diff --git a/controller/northbound/server/auth.go b/controller/northbound/server/auth.go
index 50e8dafa223486e072e2ab24b15bf2304546962b..5230b2848d9818da5c483bd5541a2655b0c5285a 100644
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -2,6 +2,7 @@ package server
import (
"context"
+ "fmt"
"time"
apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
@@ -125,6 +126,9 @@ func (s Auth) GetUser(ctx context.Context, request *apb.GetUserRequest) (*apb.Ge
start := metrics.StartHook(labels, grpcRequestsTotal)
defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
+ usersA, _ := userc.GetAll()
+ fmt.Printf("%+v", usersA)
+
// TODO: implement check if user is allowed to get this user data; only their own if not admin
userData, err := userc.Get(store.Query{Name: request.Name})
if err != nil {
@@ -230,6 +234,8 @@ func (s Auth) isValidUser(user rbac.User) (bool, error) {
storedUser, err := userc.Get(store.Query{Name: user.Name()})
if err != nil {
return false, err
+ } else if storedUser == nil {
+ return false, status.Errorf(codes.Aborted, "no user object")
}
if storedUser.Name() == user.Name() {
diff --git a/controller/northbound/server/auth_test.go b/controller/northbound/server/auth_test.go
index 5c29f1b84857e18c298d7f2a0a8884d36ff434c2..7d20e706b0b1672136516d06bf18891e8561768f 100644
--- a/controller/northbound/server/auth_test.go
+++ b/controller/northbound/server/auth_test.go
@@ -4,13 +4,22 @@ import (
"context"
"reflect"
"testing"
- "time"
apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+ "github.com/google/uuid"
)
-func Test_auth_Login(t *testing.T) {
+const adminID = "5c248a22-8eb7-48cf-b392-45680a1863a5"
+const userID = "57005d13-7a4d-493d-a02b-50ca51c40197"
+const adminRoleID = "126683ae-5ff2-43ee-92f7-0e2b936f8c77"
+const randomRoleName = "bertram"
+
+var adminRoleMap = map[string]string{pndID: "admin"}
+var userRoleMap = map[string]string{pndID: "user"}
+var jwt *rbac.JWTManager
+
+func TestAuth_Login(t *testing.T) {
type args struct {
ctx context.Context
request *apb.LoginRequest
@@ -21,112 +30,187 @@ func Test_auth_Login(t *testing.T) {
want string
wantErr bool
}{
- // TODO: Add test cases.
{
- name: "login test",
+ name: "default login",
+ want: "testAdmin",
+ args: args{
+ request: &apb.LoginRequest{
+ Username: "testAdmin",
+ Pwd: "admin",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "login fail wrong pwd",
want: "",
args: args{
- request: &apb.LoginRequest{},
+ request: &apb.LoginRequest{
+ Username: "testAdmin",
+ Pwd: "nope",
+ },
},
wantErr: true,
},
}
- jwt := rbac.NewJWTManager("", 1*time.Minute)
-
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := Auth{
- UnimplementedAuthServiceServer: apb.UnimplementedAuthServiceServer{},
- jwtManager: jwt,
+ jwtManager: jwt,
}
resp, err := r.Login(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.Login() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.Login() error = %v, wantErr %v", err, tt.wantErr)
return
}
- got := resp.GetStatus().String()
- got = ""
-
- if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.Login() = %v, want %v", got, tt.want)
+ if resp != nil {
+ got := resp.Token
+ if got == "" {
+ t.Errorf("Auth.Login() = %v, want non empty token", got)
+ }
}
})
}
}
-func Test_auth_Logout(t *testing.T) {
- type fields struct {
- UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
- }
+func TestAuth_Logout(t *testing.T) {
type args struct {
ctx context.Context
request *apb.LogoutRequest
}
tests := []struct {
name string
- fields fields
args args
want *apb.LogoutResponse
wantErr bool
}{
// TODO: Add test cases.
+ // Implement after session hdanling was added
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- r := Auth{
- UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
- }
- got, err := r.Logout(tt.args.ctx, tt.args.request)
+ s := Auth{}
+ got, err := s.Logout(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.Logout() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.Logout() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.Logout() = %v, want %v", got, tt.want)
+ t.Errorf("Auth.Logout() = %v, want %v", got, tt.want)
}
})
}
}
-func Test_rbac_CreateUsers(t *testing.T) {
- type fields struct {
- UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
- }
+func TestAuth_CreateUsers(t *testing.T) {
type args struct {
ctx context.Context
request *apb.CreateUsersRequest
}
tests := []struct {
name string
- fields fields
args args
- want *apb.CreateUsersResponse
+ want apb.Status
wantErr bool
}{
- // TODO: Add test cases.
+ {
+ name: "default create users",
+ args: args{ctx: context.TODO(),
+ request: &apb.CreateUsersRequest{
+ User: []*apb.User{
+ {
+ Name: "asdf",
+ Roles: map[string]string{pndID: "asdf"},
+ Password: "asdf",
+ Token: "",
+ },
+ },
+ },
+ },
+ want: apb.Status_STATUS_OK,
+ wantErr: false,
+ },
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- r := Auth{
- UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+ s := Auth{}
+ got, err := s.CreateUsers(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+
+ if !reflect.DeepEqual(got.Status, tt.want) {
+ t.Errorf("Auth.CreateUsers() = %v, want %v", got, tt.want)
}
- got, err := r.CreateUsers(tt.args.ctx, tt.args.request)
+ })
+ }
+}
+
+func TestAuth_GetUser(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.GetUserRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.GetUserResponse
+ wantErr bool
+ }{
+ {
+ name: "default get user",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.GetUserRequest{
+ Name: "testAdmin",
+ },
+ },
+ want: &apb.GetUserResponse{Status: apb.Status_STATUS_OK,
+ User: &apb.User{Id: adminID,
+ Name: "testAdmin"}},
+ wantErr: false,
+ },
+ {
+ name: "fail get user",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.GetUserRequest{
+ Name: "nope",
+ },
+ },
+ want: nil,
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.GetUser(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.GetUser() error = %v, wantErr %v", err, tt.wantErr)
return
}
- if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.CreateUsers() = %v, want %v", got, tt.want)
+
+ if got != nil && got.Status == tt.want.Status {
+ if got.User.Name != tt.want.User.Name || got.User.Id != tt.want.User.Id {
+ t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
+ }
+ } else {
+ if got != nil {
+ t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
+ }
}
})
}
}
-func Test_rbac_GetUsers(t *testing.T) {
- type fields struct {
- UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
+func TestAuth_GetUsers(t *testing.T) {
+ err := clearAndCreateAuthTestSetup()
+ if err != nil {
+ t.Fatalf("%v", err)
}
type args struct {
ctx context.Context
@@ -134,94 +218,615 @@ func Test_rbac_GetUsers(t *testing.T) {
}
tests := []struct {
name string
- fields fields
args args
want *apb.GetUsersResponse
+ wantLen int
wantErr bool
}{
- // TODO: Add test cases.
+ {
+ name: "default get users",
+ args: args{ctx: context.TODO(),
+ request: &apb.GetUsersRequest{},
+ },
+ want: &apb.GetUsersResponse{Status: apb.Status_STATUS_OK,
+ User: []*apb.User{
+ {Name: "testAdmin"},
+ {Name: "testUser"},
+ {Name: "testRandom"}},
+ },
+ wantLen: 3,
+ wantErr: false,
+ },
}
+
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- r := Auth{
- UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
- }
- got, err := r.GetUsers(tt.args.ctx, tt.args.request)
+ s := Auth{}
+ got, err := s.GetUsers(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
return
}
- if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.GetUsers() = %v, want %v", got, tt.want)
+
+ if got != nil && got.Status == apb.Status_STATUS_OK {
+ if len(got.User) != tt.wantLen {
+ t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
+ }
+
+ for _, gotU := range got.User {
+ containsExpected := false
+ for _, wantU := range tt.want.User {
+ if gotU.Name == wantU.Name {
+ containsExpected = true
+ break
+ }
+ }
+ if !containsExpected {
+ t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
+ }
+ }
}
})
}
}
-func Test_rbac_UpdateUsers(t *testing.T) {
- type fields struct {
- UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
- }
+func TestAuth_UpdateUsers(t *testing.T) {
type args struct {
ctx context.Context
request *apb.UpdateUsersRequest
}
tests := []struct {
name string
- fields fields
args args
want *apb.UpdateUsersResponse
wantErr bool
}{
- // TODO: Add test cases.
+ {
+ name: "default update user",
+ args: args{ctx: context.TODO(),
+ request: &apb.UpdateUsersRequest{User: []*apb.User{
+ {Id: adminID,
+ Name: "sth Else"},
+ },
+ },
+ },
+ want: &apb.UpdateUsersResponse{
+ Status: apb.Status_STATUS_OK},
+ wantErr: false,
+ },
+ {
+ name: "error update user",
+ args: args{ctx: context.TODO(),
+ request: &apb.UpdateUsersRequest{User: []*apb.User{
+ {Id: uuid.NewString(),
+ Name: "not a user"},
+ },
+ },
+ },
+ want: nil,
+ wantErr: true,
+ },
}
+
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- r := Auth{
- UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
- }
- got, err := r.UpdateUsers(tt.args.ctx, tt.args.request)
+ s := Auth{}
+ got, err := s.UpdateUsers(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
return
}
- if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.UpdateUsers() = %v, want %v", got, tt.want)
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.UpdateUsers() = %v, want %v", got, tt.want)
}
})
}
}
-func Test_rbac_DeleteUsers(t *testing.T) {
- type fields struct {
- UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
- }
+func TestAuth_DeleteUsers(t *testing.T) {
type args struct {
ctx context.Context
request *apb.DeleteUsersRequest
}
tests := []struct {
name string
- fields fields
args args
want *apb.DeleteUsersResponse
wantErr bool
}{
- // TODO: Add test cases.
+ {
+ name: "default delete users",
+ args: args{ctx: context.TODO(),
+ request: &apb.DeleteUsersRequest{Username: []string{"testUser"}},
+ },
+ want: &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+ wantErr: false,
+ },
+ {
+ name: "error delete users",
+ args: args{ctx: context.TODO(),
+ request: &apb.DeleteUsersRequest{Username: []string{"no user"}},
+ },
+ want: &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+ wantErr: true,
+ },
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- r := Auth{
- UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+ s := Auth{}
+ got, err := s.DeleteUsers(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.DeleteUsers() = %v, want %v", got, tt.want)
}
- got, err := r.DeleteUsers(tt.args.ctx, tt.args.request)
+ })
+ }
+}
+
+func TestAuth_CreateRoles(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.CreateRolesRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.CreateRolesResponse
+ wantErr bool
+ }{
+ {
+ name: "default create roles",
+ args: args{ctx: context.TODO(),
+ request: &apb.CreateRolesRequest{
+ Roles: []*apb.Role{
+ {
+ Name: "new role 1",
+ Description: "Role 1",
+ Permissions: []string{"permission 1", "permission 2"},
+ },
+ },
+ },
+ },
+ want: &apb.CreateRolesResponse{Status: apb.Status_STATUS_OK},
+ wantErr: false,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.CreateRoles(tt.args.ctx, tt.args.request)
if (err != nil) != tt.wantErr {
- t.Errorf("rbac.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
+ t.Errorf("Auth.CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
return
}
- if !reflect.DeepEqual(got, tt.want) {
- t.Errorf("rbac.DeleteUsers() = %v, want %v", got, tt.want)
+
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.CreateRoles() = %v, want %v", got, tt.want)
}
})
}
}
+
+func TestAuth_GetRole(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.GetRoleRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.GetRoleResponse
+ wantErr bool
+ }{
+ {
+ name: "default get role",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.GetRoleRequest{
+ RoleName: "adminTestRole",
+ },
+ },
+ want: &apb.GetRoleResponse{
+ Role: &apb.Role{
+ Name: "adminTestRole",
+ Description: "Admin",
+ },
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: false,
+ },
+ {
+ name: "error get role",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.GetRoleRequest{
+ RoleName: "not role",
+ },
+ },
+ want: nil,
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.GetRole(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.GetRole() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status == tt.want.Status {
+ if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
+ t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
+ }
+ } else {
+ if got != nil {
+ t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
+ }
+ }
+ })
+ }
+}
+
+func TestAuth_GetRoles(t *testing.T) {
+ err := clearAndCreateAuthTestSetup()
+ if err != nil {
+ t.Fatalf("%v", err)
+ }
+
+ type args struct {
+ ctx context.Context
+ request *apb.GetRolesRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.GetRolesResponse
+ wantLen int
+ wantErr bool
+ }{
+ {
+ name: "default get roles",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.GetRolesRequest{},
+ },
+ want: &apb.GetRolesResponse{
+ Status: apb.Status_STATUS_OK,
+ Roles: []*apb.Role{
+ {
+ Name: "adminTestRole",
+ Description: "Admin",
+ Permissions: []string{
+ "/gosdn.core.CoreService/GetPnd",
+ "/gosdn.core.CoreService/GetPndList",
+ }},
+ {
+ Name: "userTestRole",
+ Description: "User",
+ Permissions: []string{
+ "/gosdn.pnd.PndService/GetChangeList",
+ }},
+ {
+ Name: randomRoleName,
+ Description: "Not a role",
+ Permissions: []string{
+ "nope",
+ },
+ },
+ },
+ },
+ wantLen: 3,
+ wantErr: false,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.GetRoles(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status == tt.want.Status {
+ if len(got.Roles) != 3 {
+ t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
+ }
+ for _, gotR := range got.Roles {
+ containsExpected := false
+ for _, wantR := range tt.want.Roles {
+ gotPerm := gotR.Permissions
+ wantPerm := wantR.Permissions
+ if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
+ reflect.DeepEqual(gotPerm, wantPerm) {
+ containsExpected = true
+ break
+ }
+ }
+ if !containsExpected {
+ t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
+ }
+ }
+ }
+ })
+ }
+}
+
+func TestAuth_UpdateRoles(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.UpdateRolesRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.UpdateRolesResponse
+ wantErr bool
+ }{
+ {
+ name: "default update roles",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.UpdateRolesRequest{
+ Roles: []*apb.Role{
+ {
+ Id: adminRoleID,
+ Name: "New Name",
+ },
+ },
+ },
+ },
+ want: &apb.UpdateRolesResponse{
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: false,
+ },
+ {
+ name: "error update roles",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.UpdateRolesRequest{
+ Roles: []*apb.Role{
+ {
+ Id: uuid.NewString(),
+ Name: "New Name",
+ },
+ },
+ },
+ },
+ want: nil,
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.UpdateRoles(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.UpdateRoles() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestAuth_DeletePermissionsForRole(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.DeletePermissionsForRoleRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.DeletePermissionsForRoleResponse
+ wantErr bool
+ }{
+ {
+ name: "default delete permissions for role",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.DeletePermissionsForRoleRequest{
+ RoleName: "adminTestRole",
+ PermissionsToDelete: []string{
+ "/gosdn.core.CoreService/GetPnd",
+ "/gosdn.core.CoreService/GetPndList",
+ },
+ },
+ },
+ want: &apb.DeletePermissionsForRoleResponse{
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: false,
+ },
+ {
+ name: "error delete permissions for role no proper permissions provided",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.DeletePermissionsForRoleRequest{
+ RoleName: "adminTestRole",
+ PermissionsToDelete: []string{
+ "no",
+ },
+ },
+ },
+ want: &apb.DeletePermissionsForRoleResponse{
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.DeletePermissionsForRole(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.DeletePermissionsForRole() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestAuth_DeleteRoles(t *testing.T) {
+ type args struct {
+ ctx context.Context
+ request *apb.DeleteRolesRequest
+ }
+ tests := []struct {
+ name string
+ args args
+ want *apb.DeleteRolesResponse
+ wantErr bool
+ }{
+ {
+ name: "default delete roles",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.DeleteRolesRequest{
+ RoleName: []string{
+ "userTestRole",
+ },
+ },
+ },
+ want: &apb.DeleteRolesResponse{
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: false,
+ },
+ {
+ name: "error delete roles",
+ args: args{
+ ctx: context.TODO(),
+ request: &apb.DeleteRolesRequest{
+ RoleName: []string{
+ "no",
+ },
+ },
+ },
+ want: &apb.DeleteRolesResponse{
+ Status: apb.Status_STATUS_OK,
+ },
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ s := Auth{}
+ got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("Auth.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != nil && got.Status != tt.want.Status {
+ t.Errorf("Auth.DeleteRoles() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
+
+func clearAndCreateAuthTestSetup() error {
+ //clear setup if changed
+ storedUsers, err := userc.GetAll()
+ if err != nil {
+ return err
+ }
+ for _, u := range storedUsers {
+ err = userc.Delete(u)
+ if err != nil {
+ return err
+ }
+ }
+
+ storedRoles, err := rolec.GetAll()
+ if err != nil {
+ return err
+ }
+ for _, r := range storedRoles {
+ err = rolec.Delete(r)
+ if err != nil {
+ return err
+ }
+ }
+
+ // create dataset
+ err = createTestUsers()
+ if err != nil {
+ return err
+ }
+
+ err = createTestRoles()
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+//TODO(faseid): change password to hashed/encrypted one
+func createTestUsers() error {
+
+ randomRoleMap := map[string]string{pndID: randomRoleName}
+
+ users := []rbac.User{
+ {UserID: uuid.MustParse(adminID), UserName: "testAdmin", Roles: adminRoleMap, Password: "admin"},
+ {UserID: uuid.MustParse(userID), UserName: "testUser", Roles: userRoleMap, Password: "user"},
+ {UserID: uuid.New(), UserName: "testRandom", Roles: randomRoleMap, Password: "aurelius", Token: "wrong token"},
+ }
+
+ for _, u := range users {
+ err := userc.Add(rbac.NewUser(u.ID(), u.Name(), u.Roles, u.Password, ""))
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func createTestRoles() error {
+ roles := []rbac.Role{
+ {
+ RoleID: uuid.MustParse(adminRoleID),
+ RoleName: "adminTestRole",
+ Description: "Admin",
+ Permissions: []string{
+ "/gosdn.core.CoreService/GetPnd",
+ "/gosdn.core.CoreService/GetPndList",
+ },
+ },
+ {
+ RoleID: uuid.New(),
+ RoleName: "userTestRole",
+ Description: "User",
+ Permissions: []string{
+ "/gosdn.pnd.PndService/GetChangeList",
+ },
+ },
+ {
+ RoleID: uuid.New(),
+ RoleName: randomRoleName,
+ Description: "Not a role",
+ Permissions: []string{
+ "nope",
+ },
+ },
+ }
+
+ for _, r := range roles {
+ err := rolec.Add(rbac.NewRole(r.ID(), r.Name(), r.Description, r.Permissions))
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
diff --git a/controller/northbound/server/pnd_test.go b/controller/northbound/server/pnd_test.go
index 64fd8a80fb533f573ea86a64153a56cc21b0474e..4e63f520532090d34c6389fdd6ef6f3d46711207 100644
--- a/controller/northbound/server/pnd_test.go
+++ b/controller/northbound/server/pnd_test.go
@@ -46,6 +46,7 @@ var deviceUUID uuid.UUID
var mockPnd *mocks.NetworkDomain
var mockDevice device.Device
var sbiStore southbound.SbiStore
+var mockJwt *rbac.JWTManager
func callback(id uuid.UUID, ch chan device.Details) {
// Need for pnd creation, but not needed for this test case.
@@ -148,8 +149,14 @@ func TestMain(m *testing.M) {
log.Fatal(err)
}
+ // everyting auth related
userc = rbac.NewUserStore()
rolec = rbac.NewRoleStore()
+ err = clearAndCreateAuthTestSetup()
+ if err != nil {
+ log.Fatal(err)
+ }
+ jwt = rbac.NewJWTManager("", 1*time.Minute)
os.Exit(m.Run())
}
diff --git a/controller/store/genericStore.go b/controller/store/genericStore.go
index 551e1cf89081483ced57aa2caaa36883fc5da913..cb4c255cf991ea7fbb6f86b5d15717d1c8862b3f 100644
--- a/controller/store/genericStore.go
+++ b/controller/store/genericStore.go
@@ -1,6 +1,8 @@
package store
import (
+ "errors"
+
"github.com/google/uuid"
)
@@ -26,7 +28,7 @@ func NewGenericStore[T storableConstraint]() GenericStore[T] {
func (t *GenericStore[T]) Add(item T) error {
_, ok := t.Store[item.ID()]
if ok {
- return nil
+ return errors.New("item not found")
}
t.Store[item.ID()] = item
@@ -60,12 +62,12 @@ func (t *GenericStore[T]) Get(query Query) (T, error) {
// Second search for name
id, ok := t.nameLookupTable[query.Name]
if !ok {
- return *new(T), nil
+ return *new(T), errors.New("item not found")
}
item, ok := t.Store[id]
if !ok {
- return *new(T), nil
+ return *new(T), errors.New("item not found")
}
return item, nil