github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/global_role_test.go (about) 1 //go:build functional || openapi || role || ALL 2 3 /* 4 * Copyright 2021 VMware, Inc. All rights reserved. Licensed under the Apache v2 License. 5 */ 6 7 package govcd 8 9 import ( 10 "net/url" 11 12 "github.com/vmware/go-vcloud-director/v2/types/v56" 13 . "gopkg.in/check.v1" 14 ) 15 16 type rightsProviderCollection interface { 17 PublishAllTenants() error 18 UnpublishAllTenants() error 19 PublishTenants([]types.OpenApiReference) error 20 UnpublishTenants([]types.OpenApiReference) error 21 GetTenants(queryParameters url.Values) ([]types.OpenApiReference, error) 22 ReplacePublishedTenants([]types.OpenApiReference) error 23 } 24 25 func (vcd *TestVCD) Test_GlobalRoles(check *C) { 26 client := vcd.client.Client 27 if !client.IsSysAdmin { 28 check.Skip("test Test_GlobalRoles requires system administrator privileges") 29 } 30 vcd.checkSkipWhenApiToken(check) 31 32 // Step 1 - Get all global roles 33 allExistingGlobalRoles, err := client.GetAllGlobalRoles(nil) 34 check.Assert(err, IsNil) 35 check.Assert(allExistingGlobalRoles, NotNil) 36 37 // Step 2 - Get all roles using query filters 38 for _, oneGlobalRole := range allExistingGlobalRoles { 39 40 // Step 2.1 - retrieve specific global role by using FIQL filter 41 queryParams := url.Values{} 42 queryParams.Add("filter", "id=="+oneGlobalRole.GlobalRole.Id) 43 44 expectOneGlobalRoleResultById, err := client.GetAllGlobalRoles(queryParams) 45 check.Assert(err, IsNil) 46 check.Assert(len(expectOneGlobalRoleResultById) == 1, Equals, true) 47 48 // Step 2.2 - retrieve specific global role by using endpoint 49 exactItem, err := client.GetGlobalRoleById(oneGlobalRole.GlobalRole.Id) 50 check.Assert(err, IsNil) 51 52 check.Assert(err, IsNil) 53 check.Assert(exactItem, NotNil) 54 55 // Step 2.3 - compare struct retrieved by using filter and the one retrieved by exact endpoint ID 56 check.Assert(oneGlobalRole, DeepEquals, expectOneGlobalRoleResultById[0]) 57 58 } 59 60 // Step 3 - Create a new global role and ensure it is created as specified by doing deep comparison 61 62 newGR := &types.GlobalRole{ 63 Name: check.TestName(), 64 Description: "Global Role created by test", 65 // This BundleKey is being set by VCD even if it is not sent 66 BundleKey: types.VcloudUndefinedKey, 67 ReadOnly: false, 68 } 69 70 createdGlobalRole, err := client.CreateGlobalRole(newGR) 71 check.Assert(err, IsNil) 72 AddToCleanupListOpenApi(createdGlobalRole.GlobalRole.Name, check.TestName(), 73 types.OpenApiPathVersion1_0_0+types.OpenApiEndpointGlobalRoles+createdGlobalRole.GlobalRole.Id) 74 75 // Ensure supplied and created structs differ only by ID 76 newGR.Id = createdGlobalRole.GlobalRole.Id 77 check.Assert(createdGlobalRole.GlobalRole, DeepEquals, newGR) 78 79 // Step 4 - updated created global role 80 createdGlobalRole.GlobalRole.Description = "Updated description" 81 updatedGlobalRole, err := createdGlobalRole.Update() 82 check.Assert(err, IsNil) 83 check.Assert(updatedGlobalRole.GlobalRole, DeepEquals, createdGlobalRole.GlobalRole) 84 85 // Step 5 - add rights to global role 86 87 // These rights include 5 implied rights 88 rightNames := []string{ 89 "Catalog: Add vApp from My Cloud", 90 "Catalog: Edit Properties", 91 } 92 // Add an intentional duplicate to test the validity of getRightsSet and FindMissingImpliedRights 93 rightNames = append(rightNames, rightNames[1]) 94 95 rightSet, err := getRightsSet(&client, rightNames) 96 check.Assert(err, IsNil) 97 98 err = updatedGlobalRole.AddRights(rightSet) 99 check.Assert(err, IsNil) 100 101 // Calculate the total amount of rights we should expect to be added to the global role 102 rights, err := updatedGlobalRole.GetRights(nil) 103 check.Assert(err, IsNil) 104 check.Assert(len(rights), Equals, len(rightSet)) 105 106 // Step 6 - remove 1 right from global role 107 108 err = updatedGlobalRole.RemoveRights([]types.OpenApiReference{rightSet[0]}) 109 check.Assert(err, IsNil) 110 rights, err = updatedGlobalRole.GetRights(nil) 111 check.Assert(err, IsNil) 112 check.Assert(len(rights), Equals, len(rightSet)-1) 113 114 testRightsContainerTenants(vcd, check, updatedGlobalRole) 115 116 // Step 7 - remove all rights from global role 117 err = updatedGlobalRole.RemoveAllRights() 118 check.Assert(err, IsNil) 119 120 rights, err = updatedGlobalRole.GetRights(nil) 121 check.Assert(err, IsNil) 122 check.Assert(len(rights), Equals, 0) 123 124 // Step 8 - delete created global role 125 err = updatedGlobalRole.Delete() 126 check.Assert(err, IsNil) 127 128 // Step 9 - try to read deleted global role and expect error to contain 'ErrorEntityNotFound' 129 // Read is tricky - it throws an error ACCESS_TO_RESOURCE_IS_FORBIDDEN when the resource with ID does not 130 // exist therefore one cannot know what kind of error occurred. 131 deletedGlobalRole, err := client.GetGlobalRoleById(createdGlobalRole.GlobalRole.Id) 132 check.Assert(ContainsNotFound(err), Equals, true) 133 check.Assert(deletedGlobalRole, IsNil) 134 } 135 136 func foundOrg(name, id string, items []types.OpenApiReference) bool { 137 for _, item := range items { 138 if item.ID == id && item.Name == name { 139 return true 140 } 141 } 142 return false 143 } 144 145 // testRightsContainerTenants is a sub-test that checks the validity of the tenants 146 // registered to the container 147 func testRightsContainerTenants(vcd *TestVCD, check *C, rpc rightsProviderCollection) { 148 149 newOrgName := check.TestName() + "-org" 150 task, err := CreateOrg(vcd.client, newOrgName, newOrgName, newOrgName, &types.OrgSettings{}, true) 151 check.Assert(err, IsNil) 152 err = task.WaitTaskCompletion() 153 check.Assert(err, IsNil) 154 155 newOrg, err := vcd.client.GetAdminOrgByName(newOrgName) 156 check.Assert(err, IsNil) 157 AddToCleanupList(newOrgName, "org", "", "testRightsContainerTenants") 158 159 err = rpc.PublishTenants([]types.OpenApiReference{ 160 {ID: vcd.org.Org.ID, Name: vcd.org.Org.Name}, 161 {ID: newOrg.AdminOrg.ID, Name: newOrg.AdminOrg.Name}, 162 }) 163 check.Assert(err, IsNil) 164 165 tenants, err := rpc.GetTenants(nil) 166 check.Assert(err, IsNil) 167 check.Assert(len(tenants), Equals, 2) 168 169 check.Assert(foundOrg(vcd.org.Org.Name, vcd.org.Org.ID, tenants), Equals, true) 170 check.Assert(foundOrg(newOrg.AdminOrg.Name, newOrg.AdminOrg.ID, tenants), Equals, true) 171 172 err = rpc.UnpublishTenants(tenants) 173 check.Assert(err, IsNil) 174 tenants, err = rpc.GetTenants(nil) 175 check.Assert(err, IsNil) 176 check.Assert(len(tenants), Equals, 0) 177 178 err = rpc.PublishTenants([]types.OpenApiReference{ 179 {ID: vcd.org.Org.ID, Name: vcd.org.Org.Name}, 180 }) 181 check.Assert(err, IsNil) 182 183 tenants, err = rpc.GetTenants(nil) 184 check.Assert(err, IsNil) 185 check.Assert(len(tenants), Equals, 1) 186 187 check.Assert(foundOrg(vcd.org.Org.Name, vcd.org.Org.ID, tenants), Equals, true) 188 189 err = rpc.ReplacePublishedTenants([]types.OpenApiReference{ 190 {ID: vcd.org.Org.ID, Name: vcd.org.Org.Name}, 191 {ID: newOrg.AdminOrg.ID, Name: newOrg.AdminOrg.Name}, 192 }) 193 check.Assert(err, IsNil) 194 tenants, err = rpc.GetTenants(nil) 195 check.Assert(err, IsNil) 196 check.Assert(len(tenants), Equals, 2) 197 198 check.Assert(foundOrg(vcd.org.Org.Name, vcd.org.Org.ID, tenants), Equals, true) 199 check.Assert(foundOrg(newOrg.AdminOrg.Name, newOrg.AdminOrg.ID, tenants), Equals, true) 200 201 err = rpc.UnpublishTenants(tenants) 202 check.Assert(err, IsNil) 203 tenants, err = rpc.GetTenants(nil) 204 check.Assert(err, IsNil) 205 check.Assert(len(tenants), Equals, 0) 206 207 err = rpc.PublishAllTenants() 208 check.Assert(err, IsNil) 209 210 tenants, err = rpc.GetTenants(nil) 211 check.Assert(err, IsNil) 212 check.Assert(len(tenants), Not(Equals), 0) 213 214 check.Assert(foundOrg(vcd.org.Org.Name, vcd.org.Org.ID, tenants), Equals, true) 215 check.Assert(foundOrg(newOrg.AdminOrg.Name, newOrg.AdminOrg.ID, tenants), Equals, true) 216 217 err = rpc.UnpublishAllTenants() 218 check.Assert(err, IsNil) 219 tenants, err = rpc.GetTenants(nil) 220 check.Assert(err, IsNil) 221 check.Assert(len(tenants), Equals, 0) 222 err = newOrg.Delete(true, true) 223 check.Assert(err, IsNil) 224 } 225 226 // getRightsSet is a convenience function that retrieves a list of rights 227 // from a list of right names, and adds the implied rights 228 func getRightsSet(client *Client, rightNames []string) ([]types.OpenApiReference, error) { 229 var rightList []types.OpenApiReference 230 var uniqueNames = make(map[string]bool) 231 232 for _, name := range rightNames { 233 _, seen := uniqueNames[name] 234 if seen { 235 continue 236 } 237 right, err := client.GetRightByName(name) 238 if err != nil { 239 return nil, err 240 } 241 rightList = append(rightList, types.OpenApiReference{ 242 Name: right.Name, 243 ID: right.ID, 244 }) 245 uniqueNames[name] = true 246 } 247 implied, err := FindMissingImpliedRights(client, rightList) 248 if err != nil { 249 return nil, err 250 } 251 for _, ir := range implied { 252 _, seen := uniqueNames[ir.Name] 253 if seen { 254 continue 255 } 256 rightList = append(rightList, ir) 257 } 258 return rightList, nil 259 }