mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 20:38:00 +00:00
76fe032b5f
* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * lint
190 lines
4.9 KiB
Go
190 lines
4.9 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/muhlemmer/gu"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
zitadel_errs "github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/id"
|
|
id_mock "github.com/zitadel/zitadel/internal/id/mock"
|
|
"github.com/zitadel/zitadel/internal/repository/restrictions"
|
|
)
|
|
|
|
func TestSetRestrictions(t *testing.T) {
|
|
type fields func(*testing.T) (*eventstore.Eventstore, id.Generator)
|
|
type args struct {
|
|
ctx context.Context
|
|
setRestrictions *SetRestrictions
|
|
}
|
|
type res struct {
|
|
want *domain.ObjectDetails
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "set new restrictions",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(),
|
|
expectPush(
|
|
eventFromEventPusherWithInstanceID(
|
|
"instance1",
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangePublicOrgRegistrations(true),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
id_mock.NewIDGeneratorExpectIDs(t, "restrictions1")
|
|
},
|
|
args: args{
|
|
ctx: authz.WithInstanceID(context.Background(), "instance1"),
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(true),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "instance1",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "change restrictions",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangePublicOrgRegistrations(true),
|
|
),
|
|
),
|
|
),
|
|
expectPush(
|
|
eventFromEventPusherWithInstanceID(
|
|
"instance1",
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangePublicOrgRegistrations(false),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
nil
|
|
},
|
|
args: args{
|
|
ctx: authz.WithInstanceID(context.Background(), "instance1"),
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(false),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "instance1",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "set restrictions idempotency",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangePublicOrgRegistrations(true),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
nil
|
|
},
|
|
args: args{
|
|
ctx: authz.WithInstanceID(context.Background(), "instance1"),
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(true),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "instance1",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no restrictions defined",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangePublicOrgRegistrations(true),
|
|
),
|
|
),
|
|
),
|
|
), nil
|
|
},
|
|
args: args{
|
|
ctx: authz.WithInstanceID(context.Background(), "instance1"),
|
|
setRestrictions: &SetRestrictions{},
|
|
},
|
|
res: res{
|
|
err: zitadel_errs.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := new(Commands)
|
|
r.eventstore, r.idGenerator = tt.fields(t)
|
|
got, err := r.SetInstanceRestrictions(tt.args.ctx, tt.args.setRestrictions)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
if tt.res.err == nil {
|
|
assert.Equal(t, tt.res.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|