zitadel/internal/iam/repository/eventsourcing/eventstore_test.go
Fabi 28bfe72930
feat: uniqueness (#1190)
* feat: uniqueness on events

* fix: some tests

* fix: add unique username

* fix: nice error message

* fix: add unique test

* fix: add unique test

* fix: add unique constraint to events

* fix: correct unique constraint on user events

* fix: remove user constraint

* fix: add unique constraints

* fix: add unique constraints

* fix: add unique constraints

* fix: unnique constraints without interface

* fix: unique idp config

* fix: unique constraint comments

* fix: unique constraints in one table

* fix: unique constraints error

* fix: fix unique constraint on create user

* fix: fix unique constraint on create project

* fix: fix unique constraint on idp configs
2021-01-21 10:49:38 +01:00

2819 lines
75 KiB
Go

package eventsourcing
import (
"context"
"testing"
"github.com/golang/mock/gomock"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func TestIamByID(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
iam *model.IAM
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "iam from events, ok",
args: args{
es: GetMockIAMByIDOK(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
},
{
name: "iam from events, no events",
args: args{
es: GetMockIamByIDNoEvents(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
{
name: "iam from events, no id",
args: args{
es: GetMockIamByIDNoEvents(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.IAMByID(nil, tt.args.iam.AggregateID)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID != tt.res.iam.AggregateID {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.iam.AggregateID, result.AggregateID)
}
})
}
}
//
//func TestSetUpStarted(t *testing.T) {
// ctrl := gomock.NewController(t)
// type args struct {
// es *IAMEventstore
// ctx context.Context
// iamID string
// step iam_model.Step
// }
// type res struct {
// iam *iam_model.IAM
// errFunc func(err error) bool
// }
// tests := []struct {
// name string
// args args
// res res
// }{
// {
// name: "setup started iam, ok",
// args: args{
// es: GetMockManipulateIAMNotExisting(ctrl),
// ctx: authz.NewMockContext("orgID", "userID"),
// iamID: "iamID",
// step: iam_model.Step1,
// },
// res: res{
// iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1},
// },
// },
// {
// name: "setup already started",
// args: args{
// es: GetMockManipulateIAM(ctrl),
// ctx: authz.NewMockContext("orgID", "userID"),
// iamID: "iamID",
// step: iam_model.Step1,
// },
// res: res{
// errFunc: caos_errs.IsPreconditionFailed,
// },
// },
// {
// name: "setup iam no id",
// args: args{
// es: GetMockManipulateIAM(ctrl),
// ctx: authz.NewMockContext("orgID", "userID"),
// step: iam_model.Step1,
// },
// res: res{
// errFunc: caos_errs.IsPreconditionFailed,
// },
// },
// }
// for _, tt := range tests {
// t.Run(tt.name, func(t *testing.T) {
// result, err := tt.args.es.StartSetup(tt.args.ctx, tt.args.iamID, tt.args.step)
// if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
// t.Errorf("got wrong err: %v ", err)
// return
// }
// if tt.res.errFunc != nil && tt.res.errFunc(err) {
// return
// }
// if result.AggregateID == "" {
// t.Errorf("result has no id")
// }
// if result.SetUpStarted != tt.res.iam.SetUpStarted {
// t.Errorf("got wrong result setupStarted: expected: %v, actual: %v ", tt.res.iam.SetUpStarted, result.SetUpStarted)
// }
// })
// }
//}
func TestSetUpDone(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
step iam_model.Step
}
type res struct {
iam *iam_model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "setup done iam, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1, SetUpDone: iam_model.Step1},
},
},
{
name: "setup iam no id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetupDone(tt.args.ctx, tt.args.iamID, tt.args.step)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.SetUpDone != tt.res.iam.SetUpDone {
t.Errorf("got wrong result SetUpDone: expected: %v, actual: %v ", tt.res.iam.SetUpDone, result.SetUpDone)
}
})
}
}
func TestSetGlobalOrg(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
globalOrg string
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "global org set, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
globalOrg: "globalOrg",
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, GlobalOrgID: "globalOrg"},
},
},
{
name: "no iam id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
globalOrg: "",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no global org",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
globalOrg: "globalOrg",
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetGlobalOrg(tt.args.ctx, tt.args.iamID, tt.args.globalOrg)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.GlobalOrgID != tt.res.iam.GlobalOrgID {
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.res.iam.GlobalOrgID, result.GlobalOrgID)
}
})
}
}
func TestSetIamProjectID(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
iamProjectID string
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "iam project set, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
iamProjectID: "iamProjectID",
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, IAMProjectID: "iamProjectID"},
},
},
{
name: "no iam id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamProjectID: "",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no global org",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
iamProjectID: "iamProjectID",
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetIAMProject(tt.args.ctx, tt.args.iamID, tt.args.iamProjectID)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IAMProjectID != tt.res.iam.IAMProjectID {
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.res.iam.IAMProjectID, result.IAMProjectID)
}
})
}
}
func TestAddIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add iam member, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no roles",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member already existing",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIAMMember(tt.args.ctx, tt.args.member)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.UserID != tt.res.result.UserID {
t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID)
}
if len(result.Roles) != len(tt.res.result.Roles) {
t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles)
}
})
}
}
func TestChangeIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add iam member, ok",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no roles",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIAMMember(tt.args.ctx, tt.args.member)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.UserID != tt.res.result.UserID {
t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID)
}
if len(result.Roles) != len(tt.res.result.Roles) {
t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles)
}
})
}
}
func TestRemoveIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
existingIAM *model.IAM
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove iam member, ok",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIAMMember(tt.args.ctx, tt.args.member)
if tt.res.errFunc == nil && err != nil {
t.Errorf("should not get err")
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp, ok",
args: args{
es: GetMockManipulateIAMWithCrypto(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
ClientSecretString: "ClientSecret",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Name: "Name",
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
},
{
name: "invalid idp config",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
ClientSecretString: "ClientSecret",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIDPConfig(tt.args.ctx, tt.args.idp)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IDPConfigID == "" {
t.Errorf("result has no id")
}
if result.OIDCConfig.IDPConfigID == "" {
t.Errorf("result has no id")
}
if result.OIDCConfig == nil && result.OIDCConfig.ClientSecret == nil {
t.Errorf("result has no client secret")
}
if result.Name != tt.res.result.Name {
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
}
if result.OIDCConfig.ClientID != tt.res.result.OIDCConfig.ClientID {
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.OIDCConfig.ClientID, result.OIDCConfig.ClientID)
}
})
}
}
func TestChangeIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change idp, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "NameChanged",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "NameChanged",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "invalid idp",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing project not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIDPConfig(tt.args.ctx, tt.args.idp)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Name != tt.res.result.Name {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
}
})
}
}
func TestRemoveIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
},
{
name: "no IDPConfigID",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing idp not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIDPConfig(tt.args.ctx, tt.args.idp)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err")
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestDeactivateIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
State: iam_model.IDPConfigStateInactive,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "no idp id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.DeactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
})
}
}
func TestReactivateIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "reactivate, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
State: iam_model.IDPConfigStateActive,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "no idp id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ReactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
})
}
}
func TestChangeOIDCIDPConfig(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
config *iam_model.OIDCIDPConfig
}
type res struct {
result *iam_model.OIDCIDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change oidc config, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientIDChange",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
result: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientIDChange",
},
},
},
{
name: "invalid config",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIDPOIDCConfig(tt.args.ctx, tt.args.config)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.ClientID != tt.res.result.ClientID {
t.Errorf("got wrong result responsetype: expected: %v, actual: %v ", tt.res.result.ClientID, result.ClientID)
}
})
}
}
func TestAddLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LoginPolicy
}
type res struct {
result *iam_model.LoginPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
},
},
res: res{
result: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddLoginPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AllowRegister != tt.res.result.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
}
})
}
}
func TestChangeLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LoginPolicy
}
type res struct {
result *iam_model.LoginPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
AllowExternalIdp: false,
AllowUsernamePassword: false,
},
},
res: res{
result: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
AllowExternalIdp: false,
AllowUsernamePassword: false,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeLoginPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AllowRegister != tt.res.result.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
}
if result.AllowUsernamePassword != tt.res.result.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.res.result.AllowUsernamePassword, result.AllowUsernamePassword)
}
if result.AllowExternalIdp != tt.res.result.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.res.result.AllowExternalIdp, result.AllowExternalIdp)
}
})
}
}
func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
provider *iam_model.IDPProvider
}
type res struct {
result *iam_model.IDPProvider
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
result: &iam_model.IDPProvider{IDPConfigID: "IdpConfigID2"},
},
},
{
name: "add idp to login policy, already existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IdpConfigID2",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIDPProviderToLoginPolicy(tt.args.ctx, tt.args.provider)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Type != tt.res.result.Type {
t.Errorf("got wrong result KeyType: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
}
})
}
}
func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
provider *iam_model.IDPProvider
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{},
},
{
name: "remove idp to login policy, not existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IdpConfigID2",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIDPProviderFromLoginPolicy(tt.args.ctx, tt.args.provider)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err: %v ", err)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddSecondFactorToLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
aggreageID string
mfa iam_model.SecondFactorType
}
type res struct {
result iam_model.SecondFactorType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add second factor to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "AggregateID",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{
result: iam_model.SecondFactorTypeOTP,
},
},
{
name: "add second factor to login policy, already existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "AggregateID",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "invalid mfa",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
mfa: iam_model.SecondFactorTypeUnspecified,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "Test",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddSecondFactorToLoginPolicy(tt.args.ctx, tt.args.aggreageID, tt.args.mfa)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result != tt.res.result {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.res.result, result)
}
})
}
}
func TestRemoveSecondFactorFromLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
aggregateID string
mfa iam_model.SecondFactorType
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove second factor from login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{},
},
{
name: "remove second factor to login policy, not existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.SecondFactorTypeUnspecified,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "Test",
mfa: iam_model.SecondFactorTypeOTP,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveSecondFactorFromLoginPolicy(tt.args.ctx, tt.args.aggregateID, tt.args.mfa)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err: %v ", err)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddMultiFactorToLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
aggreageID string
mfa iam_model.MultiFactorType
}
type res struct {
result iam_model.MultiFactorType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add second factor to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "AggregateID",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{
result: iam_model.MultiFactorTypeU2FWithPIN,
},
},
{
name: "add second factor to login policy, already existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "AggregateID",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "invalid mfa",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
mfa: iam_model.MultiFactorTypeUnspecified,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggreageID: "Test",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddMultiFactorToLoginPolicy(tt.args.ctx, tt.args.aggreageID, tt.args.mfa)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result != tt.res.result {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.res.result, result)
}
})
}
}
func TestRemoveMultiFactorFromLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
aggregateID string
mfa iam_model.MultiFactorType
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove second factor from login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{},
},
{
name: "remove second factor to login policy, not existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "AggregateID",
mfa: iam_model.MultiFactorTypeUnspecified,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
aggregateID: "Test",
mfa: iam_model.MultiFactorTypeU2FWithPIN,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveMultiFactorFromLoginPolicy(tt.args.ctx, tt.args.aggregateID, tt.args.mfa)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err: %v ", err)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddLabelPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LabelPolicy
}
type res struct {
result *iam_model.LabelPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add label policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
PrimaryColor: "000000",
},
},
res: res{
result: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
PrimaryColor: "000000",
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddLabelPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.PrimaryColor != tt.res.result.PrimaryColor {
t.Errorf("got wrong result PrimaryColor: expected: %v, actual: %v ", tt.res.result.PrimaryColor, result.PrimaryColor)
}
})
}
}
func TestChangeLabelPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LabelPolicy
}
type res struct {
result *iam_model.LabelPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change label policy, ok",
args: args{
es: GetMockManipulateIAMWithLabelPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
PrimaryColor: "000000",
SecondaryColor: "FFFFFF",
},
},
res: res{
result: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
PrimaryColor: "000000",
SecondaryColor: "FFFFFF",
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LabelPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeLabelPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.PrimaryColor != tt.res.result.PrimaryColor {
t.Errorf("got wrong result PrimaryColor: expected: %v, actual: %v ", tt.res.result.PrimaryColor, result.PrimaryColor)
}
if result.SecondaryColor != tt.res.result.SecondaryColor {
t.Errorf("got wrong result SecondaryColor: expected: %v, actual: %v ", tt.res.result.SecondaryColor, result.SecondaryColor)
}
})
}
}
func TestAddPasswordComplexityPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordComplexityPolicy
}
type res struct {
result *iam_model.PasswordComplexityPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password complexity policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
result: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordComplexityPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MinLength != tt.res.result.MinLength {
t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength)
}
})
}
}
func TestChangePasswordComplexityPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordComplexityPolicy
}
type res struct {
result *iam_model.PasswordComplexityPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password complexity policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswodComplexityPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 5,
},
},
res: res{
result: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordComplexityPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MinLength != tt.res.result.MinLength {
t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength)
}
})
}
}
func TestAddPasswordAgePolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordAgePolicy
}
type res struct {
result *iam_model.PasswordAgePolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password age policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
res: res{
result: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordAgePolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAgeDays != tt.res.result.MaxAgeDays {
t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays)
}
if result.ExpireWarnDays != tt.res.result.ExpireWarnDays {
t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays)
}
})
}
}
func TestChangePasswordAgePolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordAgePolicy
}
type res struct {
result *iam_model.PasswordAgePolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password age policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswordAgePolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 5,
},
},
res: res{
result: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordAgePolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAgeDays != tt.res.result.MaxAgeDays {
t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays)
}
if result.ExpireWarnDays != tt.res.result.ExpireWarnDays {
t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays)
}
})
}
}
func TestAddPasswordLockoutPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordLockoutPolicy
}
type res struct {
result *iam_model.PasswordLockoutPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password lockout policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
res: res{
result: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAttempts != tt.res.result.MaxAttempts {
t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts)
}
if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures {
t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures)
}
})
}
}
func TestChangePasswordLockoutPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordLockoutPolicy
}
type res struct {
result *iam_model.PasswordLockoutPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password lockout policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswordLockoutPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 5,
},
},
res: res{
result: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAttempts != tt.res.result.MaxAttempts {
t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts)
}
if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures {
t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures)
}
})
}
}
func TestAddOrgIAMPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.OrgIAMPolicy
}
type res struct {
result *iam_model.OrgIAMPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add org iam policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
result: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddOrgIAMPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain {
t.Errorf("got wrong result userLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain)
}
})
}
}
func TestChangeOrgIAMPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.OrgIAMPolicy
}
type res struct {
result *iam_model.OrgIAMPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change org iam policy, ok",
args: args{
es: GetMockManipulateIAMWithOrgIAMPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: false,
},
},
res: res{
result: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: false,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeOrgIAMPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain {
t.Errorf("got wrong result userLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain)
}
})
}
}