github.com/akamai/AkamaiOPEN-edgegrid-golang/v8@v8.1.0/pkg/iam/roles_test.go (about) 1 package iam 2 3 import ( 4 "context" 5 "errors" 6 "io/ioutil" 7 "net/http" 8 "net/http/httptest" 9 "strconv" 10 "testing" 11 12 "github.com/stretchr/testify/require" 13 "github.com/tj/assert" 14 ) 15 16 func TestIAM_CreateRole(t *testing.T) { 17 tests := map[string]struct { 18 params CreateRoleRequest 19 responseStatus int 20 responseBody string 21 expectedPath string 22 expectedRequestBody string 23 expectedResponse *Role 24 withError error 25 }{ 26 "201 Created": { 27 params: CreateRoleRequest{ 28 Name: "Terraform admin", 29 Description: "Admin granted role for tests", 30 GrantedRoles: []GrantedRoleID{{ID: 12345}}, 31 }, 32 responseStatus: http.StatusCreated, 33 responseBody: ` 34 { 35 "roleId": 123456, 36 "roleName": "Terraform admin", 37 "roleDescription": "Admin granted role for tests", 38 "type": "custom", 39 "createdDate": "2022-04-11T10:52:03.811Z", 40 "createdBy": "jBond", 41 "modifiedDate": "2022-04-11T10:52:03.811Z", 42 "modifiedBy": "jBond", 43 "actions": { 44 "edit": true, 45 "delete": true 46 }, 47 "grantedRoles": [ 48 { 49 "grantedRoleId": 12345, 50 "grantedRoleName": "WebAP User", 51 "grantedRoleDescription": "Web Application Protector User Role" 52 } 53 ] 54 }`, 55 expectedPath: "/identity-management/v2/user-admin/roles", 56 expectedRequestBody: `{"roleName":"Terraform admin","roleDescription":"Admin granted role for tests","grantedRoles":[{"grantedRoleId":12345}]}`, 57 expectedResponse: &Role{ 58 RoleID: 123456, 59 RoleName: "Terraform admin", 60 RoleDescription: "Admin granted role for tests", 61 RoleType: RoleTypeCustom, 62 CreatedDate: "2022-04-11T10:52:03.811Z", 63 CreatedBy: "jBond", 64 ModifiedDate: "2022-04-11T10:52:03.811Z", 65 ModifiedBy: "jBond", 66 Actions: &RoleAction{ 67 Edit: true, 68 Delete: true, 69 }, 70 GrantedRoles: []RoleGrantedRole{ 71 { 72 RoleID: 12345, 73 RoleName: "WebAP User", 74 Description: "Web Application Protector User Role", 75 }, 76 }, 77 }, 78 }, 79 "500 Internal server error": { 80 params: CreateRoleRequest{ 81 Name: "Terraform admin", 82 Description: "Admin granted role for tests", 83 GrantedRoles: []GrantedRoleID{{ID: 12345}}, 84 }, 85 responseStatus: http.StatusInternalServerError, 86 responseBody: ` 87 { 88 "type": "internal_error", 89 "title": "Internal Server Error", 90 "detail": "Error making request", 91 "status": 500 92 }`, 93 expectedPath: "/identity-management/v2/user-admin/roles", 94 withError: &Error{ 95 Type: "internal_error", 96 Title: "Internal Server Error", 97 Detail: "Error making request", 98 StatusCode: http.StatusInternalServerError, 99 }, 100 }, 101 } 102 103 for name, test := range tests { 104 t.Run(name, func(t *testing.T) { 105 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 106 assert.Equal(t, test.expectedPath, r.URL.String()) 107 assert.Equal(t, http.MethodPost, r.Method) 108 w.WriteHeader(test.responseStatus) 109 _, err := w.Write([]byte(test.responseBody)) 110 assert.NoError(t, err) 111 112 if len(test.expectedRequestBody) > 0 { 113 body, err := ioutil.ReadAll(r.Body) 114 require.NoError(t, err) 115 assert.Equal(t, test.expectedRequestBody, string(body)) 116 } 117 })) 118 client := mockAPIClient(t, mockServer) 119 result, err := client.CreateRole(context.Background(), test.params) 120 if test.withError != nil { 121 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 122 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 123 return 124 } 125 require.NoError(t, err) 126 assert.Equal(t, test.expectedResponse, result) 127 }) 128 } 129 } 130 131 func TestIAM_GetRole(t *testing.T) { 132 tests := map[string]struct { 133 params GetRoleRequest 134 responseStatus int 135 responseBody string 136 expectedPath string 137 expectedResponse *Role 138 withError error 139 }{ 140 "200 OK with query params": { 141 params: GetRoleRequest{ 142 ID: 123456, 143 Actions: true, 144 GrantedRoles: true, 145 Users: true, 146 }, 147 responseStatus: http.StatusOK, 148 responseBody: ` 149 { 150 "roleId": 123456, 151 "roleName": "Terraform admin updated", 152 "roleDescription": "Admin granted role for tests", 153 "type": "custom", 154 "createdDate": "2022-04-11T10:52:03.000Z", 155 "createdBy": "jBond", 156 "modifiedDate": "2022-04-11T10:59:30.000Z", 157 "modifiedBy": "jBond", 158 "actions": { 159 "edit": true, 160 "delete": true 161 }, 162 "grantedRoles": [ 163 { 164 "grantedRoleId": 12345, 165 "grantedRoleName": "View Audience Analytics Reports", 166 "grantedRoleDescription": "Publisher Self-Provisioning" 167 }, 168 { 169 "grantedRoleId": 54321, 170 "grantedRoleName": "WebAP User", 171 "grantedRoleDescription": "Web Application Protector User Role" 172 } 173 ], 174 "users": [ 175 { 176 "uiIdentityId": "USER1", 177 "firstName": "John", 178 "lastName": "Smith", 179 "accountId": "ACCOUNT1", 180 "email": "example@akamai.com", 181 "lastLoginDate": "2016-02-17T18:46:42.000Z" 182 }, 183 { 184 "uiIdentityId": "USER2", 185 "firstName": "Steve", 186 "lastName": "Smith", 187 "accountId": "ACCOUNT2", 188 "email": "example1@akamai.com", 189 "lastLoginDate": "2016-02-17T18:46:42.000Z" 190 } 191 ] 192 }`, 193 expectedPath: "/identity-management/v2/user-admin/roles/123456?actions=true&grantedRoles=true&users=true", 194 expectedResponse: &Role{ 195 RoleID: 123456, 196 RoleName: "Terraform admin updated", 197 RoleDescription: "Admin granted role for tests", 198 RoleType: RoleTypeCustom, 199 CreatedDate: "2022-04-11T10:52:03.000Z", 200 CreatedBy: "jBond", 201 ModifiedDate: "2022-04-11T10:59:30.000Z", 202 ModifiedBy: "jBond", 203 Actions: &RoleAction{ 204 Edit: true, 205 Delete: true, 206 }, 207 GrantedRoles: []RoleGrantedRole{ 208 { 209 RoleID: 12345, 210 RoleName: "View Audience Analytics Reports", 211 Description: "Publisher Self-Provisioning", 212 }, 213 { 214 RoleID: 54321, 215 RoleName: "WebAP User", 216 Description: "Web Application Protector User Role", 217 }, 218 }, 219 Users: []RoleUser{ 220 { 221 UIIdentityID: "USER1", 222 FirstName: "John", 223 LastName: "Smith", 224 AccountID: "ACCOUNT1", 225 Email: "example@akamai.com", 226 LastLoginDate: "2016-02-17T18:46:42.000Z", 227 }, 228 { 229 UIIdentityID: "USER2", 230 FirstName: "Steve", 231 LastName: "Smith", 232 AccountID: "ACCOUNT2", 233 Email: "example1@akamai.com", 234 LastLoginDate: "2016-02-17T18:46:42.000Z", 235 }, 236 }, 237 }, 238 }, 239 "200 OK without query params": { 240 params: GetRoleRequest{ID: 123456}, 241 responseStatus: http.StatusOK, 242 responseBody: ` 243 { 244 "roleId": 123456, 245 "roleName": "Terraform admin updated", 246 "roleDescription": "Admin granted role for tests", 247 "type": "custom", 248 "createdDate": "2022-04-11T10:52:03.000Z", 249 "createdBy": "jBond", 250 "modifiedDate": "2022-04-11T10:59:30.000Z", 251 "modifiedBy": "jBond" 252 }`, 253 expectedPath: "/identity-management/v2/user-admin/roles/123456?actions=false&grantedRoles=false&users=false", 254 expectedResponse: &Role{ 255 RoleID: 123456, 256 RoleName: "Terraform admin updated", 257 RoleDescription: "Admin granted role for tests", 258 RoleType: RoleTypeCustom, 259 CreatedDate: "2022-04-11T10:52:03.000Z", 260 CreatedBy: "jBond", 261 ModifiedDate: "2022-04-11T10:59:30.000Z", 262 ModifiedBy: "jBond", 263 }, 264 }, 265 "404 Not found": { 266 params: GetRoleRequest{ID: 123456}, 267 responseStatus: http.StatusNotFound, 268 expectedPath: "/identity-management/v2/user-admin/roles/123456?actions=false&grantedRoles=false&users=false", 269 responseBody: ` 270 { 271 "instance": "", 272 "httpStatus": 404, 273 "detail": "Role ID not found", 274 "title": "Role ID not found", 275 "type": "/useradmin-api/error-types/1311" 276 }`, 277 withError: &Error{ 278 Instance: "", 279 HTTPStatus: http.StatusNotFound, 280 Detail: "Role ID not found", 281 Title: "Role ID not found", 282 Type: "/useradmin-api/error-types/1311", 283 StatusCode: http.StatusNotFound, 284 }, 285 }, 286 "500 Internal server error": { 287 params: GetRoleRequest{ID: 123456}, 288 responseStatus: http.StatusInternalServerError, 289 responseBody: ` 290 { 291 "type": "internal_error", 292 "title": "Internal Server Error", 293 "detail": "Error making request", 294 "status": 500 295 }`, 296 expectedPath: "/identity-management/v2/user-admin/roles/123456?actions=false&grantedRoles=false&users=false", 297 withError: &Error{ 298 Type: "internal_error", 299 Title: "Internal Server Error", 300 Detail: "Error making request", 301 StatusCode: http.StatusInternalServerError, 302 }, 303 }, 304 } 305 306 for name, test := range tests { 307 t.Run(name, func(t *testing.T) { 308 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 309 assert.Equal(t, test.expectedPath, r.URL.String()) 310 assert.Equal(t, http.MethodGet, r.Method) 311 w.WriteHeader(test.responseStatus) 312 _, err := w.Write([]byte(test.responseBody)) 313 assert.NoError(t, err) 314 })) 315 client := mockAPIClient(t, mockServer) 316 result, err := client.GetRole(context.Background(), test.params) 317 if test.withError != nil { 318 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 319 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 320 return 321 } 322 require.NoError(t, err) 323 assert.Equal(t, test.expectedResponse, result) 324 }) 325 } 326 } 327 328 func TestIAM_UpdateRole(t *testing.T) { 329 tests := map[string]struct { 330 params UpdateRoleRequest 331 responseStatus int 332 responseBody string 333 expectedPath string 334 expectedRequestBody string 335 expectedResponse *Role 336 withError error 337 }{ 338 "200 OK - update only granted roles an name": { 339 params: UpdateRoleRequest{ 340 ID: 123456, 341 RoleRequest: RoleRequest{ 342 Name: "Terraform admin updated", 343 GrantedRoles: []GrantedRoleID{ 344 { 345 ID: 54321, 346 }, 347 { 348 ID: 12345, 349 }, 350 }, 351 }, 352 }, 353 responseStatus: http.StatusOK, 354 responseBody: ` 355 { 356 "roleId": 123456, 357 "roleName": "Terraform admin updated", 358 "roleDescription": "Admin granted role for tests", 359 "type": "custom", 360 "createdDate": "2022-04-11T10:52:03.000Z", 361 "createdBy": "jBond", 362 "modifiedDate": "2022-04-11T10:59:30.000Z", 363 "modifiedBy": "jBond", 364 "actions": { 365 "edit": true, 366 "delete": true 367 }, 368 "grantedRoles": [ 369 { 370 "grantedRoleId": 54321, 371 "grantedRoleName": "View Audience Analytics Reports", 372 "grantedRoleDescription": "Publisher Self-Provisioning" 373 }, 374 { 375 "grantedRoleId": 12345, 376 "grantedRoleName": "WebAP User", 377 "grantedRoleDescription": "Web Application Protector User Role" 378 } 379 ] 380 }`, 381 expectedPath: "/identity-management/v2/user-admin/roles/123456", 382 expectedRequestBody: `{"roleName":"Terraform admin updated","grantedRoles":[{"grantedRoleId":54321},{"grantedRoleId":12345}]}`, 383 expectedResponse: &Role{ 384 RoleID: 123456, 385 RoleName: "Terraform admin updated", 386 RoleDescription: "Admin granted role for tests", 387 RoleType: RoleTypeCustom, 388 CreatedDate: "2022-04-11T10:52:03.000Z", 389 CreatedBy: "jBond", 390 ModifiedDate: "2022-04-11T10:59:30.000Z", 391 ModifiedBy: "jBond", 392 Actions: &RoleAction{ 393 Edit: true, 394 Delete: true, 395 }, 396 GrantedRoles: []RoleGrantedRole{ 397 { 398 RoleID: 54321, 399 RoleName: "View Audience Analytics Reports", 400 Description: "Publisher Self-Provisioning", 401 }, 402 { 403 RoleID: 12345, 404 RoleName: "WebAP User", 405 Description: "Web Application Protector User Role", 406 }, 407 }, 408 }, 409 }, 410 "500 Internal server error": { 411 params: UpdateRoleRequest{ 412 ID: 123456, 413 RoleRequest: RoleRequest{ 414 Name: "Terraform admin updated", 415 }, 416 }, 417 responseStatus: http.StatusInternalServerError, 418 responseBody: ` 419 { 420 "type": "internal_error", 421 "title": "Internal Server Error", 422 "detail": "Error making request", 423 "status": 500 424 }`, 425 expectedPath: "/identity-management/v2/user-admin/roles/123456", 426 withError: &Error{ 427 Type: "internal_error", 428 Title: "Internal Server Error", 429 Detail: "Error making request", 430 StatusCode: http.StatusInternalServerError, 431 }, 432 }, 433 } 434 435 for name, test := range tests { 436 t.Run(name, func(t *testing.T) { 437 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 438 assert.Equal(t, test.expectedPath, r.URL.String()) 439 assert.Equal(t, http.MethodPut, r.Method) 440 w.WriteHeader(test.responseStatus) 441 _, err := w.Write([]byte(test.responseBody)) 442 assert.NoError(t, err) 443 444 if len(test.expectedRequestBody) > 0 { 445 body, err := ioutil.ReadAll(r.Body) 446 require.NoError(t, err) 447 assert.Equal(t, test.expectedRequestBody, string(body)) 448 } 449 })) 450 client := mockAPIClient(t, mockServer) 451 result, err := client.UpdateRole(context.Background(), test.params) 452 if test.withError != nil { 453 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 454 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 455 return 456 } 457 require.NoError(t, err) 458 assert.Equal(t, test.expectedResponse, result) 459 }) 460 } 461 } 462 463 func TestIAM_DeleteRole(t *testing.T) { 464 tests := map[string]struct { 465 params DeleteRoleRequest 466 responseStatus int 467 responseBody string 468 expectedPath string 469 withError error 470 }{ 471 "204 Deleted": { 472 params: DeleteRoleRequest{ID: 123456}, 473 responseStatus: http.StatusNoContent, 474 expectedPath: "/identity-management/v2/user-admin/roles/123456", 475 }, 476 "404 Not found": { 477 params: DeleteRoleRequest{ID: 123456}, 478 responseStatus: http.StatusNotFound, 479 expectedPath: "/identity-management/v2/user-admin/roles/123456", 480 responseBody: ` 481 { 482 "instance": "", 483 "httpStatus": 404, 484 "detail": "", 485 "title": "Role not found", 486 "type": "/useradmin-api/error-types/1311" 487 }`, 488 withError: &Error{ 489 Instance: "", 490 HTTPStatus: http.StatusNotFound, 491 Detail: "", 492 Title: "Role not found", 493 Type: "/useradmin-api/error-types/1311", 494 StatusCode: http.StatusNotFound, 495 }, 496 }, 497 "500 Internal server error": { 498 params: DeleteRoleRequest{ID: 123456}, 499 responseStatus: http.StatusInternalServerError, 500 responseBody: ` 501 { 502 "type": "internal_error", 503 "title": "Internal Server Error", 504 "detail": "Error making request", 505 "status": 500 506 }`, 507 expectedPath: "/identity-management/v2/user-admin/roles/123456", 508 withError: &Error{ 509 Type: "internal_error", 510 Title: "Internal Server Error", 511 Detail: "Error making request", 512 StatusCode: http.StatusInternalServerError, 513 }, 514 }, 515 } 516 517 for name, test := range tests { 518 t.Run(name, func(t *testing.T) { 519 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 520 assert.Equal(t, test.expectedPath, r.URL.String()) 521 assert.Equal(t, http.MethodDelete, r.Method) 522 w.WriteHeader(test.responseStatus) 523 _, err := w.Write([]byte(test.responseBody)) 524 assert.NoError(t, err) 525 })) 526 client := mockAPIClient(t, mockServer) 527 err := client.DeleteRole(context.Background(), test.params) 528 if test.withError != nil { 529 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 530 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 531 return 532 } 533 require.NoError(t, err) 534 }) 535 } 536 } 537 538 func TestIAM_ListRoles(t *testing.T) { 539 tests := map[string]struct { 540 params ListRolesRequest 541 responseStatus int 542 responseBody string 543 expectedPath string 544 expectedResponse []Role 545 withError error 546 }{ 547 "200 OK": { 548 params: ListRolesRequest{ 549 Actions: true, 550 }, 551 responseStatus: http.StatusOK, 552 responseBody: ` 553 [ 554 { 555 "roleId": 123456, 556 "roleName": "View Only", 557 "roleDescription": "This role will allow you to view", 558 "type": "custom", 559 "createdDate": "2017-07-27T18:11:25.000Z", 560 "createdBy": "john.doe@mycompany.com", 561 "modifiedDate": "2017-07-27T18:11:25.000Z", 562 "modifiedBy": "john.doe@mycompany.com", 563 "actions": { 564 "edit": true, 565 "delete": true 566 } 567 } 568 ]`, 569 expectedPath: "/identity-management/v2/user-admin/roles?actions=true&ignoreContext=false&users=false", 570 expectedResponse: []Role{ 571 { 572 RoleID: 123456, 573 RoleName: "View Only", 574 RoleDescription: "This role will allow you to view", 575 RoleType: RoleTypeCustom, 576 CreatedDate: "2017-07-27T18:11:25.000Z", 577 CreatedBy: "john.doe@mycompany.com", 578 ModifiedDate: "2017-07-27T18:11:25.000Z", 579 ModifiedBy: "john.doe@mycompany.com", 580 Actions: &RoleAction{ 581 Edit: true, 582 Delete: true, 583 }, 584 }, 585 }, 586 }, 587 "500 internal server error": { 588 params: ListRolesRequest{ 589 Actions: true, 590 }, 591 responseStatus: http.StatusInternalServerError, 592 responseBody: ` 593 { 594 "type": "internal_error", 595 "title": "Internal Server Error", 596 "detail": "Error making request", 597 "status": 500 598 }`, 599 expectedPath: "/identity-management/v2/user-admin/roles?actions=true&ignoreContext=false&users=false", 600 withError: &Error{ 601 Type: "internal_error", 602 Title: "Internal Server Error", 603 Detail: "Error making request", 604 StatusCode: http.StatusInternalServerError, 605 }, 606 }, 607 } 608 609 for name, test := range tests { 610 t.Run(name, func(t *testing.T) { 611 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 612 assert.Equal(t, test.expectedPath, r.URL.String()) 613 assert.Equal(t, http.MethodGet, r.Method) 614 w.WriteHeader(test.responseStatus) 615 _, err := w.Write([]byte(test.responseBody)) 616 assert.NoError(t, err) 617 })) 618 client := mockAPIClient(t, mockServer) 619 result, err := client.ListRoles(context.Background(), test.params) 620 if test.withError != nil { 621 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 622 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 623 return 624 } 625 require.NoError(t, err) 626 assert.Equal(t, test.expectedResponse, result) 627 }) 628 } 629 } 630 631 func TestIAM_ListGrantableRoles(t *testing.T) { 632 tests := map[string]struct { 633 responseStatus int 634 responseBody string 635 expectedPath string 636 expectedResponse []RoleGrantedRole 637 withError error 638 }{ 639 "200 OK": { 640 responseStatus: http.StatusOK, 641 responseBody: ` 642 [ 643 { 644 "grantedRoleId": 123456, 645 "grantedRoleName": "first role name", 646 "grantedRoleDescription": "first role description" 647 }, 648 { 649 "grantedRoleId": 654321, 650 "grantedRoleName": "second role name", 651 "grantedRoleDescription": "second role description" 652 } 653 ]`, 654 expectedPath: "/identity-management/v2/user-admin/roles/grantable-roles", 655 expectedResponse: []RoleGrantedRole{ 656 { 657 RoleID: 123456, 658 RoleName: "first role name", 659 Description: "first role description", 660 }, 661 { 662 RoleID: 654321, 663 RoleName: "second role name", 664 Description: "second role description", 665 }, 666 }, 667 }, 668 "500 internal server error": { 669 responseStatus: http.StatusInternalServerError, 670 responseBody: ` 671 { 672 "type": "internal_error", 673 "title": "Internal Server Error", 674 "detail": "Error making request", 675 "status": 500 676 }`, 677 expectedPath: "/identity-management/v2/user-admin/roles/grantable-roles", 678 withError: &Error{ 679 Type: "internal_error", 680 Title: "Internal Server Error", 681 Detail: "Error making request", 682 StatusCode: http.StatusInternalServerError, 683 }, 684 }, 685 } 686 687 for name, test := range tests { 688 t.Run(name, func(t *testing.T) { 689 mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 690 assert.Equal(t, test.expectedPath, r.URL.String()) 691 assert.Equal(t, http.MethodGet, r.Method) 692 w.WriteHeader(test.responseStatus) 693 _, err := w.Write([]byte(test.responseBody)) 694 assert.NoError(t, err) 695 })) 696 client := mockAPIClient(t, mockServer) 697 result, err := client.ListGrantableRoles(context.Background()) 698 if test.withError != nil { 699 assert.True(t, errors.Is(err, test.withError), "want: %s; got: %s", test.withError, err) 700 assert.Contains(t, err.Error(), strconv.FormatInt(int64(test.responseStatus), 10)) 701 return 702 } 703 require.NoError(t, err) 704 assert.Equal(t, test.expectedResponse, result) 705 }) 706 } 707 }