diff --git a/model.go b/model.go index 1f04c0d..68f18cd 100644 --- a/model.go +++ b/model.go @@ -368,6 +368,6 @@ func RoleReader(stream string) string { return fmt.Sprintf(`[{"privilege": "reader", "resource": {"stream": "%s", "tag": null}}]`, stream) } -func RoleIngestor(stream string) string { +func RoleIngester(stream string) string { return fmt.Sprintf(`[{"privilege": "ingest", "resource": {"stream": "%s"}}]`, stream) } diff --git a/quest_test.go b/quest_test.go index a244677..6591b76 100644 --- a/quest_test.go +++ b/quest_test.go @@ -129,8 +129,45 @@ func TestSmokeGetRetention(t *testing.T) { require.JSONEq(t, RetentionBody, body, "Get retention response doesn't match with retention config returned") } +// This test calls all the User API endpoints +// in a sequence to check if they work as expected. +func TestSmoke_AllUsersAPI(t *testing.T) { + CreateRole(t, NewGlob.Client, "dummyrole", dummyRole) + AssertRole(t, NewGlob.Client, "dummyrole", dummyRole) + + CreateUser(t, NewGlob.Client, "dummyuser") + AssignRolesToUser(t, NewGlob.Client, "dummyuser", []string{"dummyrole"}) + AssertUserRole(t, NewGlob.Client, "dummyuser", "dummyrole", dummyRole) + RegenPassword(t, NewGlob.Client, "dummyuser") + DeleteUser(t, NewGlob.Client, "dummyuser") + + CreateUserWithRole(t, NewGlob.Client, "dummyuser", []string{"dummyrole"}) + AssertUserRole(t, NewGlob.Client, "dummyuser", "dummyrole", dummyRole) + RegenPassword(t, NewGlob.Client, "dummyuser") + DeleteUser(t, NewGlob.Client, "dummyuser") + + DeleteRole(t, NewGlob.Client, "dummyrole") +} + +// This test checks that a new user doesn't get any role by default +// even if a default role is set. +func TestSmoke_NewUserNoRole(t *testing.T) { + CreateRole(t, NewGlob.Client, "dummyrole", dummyRole) + SetDefaultRole(t, NewGlob.Client, "dummyrole") + AssertDefaultRole(t, NewGlob.Client, "dummyrole") + + password := CreateUser(t, NewGlob.Client, "dummyuser") + userClient := NewGlob.Client + userClient.Username = "dummyuser" + userClient.Password = password + + PutSingleEventExpectErr(t, userClient, NewGlob.Stream) + + DeleteUser(t, NewGlob.Client, "dummyuser") +} + func TestSmokeRbacBasic(t *testing.T) { - SetRole(t, NewGlob.Client, "dummy", dummyRole) + CreateRole(t, NewGlob.Client, "dummy", dummyRole) AssertRole(t, NewGlob.Client, "dummy", dummyRole) CreateUserWithRole(t, NewGlob.Client, "dummy", []string{"dummy"}) userClient := NewGlob.Client @@ -160,13 +197,13 @@ func TestSmokeRoles(t *testing.T) { }, { roleName: "ingest", - body: RoleIngestor(NewGlob.Stream), + body: RoleIngester(NewGlob.Stream), }, } for _, tc := range cases { t.Run(tc.roleName, func(t *testing.T) { - SetRole(t, NewGlob.Client, tc.roleName, tc.body) + CreateRole(t, NewGlob.Client, tc.roleName, tc.body) AssertRole(t, NewGlob.Client, tc.roleName, tc.body) username := tc.roleName + "_user" password := CreateUserWithRole(t, NewGlob.Client, username, []string{tc.roleName}) diff --git a/test_utils.go b/test_utils.go index 24d5ffd..331f418 100644 --- a/test_utils.go +++ b/test_utils.go @@ -90,7 +90,7 @@ func AssertStreamSchema(t *testing.T, client HTTPClient, stream string, schema s require.JSONEq(t, schema, body, "Get schema response doesn't match with expected schema") } -func SetRole(t *testing.T, client HTTPClient, name string, role string) { +func CreateRole(t *testing.T, client HTTPClient, name string, role string) { req, _ := client.NewRequest("PUT", "role/"+name, strings.NewReader(role)) response, err := client.Do(req) require.NoErrorf(t, err, "Request failed: %s", err) @@ -103,7 +103,16 @@ func AssertRole(t *testing.T, client HTTPClient, name string, role string) { require.NoErrorf(t, err, "Request failed: %s", err) body := readAsString(response.Body) require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, body) - require.JSONEq(t, role, body, "Get retention response doesn't match with retention config returned") + require.JSONEq(t, role, body, "Get role response doesn't match with retention config returned") +} + +func CreateUser(t *testing.T, client HTTPClient, user string) string { + req, _ := client.NewRequest("POST", "user/"+user, nil) + response, err := client.Do(req) + require.NoErrorf(t, err, "Request failed: %s", err) + body := readAsString(response.Body) + require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, body) + return body } func CreateUserWithRole(t *testing.T, client HTTPClient, user string, roles []string) string { @@ -116,6 +125,24 @@ func CreateUserWithRole(t *testing.T, client HTTPClient, user string, roles []st return body } +func AssignRolesToUser(t *testing.T, client HTTPClient, user string, roles []string) { + payload, _ := json.Marshal(roles) + req, _ := client.NewRequest("PUT", "user/"+user+"/role", bytes.NewBuffer(payload)) + response, err := client.Do(req) + require.NoErrorf(t, err, "Request failed: %s", err) + require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) +} + +func AssertUserRole(t *testing.T, client HTTPClient, user string, roleName, roleBody string) { + req, _ := client.NewRequest("GET", "user/"+user+"/role", nil) + response, err := client.Do(req) + require.NoErrorf(t, err, "Request failed: %s", err) + userRoleBody := readAsString(response.Body) + require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, userRoleBody) + expectedRoleBody := fmt.Sprintf(`{"%s":%s}`, roleName, roleBody) + require.JSONEq(t, userRoleBody, expectedRoleBody, "Get user role response doesn't match with expected role") +} + func RegenPassword(t *testing.T, client HTTPClient, user string) string { req, _ := client.NewRequest("POST", "user/"+user+"/generate-new-password", nil) response, err := client.Do(req) @@ -147,6 +174,45 @@ func DeleteRole(t *testing.T, client HTTPClient, roleName string) { require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) } +func SetDefaultRole(t *testing.T, client HTTPClient, roleName string) { + payload, _ := json.Marshal(roleName) + req, _ := client.NewRequest("PUT", "role/default", bytes.NewBuffer(payload)) + response, err := client.Do(req) + require.NoErrorf(t, err, "Request failed: %s", err) + require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) +} + +func AssertDefaultRole(t *testing.T, client HTTPClient, roleName string) { + req, _ := client.NewRequest("GET", "role/default", nil) + response, err := client.Do(req) + require.NoErrorf(t, err, "Request failed: %s", err) + body := readAsString(response.Body) + require.Equalf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, body) + require.Equalf(t, roleName, body, "Get default role response doesn't match with expected role") +} + +func PutSingleEventExpectErr(t *testing.T, client HTTPClient, stream string) { + payload := `{ + "id": "id;objectId", + "maxRunDistance": "float;1;20;1", + "cpf": "cpf", + "cnpj": "cnpj", + "pretendSalary": "money", + "age": "int;20;80", + "gender": "gender", + "firstName": "firstName", + "lastName": "lastName", + "phone": "maskInt;+55 (83) 9####-####", + "address": "address", + "hairColor": "color" + }` + req, _ := client.NewRequest("POST", "logstream/"+stream, bytes.NewBufferString(payload)) + response, err := client.Do(req) + + require.Errorf(t, err, "Request passed: %s when expected to fail", err) + require.NotEqualf(t, 200, response.StatusCode, "Server returned http code: %s and response: %s", response.Status, readAsString(response.Body)) +} + func PutSingleEvent(t *testing.T, client HTTPClient, stream string) { payload := `{ "id": "id;objectId",