tests for autg api

10f42412 · Fabian Seidl · f0d4d76d · 10f42412 · 10f42412 · 10f42412
Commit 10f42412 authored 3 years ago by Fabian Seidl
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -2,6 +2,7 @@ package server
 import (
 	"context"
+	"fmt"
 	"time"
 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
@@ -125,6 +126,9 @@ func (s Auth) GetUser(ctx context.Context, request *apb.GetUserRequest) (*apb.Ge
 	start := metrics.StartHook(labels, grpcRequestsTotal)
 	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
+	usersA, _ := userc.GetAll()
+	fmt.Printf("%+v", usersA)
 	// TODO: implement check if user is allowed to get this user data; only their own if not admin
 	userData, err := userc.Get(store.Query{Name: request.Name})
 	if err != nil {
@@ -230,6 +234,8 @@ func (s Auth) isValidUser(user rbac.User) (bool, error) {
 	storedUser, err := userc.Get(store.Query{Name: user.Name()})
 	if err != nil {
 		return false, err
+	} else if storedUser == nil {
+		return false, status.Errorf(codes.Aborted, "no user object")
 	}
 	if storedUser.Name() == user.Name() {

--- a/controller/northbound/server/auth_test.go
+++ b/controller/northbound/server/auth_test.go
@@ -4,13 +4,22 @@ import (
 	"context"
 	"reflect"
 	"testing"
-	"time"
 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
 	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+	"github.com/google/uuid"
 )
-func Test_auth_Login(t *testing.T) {
+const adminID = "5c248a22-8eb7-48cf-b392-45680a1863a5"
+const userID = "57005d13-7a4d-493d-a02b-50ca51c40197"
+const adminRoleID = "126683ae-5ff2-43ee-92f7-0e2b936f8c77"
+const randomRoleName = "bertram"
+var adminRoleMap = map[string]string{pndID: "admin"}
+var userRoleMap = map[string]string{pndID: "user"}
+var jwt *rbac.JWTManager
+func TestAuth_Login(t *testing.T) {
 	type args struct {
 		ctx     context.Context
 		request *apb.LoginRequest
@@ -21,112 +30,187 @@ func Test_auth_Login(t *testing.T) {
 		want    string
 		wantErr bool
 	}{
-		// TODO: Add test cases.
 		{
-			name: "login test",
+			name: "default login",
+			want: "testAdmin",
+			args: args{
+				request: &apb.LoginRequest{
+					Username: "testAdmin",
+					Pwd:      "admin",
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "login fail wrong pwd",
 			want: "",
 			args: args{
-				request: &apb.LoginRequest{},
+				request: &apb.LoginRequest{
+					Username: "testAdmin",
+					Pwd:      "nope",
+				},
 			},
 			wantErr: true,
 		},
 	}
-	jwt := rbac.NewJWTManager("", 1*time.Minute)
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := Auth{
-				UnimplementedAuthServiceServer: apb.UnimplementedAuthServiceServer{},
+				jwtManager: jwt,
-				jwtManager:                     jwt,
 			}
 			resp, err := r.Login(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.Login() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.Login() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			got := resp.GetStatus().String()
+			if resp != nil {
-			got = ""
+				got := resp.Token
+				if got == "" {
-			if !reflect.DeepEqual(got, tt.want) {
+					t.Errorf("Auth.Login() = %v, want non empty token", got)
-				t.Errorf("rbac.Login() = %v, want %v", got, tt.want)
+				}
 			}
 		})
 	}
 }
-func Test_auth_Logout(t *testing.T) {
+func TestAuth_Logout(t *testing.T) {
-	type fields struct {
-		UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
-	}
 	type args struct {
 		ctx     context.Context
 		request *apb.LogoutRequest
 	}
 	tests := []struct {
 		name    string
-		fields  fields
 		args    args
 		want    *apb.LogoutResponse
 		wantErr bool
 	}{
 		// TODO: Add test cases.
+		// Implement after session hdanling was added
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Auth{
+			s := Auth{}
-				UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+			got, err := s.Logout(tt.args.ctx, tt.args.request)
-			}
-			got, err := r.Logout(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.Logout() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.Logout() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("rbac.Logout() = %v, want %v", got, tt.want)
+				t.Errorf("Auth.Logout() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
-func Test_rbac_CreateUsers(t *testing.T) {
+func TestAuth_CreateUsers(t *testing.T) {
-	type fields struct {
-		UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
-	}
 	type args struct {
 		ctx     context.Context
 		request *apb.CreateUsersRequest
 	}
 	tests := []struct {
 		name    string
-		fields  fields
 		args    args
-		want    *apb.CreateUsersResponse
+		want    apb.Status
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "default create users",
+			args: args{ctx: context.TODO(),
+				request: &apb.CreateUsersRequest{
+					User: []*apb.User{
+						{
+							Name:     "asdf",
+							Roles:    map[string]string{pndID: "asdf"},
+							Password: "asdf",
+							Token:    "",
+						},
+					},
+				},
+			},
+			want:    apb.Status_STATUS_OK,
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Auth{
+			s := Auth{}
-				UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+			got, err := s.CreateUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got.Status, tt.want) {
+				t.Errorf("Auth.CreateUsers() = %v, want %v", got, tt.want)
 			}
-			got, err := r.CreateUsers(tt.args.ctx, tt.args.request)
+		})
+	}
+}
+func TestAuth_GetUser(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.GetUserRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetUserResponse
+		wantErr bool
+	}{
+		{
+			name: "default get user",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetUserRequest{
+					Name: "testAdmin",
+				},
+			},
+			want: &apb.GetUserResponse{Status: apb.Status_STATUS_OK,
+				User: &apb.User{Id: adminID,
+					Name: "testAdmin"}},
+			wantErr: false,
+		},
+		{
+			name: "fail get user",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetUserRequest{
+					Name: "nope",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.GetUser(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.GetUser() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("rbac.CreateUsers() = %v, want %v", got, tt.want)
+			if got != nil && got.Status == tt.want.Status {
+				if got.User.Name != tt.want.User.Name || got.User.Id != tt.want.User.Id {
+					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
+				}
+			} else {
+				if got != nil {
+					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
+				}
 			}
 		})
 	}
 }
-func Test_rbac_GetUsers(t *testing.T) {
+func TestAuth_GetUsers(t *testing.T) {
-	type fields struct {
+	err := clearAndCreateAuthTestSetup()
-		UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
+	if err != nil {
+		t.Fatalf("%v", err)
 	}
 	type args struct {
 		ctx     context.Context
@@ -134,94 +218,615 @@ func Test_rbac_GetUsers(t *testing.T) {
 	}
 	tests := []struct {
 		name    string
-		fields  fields
 		args    args
 		want    *apb.GetUsersResponse
+		wantLen int
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "default get users",
+			args: args{ctx: context.TODO(),
+				request: &apb.GetUsersRequest{},
+			},
+			want: &apb.GetUsersResponse{Status: apb.Status_STATUS_OK,
+				User: []*apb.User{
+					{Name: "testAdmin"},
+					{Name: "testUser"},
+					{Name: "testRandom"}},
+			},
+			wantLen: 3,
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Auth{
+			s := Auth{}
-				UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+			got, err := s.GetUsers(tt.args.ctx, tt.args.request)
-			}
-			got, err := r.GetUsers(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("rbac.GetUsers() = %v, want %v", got, tt.want)
+			if got != nil && got.Status == apb.Status_STATUS_OK {
+				if len(got.User) != tt.wantLen {
+					t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
+				}
+				for _, gotU := range got.User {
+					containsExpected := false
+					for _, wantU := range tt.want.User {
+						if gotU.Name == wantU.Name {
+							containsExpected = true
+							break
+						}
+					}
+					if !containsExpected {
+						t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
+					}
+				}
 			}
 		})
 	}
 }
-func Test_rbac_UpdateUsers(t *testing.T) {
+func TestAuth_UpdateUsers(t *testing.T) {
-	type fields struct {
-		UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
-	}
 	type args struct {
 		ctx     context.Context
 		request *apb.UpdateUsersRequest
 	}
 	tests := []struct {
 		name    string
-		fields  fields
 		args    args
 		want    *apb.UpdateUsersResponse
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "default update user",
+			args: args{ctx: context.TODO(),
+				request: &apb.UpdateUsersRequest{User: []*apb.User{
+					{Id: adminID,
+						Name: "sth Else"},
+				},
+				},
+			},
+			want: &apb.UpdateUsersResponse{
+				Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+		{
+			name: "error update user",
+			args: args{ctx: context.TODO(),
+				request: &apb.UpdateUsersRequest{User: []*apb.User{
+					{Id: uuid.NewString(),
+						Name: "not a user"},
+				},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Auth{
+			s := Auth{}
-				UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+			got, err := s.UpdateUsers(tt.args.ctx, tt.args.request)
-			}
-			got, err := r.UpdateUsers(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(got, tt.want) {
+			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("rbac.UpdateUsers() = %v, want %v", got, tt.want)
+				t.Errorf("Auth.UpdateUsers() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
-func Test_rbac_DeleteUsers(t *testing.T) {
+func TestAuth_DeleteUsers(t *testing.T) {
-	type fields struct {
-		UnimplementedAuthServiceServer apb.UnimplementedAuthServiceServer
-	}
 	type args struct {
 		ctx     context.Context
 		request *apb.DeleteUsersRequest
 	}
 	tests := []struct {
 		name    string
-		fields  fields
 		args    args
 		want    *apb.DeleteUsersResponse
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "default delete users",
+			args: args{ctx: context.TODO(),
+				request: &apb.DeleteUsersRequest{Username: []string{"testUser"}},
+			},
+			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+		{
+			name: "error delete users",
+			args: args{ctx: context.TODO(),
+				request: &apb.DeleteUsersRequest{Username: []string{"no user"}},
+			},
+			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Auth{
+			s := Auth{}
-				UnimplementedAuthServiceServer: tt.fields.UnimplementedAuthServiceServer,
+			got, err := s.DeleteUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Auth.DeleteUsers() = %v, want %v", got, tt.want)
 			}
-			got, err := r.DeleteUsers(tt.args.ctx, tt.args.request)
+		})
+	}
+}
+func TestAuth_CreateRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.CreateRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.CreateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default create roles",
+			args: args{ctx: context.TODO(),
+				request: &apb.CreateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Name:        "new role 1",
+							Description: "Role 1",
+							Permissions: []string{"permission 1", "permission 2"},
+						},
+					},
+				},
+			},
+			want:    &apb.CreateRolesResponse{Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.CreateRoles(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("rbac.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Auth.CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("rbac.DeleteUsers() = %v, want %v", got, tt.want)
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Auth.CreateRoles() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
+func TestAuth_GetRole(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.GetRoleRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default get role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetRoleRequest{
+					RoleName: "adminTestRole",
+				},
+			},
+			want: &apb.GetRoleResponse{
+				Role: &apb.Role{
+					Name:        "adminTestRole",
+					Description: "Admin",
+				},
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error get role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetRoleRequest{
+					RoleName: "not role",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.GetRole(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.GetRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == tt.want.Status {
+				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
+					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
+				}
+			} else {
+				if got != nil {
+					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}
+func TestAuth_GetRoles(t *testing.T) {
+	err := clearAndCreateAuthTestSetup()
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	type args struct {
+		ctx     context.Context
+		request *apb.GetRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRolesResponse
+		wantLen int
+		wantErr bool
+	}{
+		{
+			name: "default get roles",
+			args: args{
+				ctx:     context.TODO(),
+				request: &apb.GetRolesRequest{},
+			},
+			want: &apb.GetRolesResponse{
+				Status: apb.Status_STATUS_OK,
+				Roles: []*apb.Role{
+					{
+						Name:        "adminTestRole",
+						Description: "Admin",
+						Permissions: []string{
+							"/gosdn.core.CoreService/GetPnd",
+							"/gosdn.core.CoreService/GetPndList",
+						}},
+					{
+						Name:        "userTestRole",
+						Description: "User",
+						Permissions: []string{
+							"/gosdn.pnd.PndService/GetChangeList",
+						}},
+					{
+						Name:        randomRoleName,
+						Description: "Not a role",
+						Permissions: []string{
+							"nope",
+						},
+					},
+				},
+			},
+			wantLen: 3,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.GetRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == tt.want.Status {
+				if len(got.Roles) != 3 {
+					t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
+				}
+				for _, gotR := range got.Roles {
+					containsExpected := false
+					for _, wantR := range tt.want.Roles {
+						gotPerm := gotR.Permissions
+						wantPerm := wantR.Permissions
+						if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
+							reflect.DeepEqual(gotPerm, wantPerm) {
+							containsExpected = true
+							break
+						}
+					}
+					if !containsExpected {
+						t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
+					}
+				}
+			}
+		})
+	}
+}
+func TestAuth_UpdateRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.UpdateRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.UpdateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default update roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.UpdateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Id:   adminRoleID,
+							Name: "New Name",
+						},
+					},
+				},
+			},
+			want: &apb.UpdateRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error update roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.UpdateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Id:   uuid.NewString(),
+							Name: "New Name",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.UpdateRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Auth.UpdateRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestAuth_DeletePermissionsForRole(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.DeletePermissionsForRoleRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeletePermissionsForRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete permissions for role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeletePermissionsForRoleRequest{
+					RoleName: "adminTestRole",
+					PermissionsToDelete: []string{
+						"/gosdn.core.CoreService/GetPnd",
+						"/gosdn.core.CoreService/GetPndList",
+					},
+				},
+			},
+			want: &apb.DeletePermissionsForRoleResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete permissions for role no proper permissions provided",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeletePermissionsForRoleRequest{
+					RoleName: "adminTestRole",
+					PermissionsToDelete: []string{
+						"no",
+					},
+				},
+			},
+			want: &apb.DeletePermissionsForRoleResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.DeletePermissionsForRole(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Auth.DeletePermissionsForRole() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestAuth_DeleteRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.DeleteRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeleteRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeleteRolesRequest{
+					RoleName: []string{
+						"userTestRole",
+					},
+				},
+			},
+			want: &apb.DeleteRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeleteRolesRequest{
+					RoleName: []string{
+						"no",
+					},
+				},
+			},
+			want: &apb.DeleteRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Auth{}
+			got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Auth.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Auth.DeleteRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func clearAndCreateAuthTestSetup() error {
+	//clear setup if changed
+	storedUsers, err := userc.GetAll()
+	if err != nil {
+		return err
+	}
+	for _, u := range storedUsers {
+		err = userc.Delete(u)
+		if err != nil {
+			return err
+		}
+	}
+	storedRoles, err := rolec.GetAll()
+	if err != nil {
+		return err
+	}
+	for _, r := range storedRoles {
+		err = rolec.Delete(r)
+		if err != nil {
+			return err
+		}
+	}
+	// create dataset
+	err = createTestUsers()
+	if err != nil {
+		return err
+	}
+	err = createTestRoles()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+//TODO(faseid): change password to hashed/encrypted one
+func createTestUsers() error {
+	randomRoleMap := map[string]string{pndID: randomRoleName}
+	users := []rbac.User{
+		{UserID: uuid.MustParse(adminID), UserName: "testAdmin", Roles: adminRoleMap, Password: "admin"},
+		{UserID: uuid.MustParse(userID), UserName: "testUser", Roles: userRoleMap, Password: "user"},
+		{UserID: uuid.New(), UserName: "testRandom", Roles: randomRoleMap, Password: "aurelius", Token: "wrong token"},
+	}
+	for _, u := range users {
+		err := userc.Add(rbac.NewUser(u.ID(), u.Name(), u.Roles, u.Password, ""))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+func createTestRoles() error {
+	roles := []rbac.Role{
+		{
+			RoleID:      uuid.MustParse(adminRoleID),
+			RoleName:    "adminTestRole",
+			Description: "Admin",
+			Permissions: []string{
+				"/gosdn.core.CoreService/GetPnd",
+				"/gosdn.core.CoreService/GetPndList",
+			},
+		},
+		{
+			RoleID:      uuid.New(),
+			RoleName:    "userTestRole",
+			Description: "User",
+			Permissions: []string{
+				"/gosdn.pnd.PndService/GetChangeList",
+			},
+		},
+		{
+			RoleID:      uuid.New(),
+			RoleName:    randomRoleName,
+			Description: "Not a role",
+			Permissions: []string{
+				"nope",
+			},
+		},
+	}
+	for _, r := range roles {
+		err := rolec.Add(rbac.NewRole(r.ID(), r.Name(), r.Description, r.Permissions))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/controller/northbound/server/pnd_test.go
+++ b/controller/northbound/server/pnd_test.go
@@ -46,6 +46,7 @@ var deviceUUID uuid.UUID
 var mockPnd *mocks.NetworkDomain
 var mockDevice device.Device
 var sbiStore southbound.SbiStore
+var mockJwt *rbac.JWTManager
 func callback(id uuid.UUID, ch chan device.Details) {
 	// Need for pnd creation, but not needed for this test case.
@@ -148,8 +149,14 @@ func TestMain(m *testing.M) {
 		log.Fatal(err)
 	}
+	// everyting auth related
 	userc = rbac.NewUserStore()
 	rolec = rbac.NewRoleStore()
+	err = clearAndCreateAuthTestSetup()
+	if err != nil {
+		log.Fatal(err)
+	}
+	jwt = rbac.NewJWTManager("", 1*time.Minute)
 	os.Exit(m.Run())
 }

--- a/controller/store/genericStore.go
+++ b/controller/store/genericStore.go
 package store
 import (
+	"errors"
 	"github.com/google/uuid"
 )
@@ -26,7 +28,7 @@ func NewGenericStore[T storableConstraint]() GenericStore[T] {
 func (t *GenericStore[T]) Add(item T) error {
 	_, ok := t.Store[item.ID()]
 	if ok {
-		return nil
+		return errors.New("item not found")
 	}
 	t.Store[item.ID()] = item
@@ -60,12 +62,12 @@ func (t *GenericStore[T]) Get(query Query) (T, error) {
 		// Second search for name
 		id, ok := t.nameLookupTable[query.Name]
 		if !ok {
-			return *new(T), nil
+			return *new(T), errors.New("item not found")
 		}
 		item, ok := t.Store[id]
 		if !ok {
-			return *new(T), nil
+			return *new(T), errors.New("item not found")
 		}
 		return item, nil