cc7f6ce"), 384 ghttp.RespondWith(http.StatusInternalServerError, `Failed to delete policy`), 385 ), 386 ) 387 }) 388 389 It("should return error during policy delete", func() { 390 err := newPolicy(server.URL()).Delete("f4755e41794cfa89cb078e865975f8e5", "IBMid-270000W34J", "81796686-5766-42ec-bd16-84894cc7f6ce") 391 Expect(err).To(HaveOccurred()) 392 }) 393 }) 394 }) 395 }) 396 397 func newPolicy(url string) IAMPolicy { 398 399 sess, err := session.New() 400 if err != nil { 401 log.Fatal(err) 402 } 403 conf := sess.Config.Copy() 404 conf.Endpoint = &url 405 client := client.Client{ 406 Config: conf, 407 ServiceName: bluemix.IAMPAPService, 408 } 409 return newIAMPolicyAPI(&client) 410 }