github.com/weaviate/weaviate@v1.24.6/usecases/auth/authorization/adminlist/config_test.go

github.com/weaviate/weaviate@v1.24.6/usecases/auth/authorization/adminlist/config_test.go (about)

     1  //                           _       _
     2  // __      _____  __ ___   ___  __ _| |_ ___
     3  // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
     4  //  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
     5  //   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
     6  //
     7  //  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
     8  //
     9  //  CONTACT: hello@weaviate.io
    10  //
    11  
    12  package adminlist
    13  
    14  import (
    15  	"fmt"
    16  	"testing"
    17  
    18  	"github.com/stretchr/testify/assert"
    19  )
    20  
    21  func Test_Validation(t *testing.T) {
    22  	t.Run("with only an admin user list set", func(t *testing.T) {
    23  		cfg := Config{
    24  			Enabled: true,
    25  			Users: []string{
    26  				"alice",
    27  				"johndoe",
    28  			},
    29  		}
    30  
    31  		err := cfg.Validate()
    32  		assert.Nil(t, err)
    33  	})
    34  
    35  	t.Run("with only a read only user list set", func(t *testing.T) {
    36  		cfg := Config{
    37  			Enabled: true,
    38  			ReadOnlyUsers: []string{
    39  				"alice",
    40  				"johndoe",
    41  			},
    42  		}
    43  
    44  		err := cfg.Validate()
    45  		assert.Nil(t, err)
    46  	})
    47  
    48  	t.Run("with both user lists present, but no overlap", func(t *testing.T) {
    49  		cfg := Config{
    50  			Enabled: true,
    51  			Users: []string{
    52  				"alice",
    53  			},
    54  			ReadOnlyUsers: []string{
    55  				"johndoe",
    56  			},
    57  		}
    58  
    59  		err := cfg.Validate()
    60  		assert.Nil(t, err)
    61  	})
    62  
    63  	t.Run("with one subject part of both user lists", func(t *testing.T) {
    64  		cfg := Config{
    65  			Enabled: true,
    66  			Users: []string{
    67  				"alice",
    68  				"johndoe",
    69  			},
    70  			ReadOnlyUsers: []string{
    71  				"johndoe",
    72  			},
    73  		}
    74  
    75  		err := cfg.Validate()
    76  		assert.Equal(t, err, fmt.Errorf("admin list: subject 'johndoe' is present on both admin and read-only list"))
    77  	})
    78  
    79  	t.Run("with only an admin group list set", func(t *testing.T) {
    80  		cfg := Config{
    81  			Enabled: true,
    82  			Groups: []string{
    83  				"band",
    84  				"posse",
    85  			},
    86  		}
    87  
    88  		err := cfg.Validate()
    89  		assert.Nil(t, err)
    90  	})
    91  
    92  	t.Run("with only a read only group list set", func(t *testing.T) {
    93  		cfg := Config{
    94  			Enabled: true,
    95  			ReadOnlyGroups: []string{
    96  				"band",
    97  				"posse",
    98  			},
    99  		}
   100  
   101  		err := cfg.Validate()
   102  		assert.Nil(t, err)
   103  	})
   104  
   105  	t.Run("with both group lists present, but no overlap", func(t *testing.T) {
   106  		cfg := Config{
   107  			Enabled: true,
   108  			Groups: []string{
   109  				"band",
   110  			},
   111  			ReadOnlyGroups: []string{
   112  				"posse",
   113  			},
   114  		}
   115  
   116  		err := cfg.Validate()
   117  		assert.Nil(t, err)
   118  	})
   119  
   120  	t.Run("with one subject part of both group lists", func(t *testing.T) {
   121  		cfg := Config{
   122  			Enabled: true,
   123  			Groups: []string{
   124  				"band",
   125  				"posse",
   126  			},
   127  			ReadOnlyGroups: []string{
   128  				"posse",
   129  			},
   130  		}
   131  
   132  		err := cfg.Validate()
   133  		assert.Equal(t, err, fmt.Errorf("admin list: subject 'posse' is present on both admin and read-only list"))
   134  	})
   135  
   136  	t.Run("with both admin user and groups present", func(t *testing.T) {
   137  		cfg := Config{
   138  			Enabled: true,
   139  			Users: []string{
   140  				"alice",
   141  				"johndoe",
   142  			},
   143  			Groups: []string{
   144  				"band",
   145  				"posse",
   146  			},
   147  		}
   148  
   149  		err := cfg.Validate()
   150  		assert.Nil(t, err)
   151  	})
   152  
   153  	t.Run("with an admin user and read only group set", func(t *testing.T) {
   154  		cfg := Config{
   155  			Enabled: true,
   156  			Users: []string{
   157  				"alice",
   158  				"johndoe",
   159  			},
   160  			ReadOnlyGroups: []string{
   161  				"band",
   162  				"posse",
   163  			},
   164  		}
   165  
   166  		err := cfg.Validate()
   167  		assert.Nil(t, err)
   168  	})
   169  
   170  	t.Run("with both read only user and groups present", func(t *testing.T) {
   171  		cfg := Config{
   172  			Enabled: true,
   173  			ReadOnlyUsers: []string{
   174  				"alice",
   175  				"johndoe",
   176  			},
   177  			ReadOnlyGroups: []string{
   178  				"band",
   179  				"posse",
   180  			},
   181  		}
   182  
   183  		err := cfg.Validate()
   184  		assert.Nil(t, err)
   185  	})
   186  
   187  	t.Run("with a read only user and admin group set", func(t *testing.T) {
   188  		cfg := Config{
   189  			Enabled: true,
   190  			ReadOnlyUsers: []string{
   191  				"alice",
   192  				"johndoe",
   193  			},
   194  			Groups: []string{
   195  				"band",
   196  				"posse",
   197  			},
   198  		}
   199  
   200  		err := cfg.Validate()
   201  		assert.Nil(t, err)
   202  	})
   203  
   204  	t.Run("all user and group attributes present", func(t *testing.T) {
   205  		cfg := Config{
   206  			Enabled: true,
   207  			Users: []string{
   208  				"alice",
   209  			},
   210  			ReadOnlyUsers: []string{
   211  				"johndoe",
   212  			},
   213  			Groups: []string{
   214  				"band",
   215  			},
   216  			ReadOnlyGroups: []string{
   217  				"posse",
   218  			},
   219  		}
   220  
   221  		err := cfg.Validate()
   222  		assert.Nil(t, err)
   223  	})
   224  }