removed user and role stuff from suth.go in northbound/server and updated tests

5ccb0f64 · Fabian Seidl · e0714a54 · 5ccb0f64 · 5ccb0f64 · 5ccb0f64
Commit 5ccb0f64 authored 3 years ago by Fabian Seidl
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -8,9 +8,7 @@ import (
 	"code.fbi.h-da.de/danet/gosdn/controller/metrics"
 	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
 	"code.fbi.h-da.de/danet/gosdn/controller/store"
-	"github.com/google/uuid"
 	"github.com/prometheus/client_golang/prometheus"
-	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -87,145 +85,6 @@ func (s Auth) Logout(ctx context.Context, request *apb.LogoutRequest) (*apb.Logo
 	}, nil
 }
-// CreateUsers creates new users, can be 1 or more
-func (s Auth) CreateUsers(ctx context.Context, request *apb.CreateUsersRequest) (*apb.CreateUsersResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	// TODO: implement check if user is allowed to create users with this role
-	// e.g. non-admin shouldn't be allowed to create admin users
-	for _, u := range request.User {
-		roles := map[string]string{}
-		for key, elem := range u.Roles {
-			_, err := uuid.Parse(key)
-			if err != nil {
-				return nil, handleRPCError(labels, err)
-			}
-			roles[key] = elem
-		}
-		user := rbac.NewUser(uuid.New(), u.Name, roles, u.Password, u.Token)
-		err := userc.Add(user)
-		if err != nil {
-			log.Error(err)
-			return nil, status.Errorf(codes.Aborted, "%v", err)
-		}
-	}
-	return &apb.CreateUsersResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
-// GetUser returns one user by name.
-func (s Auth) GetUser(ctx context.Context, request *apb.GetUserRequest) (*apb.GetUserResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "get"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	// TODO: implement check if user is allowed to get this user data; only their own if not admin
-	userData, err := userc.Get(store.Query{Name: request.Name})
-	if err != nil {
-		return nil, err
-	}
-	user := &apb.User{
-		Id:    userData.ID().String(),
-		Name:  userData.Name(),
-		Roles: userData.GetRoles(),
-	}
-	return &apb.GetUserResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-		User:      user,
-	}, nil
-}
-// GetUsers returns all availbale users
-func (s Auth) GetUsers(ctx context.Context, request *apb.GetUsersRequest) (*apb.GetUsersResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "get"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	userList, err := userc.GetAll()
-	if err != nil {
-		return nil, err
-	}
-	users := []*apb.User{}
-	for _, u := range userList {
-		users = append(users, &apb.User{
-			Id:    u.ID().String(),
-			Name:  u.Name(),
-			Roles: u.GetRoles(),
-		})
-	}
-	return &apb.GetUsersResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-		User:      users,
-	}, nil
-}
-// UpdateUsers updates the user data of one or more users provided in the request
-func (s Auth) UpdateUsers(ctx context.Context, request *apb.UpdateUsersRequest) (*apb.UpdateUsersResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	// TODO: check if current user is allowed to update the user they try to update; only their own if not admin
-	for _, u := range request.User {
-		uid, err := uuid.Parse(u.Id)
-		if err != nil {
-			return nil, handleRPCError(labels, err)
-		}
-		_, err = userc.Get(store.Query{ID: uid})
-		if err != nil {
-			return nil, status.Errorf(codes.Canceled, "user not found %v", err)
-		}
-		userToUpdate := rbac.NewUser(uid, u.Name, u.Roles, u.Password, u.Token)
-		err = userc.Update(userToUpdate)
-		if err != nil {
-			return nil, status.Errorf(codes.Aborted, "could not update user %v", err)
-		}
-	}
-	return &apb.UpdateUsersResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
-// DeleteUsers deletes one or more users provided in the request
-func (s Auth) DeleteUsers(ctx context.Context, request *apb.DeleteUsersRequest) (*apb.DeleteUsersResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "delete"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	for _, u := range request.Username {
-		userToDelete, err := userc.Get(store.Query{Name: u})
-		if err != nil {
-			return nil, status.Errorf(codes.Canceled, "user not found %v", err)
-		}
-		err = userc.Delete(userToDelete)
-		if err != nil {
-			return nil, status.Errorf(codes.Aborted, "error deleting user %v", err)
-		}
-	}
-	return &apb.DeleteUsersResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
 func (s Auth) isValidUser(user rbac.User) (bool, error) {
 	storedUser, err := userc.Get(store.Query{Name: user.Name()})
 	if err != nil {
@@ -242,175 +101,3 @@ func (s Auth) isValidUser(user rbac.User) (bool, error) {
 	return false, status.Errorf(codes.Unauthenticated, "incorrect user name or password")
 }
-// CreateRoles creates roles with permissions for the roles used in rbac.
-func (s Auth) CreateRoles(ctx context.Context, request *apb.CreateRolesRequest) (*apb.CreateRolesResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	for _, r := range request.Roles {
-		role := rbac.NewRole(uuid.New(), r.Name, r.Description, r.Permissions)
-		err := rolec.Add(role)
-		if err != nil {
-			log.Error(err)
-			return nil, status.Errorf(codes.Aborted, "%v", err)
-		}
-	}
-	return &apb.CreateRolesResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
-// GetRole returns one role with its permissions found by name.
-func (s Auth) GetRole(ctx context.Context, request *apb.GetRoleRequest) (*apb.GetRoleResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "get"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	roleData, err := rolec.Get(store.Query{Name: request.RoleName})
-	if err != nil {
-		return nil, err
-	}
-	role := &apb.Role{
-		Id:          roleData.ID().String(),
-		Name:        roleData.Name(),
-		Description: roleData.GetDescription(),
-		Permissions: roleData.GetPermissions(),
-	}
-	return &apb.GetRoleResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-		Role:      role,
-	}, nil
-}
-// GetRoles returns all roles with their permissions.
-func (s Auth) GetRoles(ctx context.Context, request *apb.GetRolesRequest) (*apb.GetRolesResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "get"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	roleList, err := rolec.GetAll()
-	if err != nil {
-		return nil, err
-	}
-	roles := []*apb.Role{}
-	for _, r := range roleList {
-		roles = append(roles, &apb.Role{
-			Id:          r.ID().String(),
-			Name:        r.Name(),
-			Description: r.GetDescription(),
-			Permissions: r.GetPermissions(),
-		})
-	}
-	return &apb.GetRolesResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-		Roles:     roles,
-	}, nil
-}
-// UpdateRoles updates data of the provided roles.
-func (s Auth) UpdateRoles(ctx context.Context, request *apb.UpdateRolesRequest) (*apb.UpdateRolesResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	// TODO: check if current user is allowed to update the role they try to update; only their own if not admin
-	for _, r := range request.Roles {
-		rid, err := uuid.Parse(r.Id)
-		if err != nil {
-			return nil, handleRPCError(labels, err)
-		}
-		_, err = rolec.Get(store.Query{ID: rid})
-		if err != nil {
-			return nil, status.Errorf(codes.Canceled, "role not found %v", err)
-		}
-		roleToUpdate := rbac.NewRole(rid, r.Name, r.Description, r.Permissions)
-		err = rolec.Update(roleToUpdate)
-		if err != nil {
-			return nil, status.Errorf(codes.Aborted, "could not update role %v", err)
-		}
-	}
-	return &apb.UpdateRolesResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
-// DeletePermissionsForRole deletes the provided permissions from one role found by name.
-func (s Auth) DeletePermissionsForRole(ctx context.Context, request *apb.DeletePermissionsForRoleRequest) (*apb.DeletePermissionsForRoleResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "delete"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	roleToUpdate, err := rolec.Get(store.Query{Name: request.RoleName})
-	if err != nil {
-		return nil, status.Errorf(codes.Canceled, "role not found %v", err)
-	}
-	// checks if there is at least one valid permission to delete
-	// in the provided set of permissions to delete
-	nonFound := true
-	for _, perm := range roleToUpdate.GetPermissions() {
-		for _, permToDelete := range request.PermissionsToDelete {
-			if perm == permToDelete {
-				nonFound = false
-				break
-			}
-		}
-		if !nonFound {
-			break
-		}
-	}
-	if nonFound {
-		return nil, status.Errorf(codes.Canceled, "no fitting permissions")
-	}
-	// updates the existing role with the trimmed set of permissions
-	roleToUpdate.RemovePermissionsFromRole(request.PermissionsToDelete)
-	err = rolec.Update(roleToUpdate)
-	if err != nil {
-		return nil, status.Errorf(codes.Aborted, "could not update role %v", err)
-	}
-	return &apb.DeletePermissionsForRoleResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
-// DeleteRoles deletes all the provided roles with their permissions.
-func (s Auth) DeleteRoles(ctx context.Context, request *apb.DeleteRolesRequest) (*apb.DeleteRolesResponse, error) {
-	labels := prometheus.Labels{"service": "auth", "rpc": "delete"}
-	start := metrics.StartHook(labels, grpcRequestsTotal)
-	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
-	for _, r := range request.RoleName {
-		roleToDelete, err := rolec.Get(store.Query{Name: r})
-		if err != nil {
-			return nil, status.Errorf(codes.Canceled, "role not found")
-		}
-		err = rolec.Delete(roleToDelete)
-		if err != nil {
-			return nil, status.Errorf(codes.Aborted, "error deleting role %v", err)
-		}
-	}
-	return &apb.DeleteRolesResponse{
-		Timestamp: time.Now().UnixNano(),
-		Status:    apb.Status_STATUS_OK,
-	}, nil
-}
--- a/controller/northbound/server/auth_test.go
+++ b/controller/northbound/server/auth_test.go
 package server
 import (
-	"bytes"
 	"context"
-	"log"
 	"reflect"
 	"testing"
 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
-	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
-	"github.com/google/uuid"
 )
-const adminID = "5c248a22-8eb7-48cf-b392-45680a1863a5"
-const userID = "57005d13-7a4d-493d-a02b-50ca51c40197"
-const adminRoleID = "126683ae-5ff2-43ee-92f7-0e2b936f8c77"
-const randomRoleName = "bertram"
-var adminRoleMap = map[string]string{pndID: "admin"}
-var userRoleMap = map[string]string{pndID: "user"}
-var jwt *rbac.JWTManager
 func TestAuth_Login(t *testing.T) {
 	type args struct {
 		ctx     context.Context
@@ -105,748 +92,3 @@ func TestAuth_Logout(t *testing.T) {
 		})
 	}
 }
-func TestAuth_CreateUsers(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.CreateUsersRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    apb.Status
-		wantErr bool
-	}{
-		{
-			name: "default create users",
-			args: args{ctx: context.TODO(),
-				request: &apb.CreateUsersRequest{
-					User: []*apb.User{
-						{
-							Name:     "asdf",
-							Roles:    map[string]string{pndID: "asdf"},
-							Password: "asdf",
-							Token:    "",
-						},
-					},
-				},
-			},
-			want:    apb.Status_STATUS_OK,
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.CreateUsers(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if !reflect.DeepEqual(got.Status, tt.want) {
-				t.Errorf("Auth.CreateUsers() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_GetUser(t *testing.T) {
-	patchLogger(t)
-	type args struct {
-		ctx     context.Context
-		request *apb.GetUserRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.GetUserResponse
-		wantErr bool
-	}{
-		{
-			name: "default get user",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.GetUserRequest{
-					Name: "testAdmin",
-				},
-			},
-			want: &apb.GetUserResponse{Status: apb.Status_STATUS_OK,
-				User: &apb.User{Id: adminID,
-					Name: "testAdmin"}},
-			wantErr: false,
-		},
-		{
-			name: "fail get user",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.GetUserRequest{
-					Name: "nope",
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.GetUser(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.GetUser() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status == tt.want.Status {
-				if got.User.Name != tt.want.User.Name || got.User.Id != tt.want.User.Id {
-					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
-				}
-			} else {
-				if got != nil {
-					t.Errorf("Auth.GetUser() = %v, want %v", got, tt.want)
-				}
-			}
-		})
-	}
-}
-func TestAuth_GetUsers(t *testing.T) {
-	err := clearAndCreateAuthTestSetup()
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	type args struct {
-		ctx     context.Context
-		request *apb.GetUsersRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.GetUsersResponse
-		wantLen int
-		wantErr bool
-	}{
-		{
-			name: "default get users",
-			args: args{ctx: context.TODO(),
-				request: &apb.GetUsersRequest{},
-			},
-			want: &apb.GetUsersResponse{Status: apb.Status_STATUS_OK,
-				User: []*apb.User{
-					{Name: "testAdmin"},
-					{Name: "testUser"},
-					{Name: "testRandom"}},
-			},
-			wantLen: 3,
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.GetUsers(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status == apb.Status_STATUS_OK {
-				if len(got.User) != tt.wantLen {
-					t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
-				}
-				for _, gotU := range got.User {
-					containsExpected := false
-					for _, wantU := range tt.want.User {
-						if gotU.Name == wantU.Name {
-							containsExpected = true
-							break
-						}
-					}
-					if !containsExpected {
-						t.Errorf("Auth.GetUsers() = %v, want %v", got, tt.want)
-					}
-				}
-			}
-		})
-	}
-}
-func TestAuth_UpdateUsers(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.UpdateUsersRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.UpdateUsersResponse
-		wantErr bool
-	}{
-		{
-			name: "default update user",
-			args: args{ctx: context.TODO(),
-				request: &apb.UpdateUsersRequest{User: []*apb.User{
-					{Id: adminID,
-						Name: "sth Else"},
-				},
-				},
-			},
-			want: &apb.UpdateUsersResponse{
-				Status: apb.Status_STATUS_OK},
-			wantErr: false,
-		},
-		{
-			name: "error update user",
-			args: args{ctx: context.TODO(),
-				request: &apb.UpdateUsersRequest{User: []*apb.User{
-					{Id: uuid.NewString(),
-						Name: "not a user"},
-				},
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.UpdateUsers(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.UpdateUsers() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_DeleteUsers(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.DeleteUsersRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.DeleteUsersResponse
-		wantErr bool
-	}{
-		{
-			name: "default delete users",
-			args: args{ctx: context.TODO(),
-				request: &apb.DeleteUsersRequest{Username: []string{"testUser"}},
-			},
-			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
-			wantErr: false,
-		},
-		{
-			name: "error delete users",
-			args: args{ctx: context.TODO(),
-				request: &apb.DeleteUsersRequest{Username: []string{"no user"}},
-			},
-			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.DeleteUsers(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.DeleteUsers() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_CreateRoles(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.CreateRolesRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.CreateRolesResponse
-		wantErr bool
-	}{
-		{
-			name: "default create roles",
-			args: args{ctx: context.TODO(),
-				request: &apb.CreateRolesRequest{
-					Roles: []*apb.Role{
-						{
-							Name:        "new role 1",
-							Description: "Role 1",
-							Permissions: []string{"permission 1", "permission 2"},
-						},
-					},
-				},
-			},
-			want:    &apb.CreateRolesResponse{Status: apb.Status_STATUS_OK},
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.CreateRoles(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.CreateRoles() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_GetRole(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.GetRoleRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.GetRoleResponse
-		wantErr bool
-	}{
-		{
-			name: "default get role",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.GetRoleRequest{
-					RoleName: "adminTestRole",
-				},
-			},
-			want: &apb.GetRoleResponse{
-				Role: &apb.Role{
-					Name:        "adminTestRole",
-					Description: "Admin",
-				},
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: false,
-		},
-		{
-			name: "error get role",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.GetRoleRequest{
-					RoleName: "not role",
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.GetRole(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.GetRole() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status == tt.want.Status {
-				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
-					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
-				}
-			} else {
-				if got != nil {
-					t.Errorf("Auth.GetRole() = %v, want %v", got, tt.want)
-				}
-			}
-		})
-	}
-}
-func TestAuth_GetRoles(t *testing.T) {
-	err := clearAndCreateAuthTestSetup()
-	if err != nil {
-		t.Fatalf("%v", err)
-	}
-	type args struct {
-		ctx     context.Context
-		request *apb.GetRolesRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.GetRolesResponse
-		wantLen int
-		wantErr bool
-	}{
-		{
-			name: "default get roles",
-			args: args{
-				ctx:     context.TODO(),
-				request: &apb.GetRolesRequest{},
-			},
-			want: &apb.GetRolesResponse{
-				Status: apb.Status_STATUS_OK,
-				Roles: []*apb.Role{
-					{
-						Name:        "adminTestRole",
-						Description: "Admin",
-						Permissions: []string{
-							"/gosdn.core.CoreService/GetPnd",
-							"/gosdn.core.CoreService/GetPndList",
-						}},
-					{
-						Name:        "userTestRole",
-						Description: "User",
-						Permissions: []string{
-							"/gosdn.pnd.PndService/GetChangeList",
-						}},
-					{
-						Name:        randomRoleName,
-						Description: "Not a role",
-						Permissions: []string{
-							"nope",
-						},
-					},
-				},
-			},
-			wantLen: 3,
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.GetRoles(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status == tt.want.Status {
-				if len(got.Roles) != 3 {
-					t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
-				}
-				for _, gotR := range got.Roles {
-					containsExpected := false
-					for _, wantR := range tt.want.Roles {
-						gotPerm := gotR.Permissions
-						wantPerm := wantR.Permissions
-						if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
-							reflect.DeepEqual(gotPerm, wantPerm) {
-							containsExpected = true
-							break
-						}
-					}
-					if !containsExpected {
-						t.Errorf("Auth.GetRoles() = %v, want %v", got, tt.want)
-					}
-				}
-			}
-		})
-	}
-}
-func TestAuth_UpdateRoles(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.UpdateRolesRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.UpdateRolesResponse
-		wantErr bool
-	}{
-		{
-			name: "default update roles",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.UpdateRolesRequest{
-					Roles: []*apb.Role{
-						{
-							Id:   adminRoleID,
-							Name: "New Name",
-						},
-					},
-				},
-			},
-			want: &apb.UpdateRolesResponse{
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: false,
-		},
-		{
-			name: "error update roles",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.UpdateRolesRequest{
-					Roles: []*apb.Role{
-						{
-							Id:   uuid.NewString(),
-							Name: "New Name",
-						},
-					},
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.UpdateRoles(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.UpdateRoles() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_DeletePermissionsForRole(t *testing.T) {
-	clearAndCreateAuthTestSetup()
-	type args struct {
-		ctx     context.Context
-		request *apb.DeletePermissionsForRoleRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.DeletePermissionsForRoleResponse
-		wantErr bool
-	}{
-		{
-			name: "default delete permissions for role",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.DeletePermissionsForRoleRequest{
-					RoleName: "adminTestRole",
-					PermissionsToDelete: []string{
-						"/gosdn.core.CoreService/GetPnd",
-						"/gosdn.core.CoreService/GetPndList",
-					},
-				},
-			},
-			want: &apb.DeletePermissionsForRoleResponse{
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: false,
-		},
-		{
-			name: "error delete permissions for role no proper permissions provided",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.DeletePermissionsForRoleRequest{
-					RoleName: "adminTestRole",
-					PermissionsToDelete: []string{
-						"no",
-					},
-				},
-			},
-			want: &apb.DeletePermissionsForRoleResponse{
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.DeletePermissionsForRole(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.DeletePermissionsForRole() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func TestAuth_DeleteRoles(t *testing.T) {
-	type args struct {
-		ctx     context.Context
-		request *apb.DeleteRolesRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *apb.DeleteRolesResponse
-		wantErr bool
-	}{
-		{
-			name: "default delete roles",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.DeleteRolesRequest{
-					RoleName: []string{
-						"userTestRole",
-					},
-				},
-			},
-			want: &apb.DeleteRolesResponse{
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: false,
-		},
-		{
-			name: "error delete roles",
-			args: args{
-				ctx: context.TODO(),
-				request: &apb.DeleteRolesRequest{
-					RoleName: []string{
-						"no",
-					},
-				},
-			},
-			want: &apb.DeleteRolesResponse{
-				Status: apb.Status_STATUS_OK,
-			},
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := Auth{}
-			got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Auth.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != nil && got.Status != tt.want.Status {
-				t.Errorf("Auth.DeleteRoles() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-func clearAndCreateAuthTestSetup() error {
-	//clear setup if changed
-	storedUsers, err := userc.GetAll()
-	if err != nil {
-		return err
-	}
-	for _, u := range storedUsers {
-		err = userc.Delete(u)
-		if err != nil {
-			return err
-		}
-	}
-	storedRoles, err := rolec.GetAll()
-	if err != nil {
-		return err
-	}
-	for _, r := range storedRoles {
-		err = rolec.Delete(r)
-		if err != nil {
-			return err
-		}
-	}
-	// create dataset
-	err = createTestUsers()
-	if err != nil {
-		return err
-	}
-	err = createTestRoles()
-	if err != nil {
-		return err
-	}
-	return nil
-}
-//TODO(faseid): change password to hashed/encrypted one
-func createTestUsers() error {
-	randomRoleMap := map[string]string{pndID: randomRoleName}
-	users := []rbac.User{
-		{UserID: uuid.MustParse(adminID), UserName: "testAdmin", Roles: adminRoleMap, Password: "admin"},
-		{UserID: uuid.MustParse(userID), UserName: "testUser", Roles: userRoleMap, Password: "user"},
-		{UserID: uuid.New(), UserName: "testRandom", Roles: randomRoleMap, Password: "aurelius", Token: "wrong token"},
-	}
-	for _, u := range users {
-		err := userc.Add(rbac.NewUser(u.ID(), u.Name(), u.Roles, u.Password, ""))
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-func createTestRoles() error {
-	roles := []rbac.Role{
-		{
-			RoleID:      uuid.MustParse(adminRoleID),
-			RoleName:    "adminTestRole",
-			Description: "Admin",
-			Permissions: []string{
-				"/gosdn.core.CoreService/GetPnd",
-				"/gosdn.core.CoreService/GetPndList",
-			},
-		},
-		{
-			RoleID:      uuid.New(),
-			RoleName:    "userTestRole",
-			Description: "User",
-			Permissions: []string{
-				"/gosdn.pnd.PndService/GetChangeList",
-			},
-		},
-		{
-			RoleID:      uuid.New(),
-			RoleName:    randomRoleName,
-			Description: "Not a role",
-			Permissions: []string{
-				"nope",
-			},
-		},
-	}
-	for _, r := range roles {
-		err := rolec.Add(rbac.NewRole(r.ID(), r.Name(), r.Description, r.Permissions))
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-// This is needed as a workaround for a bug where the output of the getUser test falsely was
-// that it failed while actually passing. Apparantely, this can happen when loggers write
-// the output of test cases.
-// Solution found here: https://github.com/gotestyourself/gotestsum/issues/141#issuecomment-686243110
-func patchLogger(t *testing.T) {
-	orig := log.Writer()
-	buf := new(bytes.Buffer)
-	log.SetOutput(buf)
-	t.Cleanup(func() {
-		// optionally check t.Failed here if you only want to print logs on failure
-		t.Log(buf.String())
-		log.SetOutput(orig)
-	})
-}
--- a/controller/northbound/server/role_test.go
+++ b/controller/northbound/server/role_test.go
+package server
+import (
+	"context"
+	"reflect"
+	"testing"
+	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	"github.com/google/uuid"
+)
+func TestRole_CreateRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.CreateRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.CreateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default create roles",
+			args: args{ctx: context.TODO(),
+				request: &apb.CreateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Name:        "new role 1",
+							Description: "Role 1",
+							Permissions: []string{"permission 1", "permission 2"},
+						},
+					},
+				},
+			},
+			want:    &apb.CreateRolesResponse{Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.CreateRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.CreateRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestRole_GetRole(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.GetRoleRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default get role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetRoleRequest{
+					RoleName: "adminTestRole",
+				},
+			},
+			want: &apb.GetRoleResponse{
+				Role: &apb.Role{
+					Name:        "adminTestRole",
+					Description: "Admin",
+				},
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error get role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetRoleRequest{
+					RoleName: "not role",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.GetRole(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.GetRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == tt.want.Status {
+				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
+					t.Errorf("Role.GetRole() = %v, want %v", got, tt.want)
+				}
+			} else {
+				if got != nil {
+					t.Errorf("Role.GetRole() = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}
+func TestRole_GetRoles(t *testing.T) {
+	err := clearAndCreateAuthTestSetup()
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	type args struct {
+		ctx     context.Context
+		request *apb.GetRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRolesResponse
+		wantLen int
+		wantErr bool
+	}{
+		{
+			name: "default get roles",
+			args: args{
+				ctx:     context.TODO(),
+				request: &apb.GetRolesRequest{},
+			},
+			want: &apb.GetRolesResponse{
+				Status: apb.Status_STATUS_OK,
+				Roles: []*apb.Role{
+					{
+						Name:        "adminTestRole",
+						Description: "Admin",
+						Permissions: []string{
+							"/gosdn.core.CoreService/GetPnd",
+							"/gosdn.core.CoreService/GetPndList",
+						}},
+					{
+						Name:        "userTestRole",
+						Description: "User",
+						Permissions: []string{
+							"/gosdn.pnd.PndService/GetChangeList",
+						}},
+					{
+						Name:        randomRoleName,
+						Description: "Not a role",
+						Permissions: []string{
+							"nope",
+						},
+					},
+				},
+			},
+			wantLen: 3,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.GetRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == tt.want.Status {
+				if len(got.Roles) != 3 {
+					t.Errorf("Role.GetRoles() = %v, want %v", got, tt.want)
+				}
+				for _, gotR := range got.Roles {
+					containsExpected := false
+					for _, wantR := range tt.want.Roles {
+						gotPerm := gotR.Permissions
+						wantPerm := wantR.Permissions
+						if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
+							reflect.DeepEqual(gotPerm, wantPerm) {
+							containsExpected = true
+							break
+						}
+					}
+					if !containsExpected {
+						t.Errorf("Role.GetRoles() = %v, want %v", got, tt.want)
+					}
+				}
+			}
+		})
+	}
+}
+func TestRole_UpdateRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.UpdateRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.UpdateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default update roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.UpdateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Id:   adminRoleID,
+							Name: "New Name",
+						},
+					},
+				},
+			},
+			want: &apb.UpdateRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error update roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.UpdateRolesRequest{
+					Roles: []*apb.Role{
+						{
+							Id:   uuid.NewString(),
+							Name: "New Name",
+						},
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.UpdateRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.UpdateRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestRole_DeletePermissionsForRole(t *testing.T) {
+	clearAndCreateAuthTestSetup()
+	type args struct {
+		ctx     context.Context
+		request *apb.DeletePermissionsForRoleRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeletePermissionsForRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete permissions for role",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeletePermissionsForRoleRequest{
+					RoleName: "adminTestRole",
+					PermissionsToDelete: []string{
+						"/gosdn.core.CoreService/GetPnd",
+						"/gosdn.core.CoreService/GetPndList",
+					},
+				},
+			},
+			want: &apb.DeletePermissionsForRoleResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete permissions for role no proper permissions provided",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeletePermissionsForRoleRequest{
+					RoleName: "adminTestRole",
+					PermissionsToDelete: []string{
+						"no",
+					},
+				},
+			},
+			want: &apb.DeletePermissionsForRoleResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.DeletePermissionsForRole(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.DeletePermissionsForRole() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestRole_DeleteRoles(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.DeleteRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeleteRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeleteRolesRequest{
+					RoleName: []string{
+						"userTestRole",
+					},
+				},
+			},
+			want: &apb.DeleteRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete roles",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.DeleteRolesRequest{
+					RoleName: []string{
+						"no",
+					},
+				},
+			},
+			want: &apb.DeleteRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := Role{}
+			got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Role.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.DeleteRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/controller/northbound/server/test_util_test.go
+++ b/controller/northbound/server/test_util_test.go
+package server
+import (
+	"bytes"
+	"log"
+	"testing"
+	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+	"github.com/google/uuid"
+)
+// Name of this file requires _test at the end, because of how the availability of varibales is handled in test files of go packages.
+// Does not include actual file tests!
+const adminID = "5c248a22-8eb7-48cf-b392-45680a1863a5"
+const userID = "57005d13-7a4d-493d-a02b-50ca51c40197"
+const adminRoleID = "126683ae-5ff2-43ee-92f7-0e2b936f8c77"
+const randomRoleName = "bertram"
+var adminRoleMap = map[string]string{pndID: "admin"}
+var userRoleMap = map[string]string{pndID: "user"}
+var jwt *rbac.JWTManager
+func clearAndCreateAuthTestSetup() error {
+	//clear setup if changed
+	storedUsers, err := userc.GetAll()
+	if err != nil {
+		return err
+	}
+	for _, u := range storedUsers {
+		err = userc.Delete(u)
+		if err != nil {
+			return err
+		}
+	}
+	storedRoles, err := rolec.GetAll()
+	if err != nil {
+		return err
+	}
+	for _, r := range storedRoles {
+		err = rolec.Delete(r)
+		if err != nil {
+			return err
+		}
+	}
+	// create dataset
+	err = createTestUsers()
+	if err != nil {
+		return err
+	}
+	err = createTestRoles()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+//TODO(faseid): change password to hashed/encrypted one
+func createTestUsers() error {
+	randomRoleMap := map[string]string{pndID: randomRoleName}
+	users := []rbac.User{
+		{UserID: uuid.MustParse(adminID), UserName: "testAdmin", Roles: adminRoleMap, Password: "admin"},
+		{UserID: uuid.MustParse(userID), UserName: "testUser", Roles: userRoleMap, Password: "user"},
+		{UserID: uuid.New(), UserName: "testRandom", Roles: randomRoleMap, Password: "aurelius", Token: "wrong token"},
+	}
+	for _, u := range users {
+		err := userc.Add(rbac.NewUser(u.ID(), u.Name(), u.Roles, u.Password, ""))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+func createTestRoles() error {
+	roles := []rbac.Role{
+		{
+			RoleID:      uuid.MustParse(adminRoleID),
+			RoleName:    "adminTestRole",
+			Description: "Admin",
+			Permissions: []string{
+				"/gosdn.core.CoreService/GetPnd",
+				"/gosdn.core.CoreService/GetPndList",
+			},
+		},
+		{
+			RoleID:      uuid.New(),
+			RoleName:    "userTestRole",
+			Description: "User",
+			Permissions: []string{
+				"/gosdn.pnd.PndService/GetChangeList",
+			},
+		},
+		{
+			RoleID:      uuid.New(),
+			RoleName:    randomRoleName,
+			Description: "Not a role",
+			Permissions: []string{
+				"nope",
+			},
+		},
+	}
+	for _, r := range roles {
+		err := rolec.Add(rbac.NewRole(r.ID(), r.Name(), r.Description, r.Permissions))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+// This is needed as a workaround for a bug where the output of the getUser test falsely was
+// that it failed while actually passing. Apparantely, this can happen when loggers write
+// the output of test cases.
+// Solution found here: https://github.com/gotestyourself/gotestsum/issues/141#issuecomment-686243110
+func patchLogger(t *testing.T) {
+	orig := log.Writer()
+	buf := new(bytes.Buffer)
+	log.SetOutput(buf)
+	t.Cleanup(func() {
+		// optionally check t.Failed here if you only want to print logs on failure
+		t.Log(buf.String())
+		log.SetOutput(orig)
+	})
+}
--- a/controller/northbound/server/user_test.go
+++ b/controller/northbound/server/user_test.go
+package server
+import (
+	"context"
+	"reflect"
+	"testing"
+	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	"github.com/google/uuid"
+)
+func TestUser_CreateUsers(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.CreateUsersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    apb.Status
+		wantErr bool
+	}{
+		{
+			name: "default create users",
+			args: args{ctx: context.TODO(),
+				request: &apb.CreateUsersRequest{
+					User: []*apb.User{
+						{
+							Name:     "asdf",
+							Roles:    map[string]string{pndID: "asdf"},
+							Password: "asdf",
+							Token:    "",
+						},
+					},
+				},
+			},
+			want:    apb.Status_STATUS_OK,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := User{}
+			got, err := s.CreateUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("User.CreateUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got.Status, tt.want) {
+				t.Errorf("User.CreateUsers() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestUser_GetUser(t *testing.T) {
+	patchLogger(t)
+	type args struct {
+		ctx     context.Context
+		request *apb.GetUserRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetUserResponse
+		wantErr bool
+	}{
+		{
+			name: "default get user",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetUserRequest{
+					Name: "testAdmin",
+				},
+			},
+			want: &apb.GetUserResponse{Status: apb.Status_STATUS_OK,
+				User: &apb.User{Id: adminID,
+					Name: "testAdmin"}},
+			wantErr: false,
+		},
+		{
+			name: "fail get user",
+			args: args{
+				ctx: context.TODO(),
+				request: &apb.GetUserRequest{
+					Name: "nope",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := User{}
+			got, err := s.GetUser(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("User.GetUser() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == tt.want.Status {
+				if got.User.Name != tt.want.User.Name || got.User.Id != tt.want.User.Id {
+					t.Errorf("User.GetUser() = %v, want %v", got, tt.want)
+				}
+			} else {
+				if got != nil {
+					t.Errorf("User.GetUser() = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}
+func TestUser_GetUsers(t *testing.T) {
+	err := clearAndCreateAuthTestSetup()
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	type args struct {
+		ctx     context.Context
+		request *apb.GetUsersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetUsersResponse
+		wantLen int
+		wantErr bool
+	}{
+		{
+			name: "default get users",
+			args: args{ctx: context.TODO(),
+				request: &apb.GetUsersRequest{},
+			},
+			want: &apb.GetUsersResponse{Status: apb.Status_STATUS_OK,
+				User: []*apb.User{
+					{Name: "testAdmin"},
+					{Name: "testUser"},
+					{Name: "testRandom"}},
+			},
+			wantLen: 3,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := User{}
+			got, err := s.GetUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("User.GetUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status == apb.Status_STATUS_OK {
+				if len(got.User) != tt.wantLen {
+					t.Errorf("User.GetUsers() = %v, want %v", got, tt.want)
+				}
+				for _, gotU := range got.User {
+					containsExpected := false
+					for _, wantU := range tt.want.User {
+						if gotU.Name == wantU.Name {
+							containsExpected = true
+							break
+						}
+					}
+					if !containsExpected {
+						t.Errorf("User.GetUsers() = %v, want %v", got, tt.want)
+					}
+				}
+			}
+		})
+	}
+}
+func TestUser_UpdateUsers(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.UpdateUsersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.UpdateUsersResponse
+		wantErr bool
+	}{
+		{
+			name: "default update user",
+			args: args{ctx: context.TODO(),
+				request: &apb.UpdateUsersRequest{User: []*apb.User{
+					{Id: adminID,
+						Name: "sth Else"},
+				},
+				},
+			},
+			want: &apb.UpdateUsersResponse{
+				Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+		{
+			name: "error update user",
+			args: args{ctx: context.TODO(),
+				request: &apb.UpdateUsersRequest{User: []*apb.User{
+					{Id: uuid.NewString(),
+						Name: "not a user"},
+				},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := User{}
+			got, err := s.UpdateUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("User.UpdateUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("User.UpdateUsers() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+func TestUser_DeleteUsers(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		request *apb.DeleteUsersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeleteUsersResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete users",
+			args: args{ctx: context.TODO(),
+				request: &apb.DeleteUsersRequest{Username: []string{"testUser"}},
+			},
+			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+			wantErr: false,
+		},
+		{
+			name: "error delete users",
+			args: args{ctx: context.TODO(),
+				request: &apb.DeleteUsersRequest{Username: []string{"no user"}},
+			},
+			want:    &apb.DeleteUsersResponse{Status: apb.Status_STATUS_OK},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := User{}
+			got, err := s.DeleteUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("User.DeleteUsers() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("User.DeleteUsers() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}