Skip to content
Snippets Groups Projects

Improve test coverage of rbac stuff

Merged Improve test coverage of rbac stuff
207-improve-test-coverage-of-rbac-stuff into develop
Merged Ghost User requested to merge 207-improve-test-coverage-of-rbac-stuff into develop
Viewing commit e774084a
Show latest version
2 files
+ 92
33
Compare changes
  • Side-by-side
  • Inline
Files
2
controller/northbound/server/auth_interceptor_test.go
+ 67
33
@@ -2,14 +2,13 @@ package server
@@ -2,14 +2,13 @@ package server
import (
import (
"context"
"context"
 
"fmt"
"log"
"log"
"net"
"net"
"testing"
"testing"
apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
"code.fbi.h-da.de/danet/gosdn/controller/rbac"
"code.fbi.h-da.de/danet/gosdn/controller/store"
"google.golang.org/grpc"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/metadata"
@@ -37,29 +36,16 @@ func dialer() func(context.Context, string) (net.Conn, error) {
@@ -37,29 +36,16 @@ func dialer() func(context.Context, string) (net.Conn, error) {
}
}
func TestAuthInterceptor_Unary(t *testing.T) {
func TestAuthInterceptor_Unary(t *testing.T) {
validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
validToken, err := createTestUserToken("testAdmin", true)
if err != nil {
if err != nil {
log.Fatal(err)
log.Fatal(err)
}
}
wrongUserToken, err := jwt.GenerateToken(rbac.User{UserName: "foo"})
wrongUserToken, err := createTestUserToken("foo", false)
if err != nil {
if err != nil {
log.Fatal(err)
log.Fatal(err)
}
}
user, err := userc.Get(store.Query{Name: "testAdmin"})
if err != nil {
log.Fatal(err)
}
user.SetToken(validToken)
err = userc.Update(user)
if err != nil {
log.Fatal(err)
}
md := metadata.Pairs("authorize", validToken)
ctx := context.Background()
ctx := context.Background()
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
if err != nil {
if err != nil {
@@ -82,7 +68,7 @@ func TestAuthInterceptor_Unary(t *testing.T) {
@@ -82,7 +68,7 @@ func TestAuthInterceptor_Unary(t *testing.T) {
{
{
name: "default unary interceptor",
name: "default unary interceptor",
args: args{
args: args{
ctx: metadata.NewOutgoingContext(context.Background(), md),
ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
request: &apb.GetUsersRequest{},
request: &apb.GetUsersRequest{},
},
},
want: &apb.GetUsersResponse{
want: &apb.GetUsersResponse{
@@ -136,23 +122,10 @@ func TestAuthInterceptor_Unary(t *testing.T) {
@@ -136,23 +122,10 @@ func TestAuthInterceptor_Unary(t *testing.T) {
}
}
func TestAuthInterceptor_Stream(t *testing.T) {
func TestAuthInterceptor_Stream(t *testing.T) {
validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
validToken, err := createTestUserToken("testAdmin", true)
if err != nil {
log.Fatal(err)
}
user, err := userc.Get(store.Query{Name: "testAdmin"})
if err != nil {
if err != nil {
log.Fatal(err)
log.Fatal(err)
}
}
user.SetToken(validToken)
err = userc.Update(user)
if err != nil {
log.Fatal(err)
}
md := metadata.Pairs("authorize", validToken)
ctx := context.Background()
ctx := context.Background()
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
@@ -175,7 +148,7 @@ func TestAuthInterceptor_Stream(t *testing.T) {
@@ -175,7 +148,7 @@ func TestAuthInterceptor_Stream(t *testing.T) {
{
{
name: "default stream interceptor",
name: "default stream interceptor",
args: args{
args: args{
ctx: metadata.NewOutgoingContext(context.Background(), md),
ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", validToken)),
request: &spb.GetSchemaRequest{
request: &spb.GetSchemaRequest{
Pid: pndID,
Pid: pndID,
Sid: sbiID,
Sid: sbiID,
@@ -212,3 +185,64 @@ func TestAuthInterceptor_Stream(t *testing.T) {
@@ -212,3 +185,64 @@ func TestAuthInterceptor_Stream(t *testing.T) {
})
})
}
}
}
}
 
 
func TestAuthInterceptor_authorize(t *testing.T) {
 
validToken, err := createTestUserToken("testAdmin", true)
 
if err != nil {
 
log.Fatal(err)
 
}
 
 
wrongUserToken, err := createTestUserToken("foo", false)
 
if err != nil {
 
log.Fatal(err)
 
}
 
 
md := metadata.Pairs("authorize", validToken)
 
fmt.Println(md.Get("authorize"))
 
 
type args struct {
 
ctx context.Context
 
method string
 
}
 
tests := []struct {
 
name string
 
args args
 
wantErr bool
 
}{
 
{
 
name: "default authorize",
 
args: args{
 
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 
method: "/gosdn.rbac.UserService/GetUsers",
 
},
 
wantErr: false,
 
},
 
{
 
name: "error invalid token",
 
args: args{
 
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", wrongUserToken)),
 
method: "/gosdn.rbac.UserService/GetUsers",
 
},
 
wantErr: true,
 
},
 
{
 
name: "error no permission for request",
 
args: args{
 
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorize", validToken)),
 
method: "/gosdn.pnd.PndService/DeleteOnd",
 
},
 
wantErr: true,
 
},
 
}
 
for _, tt := range tests {
 
t.Run(tt.name, func(t *testing.T) {
 
auth := &AuthInterceptor{
 
jwtManager: jwt,
 
}
 
 
if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
 
t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
 
}
 
})
 
}
 
}