github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/db/migration/add_global_users_test.go (about) 1 package migration_test 2 3 import ( 4 "database/sql" 5 6 . "github.com/onsi/ginkgo" 7 . "github.com/onsi/gomega" 8 ) 9 10 var _ = Describe("Add global users", func() { 11 const preMigrationVersion = 1528314953 12 const postMigrationVersion = 1528470872 13 14 var ( 15 db *sql.DB 16 ) 17 18 Context("Up", func() { 19 20 testMigration := func(oldConfig string, newConfig string) { 21 db = postgresRunner.OpenDBAtVersion(preMigrationVersion) 22 SetupTeam(db, "main", oldConfig) 23 db.Close() 24 25 db = postgresRunner.OpenDBAtVersion(postMigrationVersion) 26 ExpectTeamWithAuth(db, "main", newConfig) 27 ExpectTeamWithLegacyAuth(db, "main", oldConfig) 28 db.Close() 29 } 30 31 It("migrates github data to users/groups format", func() { 32 legacyConfig := ` 33 { 34 "github": { 35 "client_id": "some-client-id", 36 "client_secret": "some-client-secret", 37 "organizations": ["some-other-org"], 38 "teams": [{ 39 "organization_name": "some-org", 40 "team_name": "some-team" 41 }], 42 "users": ["some-user"] 43 } 44 } 45 ` 46 newConfig := ` 47 { 48 "users": ["github:some-user"], 49 "groups": ["github:some-org:some-team", "github:some-other-org"] 50 } 51 ` 52 testMigration(legacyConfig, newConfig) 53 }) 54 55 It("migrates basic auth data to users/groups format", func() { 56 legacyConfig := ` 57 { 58 "basicauth": { 59 "username": "some-user", 60 "password": "some-password" 61 } 62 } 63 ` 64 newConfig := ` 65 { 66 "users": ["local:some-user"], 67 "groups": [] 68 } 69 ` 70 testMigration(legacyConfig, newConfig) 71 }) 72 73 It("migrates uaa data to users/groups format", func() { 74 legacyConfig := ` 75 { 76 "uaa": { 77 "client_id": "some-client-id", 78 "client_secret": "some-client-secret", 79 "auth_url": "https://example.com/auth", 80 "token_url": "https://example.com/token", 81 "cf_spaces": ["some-space-guid"], 82 "cf_url": "https://example.com/api" 83 } 84 } 85 ` 86 newConfig := ` 87 { 88 "users": [], 89 "groups": ["cf:some-space-guid"] 90 } 91 ` 92 testMigration(legacyConfig, newConfig) 93 }) 94 95 It("migrates gitlab data to users/groups format", func() { 96 legacyConfig := ` 97 { 98 "gitlab": { 99 "client_id": "some-client-id", 100 "client_secret": "some-client-secret", 101 "groups": ["some-group"], 102 "auth_url": "https://example.com/auth", 103 "token_url": "https://example.com/token", 104 "api_url": "https://example.com/api" 105 } 106 } 107 ` 108 newConfig := ` 109 { 110 "users": [], 111 "groups": ["gitlab:some-group"] 112 } 113 ` 114 testMigration(legacyConfig, newConfig) 115 }) 116 117 It("migrates oauth data to users/groups format", func() { 118 legacyConfig := ` 119 { 120 "oauth": { 121 "display_name": "provider", 122 "client_id": "some-client-id", 123 "client_secret": "some-client-secret", 124 "auth_url": "https://example.com/auth", 125 "token_url": "https://example.com/token", 126 "auth_url_params": { 127 "some-param": "some-value" 128 }, 129 "scope": "some-scope" 130 } 131 } 132 ` 133 newConfig := ` 134 { 135 "users": [], 136 "groups": ["oauth:some-scope"] 137 } 138 ` 139 testMigration(legacyConfig, newConfig) 140 }) 141 142 It("migrates oidc data to users/groups format", func() { 143 legacyConfig := ` 144 { 145 "oauth_oidc": { 146 "display_name": "provider", 147 "client_id": "some-client", 148 "client_secret": "some-secret", 149 "user_id": ["some-user"], 150 "groups": ["some-group"], 151 "custom_groups_name": "some-groups-key", 152 "auth_url": "https://example.com/auth", 153 "token_url": "https://example.com/token", 154 "auth_url_params": { 155 "some-param": "some-value" 156 }, 157 "scope": "some-scope" 158 } 159 } 160 ` 161 newConfig := ` 162 { 163 "users": ["oidc:some-user"], 164 "groups": ["oidc:some-group"] 165 } 166 ` 167 testMigration(legacyConfig, newConfig) 168 }) 169 170 It("fails to migrate if bitbucket cloud is present", func() { 171 legacyConfig := ` 172 { 173 "bitbucket-cloud": { 174 "client_id": "some-client", 175 "client_secret": "some-client-secret", 176 "users": ["some-user"], 177 "teams": [{ 178 "team_name": "some-team", 179 "role": "member" 180 }], 181 "repositories": [{ 182 "owner_name": "some-owner", 183 "repository_name": "some-repository" 184 }], 185 "auth_url": "https://example.com/auth", 186 "token_url": "https://example.com/token", 187 "apiurl": "https://example.com/api" 188 } 189 } 190 ` 191 db := postgresRunner.OpenDBAtVersion(preMigrationVersion) 192 SetupTeam(db, "main", legacyConfig) 193 db.Close() 194 195 _, err := postgresRunner.TryOpenDBAtVersion(postMigrationVersion) 196 Expect(err).To(HaveOccurred()) 197 }) 198 199 It("fails to migrate if bitbucket server is present", func() { 200 legacyConfig := ` 201 { 202 "bitbucket-server": { 203 "consumer_key": "/tmp/concourse-dev/keys/web/session_signing_key", 204 "private_key": { 205 "N": 0, 206 "E": 0, 207 "D": 0, 208 "Primes": [0, 0], 209 "Precomputed": { 210 "Dp": 0, 211 "Dq": 0, 212 "Qinv": 0, 213 "CRTValues": [] 214 } 215 }, 216 "endpoint": "https://example.com/endpoint", 217 "users": ["some-user"], 218 "projects": ["some-project"], 219 "repositories": [{ 220 "owner_name": "some-owner", 221 "repository_name": "some-repository" 222 }] 223 } 224 } 225 ` 226 db = postgresRunner.OpenDBAtVersion(preMigrationVersion) 227 SetupTeam(db, "main", legacyConfig) 228 db.Close() 229 230 _, err := postgresRunner.TryOpenDBAtVersion(postMigrationVersion) 231 Expect(err).To(HaveOccurred()) 232 }) 233 234 It("fails to migrate uaa if teams are using different providers of the same type", func() { 235 legacyConfigMain := ` 236 { 237 "uaa": { 238 "client_id": "some-client-id", 239 "client_secret": "some-client-secret", 240 "auth_url": "https://main.com/auth", 241 "token_url": "https://main.com/token", 242 "cf_spaces": ["some-space-guid"], 243 "cf_url": "https://main.com/api" 244 } 245 } 246 ` 247 legacyConfigOther := ` 248 { 249 "uaa": { 250 "client_id": "some-client-id", 251 "client_secret": "some-client-secret", 252 "auth_url": "https://other.com/auth", 253 "token_url": "https://other.com/token", 254 "cf_spaces": ["some-space-guid"], 255 "cf_url": "https://other.com/api" 256 } 257 } 258 ` 259 260 db = postgresRunner.OpenDBAtVersion(preMigrationVersion) 261 SetupTeam(db, "main", legacyConfigMain) 262 SetupTeam(db, "other", legacyConfigOther) 263 db.Close() 264 265 _, err := postgresRunner.TryOpenDBAtVersion(postMigrationVersion) 266 Expect(err).To(HaveOccurred()) 267 }) 268 269 It("fails to migrate if two teams have the same basic auth username", func() { 270 legacyConfigMain := ` 271 { 272 "basicauth": { 273 "username": "some-user", 274 "password": "some-password" 275 } 276 } 277 ` 278 legacyConfigOther := ` 279 { 280 "basicauth": { 281 "username": "some-user", 282 "password": "another-password" 283 } 284 } 285 ` 286 287 db = postgresRunner.OpenDBAtVersion(preMigrationVersion) 288 SetupTeam(db, "main", legacyConfigMain) 289 SetupTeam(db, "other", legacyConfigOther) 290 db.Close() 291 292 _, err := postgresRunner.TryOpenDBAtVersion(postMigrationVersion) 293 Expect(err).To(HaveOccurred()) 294 }) 295 }) 296 297 Context("Down", func() { 298 It("works when only main team has changed auth", func() { 299 db = postgresRunner.OpenDBAtVersion(postMigrationVersion) 300 301 _, err := db.Exec("INSERT INTO teams(name, legacy_auth) VALUES('main', NULL)") 302 Expect(err).NotTo(HaveOccurred()) 303 _, err = db.Exec(`INSERT INTO teams(name, legacy_auth) VALUES('another-team', '{"some-legacy-config": true}')`) 304 Expect(err).NotTo(HaveOccurred()) 305 306 db.Close() 307 308 db = postgresRunner.OpenDBAtVersion(preMigrationVersion) 309 ExpectTeamWithAuth(db, "another-team", `{"some-legacy-config": true}`) 310 db.Close() 311 }) 312 313 It("fails when non-main teams have changed auth", func() { 314 db = postgresRunner.OpenDBAtVersion(postMigrationVersion) 315 _, err := db.Exec("INSERT INTO teams(name, legacy_auth) VALUES('some-team', NULL)") 316 Expect(err).NotTo(HaveOccurred()) 317 db.Close() 318 319 _, err = postgresRunner.TryOpenDBAtVersion(preMigrationVersion) 320 Expect(err).To(HaveOccurred()) 321 }) 322 }) 323 })