github.com/polarismesh/polaris@v1.17.8/auth/defaultauth/group_test.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package defaultauth_test 19 20 import ( 21 "context" 22 "testing" 23 "time" 24 25 "github.com/golang/mock/gomock" 26 apisecurity "github.com/polarismesh/specification/source/go/api/v1/security" 27 "github.com/stretchr/testify/assert" 28 "google.golang.org/protobuf/types/known/wrapperspb" 29 30 "github.com/polarismesh/polaris/auth" 31 "github.com/polarismesh/polaris/auth/defaultauth" 32 "github.com/polarismesh/polaris/cache" 33 v1 "github.com/polarismesh/polaris/common/api/v1" 34 "github.com/polarismesh/polaris/common/model" 35 "github.com/polarismesh/polaris/common/utils" 36 storemock "github.com/polarismesh/polaris/store/mock" 37 ) 38 39 type GroupTest struct { 40 ctrl *gomock.Controller 41 42 ownerOne *model.User 43 ownerTwo *model.User 44 45 users []*model.User 46 groups []*model.UserGroupDetail 47 newGroups []*model.UserGroupDetail 48 allGroups []*model.UserGroupDetail 49 50 storage *storemock.MockStore 51 cacheMgn *cache.CacheManager 52 checker auth.AuthChecker 53 54 svr *defaultauth.GroupAuthAbility 55 56 cancel context.CancelFunc 57 } 58 59 func newGroupTest(t *testing.T) *GroupTest { 60 reset(false) 61 ctrl := gomock.NewController(t) 62 63 users := createMockUser(10) 64 groups := createMockUserGroup(users) 65 66 newUsers := createMockUser(10) 67 newGroups := createMockUserGroup(newUsers) 68 69 allGroups := append(groups, newGroups...) 70 71 storage := storemock.NewMockStore(ctrl) 72 73 storage.EXPECT().GetServicesCount().AnyTimes().Return(uint32(1), nil) 74 storage.EXPECT().GetUnixSecond(gomock.Any()).AnyTimes().Return(time.Now().Unix(), nil) 75 storage.EXPECT().AddGroup(gomock.Any()).AnyTimes().Return(nil) 76 storage.EXPECT().UpdateUser(gomock.Any()).AnyTimes().Return(nil) 77 storage.EXPECT().GetUsersForCache(gomock.Any(), gomock.Any()).AnyTimes().Return(append(users, newUsers...), nil) 78 storage.EXPECT().GetGroupsForCache(gomock.Any(), gomock.Any()).AnyTimes().Return(allGroups, nil) 79 80 cfg := &cache.Config{ 81 Open: true, 82 Resources: []cache.ConfigEntry{ 83 { 84 Name: "users", 85 }, 86 }, 87 } 88 89 ctx, cancel := context.WithCancel(context.Background()) 90 cacheMgn, err := cache.TestCacheInitialize(ctx, cfg, storage) 91 if err != nil { 92 t.Error(err) 93 } 94 t.Cleanup(func() { 95 _ = cacheMgn.Close() 96 }) 97 98 time.Sleep(time.Second) 99 100 checker := &defaultauth.DefaultAuthChecker{} 101 checker.SetCacheMgr(cacheMgn) 102 103 svr := defaultauth.NewGroupAuthAbility( 104 checker, 105 defaultauth.NewServer(storage, nil, cacheMgn, checker), 106 ) 107 108 return &GroupTest{ 109 ctrl: ctrl, 110 111 ownerOne: users[0], 112 ownerTwo: newUsers[0], 113 114 users: users, 115 groups: groups, 116 newGroups: newGroups, 117 allGroups: allGroups, 118 119 storage: storage, 120 cacheMgn: cacheMgn, 121 checker: checker, 122 svr: svr, 123 124 cancel: cancel, 125 } 126 } 127 128 func (g *GroupTest) Clean() { 129 g.cancel() 130 g.cacheMgn.Close() 131 g.ctrl.Finish() 132 } 133 134 func Test_server_CreateGroup(t *testing.T) { 135 groupTest := newGroupTest(t) 136 137 defer groupTest.Clean() 138 139 t.Run("正常创建用户组", func(t *testing.T) { 140 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 141 142 groups := createMockUserGroup(groupTest.users[:1]) 143 groups[0].ID = utils.NewUUID() 144 145 groupTest.storage.EXPECT().GetGroupByName(gomock.Any(), gomock.Any()).Return(nil, nil) 146 147 resp := groupTest.svr.CreateGroup(reqCtx, &apisecurity.UserGroup{ 148 Id: utils.NewStringValue(groups[0].ID), 149 Name: utils.NewStringValue(groups[0].Name), 150 }) 151 152 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 153 }) 154 155 t.Run("用户组已存在", func(t *testing.T) { 156 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 157 158 groups := createMockUserGroup(groupTest.users[:1]) 159 groups[0].ID = utils.NewUUID() 160 161 groupTest.storage.EXPECT().GetGroupByName(gomock.Any(), gomock.Any()).Return(groups[0].UserGroup, nil) 162 163 resp := groupTest.svr.CreateGroup(reqCtx, &apisecurity.UserGroup{ 164 Id: utils.NewStringValue(groups[0].ID), 165 Name: utils.NewStringValue(groups[0].Name), 166 }) 167 168 assert.True(t, resp.GetCode().Value == v1.UserGroupExisted, resp.Info.GetValue()) 169 }) 170 171 t.Run("子用户去创建用户组", func(t *testing.T) { 172 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 173 174 groups := createMockUserGroup(groupTest.users[:1]) 175 groups[0].ID = utils.NewUUID() 176 177 resp := groupTest.svr.CreateGroup(reqCtx, &apisecurity.UserGroup{ 178 Id: utils.NewStringValue(groups[0].ID), 179 Name: utils.NewStringValue(groups[0].Name), 180 }) 181 182 assert.True(t, resp.GetCode().Value == v1.OperationRoleException, resp.Info.GetValue()) 183 }) 184 185 t.Run("主账户去查询owner为自己的用户组", func(t *testing.T) { 186 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 187 188 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[1], nil) 189 190 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 191 Id: utils.NewStringValue(groupTest.groups[1].ID), 192 }) 193 194 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 195 }) 196 197 t.Run("主账户去查询owner不是自己的用户组", func(t *testing.T) { 198 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerTwo.Token) 199 200 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[3], nil) 201 202 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 203 Id: utils.NewStringValue(groupTest.groups[3].ID), 204 }) 205 206 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 207 }) 208 209 t.Run("子账户去查询自己所在的用户组", func(t *testing.T) { 210 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 211 212 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[1], nil) 213 214 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 215 Id: utils.NewStringValue(groupTest.groups[1].ID), 216 }) 217 218 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 219 }) 220 221 t.Run("子账户去查询自己不在的用户组", func(t *testing.T) { 222 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 223 224 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[2], nil) 225 226 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 227 Id: utils.NewStringValue(groupTest.groups[2].ID), 228 }) 229 230 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 231 }) 232 } 233 234 func Test_server_GetGroup(t *testing.T) { 235 groupTest := newGroupTest(t) 236 237 defer groupTest.Clean() 238 t.Run("主账户去查询owner为自己的用户组", func(t *testing.T) { 239 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 240 241 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[1], nil) 242 243 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 244 Id: utils.NewStringValue(groupTest.groups[1].ID), 245 }) 246 247 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 248 }) 249 250 t.Run("主账户去查询owner不是自己的用户组", func(t *testing.T) { 251 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 252 253 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.newGroups[0], nil) 254 255 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 256 Id: utils.NewStringValue(groupTest.newGroups[0].ID), 257 }) 258 259 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 260 }) 261 262 t.Run("子账户去查询自己所在的用户组", func(t *testing.T) { 263 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 264 265 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[1], nil) 266 267 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 268 Id: utils.NewStringValue(groupTest.groups[1].ID), 269 }) 270 271 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 272 }) 273 274 t.Run("子账户去查询自己不在的用户组", func(t *testing.T) { 275 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 276 277 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[2], nil) 278 279 resp := groupTest.svr.GetGroup(reqCtx, &apisecurity.UserGroup{ 280 Id: utils.NewStringValue(groupTest.groups[2].ID), 281 }) 282 283 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 284 }) 285 } 286 287 func Test_server_UpdateGroup(t *testing.T) { 288 t.Run("主账户更新用户组", func(t *testing.T) { 289 groupTest := newGroupTest(t) 290 291 t.Cleanup(func() { 292 groupTest.Clean() 293 }) 294 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 295 296 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[1], nil) 297 groupTest.storage.EXPECT().UpdateGroup(gomock.Any()).Return(nil) 298 299 req := &apisecurity.ModifyUserGroup{ 300 Id: utils.NewStringValue(groupTest.groups[1].ID), 301 Comment: &wrapperspb.StringValue{ 302 Value: "new test group", 303 }, 304 AddRelations: &apisecurity.UserGroupRelation{ 305 GroupId: utils.NewStringValue(groupTest.groups[1].ID), 306 Users: []*apisecurity.User{ 307 { 308 Id: utils.NewStringValue(groupTest.users[2].ID), 309 }, 310 { 311 Id: utils.NewStringValue(groupTest.users[3].ID), 312 }, 313 }, 314 }, 315 RemoveRelations: &apisecurity.UserGroupRelation{ 316 GroupId: utils.NewStringValue(groupTest.groups[1].ID), 317 Users: []*apisecurity.User{ 318 { 319 Id: utils.NewStringValue(groupTest.users[5].ID), 320 }, 321 }, 322 }, 323 } 324 325 resp := groupTest.svr.UpdateGroups(reqCtx, []*apisecurity.ModifyUserGroup{req}) 326 327 assert.True(t, resp.Responses[0].Code.GetValue() == v1.ExecuteSuccess, resp.Responses[0].Info.GetValue()) 328 }) 329 330 t.Run("主账户更新不是自己负责的用户组", func(t *testing.T) { 331 groupTest := newGroupTest(t) 332 333 t.Cleanup(func() { 334 groupTest.Clean() 335 }) 336 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 337 338 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.newGroups[1], nil) 339 340 req := &apisecurity.ModifyUserGroup{ 341 Id: utils.NewStringValue(groupTest.newGroups[0].ID), 342 Comment: &wrapperspb.StringValue{ 343 Value: "new test group", 344 }, 345 AddRelations: &apisecurity.UserGroupRelation{ 346 GroupId: utils.NewStringValue(groupTest.groups[0].ID), 347 Users: []*apisecurity.User{ 348 { 349 Id: utils.NewStringValue(groupTest.users[2].ID), 350 }, 351 { 352 Id: utils.NewStringValue(groupTest.users[3].ID), 353 }, 354 }, 355 }, 356 RemoveRelations: &apisecurity.UserGroupRelation{ 357 GroupId: utils.NewStringValue(groupTest.groups[0].ID), 358 Users: []*apisecurity.User{ 359 { 360 Id: utils.NewStringValue(groupTest.users[5].ID), 361 }, 362 }, 363 }, 364 } 365 366 resp := groupTest.svr.UpdateGroups(reqCtx, []*apisecurity.ModifyUserGroup{req}) 367 assert.True(t, resp.Responses[0].Code.GetValue() == v1.NotAllowedAccess, resp.Responses[0].Info.GetValue()) 368 }) 369 370 t.Run("子账户更新用户组", func(t *testing.T) { 371 groupTest := newGroupTest(t) 372 373 t.Cleanup(func() { 374 groupTest.Clean() 375 }) 376 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 377 378 req := &apisecurity.ModifyUserGroup{ 379 Id: utils.NewStringValue(groupTest.groups[2].ID), 380 Comment: &wrapperspb.StringValue{ 381 Value: "new test group", 382 }, 383 AddRelations: &apisecurity.UserGroupRelation{ 384 GroupId: utils.NewStringValue(groupTest.groups[2].ID), 385 Users: []*apisecurity.User{ 386 { 387 Id: utils.NewStringValue(groupTest.users[2].ID), 388 }, 389 { 390 Id: utils.NewStringValue(groupTest.users[3].ID), 391 }, 392 }, 393 }, 394 RemoveRelations: &apisecurity.UserGroupRelation{ 395 GroupId: utils.NewStringValue(groupTest.groups[2].ID), 396 Users: []*apisecurity.User{ 397 { 398 Id: utils.NewStringValue(groupTest.users[5].ID), 399 }, 400 }, 401 }, 402 } 403 404 resp := groupTest.svr.UpdateGroups(reqCtx, []*apisecurity.ModifyUserGroup{req}) 405 assert.True(t, resp.Responses[0].GetCode().Value == v1.OperationRoleException, resp.Responses[0].Info.GetValue()) 406 }) 407 408 t.Run("更新用户组-啥都没用动过", func(t *testing.T) { 409 groupTest := newGroupTest(t) 410 411 t.Cleanup(func() { 412 groupTest.Clean() 413 }) 414 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 415 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[2], nil) 416 417 req := &apisecurity.ModifyUserGroup{ 418 Id: utils.NewStringValue(groupTest.groups[2].ID), 419 Comment: &wrapperspb.StringValue{Value: groupTest.groups[2].Comment}, 420 AddRelations: &apisecurity.UserGroupRelation{}, 421 RemoveRelations: &apisecurity.UserGroupRelation{}, 422 } 423 424 resp := groupTest.svr.UpdateGroups(reqCtx, []*apisecurity.ModifyUserGroup{req}) 425 assert.True(t, resp.Responses[0].GetCode().Value == v1.NoNeedUpdate, resp.Responses[0].Info.GetValue()) 426 }) 427 428 } 429 430 func Test_server_GetGroupToken(t *testing.T) { 431 t.Run("主账户去查询owner为自己的用户组", func(t *testing.T) { 432 groupTest := newGroupTest(t) 433 434 t.Cleanup(func() { 435 groupTest.Clean() 436 }) 437 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[0].Token) 438 439 resp := groupTest.svr.GetGroupToken(reqCtx, &apisecurity.UserGroup{ 440 Id: utils.NewStringValue(groupTest.groups[1].ID), 441 }) 442 443 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 444 }) 445 446 t.Run("主账户去查询owner不是自己的用户组", func(t *testing.T) { 447 groupTest := newGroupTest(t) 448 449 t.Cleanup(func() { 450 groupTest.Clean() 451 }) 452 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerTwo.Token) 453 454 resp := groupTest.svr.GetGroupToken(reqCtx, &apisecurity.UserGroup{ 455 Id: utils.NewStringValue(groupTest.groups[1].ID), 456 }) 457 458 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 459 }) 460 461 t.Run("子账户去查询自己所在的用户组", func(t *testing.T) { 462 groupTest := newGroupTest(t) 463 464 t.Cleanup(func() { 465 groupTest.Clean() 466 }) 467 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 468 469 resp := groupTest.svr.GetGroupToken(reqCtx, &apisecurity.UserGroup{ 470 Id: utils.NewStringValue(groupTest.groups[1].ID), 471 }) 472 473 assert.True(t, resp.GetCode().Value == v1.ExecuteSuccess, resp.Info.GetValue()) 474 }) 475 476 t.Run("子账户去查询自己不在的用户组", func(t *testing.T) { 477 groupTest := newGroupTest(t) 478 479 t.Cleanup(func() { 480 groupTest.Clean() 481 }) 482 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 483 484 resp := groupTest.svr.GetGroupToken(reqCtx, &apisecurity.UserGroup{ 485 Id: utils.NewStringValue(groupTest.groups[2].ID), 486 }) 487 488 assert.True(t, resp.GetCode().Value == v1.NotAllowedAccess, resp.Info.GetValue()) 489 }) 490 } 491 492 func Test_server_DeleteGroup(t *testing.T) { 493 494 t.Run("正常删除用户组", func(t *testing.T) { 495 groupTest := newGroupTest(t) 496 497 t.Cleanup(func() { 498 groupTest.Clean() 499 }) 500 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 501 502 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 503 groupTest.storage.EXPECT().DeleteGroup(gomock.Any()).AnyTimes().Return(nil) 504 505 batchResp := groupTest.svr.DeleteGroups(reqCtx, []*apisecurity.UserGroup{ 506 { 507 Id: utils.NewStringValue(groupTest.groups[0].ID), 508 }, 509 }) 510 511 assert.True(t, batchResp.GetCode().Value == v1.ExecuteSuccess, batchResp.Info.GetValue()) 512 }) 513 514 t.Run("删除用户组-用户组不存在", func(t *testing.T) { 515 groupTest := newGroupTest(t) 516 517 t.Cleanup(func() { 518 groupTest.Clean() 519 }) 520 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 521 522 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(nil, nil) 523 groupTest.storage.EXPECT().DeleteGroup(gomock.Any()).AnyTimes().Return(nil) 524 525 batchResp := groupTest.svr.DeleteGroups(reqCtx, []*apisecurity.UserGroup{ 526 { 527 Id: utils.NewStringValue(groupTest.groups[0].ID), 528 }, 529 }) 530 531 assert.True(t, batchResp.GetCode().Value == v1.ExecuteSuccess, batchResp.Info.GetValue()) 532 }) 533 534 t.Run("删除用户组-不是用户组的owner", func(t *testing.T) { 535 groupTest := newGroupTest(t) 536 537 t.Cleanup(func() { 538 groupTest.Clean() 539 }) 540 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerTwo.Token) 541 542 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 543 groupTest.storage.EXPECT().DeleteGroup(gomock.Any()).AnyTimes().Return(nil) 544 545 batchResp := groupTest.svr.DeleteGroups(reqCtx, []*apisecurity.UserGroup{ 546 { 547 Id: utils.NewStringValue(groupTest.groups[0].ID), 548 }, 549 }) 550 551 assert.True(t, batchResp.Responses[0].GetCode().Value == v1.NotAllowedAccess, batchResp.Responses[0].Info.GetValue()) 552 }) 553 554 t.Run("删除用户组-非owner角色", func(t *testing.T) { 555 groupTest := newGroupTest(t) 556 557 t.Cleanup(func() { 558 groupTest.Clean() 559 }) 560 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[1].Token) 561 562 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 563 groupTest.storage.EXPECT().DeleteGroup(gomock.Any()).AnyTimes().Return(nil) 564 565 batchResp := groupTest.svr.DeleteGroups(reqCtx, []*apisecurity.UserGroup{ 566 { 567 Id: utils.NewStringValue(groupTest.groups[0].ID), 568 }, 569 }) 570 571 assert.True(t, batchResp.Responses[0].GetCode().Value == v1.OperationRoleException, batchResp.Responses[0].Info.GetValue()) 572 }) 573 574 } 575 576 func Test_server_UpdateGroupToken(t *testing.T) { 577 t.Run("正常更新用户组Token的Enable状态", func(t *testing.T) { 578 groupTest := newGroupTest(t) 579 t.Cleanup(func() { 580 groupTest.Clean() 581 }) 582 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 583 584 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 585 groupTest.storage.EXPECT().UpdateGroup(gomock.Any()).AnyTimes().Return(nil) 586 587 batchResp := groupTest.svr.UpdateGroupToken(reqCtx, &apisecurity.UserGroup{ 588 Id: utils.NewStringValue(groupTest.groups[2].ID), 589 }) 590 591 assert.True(t, batchResp.GetCode().Value == v1.ExecuteSuccess, batchResp.Info.GetValue()) 592 }) 593 594 t.Run("非Owner角色更新用户组Token的Enable状态", func(t *testing.T) { 595 groupTest := newGroupTest(t) 596 t.Cleanup(func() { 597 groupTest.Clean() 598 }) 599 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[2].Token) 600 601 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 602 603 batchResp := groupTest.svr.UpdateGroupToken(reqCtx, &apisecurity.UserGroup{ 604 Id: utils.NewStringValue(groupTest.groups[2].ID), 605 }) 606 607 assert.True(t, batchResp.Code.Value == v1.OperationRoleException, batchResp.Info.GetValue()) 608 }) 609 610 t.Run("更新用户组Token的Enable状态-非group的owner", func(t *testing.T) { 611 groupTest := newGroupTest(t) 612 t.Cleanup(func() { 613 groupTest.Clean() 614 }) 615 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerTwo.Token) 616 617 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 618 619 batchResp := groupTest.svr.UpdateGroupToken(reqCtx, &apisecurity.UserGroup{ 620 Id: utils.NewStringValue(groupTest.groups[2].ID), 621 }) 622 623 assert.True(t, batchResp.Code.Value == v1.NotAllowedAccess, batchResp.Info.GetValue()) 624 }) 625 } 626 627 func Test_server_RefreshGroupToken(t *testing.T) { 628 t.Run("正常更新用户组Token的Enable状态", func(t *testing.T) { 629 groupTest := newGroupTest(t) 630 t.Cleanup(func() { 631 groupTest.Clean() 632 }) 633 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerOne.Token) 634 635 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[0], nil) 636 groupTest.storage.EXPECT().UpdateGroup(gomock.Any()).Return(nil) 637 638 batchResp := groupTest.svr.ResetGroupToken(reqCtx, &apisecurity.UserGroup{ 639 Id: utils.NewStringValue(groupTest.groups[2].ID), 640 }) 641 642 assert.True(t, batchResp.GetCode().Value == v1.ExecuteSuccess, batchResp.Info.GetValue()) 643 }) 644 645 t.Run("非Owner角色更新用户组Token的Enable状态", func(t *testing.T) { 646 groupTest := newGroupTest(t) 647 t.Cleanup(func() { 648 groupTest.Clean() 649 }) 650 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.users[2].Token) 651 652 groupTest.storage.EXPECT().GetGroup(gomock.Any()).AnyTimes().Return(groupTest.groups[0], nil) 653 654 batchResp := groupTest.svr.ResetGroupToken(reqCtx, &apisecurity.UserGroup{ 655 Id: utils.NewStringValue(groupTest.groups[2].ID), 656 }) 657 658 assert.True(t, batchResp.Code.Value == v1.OperationRoleException, batchResp.Info.GetValue()) 659 }) 660 661 t.Run("更新用户组Token的Enable状态-非group的owner", func(t *testing.T) { 662 groupTest := newGroupTest(t) 663 t.Cleanup(func() { 664 groupTest.Clean() 665 }) 666 reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, groupTest.ownerTwo.Token) 667 668 groupTest.storage.EXPECT().GetGroup(gomock.Any()).Return(groupTest.groups[0], nil) 669 670 batchResp := groupTest.svr.ResetGroupToken(reqCtx, &apisecurity.UserGroup{ 671 Id: utils.NewStringValue(groupTest.groups[2].ID), 672 }) 673 674 assert.True(t, batchResp.Code.Value == v1.NotAllowedAccess, batchResp.Info.GetValue()) 675 }) 676 } 677 678 func Test_AuthServer_NormalOperateUserGroup(t *testing.T) { 679 suit := &AuthTestSuit{} 680 if err := suit.Initialize(); err != nil { 681 t.Fatal(err) 682 } 683 t.Cleanup(func() { 684 suit.cleanAllAuthStrategy() 685 suit.cleanAllUser() 686 suit.cleanAllUserGroup() 687 suit.Destroy() 688 }) 689 690 users := createApiMockUser(10, "test") 691 for i := range users { 692 users[i].Id = utils.NewStringValue(utils.NewUUID()) 693 } 694 695 groups := createMockApiUserGroup([]*apisecurity.User{users[0]}) 696 697 t.Run("正常创建用户组", func(t *testing.T) { 698 bresp := suit.UserServer().CreateUsers(suit.DefaultCtx, users) 699 if !respSuccess(bresp) { 700 t.Fatal(bresp.GetInfo().GetValue()) 701 } 702 703 _ = suit.CacheMgr().TestUpdate() 704 705 resp := suit.UserServer().CreateGroup(suit.DefaultCtx, groups[0]) 706 707 if !respSuccess(resp) { 708 t.Fatal(resp.GetInfo().GetValue()) 709 } 710 711 groups[0].Id = utils.NewStringValue(resp.GetUserGroup().Id.Value) 712 }) 713 714 t.Run("正常更新用户组", func(t *testing.T) { 715 716 time.Sleep(time.Second) 717 718 req := []*apisecurity.ModifyUserGroup{ 719 { 720 Id: utils.NewStringValue(groups[0].GetId().GetValue()), 721 Name: utils.NewStringValue(groups[0].GetName().GetValue()), 722 Comment: &wrapperspb.StringValue{ 723 Value: "update user group", 724 }, 725 AddRelations: &apisecurity.UserGroupRelation{ 726 Users: users[3:], 727 }, 728 }, 729 } 730 731 resp := suit.UserServer().UpdateGroups(suit.DefaultCtx, req) 732 if !respSuccess(resp) { 733 t.Fatal(resp.GetInfo().GetValue()) 734 } 735 736 _ = suit.CacheMgr().TestUpdate() 737 738 qresp := suit.UserServer().GetGroup(suit.DefaultCtx, groups[0]) 739 740 if !respSuccess(resp) { 741 t.Fatal(resp.GetInfo().GetValue()) 742 } 743 744 assert.Equal(t, req[0].GetComment().GetValue(), qresp.GetUserGroup().GetComment().GetValue()) 745 assert.Equal(t, len(users[3:])+1, len(qresp.GetUserGroup().GetRelation().GetUsers())) 746 }) 747 748 t.Run("正常更新用户组Token", func(t *testing.T) { 749 resp := suit.UserServer().ResetGroupToken(suit.DefaultCtx, groups[0]) 750 751 if !respSuccess(resp) { 752 t.Fatal(resp.GetInfo().GetValue()) 753 } 754 755 _ = suit.CacheMgr().TestUpdate() 756 757 qresp := suit.UserServer().GetGroupToken(suit.DefaultCtx, groups[0]) 758 if !respSuccess(qresp) { 759 t.Fatal(resp.GetInfo().GetValue()) 760 } 761 assert.Equal(t, resp.GetUserGroup().GetAuthToken().GetValue(), qresp.GetUserGroup().GetAuthToken().GetValue()) 762 }) 763 764 t.Run("正常查询某个用户组下的用户列表", func(t *testing.T) { 765 qresp := suit.UserServer().GetUsers(suit.DefaultCtx, map[string]string{ 766 "group_id": groups[0].GetId().GetValue(), 767 }) 768 769 if !respSuccess(qresp) { 770 t.Fatal(qresp.GetInfo().GetValue()) 771 } 772 773 assert.Equal(t, 8, len(qresp.GetUsers())) 774 775 expectUsers := []string{users[0].Id.Value} 776 for _, u := range users[3:] { 777 expectUsers = append(expectUsers, u.Id.Value) 778 } 779 780 retUsers := []string{} 781 for i := range qresp.GetUsers() { 782 retUsers = append(retUsers, qresp.GetUsers()[i].Id.Value) 783 } 784 assert.ElementsMatch(t, expectUsers, retUsers) 785 }) 786 787 t.Run("正常查询用户组列表", func(t *testing.T) { 788 qresp := suit.UserServer().GetGroups(suit.DefaultCtx, map[string]string{}) 789 790 if !respSuccess(qresp) { 791 t.Fatal(qresp.GetInfo().GetValue()) 792 } 793 794 assert.True(t, len(qresp.GetUserGroups()) == 1) 795 assert.Equal(t, groups[0].GetId().GetValue(), qresp.GetUserGroups()[0].Id.GetValue()) 796 }) 797 798 t.Run("查询某个用户所在的所有分组", func(t *testing.T) { 799 qresp := suit.UserServer().GetGroups(suit.DefaultCtx, map[string]string{ 800 "user_id": users[0].GetId().GetValue(), 801 }) 802 803 if !respSuccess(qresp) { 804 t.Fatal(qresp.GetInfo().GetValue()) 805 } 806 807 assert.True(t, len(qresp.GetUserGroups()) == 1) 808 assert.Equal(t, groups[0].GetId().GetValue(), qresp.GetUserGroups()[0].Id.GetValue()) 809 }) 810 811 t.Run("正常删除用户组", func(t *testing.T) { 812 resp := suit.UserServer().DeleteGroups(suit.DefaultCtx, groups) 813 814 if !respSuccess(resp) { 815 t.Fatal(resp.GetInfo().GetValue()) 816 } 817 818 qresp := suit.UserServer().GetGroup(suit.DefaultCtx, groups[0]) 819 820 if respSuccess(qresp) { 821 t.Fatal(qresp.GetInfo().GetValue()) 822 } 823 824 assert.Equal(t, v1.NotFoundUserGroup, qresp.GetCode().GetValue()) 825 }) 826 }