github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/access_control_vapp_test.go (about) 1 //go:build functional || vapp || ALL 2 3 /* 4 * Copyright 2020 VMware, Inc. All rights reserved. Licensed under the Apache v2 License. 5 */ 6 7 package govcd 8 9 import ( 10 "fmt" 11 "os" 12 13 . "gopkg.in/check.v1" 14 15 "github.com/vmware/go-vcloud-director/v2/types/v56" 16 ) 17 18 // vappTenantContext defines whether we use tenant context during vApp tests. 19 // By default is ON. It is disabled if VCD_VAPP_SYSTEM_CONTEXT is set 20 var vappTenantContext = os.Getenv("VCD_VAPP_SYSTEM_CONTEXT") == "" 21 22 // GetId completes the implementation of interface accessControlType 23 func (vapp VApp) GetId() string { 24 return vapp.VApp.ID 25 } 26 27 func (vcd *TestVCD) Test_VappAccessControl(check *C) { 28 29 if vcd.config.VCD.Org == "" { 30 check.Skip("Test_VappAccessControl: Org name not given.") 31 return 32 } 33 if vcd.config.VCD.Vdc == "" { 34 check.Skip("Test_VappAccessControl: VDC name not given.") 35 return 36 } 37 vcd.checkSkipWhenApiToken(check) 38 org, err := vcd.client.GetAdminOrgByName(vcd.config.VCD.Org) 39 check.Assert(err, IsNil) 40 check.Assert(org, NotNil) 41 42 vdc, err := org.GetVDCByName(vcd.config.VCD.Vdc, false) 43 check.Assert(err, IsNil) 44 check.Assert(vdc, NotNil) 45 46 vappName := "ac-vapp" 47 var users = []struct { 48 name string 49 role string 50 user *OrgUser 51 }{ 52 {"ac-user1", OrgUserRoleVappAuthor, nil}, 53 {"ac-user2", OrgUserRoleOrganizationAdministrator, nil}, 54 {"ac-user3", OrgUserRoleCatalogAuthor, nil}, 55 } 56 57 // Create a new vApp 58 vapp, err := makeEmptyVapp(vdc, vappName, "") 59 check.Assert(err, IsNil) 60 check.Assert(vapp, NotNil) 61 AddToCleanupList(vappName, "vapp", vcd.config.VCD.Vdc, "Test_VappAccessControl") 62 63 checkEmpty := func() { 64 settings, err := vapp.GetAccessControl(vappTenantContext) 65 check.Assert(err, IsNil) 66 check.Assert(settings.IsSharedToEveryone, Equals, false) // There should not be a global sharing 67 check.Assert(settings.AccessSettings, IsNil) // There should not be any explicit sharing 68 } 69 70 // Create three users 71 for i := 0; i < len(users); i++ { 72 users[i].user, err = org.CreateUserSimple(OrgUserConfiguration{ 73 Name: users[i].name, Password: users[i].name, RoleName: users[i].role, IsEnabled: true, 74 }) 75 check.Assert(err, IsNil) 76 check.Assert(users[i].user, NotNil) 77 AddToCleanupList(users[i].name, "user", vcd.config.VCD.Org, "Test_VappAccessControl") 78 } 79 80 // Clean up environment 81 defer func() { 82 if testVerbose { 83 fmt.Printf("deleting %s\n", vappName) 84 } 85 task, err := vapp.Delete() 86 check.Assert(err, IsNil) 87 err = task.WaitTaskCompletion() 88 check.Assert(err, IsNil) 89 for i := 0; i < len(users); i++ { 90 if testVerbose { 91 fmt.Printf("deleting %s\n", users[i].name) 92 } 93 err = users[i].user.Delete(false) 94 check.Assert(err, IsNil) 95 } 96 }() 97 checkEmpty() 98 99 // Set access control to every user and group 100 allUsersSettings := types.ControlAccessParams{ 101 EveryoneAccessLevel: addrOf(types.ControlAccessReadOnly), 102 IsSharedToEveryone: true, 103 } 104 105 // Use generic testAccessControl. Here vapp is passed as accessControlType interface 106 err = testAccessControl("vapp all users RO", vapp, allUsersSettings, allUsersSettings, true, vappTenantContext, check) 107 check.Assert(err, IsNil) 108 109 allUsersSettings = types.ControlAccessParams{ 110 EveryoneAccessLevel: addrOf(types.ControlAccessReadWrite), 111 IsSharedToEveryone: true, 112 } 113 err = testAccessControl("vapp all users R/W", vapp, allUsersSettings, allUsersSettings, true, vappTenantContext, check) 114 check.Assert(err, IsNil) 115 116 // Set access control to one user 117 oneUserSettings := types.ControlAccessParams{ 118 IsSharedToEveryone: false, 119 EveryoneAccessLevel: nil, 120 AccessSettings: &types.AccessSettingList{ 121 AccessSetting: []*types.AccessSetting{ 122 { 123 Subject: &types.LocalSubject{ 124 HREF: users[0].user.User.Href, 125 Name: users[0].user.User.Name, 126 Type: users[0].user.User.Type, 127 }, 128 ExternalSubject: nil, 129 AccessLevel: types.ControlAccessReadWrite, 130 }, 131 }, 132 }, 133 } 134 err = testAccessControl("vapp one user", vapp, oneUserSettings, oneUserSettings, true, vappTenantContext, check) 135 check.Assert(err, IsNil) 136 137 // Check that vapp.GetAccessControl and vdc.GetVappAccessControl return the same data 138 controlAccess, err := vapp.GetAccessControl(vappTenantContext) 139 check.Assert(err, IsNil) 140 vdcControlAccessName, err := vdc.GetVappAccessControl(vappName, vappTenantContext) 141 check.Assert(err, IsNil) 142 check.Assert(controlAccess, DeepEquals, vdcControlAccessName) 143 144 vdcControlAccessId, err := vdc.GetVappAccessControl(vapp.VApp.ID, vappTenantContext) 145 check.Assert(err, IsNil) 146 check.Assert(controlAccess, DeepEquals, vdcControlAccessId) 147 148 // Set access control to two users 149 twoUserSettings := types.ControlAccessParams{ 150 IsSharedToEveryone: false, 151 EveryoneAccessLevel: nil, 152 AccessSettings: &types.AccessSettingList{ 153 AccessSetting: []*types.AccessSetting{ 154 { 155 Subject: &types.LocalSubject{ 156 HREF: users[0].user.User.Href, 157 //Name: users[0].user.User.Name, // Pass info without name for one of the subjects 158 Type: users[0].user.User.Type, 159 }, 160 ExternalSubject: nil, 161 AccessLevel: types.ControlAccessReadOnly, 162 }, 163 { 164 Subject: &types.LocalSubject{ 165 HREF: users[1].user.User.Href, 166 Name: users[1].user.User.Name, 167 Type: users[1].user.User.Type, 168 }, 169 ExternalSubject: nil, 170 AccessLevel: types.ControlAccessFullControl, 171 }, 172 }, 173 }, 174 } 175 err = testAccessControl("vapp two users", vapp, twoUserSettings, twoUserSettings, true, vappTenantContext, check) 176 check.Assert(err, IsNil) 177 178 // Check removal of sharing setting 179 err = vapp.RemoveAccessControl(vappTenantContext) 180 check.Assert(err, IsNil) 181 checkEmpty() 182 183 // Set access control to three users 184 threeUserSettings := types.ControlAccessParams{ 185 IsSharedToEveryone: false, 186 EveryoneAccessLevel: nil, 187 AccessSettings: &types.AccessSettingList{ 188 AccessSetting: []*types.AccessSetting{ 189 { 190 Subject: &types.LocalSubject{ 191 HREF: users[0].user.User.Href, 192 Name: users[0].user.User.Name, 193 Type: users[0].user.User.Type, 194 }, 195 ExternalSubject: nil, 196 AccessLevel: types.ControlAccessReadOnly, 197 }, 198 { 199 Subject: &types.LocalSubject{ 200 HREF: users[1].user.User.Href, 201 //Name: users[1].user.User.Name,// Pass info without name for one of the subjects 202 Type: users[1].user.User.Type, 203 }, 204 ExternalSubject: nil, 205 AccessLevel: types.ControlAccessFullControl, 206 }, 207 { 208 Subject: &types.LocalSubject{ 209 HREF: users[2].user.User.Href, 210 Name: users[2].user.User.Name, 211 Type: users[2].user.User.Type, 212 }, 213 ExternalSubject: nil, 214 AccessLevel: types.ControlAccessReadWrite, 215 }, 216 }, 217 }, 218 } 219 err = testAccessControl("vapp three users", vapp, threeUserSettings, threeUserSettings, true, vappTenantContext, check) 220 check.Assert(err, IsNil) 221 222 // Set empty settings explicitly 223 emptySettings := types.ControlAccessParams{ 224 IsSharedToEveryone: false, 225 } 226 err = testAccessControl("vapp empty", vapp, emptySettings, emptySettings, false, vappTenantContext, check) 227 check.Assert(err, IsNil) 228 229 checkEmpty() 230 231 orgInfo, err := vapp.getOrgInfo() 232 check.Assert(err, IsNil) 233 check.Assert(orgInfo.OrgId, Equals, extractUuid(org.AdminOrg.ID)) 234 check.Assert(orgInfo.OrgName, Equals, org.AdminOrg.Name) 235 }