TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 03:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
fbb30840f1
zitadel/internal/iam/repository/eventsourcing/eventstore_test.go
Fabi fbb30840f1
feat: policies on aggregates (#799) 
* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
2020-10-15 10:27:13 +02:00

2320 lines
62 KiB
Go
Raw Blame History

package eventsourcing
import (
"context"
"testing"
"github.com/golang/mock/gomock"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func TestIamByID(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
iam *model.IAM
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "iam from events, ok",
args: args{
es: GetMockIAMByIDOK(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
},
{
name: "iam from events, no events",
args: args{
es: GetMockIamByIDNoEvents(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
{
name: "iam from events, no id",
args: args{
es: GetMockIamByIDNoEvents(ctrl),
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.IAMByID(nil, tt.args.iam.AggregateID)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID != tt.res.iam.AggregateID {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.iam.AggregateID, result.AggregateID)
}
})
}
}
func TestSetUpStarted(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
step iam_model.Step
}
type res struct {
iam *iam_model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "setup started iam, ok",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1},
},
},
{
name: "setup already started",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "setup iam no id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.StartSetup(tt.args.ctx, tt.args.iamID, tt.args.step)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.SetUpStarted != tt.res.iam.SetUpStarted {
t.Errorf("got wrong result setupStarted: expected: %v, actual: %v ", tt.res.iam.SetUpStarted, result.SetUpStarted)
}
})
}
}
func TestSetUpDone(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
step iam_model.Step
}
type res struct {
iam *iam_model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "setup done iam, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
iam: &iam_model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: iam_model.Step1, SetUpDone: iam_model.Step1},
},
},
{
name: "setup iam no id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
step: iam_model.Step1,
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetupDone(tt.args.ctx, tt.args.iamID, tt.args.step)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.SetUpDone != tt.res.iam.SetUpDone {
t.Errorf("got wrong result SetUpDone: expected: %v, actual: %v ", tt.res.iam.SetUpDone, result.SetUpDone)
}
})
}
}
func TestSetGlobalOrg(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
globalOrg string
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "global org set, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
globalOrg: "globalOrg",
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, GlobalOrgID: "globalOrg"},
},
},
{
name: "no iam id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
globalOrg: "",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no global org",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
globalOrg: "globalOrg",
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetGlobalOrg(tt.args.ctx, tt.args.iamID, tt.args.globalOrg)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.GlobalOrgID != tt.res.iam.GlobalOrgID {
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.res.iam.GlobalOrgID, result.GlobalOrgID)
}
})
}
}
func TestSetIamProjectID(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
iamID string
iamProjectID string
}
type res struct {
iam *model.IAM
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "iam project set, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
iamProjectID: "iamProjectID",
},
res: res{
iam: &model.IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "iamID", Sequence: 1}, SetUpStarted: model.Step1, IAMProjectID: "iamProjectID"},
},
},
{
name: "no iam id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamProjectID: "",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no global org",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
iamID: "iamID",
iamProjectID: "iamProjectID",
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetIAMProject(tt.args.ctx, tt.args.iamID, tt.args.iamProjectID)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IAMProjectID != tt.res.iam.IAMProjectID {
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.res.iam.IAMProjectID, result.IAMProjectID)
}
})
}
}
func TestAddIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add iam member, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no roles",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member already existing",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIAMMember(tt.args.ctx, tt.args.member)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.UserID != tt.res.result.UserID {
t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID)
}
if len(result.Roles) != len(tt.res.result.Roles) {
t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles)
}
})
}
}
func TestChangeIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add iam member, ok",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no roles",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIAMMember(tt.args.ctx, tt.args.member)
if (tt.res.errFunc != nil && !tt.res.errFunc(err)) || (err != nil && tt.res.errFunc == nil) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.errFunc != nil && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.UserID != tt.res.result.UserID {
t.Errorf("got wrong result userid: expected: %v, actual: %v ", tt.res.result.UserID, result.UserID)
}
if len(result.Roles) != len(tt.res.result.Roles) {
t.Errorf("got wrong result roles: expected: %v, actual: %v ", tt.res.result.Roles, result.Roles)
}
})
}
}
func TestRemoveIamMember(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
existingIAM *model.IAM
member *iam_model.IAMMember
}
type res struct {
result *iam_model.IAMMember
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove iam member, ok",
args: args{
es: GetMockManipulateIAMWithMember(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID"},
},
res: res{
result: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
},
{
name: "no userid",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Members: []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "member not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
},
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"ChangeRoles"}},
},
res: res{
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIAMMember(tt.args.ctx, tt.args.member)
if tt.res.errFunc == nil && err != nil {
t.Errorf("should not get err")
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp, ok",
args: args{
es: GetMockManipulateIAMWithCrypto(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
ClientSecretString: "ClientSecret",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
Name: "Name",
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
},
{
name: "invalid idp config",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
ClientSecretString: "ClientSecret",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIDPConfig(tt.args.ctx, tt.args.idp)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IDPConfigID == "" {
t.Errorf("result has no id")
}
if result.OIDCConfig.IDPConfigID == "" {
t.Errorf("result has no id")
}
if result.OIDCConfig == nil && result.OIDCConfig.ClientSecret == nil {
t.Errorf("result has no client secret")
}
if result.Name != tt.res.result.Name {
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
}
if result.OIDCConfig.ClientID != tt.res.result.OIDCConfig.ClientID {
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.OIDCConfig.ClientID, result.OIDCConfig.ClientID)
}
})
}
}
func TestChangeIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change idp, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "NameChanged",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "NameChanged",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "invalid idp",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing project not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIDPConfig(tt.args.ctx, tt.args.idp)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.Name != tt.res.result.Name {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
}
})
}
}
func TestRemoveIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
},
{
name: "no IDPConfigID",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing idp not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIDPConfig(tt.args.ctx, tt.args.idp)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err")
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestDeactivateIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
State: iam_model.IDPConfigStateInactive,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "no idp id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.DeactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
})
}
}
func TestReactivateIdpConfiguration(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
idp *iam_model.IDPConfig
}
type res struct {
result *iam_model.IDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "reactivate, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
},
res: res{
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
State: iam_model.IDPConfigStateActive,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
},
{
name: "no idp id",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: "ClientID",
},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ReactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
})
}
}
func TestChangeOIDCIDPConfig(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
config *iam_model.OIDCIDPConfig
}
type res struct {
result *iam_model.OIDCIDPConfig
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change oidc config, ok",
args: args{
es: GetMockManipulateIAMWithOIDCIdp(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientIDChange",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
result: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientIDChange",
},
},
},
{
name: "invalid config",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp not existing",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
config: &iam_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope"},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeIDPOIDCConfig(tt.args.ctx, tt.args.config)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AggregateID == "" {
t.Errorf("result has no id")
}
if result.IDPConfigID != tt.res.result.IDPConfigID {
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
}
if result.ClientID != tt.res.result.ClientID {
t.Errorf("got wrong result responsetype: expected: %v, actual: %v ", tt.res.result.ClientID, result.ClientID)
}
})
}
}
func TestAddLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LoginPolicy
}
type res struct {
result *iam_model.LoginPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
},
},
res: res{
result: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddLoginPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AllowRegister != tt.res.result.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
}
})
}
}
func TestChangeLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.LoginPolicy
}
type res struct {
result *iam_model.LoginPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
AllowExternalIdp: false,
AllowUsernamePassword: false,
},
},
res: res{
result: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
AllowRegister: true,
AllowExternalIdp: false,
AllowUsernamePassword: false,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.LoginPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeLoginPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.AllowRegister != tt.res.result.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
}
if result.AllowUsernamePassword != tt.res.result.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.res.result.AllowUsernamePassword, result.AllowUsernamePassword)
}
if result.AllowExternalIdp != tt.res.result.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.res.result.AllowExternalIdp, result.AllowExternalIdp)
}
})
}
}
func TestAddIdpProviderToLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
provider *iam_model.IDPProvider
}
type res struct {
result *iam_model.IDPProvider
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
result: &iam_model.IDPProvider{IdpConfigID: "IdpConfigID2"},
},
},
{
name: "add idp to login policy, already existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddIDPProviderToLoginPolicy(tt.args.ctx, tt.args.provider)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.IdpConfigID != tt.res.result.IdpConfigID {
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IdpConfigID, result.IdpConfigID)
}
if result.Type != tt.res.result.Type {
t.Errorf("got wrong result Type: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
}
})
}
}
func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
provider *iam_model.IDPProvider
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp to login policy, ok",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IDPConfigID",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{},
},
{
name: "remove idp to login policy, not existing",
args: args{
es: GetMockManipulateIAMWithLoginPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
Type: iam_model.IDPProviderTypeSystem,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "invalid provider",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
provider: &iam_model.IDPProvider{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
IdpConfigID: "IdpConfigID2",
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveIDPProviderFromLoginPolicy(tt.args.ctx, tt.args.provider)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err: %v ", err)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddPasswordComplexityPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordComplexityPolicy
}
type res struct {
result *iam_model.PasswordComplexityPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password complexity policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
result: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordComplexityPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MinLength != tt.res.result.MinLength {
t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength)
}
})
}
}
func TestChangePasswordComplexityPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordComplexityPolicy
}
type res struct {
result *iam_model.PasswordComplexityPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password complexity policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswodComplexityPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 5,
},
},
res: res{
result: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordComplexityPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MinLength: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordComplexityPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MinLength != tt.res.result.MinLength {
t.Errorf("got wrong result MinLength: expected: %v, actual: %v ", tt.res.result.MinLength, result.MinLength)
}
})
}
}
func TestAddPasswordAgePolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordAgePolicy
}
type res struct {
result *iam_model.PasswordAgePolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password age policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
res: res{
result: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
ExpireWarnDays: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordAgePolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAgeDays != tt.res.result.MaxAgeDays {
t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays)
}
if result.ExpireWarnDays != tt.res.result.ExpireWarnDays {
t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays)
}
})
}
}
func TestChangePasswordAgePolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordAgePolicy
}
type res struct {
result *iam_model.PasswordAgePolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password age policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswordAgePolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 5,
},
},
res: res{
result: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordAgePolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAgeDays: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordAgePolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAgeDays != tt.res.result.MaxAgeDays {
t.Errorf("got wrong result MaxAgeDays: expected: %v, actual: %v ", tt.res.result.MaxAgeDays, result.MaxAgeDays)
}
if result.ExpireWarnDays != tt.res.result.ExpireWarnDays {
t.Errorf("got wrong result.ExpireWarnDays: expected: %v, actual: %v ", tt.res.result.ExpireWarnDays, result.ExpireWarnDays)
}
})
}
}
func TestAddPasswordLockoutPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordLockoutPolicy
}
type res struct {
result *iam_model.PasswordLockoutPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password lockout policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
res: res{
result: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
ShowLockOutFailures: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddPasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAttempts != tt.res.result.MaxAttempts {
t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts)
}
if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures {
t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures)
}
})
}
}
func TestChangePasswordLockoutPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.PasswordLockoutPolicy
}
type res struct {
result *iam_model.PasswordLockoutPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password lockout policy, ok",
args: args{
es: GetMockManipulateIAMWithPasswordLockoutPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 5,
},
},
res: res{
result: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 5,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.PasswordLockoutPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
MaxAttempts: 10,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePasswordLockoutPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.MaxAttempts != tt.res.result.MaxAttempts {
t.Errorf("got wrong result MaxAttempts: expected: %v, actual: %v ", tt.res.result.MaxAttempts, result.MaxAttempts)
}
if result.ShowLockOutFailures != tt.res.result.ShowLockOutFailures {
t.Errorf("got wrong result.ShowLockOutFailures: expected: %v, actual: %v ", tt.res.result.ShowLockOutFailures, result.ShowLockOutFailures)
}
})
}
}
func TestAddOrgIAMPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.OrgIAMPolicy
}
type res struct {
result *iam_model.OrgIAMPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add org iam policy, ok",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
result: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
},
{
name: "empty policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddOrgIAMPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain {
t.Errorf("got wrong result UserLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain)
}
})
}
}
func TestChangeOrgIAMPolicy(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *IAMEventstore
ctx context.Context
policy *iam_model.OrgIAMPolicy
}
type res struct {
result *iam_model.OrgIAMPolicy
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change org iam policy, ok",
args: args{
es: GetMockManipulateIAMWithOrgIAMPolicy(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: false,
},
},
res: res{
result: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: false,
},
},
},
{
name: "invalid policy",
args: args{
es: GetMockManipulateIAM(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam not found",
args: args{
es: GetMockManipulateIAMNotExisting(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
policy: &iam_model.OrgIAMPolicy{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
UserLoginMustBeDomain: true,
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeOrgIAMPolicy(tt.args.ctx, tt.args.policy)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if result.UserLoginMustBeDomain != tt.res.result.UserLoginMustBeDomain {
t.Errorf("got wrong result UserLoginMustBeDomain: expected: %v, actual: %v ", tt.res.result.UserLoginMustBeDomain, result.UserLoginMustBeDomain)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink