package eventsourcing import ( "context" "testing" "github.com/golang/mock/gomock" "github.com/caos/zitadel/internal/api/authz" caos_errs "github.com/caos/zitadel/internal/errors" es_models "github.com/caos/zitadel/internal/eventstore/models" iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model" ) func TestIamByID(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore iam *model.IAM } type res struct { iam *model.IAM errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "iam from events, ok", args: args{ es: GetMockIAMByIDOK(ctrl), iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, }, { name: "iam from events, no events", args: args{ es: GetMockIamByIDNoEvents(ctrl), iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ errFunc: caos_errs.IsNotFound, }, }, { name: "iam from events, no id", args: args{ es: GetMockIamByIDNoEvents(ctrl), iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.IAMByID(nil, tt.args.iam.AggregateID) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID != tt.res.iam.AggregateID { t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.iam.AggregateID, result.AggregateID) } }) } } func TestSetUpStarted(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context iamID string step iam_model.Step } type res struct { iam *iam_model.IAM errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "setup started iam, ok", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", step: iam_model.Step1, }, res: res{ iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1}, }, }, { name: "setup already started", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", step: iam_model.Step1, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "setup iam no id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), step: iam_model.Step1, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.StartSetup(tt.args.ctx, tt.args.iamID, tt.args.step) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.SetUpStarted != tt.res.iam.SetUpStarted { t.Errorf("got wrong result setupStarted: expected: %v, actual: %v ", tt.res.iam.SetUpStarted, result.SetUpStarted) } }) } } func TestSetUpDone(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context iamID string step iam_model.Step } type res struct { iam *iam_model.IAM errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "setup done iam, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", step: iam_model.Step1, }, res: res{ iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1, SetUpDone: iam_model.Step1}, }, }, { name: "setup iam no id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), step: iam_model.Step1, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", step: iam_model.Step1, }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.SetupDone(tt.args.ctx, tt.args.iamID, tt.args.step) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.SetUpDone != tt.res.iam.SetUpDone { t.Errorf("got wrong result SetUpDone: expected: %v, actual: %v ", tt.res.iam.SetUpDone, result.SetUpDone) } }) } } func TestSetGlobalOrg(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context iamID string globalOrg string } type res struct { iam *model.IAM errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "global org set, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", globalOrg: "globalOrg", }, res: res{ iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, GlobalOrgID: "globalOrg"}, }, }, { name: "no iam id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), globalOrg: "", }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "no global org", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", globalOrg: "globalOrg", }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.SetGlobalOrg(tt.args.ctx, tt.args.iamID, tt.args.globalOrg) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.GlobalOrgID != tt.res.iam.GlobalOrgID { t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.res.iam.GlobalOrgID, result.GlobalOrgID) } }) } } func TestSetIamProjectID(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context iamID string iamProjectID string } type res struct { iam *model.IAM errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "iam project set, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", iamProjectID: "iamProjectID", }, res: res{ iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, IAMProjectID: "iamProjectID"}, }, }, { name: "no iam id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamProjectID: "", }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "no global org", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), iamID: "iamID", iamProjectID: "iamProjectID", }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.SetIAMProject(tt.args.ctx, tt.args.iamID, tt.args.iamProjectID) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.IAMProjectID != tt.res.iam.IAMProjectID { t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.res.iam.IAMProjectID, result.IAMProjectID) } }) } } func TestAddIamMember(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context member *iam_model.IAMMember } type res struct { result *iam_model.IAMMember errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add iam member, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, res: res{ result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, }, { name: "no userid", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"Roles"}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "no roles", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "member already existing", args: args{ es: GetMockManipulateIAMWithMember(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, res: res{ errFunc: caos_errs.IsErrorAlreadyExists, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddIAMMember(tt.args.ctx, tt.args.member) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.UserID != tt.res.result.UserID { t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID) } if len(result.Roles) != len(tt.res.result.Roles) { t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles) } }) } } func TestChangeIamMember(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context member *iam_model.IAMMember } type res struct { result *iam_model.IAMMember errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add iam member, ok", args: args{ es: GetMockManipulateIAMWithMember(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}}, }, res: res{ result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, }, { name: "no userid", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "no roles", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "member not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}}, }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeIAMMember(tt.args.ctx, tt.args.member) if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) { t.Errorf("got wrong err: %v ", err) return } if tt.res.errFunc != nil && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.UserID != tt.res.result.UserID { t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID) } if len(result.Roles) != len(tt.res.result.Roles) { t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles) } }) } } func TestRemoveIamMember(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context existingIAM *model.IAM member *iam_model.IAMMember } type res struct { result *iam_model.IAMMember errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "remove iam member, ok", args: args{ es: GetMockManipulateIAMWithMember(ctrl), ctx: authz.NewMockContext("orgID", "userID"), existingIAM: &model.IAM{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}}, }, member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"}, }, res: res{ result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, }, { name: "no userid", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), existingIAM: &model.IAM{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}}, }, member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "member not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), existingIAM: &model.IAM{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, }, member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}}, }, res: res{ errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}}, }, res: res{ errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.args.es.RemoveIAMMember(tt.args.ctx, tt.args.member) if tt.res.errFunc == nil && err != nil { t.Errorf("should not get err") } if tt.res.errFunc != nil && !tt.res.errFunc(err) { t.Errorf("got wrong err: %v ", err) } }) } } func TestAddIdpConfiguration(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context idp *iam_model.IDPConfig } type res struct { result *iam_model.IDPConfig wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add idp, ok", args: args{ es: GetMockManipulateIAMWithCrypto(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", Type: iam_model.IDPConfigTypeOIDC, OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", ClientSecretString: "ClientSecret", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, }, res: res{ result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Name: "Name", Type: iam_model.IDPConfigTypeOIDC, OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, }, }, { name: "invalid idp config", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", ClientSecretString: "ClientSecret", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddIDPConfig(tt.args.ctx, tt.args.idp) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.IDPConfigID == "" { t.Errorf("result has no id") } if result.OIDCConfig.IDPConfigID == "" { t.Errorf("result has no id") } if result.OIDCConfig == nil && result.OIDCConfig.ClientSecret == nil { t.Errorf("result has no client secret") } if result.Name != tt.res.result.Name { t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.Name, result.Name) } if result.OIDCConfig.ClientID != tt.res.result.OIDCConfig.ClientID { t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.OIDCConfig.ClientID, result.OIDCConfig.ClientID) } }) } } func TestChangeIdpConfiguration(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context idp *iam_model.IDPConfig } type res struct { result *iam_model.IDPConfig wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change idp, ok", args: args{ es: GetMockManipulateIAMWithOIDCIdp(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "NameChanged", }, }, res: res{ result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "NameChanged", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, }, { name: "invalid idp", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "idp not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing project not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeIDPConfig(tt.args.ctx, tt.args.idp) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if !tt.res.wantErr && result.AggregateID == "" { t.Errorf("result has no id") } if result.IDPConfigID != tt.res.result.IDPConfigID { t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID) } if result.Name != tt.res.result.Name { t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.Name, result.Name) } }) } } func TestRemoveIdpConfiguration(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context idp *iam_model.IDPConfig } type res struct { wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "remove idp, ok", args: args{ es: GetMockManipulateIAMWithOIDCIdp(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", }, }, }, { name: "no IDPConfigID", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "idp not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing idp not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.args.es.RemoveIDPConfig(tt.args.ctx, tt.args.idp) if !tt.res.wantErr && err != nil { t.Errorf("should not get err") } if tt.res.wantErr && !tt.res.errFunc(err) { t.Errorf("got wrong err: %v ", err) } }) } } func TestDeactivateIdpConfiguration(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context idp *iam_model.IDPConfig } type res struct { result *iam_model.IDPConfig wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "deactivate, ok", args: args{ es: GetMockManipulateIAMWithOIDCIdp(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", }, }, res: res{ result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", State: iam_model.IDPConfigStateInactive, OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, }, { name: "no idp id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "idp not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.DeactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if !tt.res.wantErr && result.AggregateID == "" { t.Errorf("result has no id") } if result.IDPConfigID != tt.res.result.IDPConfigID { t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID) } if result.State != tt.res.result.State { t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State) } }) } } func TestReactivateIdpConfiguration(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context idp *iam_model.IDPConfig } type res struct { result *iam_model.IDPConfig wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "reactivate, ok", args: args{ es: GetMockManipulateIAMWithOIDCIdp(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", }, }, res: res{ result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", State: iam_model.IDPConfigStateActive, OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, }, { name: "no idp id", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}}, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "idp not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, IDPConfigID: "IDPConfigID", Name: "Name", OIDCConfig: &iam_model.OIDCIDPConfig{ ClientID: "ClientID", }, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ReactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if !tt.res.wantErr && result.AggregateID == "" { t.Errorf("result has no id") } if result.IDPConfigID != tt.res.result.IDPConfigID { t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID) } if result.State != tt.res.result.State { t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State) } }) } } func TestChangeOIDCIDPConfig(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context config *iam_model.OIDCIDPConfig } type res struct { result *iam_model.OIDCIDPConfig wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change oidc config, ok", args: args{ es: GetMockManipulateIAMWithOIDCIdp(ctrl), ctx: authz.NewMockContext("orgID", "userID"), config: &iam_model.OIDCIDPConfig{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", ClientID: "ClientIDChange", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, res: res{ result: &iam_model.OIDCIDPConfig{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", ClientID: "ClientIDChange", }, }, }, { name: "invalid config", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), config: &iam_model.OIDCIDPConfig{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "idp not existing", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), config: &iam_model.OIDCIDPConfig{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", ClientID: "ClientID", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), config: &iam_model.OIDCIDPConfig{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", ClientID: "ClientID", Issuer: "Issuer", Scopes: []string{"scope"}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeIDPOIDCConfig(tt.args.ctx, tt.args.config) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.AggregateID == "" { t.Errorf("result has no id") } if result.IDPConfigID != tt.res.result.IDPConfigID { t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID) } if result.ClientID != tt.res.result.ClientID { t.Errorf("got wrong result responsetype: expected: %v, actual: %v ", tt.res.result.ClientID, result.ClientID) } }) } } func TestAddLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.LoginPolicy } type res struct { result *iam_model.LoginPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add login policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, AllowRegister: true, }, }, res: res{ result: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, AllowRegister: true, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddLoginPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.AllowRegister != tt.res.result.AllowRegister { t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister) } }) } } func TestChangeLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.LoginPolicy } type res struct { result *iam_model.LoginPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, AllowRegister: true, AllowExternalIdp: false, AllowUsernamePassword: false, }, }, res: res{ result: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, AllowRegister: true, AllowExternalIdp: false, AllowUsernamePassword: false, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LoginPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeLoginPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.AllowRegister != tt.res.result.AllowRegister { t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister) } if result.AllowUsernamePassword != tt.res.result.AllowUsernamePassword { t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.res.result.AllowUsernamePassword, result.AllowUsernamePassword) } if result.AllowExternalIdp != tt.res.result.AllowExternalIdp { t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.res.result.AllowExternalIdp, result.AllowExternalIdp) } }) } } func TestAddIdpProviderToLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context provider *iam_model.IDPProvider } type res struct { result *iam_model.IDPProvider wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add idp to login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IdpConfigID2", Type: iam_model.IDPProviderTypeSystem, }, }, res: res{ result: &iam_model.IDPProvider{IDPConfigID: "IdpConfigID2"}, }, }, { name: "add idp to login policy, already existing", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", Type: iam_model.IDPProviderTypeSystem, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsErrorAlreadyExists, }, }, { name: "invalid provider", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IdpConfigID2", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddIDPProviderToLoginPolicy(tt.args.ctx, tt.args.provider) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.IDPConfigID != tt.res.result.IDPConfigID { t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID) } if result.Type != tt.res.result.Type { t.Errorf("got wrong result KeyType: expected: %v, actual: %v ", tt.res.result.Type, result.Type) } }) } } func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context provider *iam_model.IDPProvider } type res struct { wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "remove idp to login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IDPConfigID", Type: iam_model.IDPProviderTypeSystem, }, }, res: res{}, }, { name: "remove idp to login policy, not existing", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IdpConfigID2", Type: iam_model.IDPProviderTypeSystem, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "invalid provider", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), provider: &iam_model.IDPProvider{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, IDPConfigID: "IdpConfigID2", }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.args.es.RemoveIDPProviderFromLoginPolicy(tt.args.ctx, tt.args.provider) if !tt.res.wantErr && err != nil { t.Errorf("should not get err: %v ", err) } if tt.res.wantErr && !tt.res.errFunc(err) { t.Errorf("got wrong err: %v ", err) } }) } } func TestAddSecondFactorToLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context aggreageID string mfa iam_model.SecondFactorType } type res struct { result iam_model.SecondFactorType wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add second factor to login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "AggregateID", mfa: iam_model.SecondFactorTypeOTP, }, res: res{ result: iam_model.SecondFactorTypeOTP, }, }, { name: "add second factor to login policy, already existing", args: args{ es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "AggregateID", mfa: iam_model.SecondFactorTypeOTP, }, res: res{ wantErr: true, errFunc: caos_errs.IsErrorAlreadyExists, }, }, { name: "invalid mfa", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), mfa: iam_model.SecondFactorTypeUnspecified, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "Test", mfa: iam_model.SecondFactorTypeOTP, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddSecondFactorToLoginPolicy(tt.args.ctx, tt.args.aggreageID, tt.args.mfa) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result != tt.res.result { t.Errorf("got wrong result: expected: %v, actual: %v ", tt.res.result, result) } }) } } func TestRemoveSecondFactorFromLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context aggregateID string mfa iam_model.SecondFactorType } type res struct { wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "remove second factor from login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.SecondFactorTypeOTP, }, res: res{}, }, { name: "remove second factor to login policy, not existing", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.SecondFactorTypeOTP, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "invalid provider", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.SecondFactorTypeUnspecified, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "Test", mfa: iam_model.SecondFactorTypeOTP, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.args.es.RemoveSecondFactorFromLoginPolicy(tt.args.ctx, tt.args.aggregateID, tt.args.mfa) if !tt.res.wantErr && err != nil { t.Errorf("should not get err: %v ", err) } if tt.res.wantErr && !tt.res.errFunc(err) { t.Errorf("got wrong err: %v ", err) } }) } } func TestAddMultiFactorToLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context aggreageID string mfa iam_model.MultiFactorType } type res struct { result iam_model.MultiFactorType wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add second factor to login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "AggregateID", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{ result: iam_model.MultiFactorTypeU2FWithPIN, }, }, { name: "add second factor to login policy, already existing", args: args{ es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "AggregateID", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{ wantErr: true, errFunc: caos_errs.IsErrorAlreadyExists, }, }, { name: "invalid mfa", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), mfa: iam_model.MultiFactorTypeUnspecified, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggreageID: "Test", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddMultiFactorToLoginPolicy(tt.args.ctx, tt.args.aggreageID, tt.args.mfa) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result != tt.res.result { t.Errorf("got wrong result: expected: %v, actual: %v ", tt.res.result, result) } }) } } func TestRemoveMultiFactorFromLoginPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context aggregateID string mfa iam_model.MultiFactorType } type res struct { wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "remove second factor from login policy, ok", args: args{ es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{}, }, { name: "remove second factor to login policy, not existing", args: args{ es: GetMockManipulateIAMWithLoginPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "invalid provider", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "AggregateID", mfa: iam_model.MultiFactorTypeUnspecified, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), aggregateID: "Test", mfa: iam_model.MultiFactorTypeU2FWithPIN, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.args.es.RemoveMultiFactorFromLoginPolicy(tt.args.ctx, tt.args.aggregateID, tt.args.mfa) if !tt.res.wantErr && err != nil { t.Errorf("should not get err: %v ", err) } if tt.res.wantErr && !tt.res.errFunc(err) { t.Errorf("got wrong err: %v ", err) } }) } } func TestAddLabelPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.LabelPolicy } type res struct { result *iam_model.LabelPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add label policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, PrimaryColor: "000000", }, }, res: res{ result: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, PrimaryColor: "000000", }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddLabelPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.PrimaryColor != tt.res.result.PrimaryColor { t.Errorf("got wrong result PrimaryColor: expected: %v, actual: %v ", tt.res.result.PrimaryColor, result.PrimaryColor) } }) } } func TestChangeLabelPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.LabelPolicy } type res struct { result *iam_model.LabelPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change label policy, ok", args: args{ es: GetMockManipulateIAMWithLabelPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, PrimaryColor: "000000", SecondaryColor: "FFFFFF", }, }, res: res{ result: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, PrimaryColor: "000000", SecondaryColor: "FFFFFF", }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.LabelPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeLabelPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.PrimaryColor != tt.res.result.PrimaryColor { t.Errorf("got wrong result PrimaryColor: expected: %v, actual: %v ", tt.res.result.PrimaryColor, result.PrimaryColor) } if result.SecondaryColor != tt.res.result.SecondaryColor { t.Errorf("got wrong result SecondaryColor: expected: %v, actual: %v ", tt.res.result.SecondaryColor, result.SecondaryColor) } }) } } func TestAddPasswordComplexityPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordComplexityPolicy } type res struct { result *iam_model.PasswordComplexityPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add password complexity policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 10, }, }, res: res{ result: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 10, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsErrorInvalidArgument, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 10, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddPasswordComplexityPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MinLength != tt.res.result.MinLength { t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength) } }) } } func TestChangePasswordComplexityPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordComplexityPolicy } type res struct { result *iam_model.PasswordComplexityPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change password complexity policy, ok", args: args{ es: GetMockManipulateIAMWithPasswodComplexityPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 5, }, }, res: res{ result: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 5, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{Sequence: 0}, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsErrorInvalidArgument, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordComplexityPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MinLength: 10, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangePasswordComplexityPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MinLength != tt.res.result.MinLength { t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength) } }) } } func TestAddPasswordAgePolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordAgePolicy } type res struct { result *iam_model.PasswordAgePolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add password age policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 10, ExpireWarnDays: 10, }, }, res: res{ result: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 10, ExpireWarnDays: 10, }, }, }, { name: "empty policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 10, ExpireWarnDays: 10, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddPasswordAgePolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MaxAgeDays != tt.res.result.MaxAgeDays { t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays) } if result.ExpireWarnDays != tt.res.result.ExpireWarnDays { t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays) } }) } } func TestChangePasswordAgePolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordAgePolicy } type res struct { result *iam_model.PasswordAgePolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change password age policy, ok", args: args{ es: GetMockManipulateIAMWithPasswordAgePolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 5, }, }, res: res{ result: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 5, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordAgePolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAgeDays: 10, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangePasswordAgePolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MaxAgeDays != tt.res.result.MaxAgeDays { t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays) } if result.ExpireWarnDays != tt.res.result.ExpireWarnDays { t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays) } }) } } func TestAddPasswordLockoutPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordLockoutPolicy } type res struct { result *iam_model.PasswordLockoutPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add password lockout policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 10, ShowLockOutFailures: true, }, }, res: res{ result: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 10, ShowLockOutFailures: true, }, }, }, { name: "empty policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 10, ShowLockOutFailures: true, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddPasswordLockoutPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MaxAttempts != tt.res.result.MaxAttempts { t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts) } if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures { t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures) } }) } } func TestChangePasswordLockoutPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.PasswordLockoutPolicy } type res struct { result *iam_model.PasswordLockoutPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change password lockout policy, ok", args: args{ es: GetMockManipulateIAMWithPasswordLockoutPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 5, }, }, res: res{ result: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 5, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.PasswordLockoutPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, MaxAttempts: 10, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangePasswordLockoutPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.MaxAttempts != tt.res.result.MaxAttempts { t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts) } if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures { t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures) } }) } } func TestAddOrgIAMPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.OrgIAMPolicy } type res struct { result *iam_model.OrgIAMPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "add org iam policy, ok", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: true, }, }, res: res{ result: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: true, }, }, }, { name: "empty policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: true, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.AddOrgIAMPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain { t.Errorf("got wrong result UserLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain) } }) } } func TestChangeOrgIAMPolicy(t *testing.T) { ctrl := gomock.NewController(t) type args struct { es *IAMEventstore ctx context.Context policy *iam_model.OrgIAMPolicy } type res struct { result *iam_model.OrgIAMPolicy wantErr bool errFunc func(err error) bool } tests := []struct { name string args args res res }{ { name: "change org iam policy, ok", args: args{ es: GetMockManipulateIAMWithOrgIAMPolicy(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: false, }, }, res: res{ result: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: false, }, }, }, { name: "invalid policy", args: args{ es: GetMockManipulateIAM(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: nil, }, res: res{ wantErr: true, errFunc: caos_errs.IsPreconditionFailed, }, }, { name: "existing iam not found", args: args{ es: GetMockManipulateIAMNotExisting(ctrl), ctx: authz.NewMockContext("orgID", "userID"), policy: &iam_model.OrgIAMPolicy{ ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0}, UserLoginMustBeDomain: true, }, }, res: res{ wantErr: true, errFunc: caos_errs.IsNotFound, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result, err := tt.args.es.ChangeOrgIAMPolicy(tt.args.ctx, tt.args.policy) if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) { t.Errorf("got wrong err: %v ", err) return } if tt.res.wantErr && tt.res.errFunc(err) { return } if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain { t.Errorf("got wrong result UserLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain) } }) } }