github.com/influxdata/influxdb/v2@v2.7.6/user_resource_mapping_test.go (about) 1 package influxdb_test 2 3 import ( 4 "testing" 5 6 "github.com/influxdata/influxdb/v2" 7 "github.com/influxdata/influxdb/v2/kit/platform" 8 influxdbtesting "github.com/influxdata/influxdb/v2/testing" 9 "github.com/stretchr/testify/require" 10 ) 11 12 func TestOwnerMappingValidate(t *testing.T) { 13 type fields struct { 14 ResourceID platform.ID 15 ResourceType influxdb.ResourceType 16 UserID platform.ID 17 UserType influxdb.UserType 18 } 19 tests := []struct { 20 name string 21 fields fields 22 wantErr bool 23 }{ 24 { 25 name: "valid mapping", 26 fields: fields{ 27 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 28 UserType: influxdb.Owner, 29 ResourceType: influxdb.DashboardsResourceType, 30 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 31 }, 32 }, 33 { 34 name: "mapping requires a resourceid", 35 fields: fields{ 36 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 37 UserType: influxdb.Owner, 38 ResourceType: influxdb.DashboardsResourceType, 39 }, 40 wantErr: true, 41 }, 42 { 43 name: "mapping requires a userid", 44 fields: fields{ 45 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 46 UserType: influxdb.Owner, 47 ResourceType: influxdb.DashboardsResourceType, 48 }, 49 wantErr: true, 50 }, 51 { 52 name: "mapping requires a usertype", 53 fields: fields{ 54 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 55 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 56 ResourceType: influxdb.DashboardsResourceType, 57 }, 58 wantErr: true, 59 }, 60 { 61 name: "mapping requires a resourcetype", 62 fields: fields{ 63 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 64 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 65 UserType: influxdb.Owner, 66 }, 67 wantErr: true, 68 }, 69 { 70 name: "the usertype provided must be valid", 71 fields: fields{ 72 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 73 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 74 UserType: "foo", 75 ResourceType: influxdb.DashboardsResourceType, 76 }, 77 wantErr: true, 78 }, 79 { 80 name: "the resourcetype provided must be valid", 81 fields: fields{ 82 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 83 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 84 UserType: influxdb.Owner, 85 ResourceType: "foo", 86 }, 87 wantErr: true, 88 }, 89 } 90 for _, tt := range tests { 91 t.Run(tt.name, func(t *testing.T) { 92 m := influxdb.UserResourceMapping{ 93 ResourceID: tt.fields.ResourceID, 94 ResourceType: tt.fields.ResourceType, 95 UserID: tt.fields.UserID, 96 UserType: tt.fields.UserType, 97 } 98 if err := m.Validate(); (err != nil) != tt.wantErr { 99 t.Errorf("OwnerMapping.Validate() error = %v, wantErr %v", err, tt.wantErr) 100 } 101 }) 102 } 103 } 104 105 func TestOwnerMappingToPermissions(t *testing.T) { 106 type wants struct { 107 perms influxdb.Permission 108 err bool 109 } 110 111 ResourceID, _ := platform.IDFromString("020f755c3c082000") 112 113 tests := []struct { 114 name string 115 urm influxdb.UserResourceMapping 116 wants wants 117 }{ 118 { 119 name: "Org Member Has Permission To Read Org", 120 urm: influxdb.UserResourceMapping{ 121 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 122 UserType: influxdb.Member, 123 ResourceType: influxdb.OrgsResourceType, 124 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 125 }, 126 wants: wants{ 127 err: false, 128 perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}}, 129 }, 130 { 131 name: "Org Owner Has Permission To Write Org", 132 urm: influxdb.UserResourceMapping{ 133 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 134 UserType: influxdb.Owner, 135 ResourceType: influxdb.OrgsResourceType, 136 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 137 }, 138 wants: wants{ 139 err: false, 140 perms: influxdb.Permission{Action: "write", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}}, 141 }, 142 { 143 name: "Org Owner Has Permission To Read Org", 144 urm: influxdb.UserResourceMapping{ 145 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 146 UserType: influxdb.Owner, 147 ResourceType: influxdb.OrgsResourceType, 148 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 149 }, 150 wants: wants{ 151 err: false, 152 perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "orgs", ID: ResourceID}}}, 153 }, 154 { 155 name: "Bucket Member User Has Permission To Read Bucket", 156 urm: influxdb.UserResourceMapping{ 157 UserID: influxdbtesting.MustIDBase16("debac1e0deadbeef"), 158 UserType: influxdb.Member, 159 ResourceType: influxdb.BucketsResourceType, 160 ResourceID: influxdbtesting.MustIDBase16("020f755c3c082000"), 161 }, 162 wants: wants{ 163 err: false, 164 perms: influxdb.Permission{Action: "read", Resource: influxdb.Resource{Type: "buckets", ID: ResourceID}}}, 165 }, 166 } 167 for _, tt := range tests { 168 t.Run(tt.name, func(t *testing.T) { 169 perms, err := tt.urm.ToPermissions() 170 171 require.Contains(t, perms, tt.wants.perms) 172 require.Equal(t, tt.wants.err, err != nil) 173 }) 174 } 175 }