mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 08:39:08 +00:00
8fc11a7366
# Which Problems Are Solved This pull request addresses a significant gap in the user service v2 API, which currently lacks methods for managing machine users. # How the Problems Are Solved This PR adds new API endpoints to the user service v2 to manage machine users including their secret, keys and personal access tokens. Additionally, there's now a CreateUser and UpdateUser endpoints which allow to create either a human or machine user and update them. The existing `CreateHumanUser` endpoint has been deprecated along the corresponding management service endpoints. For details check the additional context section. # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9349 ## More details - API changes: https://github.com/zitadel/zitadel/pull/9680 - Implementation: https://github.com/zitadel/zitadel/pull/9763 - Tests: https://github.com/zitadel/zitadel/pull/9771 ## Follow-ups - Metadata: support managing user metadata using resource API https://github.com/zitadel/zitadel/pull/10005 - Machine token type: support managing the machine token type (migrate to new enum with zero value unspecified?) --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
348 lines
8.0 KiB
Go
348 lines
8.0 KiB
Go
//go:build integration
|
|
|
|
package user_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/brianvoe/gofakeit/v6"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/user/v2"
|
|
)
|
|
|
|
func TestServer_AddSecret(t *testing.T) {
|
|
type args struct {
|
|
ctx context.Context
|
|
req *user.AddSecretRequest
|
|
prepare func(request *user.AddSecretRequest) error
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "add secret, user not existing",
|
|
args: args{
|
|
CTX,
|
|
&user.AddSecretRequest{
|
|
UserId: "notexisting",
|
|
},
|
|
func(request *user.AddSecretRequest) error { return nil },
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "add secret, ok",
|
|
args: args{
|
|
CTX,
|
|
&user.AddSecretRequest{},
|
|
func(request *user.AddSecretRequest) error {
|
|
resp := Instance.CreateUserTypeMachine(CTX)
|
|
request.UserId = resp.GetId()
|
|
return nil
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "add secret human, not ok",
|
|
args: args{
|
|
CTX,
|
|
&user.AddSecretRequest{},
|
|
func(request *user.AddSecretRequest) error {
|
|
resp := Instance.CreateUserTypeMachine(CTX)
|
|
request.UserId = resp.GetId()
|
|
return nil
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "overwrite secret, ok",
|
|
args: args{
|
|
CTX,
|
|
&user.AddSecretRequest{},
|
|
func(request *user.AddSecretRequest) error {
|
|
resp := Instance.CreateUserTypeMachine(CTX)
|
|
request.UserId = resp.GetId()
|
|
_, err := Client.AddSecret(CTX, &user.AddSecretRequest{
|
|
UserId: resp.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
now := time.Now()
|
|
err := tt.args.prepare(tt.args.req)
|
|
require.NoError(t, err)
|
|
got, err := Client.AddSecret(tt.args.ctx, tt.args.req)
|
|
if tt.wantErr {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
assert.NotEmpty(t, got.ClientSecret, "client secret is empty")
|
|
creationDate := got.CreationDate.AsTime()
|
|
assert.Greater(t, creationDate, now, "creation date is before the test started")
|
|
assert.Less(t, creationDate, time.Now(), "creation date is in the future")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestServer_AddSecret_Permission(t *testing.T) {
|
|
otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddSecret-%s", gofakeit.AppName()), gofakeit.Email())
|
|
otherOrgUser, err := Instance.Client.UserV2.CreateUser(IamCTX, &user.CreateUserRequest{
|
|
OrganizationId: otherOrg.OrganizationId,
|
|
UserType: &user.CreateUserRequest_Machine_{
|
|
Machine: &user.CreateUserRequest_Machine{
|
|
Name: gofakeit.Name(),
|
|
},
|
|
},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
type args struct {
|
|
ctx context.Context
|
|
req *user.AddSecretRequest
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "system, ok",
|
|
args: args{
|
|
SystemCTX,
|
|
&user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "instance, ok",
|
|
args: args{
|
|
IamCTX,
|
|
&user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "org, error",
|
|
args: args{
|
|
CTX,
|
|
&user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "user, error",
|
|
args: args{
|
|
UserCTX,
|
|
&user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
now := time.Now()
|
|
require.NoError(t, err)
|
|
got, err := Client.AddSecret(tt.args.ctx, tt.args.req)
|
|
if tt.wantErr {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
assert.NotEmpty(t, got.ClientSecret, "client secret is empty")
|
|
creationDate := got.CreationDate.AsTime()
|
|
assert.Greater(t, creationDate, now, "creation date is before the test started")
|
|
assert.Less(t, creationDate, time.Now(), "creation date is in the future")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestServer_RemoveSecret(t *testing.T) {
|
|
type args struct {
|
|
ctx context.Context
|
|
req *user.RemoveSecretRequest
|
|
prepare func(request *user.RemoveSecretRequest) error
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "remove secret, user not existing",
|
|
args: args{
|
|
CTX,
|
|
&user.RemoveSecretRequest{
|
|
UserId: "notexisting",
|
|
},
|
|
func(request *user.RemoveSecretRequest) error { return nil },
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "remove secret, not existing",
|
|
args: args{
|
|
CTX,
|
|
&user.RemoveSecretRequest{},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
resp := Instance.CreateUserTypeMachine(CTX)
|
|
request.UserId = resp.GetId()
|
|
return nil
|
|
},
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "remove secret, ok",
|
|
args: args{
|
|
CTX,
|
|
&user.RemoveSecretRequest{},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
resp := Instance.CreateUserTypeMachine(CTX)
|
|
request.UserId = resp.GetId()
|
|
_, err := Instance.Client.UserV2.AddSecret(CTX, &user.AddSecretRequest{
|
|
UserId: resp.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
now := time.Now()
|
|
err := tt.args.prepare(tt.args.req)
|
|
require.NoError(t, err)
|
|
got, err := Client.RemoveSecret(tt.args.ctx, tt.args.req)
|
|
if tt.wantErr {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
deletionDate := got.DeletionDate.AsTime()
|
|
assert.Greater(t, deletionDate, now, "creation date is before the test started")
|
|
assert.Less(t, deletionDate, time.Now(), "creation date is in the future")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestServer_RemoveSecret_Permission(t *testing.T) {
|
|
otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("RemoveSecret-%s", gofakeit.AppName()), gofakeit.Email())
|
|
otherOrgUser, err := Instance.Client.UserV2.CreateUser(IamCTX, &user.CreateUserRequest{
|
|
OrganizationId: otherOrg.OrganizationId,
|
|
UserType: &user.CreateUserRequest_Machine_{
|
|
Machine: &user.CreateUserRequest_Machine{
|
|
Name: gofakeit.Name(),
|
|
},
|
|
},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
type args struct {
|
|
ctx context.Context
|
|
req *user.RemoveSecretRequest
|
|
prepare func(request *user.RemoveSecretRequest) error
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "system, ok",
|
|
args: args{
|
|
SystemCTX,
|
|
&user.RemoveSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "instance, ok",
|
|
args: args{
|
|
IamCTX,
|
|
&user.RemoveSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "org, error",
|
|
args: args{
|
|
CTX,
|
|
&user.RemoveSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "user, error",
|
|
args: args{
|
|
UserCTX,
|
|
&user.RemoveSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
},
|
|
func(request *user.RemoveSecretRequest) error {
|
|
_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
|
|
UserId: otherOrgUser.GetId(),
|
|
})
|
|
return err
|
|
},
|
|
},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
now := time.Now()
|
|
require.NoError(t, tt.args.prepare(tt.args.req))
|
|
got, err := Client.RemoveSecret(tt.args.ctx, tt.args.req)
|
|
if tt.wantErr {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
assert.NotEmpty(t, got.DeletionDate, "client secret is empty")
|
|
creationDate := got.DeletionDate.AsTime()
|
|
assert.Greater(t, creationDate, now, "creation date is before the test started")
|
|
assert.Less(t, creationDate, time.Now(), "creation date is in the future")
|
|
})
|
|
}
|
|
}
|