OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-04-29 13:49:28 +08:00
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/users/policies/postgres/policies_test.go

687 lines
18 KiB
Go
Raw Normal View History

MF-1506 - Group-based Access Control (#1716) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update Add and Delete Policies (#1792) * Remove Policy Action Ranks Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Rebase Issues Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix CI Test Errors Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Adding Check on Subject For Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Check Client Exists Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check When Sharing Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Only Add User to Group When Sharing Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove clientType Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Minor Fix on ShareClient and Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Clean Up Things Authorization Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests on RetrieveAll Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Test ShareThing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Merge Conflicts Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Adding Policies. Only Use Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check If Subject is same as Object Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Move Back To Union As Sometimes Policy is Empty and Fails to Evaluate on Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Entity Type For Failing Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix BUG in policy evaluation Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Comments Regarding checkAdmin Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Combine Authorize For Things and Users Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Error on Things SVC `unsupported protocol scheme` Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix Bug on Things Authorization Cache (#1810) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Use Password instead of username in MQTT handler Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Simplify MQTT authorization Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix MQTT tests Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add More Functions to SDK (#1811) * Add More Functions to SDK Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to GoDoc Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Update Unassign Interface Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Pass Subject as ID and Not Token on List Channels By Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Bootstrap Errors For Element Check Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add empty line Before Return Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Reorder URLS in things mux Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Listing Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Share Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to CLI Docs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Identity To Update Another User Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Identify an Update Policies on Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix GoDocs on Disconnect Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Change Authorize To Use AccessRequest Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * For Evaluate Policy Use AccessRequest (#1814) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add SDK Tests (#1812) * Add Things Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Channel Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Certs Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Consumer Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enrich Group Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Health Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Tokens Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename SDK for Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Linter Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Make Variable Defination Inline Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Make Cache Key Duration Configurable (#1815) * Make Cache Key Duration Configurable Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename ENV Var Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update GoDocs (#1816) * Add GoDocs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Missing GoDoc Files Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enable godot Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add License Information Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add Call Home Client to Mainflux services (#1751) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> * collect and send data package Signed-off-by: SammyOina <sammyoina@gmail.com> * create telemetry migrations Signed-off-by: SammyOina <sammyoina@gmail.com> * add telemetry endpoints Signed-off-by: SammyOina <sammyoina@gmail.com> * add transport Signed-off-by: SammyOina <sammyoina@gmail.com> * create service Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing server Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to adapters Signed-off-by: SammyOina <sammyoina@gmail.com> * add last seen Signed-off-by: SammyOina <sammyoina@gmail.com> * rename logger Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing client Signed-off-by: SammyOina <sammyoina@gmail.com> * use unmerged repo Signed-off-by: SammyOina <sammyoina@gmail.com> * use renamed module Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home version Signed-off-by: SammyOina <sammyoina@gmail.com> * edit documentation Signed-off-by: SammyOina <sammyoina@gmail.com> * align table Signed-off-by: SammyOina <sammyoina@gmail.com> * use alias for call home client Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home pkg Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home Signed-off-by: SammyOina <sammyoina@gmail.com> * fix modules Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * restore default Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home for users and things Signed-off-by: SammyOina <sammyoina@gmail.com> * enable opting on call home Signed-off-by: SammyOina <sammyoina@gmail.com> * remove full stops Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome client Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to all services Signed-off-by: SammyOina <sammyoina@gmail.com> * fix build Signed-off-by: SammyOina <sammyoina@gmail.com> * restore sdk tests Signed-off-by: SammyOina <sammyoina@gmail.com> * remove unnecessary changes Signed-off-by: SammyOina <sammyoina@gmail.com> * restore health_test.go Signed-off-by: SammyOina <sammyoina@gmail.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
2023-06-14 12:40:37 +02:00
// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0
package postgres_test
import (
"context"
"fmt"
"testing"
"github.com/mainflux/mainflux/internal/apiutil"
"github.com/mainflux/mainflux/internal/postgres"
"github.com/mainflux/mainflux/internal/testsutil"
mfclients "github.com/mainflux/mainflux/pkg/clients"
"github.com/mainflux/mainflux/pkg/errors"
mfgroups "github.com/mainflux/mainflux/pkg/groups"
"github.com/mainflux/mainflux/pkg/uuid"
cpostgres "github.com/mainflux/mainflux/users/clients/postgres"
gpostgres "github.com/mainflux/mainflux/users/groups/postgres"
"github.com/mainflux/mainflux/users/policies"
ppostgres "github.com/mainflux/mainflux/users/policies/postgres"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
var (
idProvider = uuid.New()
)
func TestPoliciesSave(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
uid := testsutil.GenerateUUID(t, idProvider)
client := mfclients.Client{
ID: uid,
Name: "policy-save@example.com",
Credentials: mfclients.Credentials{
Identity: "policy-save@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
clients, err := crepo.Save(context.Background(), client)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
client = clients[0]
uid = testsutil.GenerateUUID(t, idProvider)
cases := []struct {
desc string
policy policies.Policy
err error
}{
{
desc: "add new policy successfully",
policy: policies.Policy{
OwnerID: client.ID,
Subject: client.ID,
Object: uid,
Actions: []string{"c_delete"},
},
err: nil,
},
{
desc: "add policy with duplicate subject, object and action",
policy: policies.Policy{
OwnerID: client.ID,
Subject: client.ID,
Object: uid,
Actions: []string{"c_delete"},
},
NOISSUE - Use Insert On Conflict For Policies (#1824) * Initial Commit: Use Insert On Conflict For Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Invalidate Cache on Adding Policy Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
2023-06-20 15:59:53 +03:00
err: nil,
MF-1506 - Group-based Access Control (#1716) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update Add and Delete Policies (#1792) * Remove Policy Action Ranks Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Rebase Issues Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix CI Test Errors Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Adding Check on Subject For Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Check Client Exists Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check When Sharing Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Only Add User to Group When Sharing Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove clientType Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Minor Fix on ShareClient and Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Clean Up Things Authorization Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests on RetrieveAll Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Test ShareThing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Merge Conflicts Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Adding Policies. Only Use Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check If Subject is same as Object Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Move Back To Union As Sometimes Policy is Empty and Fails to Evaluate on Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Entity Type For Failing Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix BUG in policy evaluation Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Comments Regarding checkAdmin Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Combine Authorize For Things and Users Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Error on Things SVC `unsupported protocol scheme` Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix Bug on Things Authorization Cache (#1810) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Use Password instead of username in MQTT handler Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Simplify MQTT authorization Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix MQTT tests Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add More Functions to SDK (#1811) * Add More Functions to SDK Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to GoDoc Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Update Unassign Interface Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Pass Subject as ID and Not Token on List Channels By Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Bootstrap Errors For Element Check Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add empty line Before Return Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Reorder URLS in things mux Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Listing Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Share Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to CLI Docs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Identity To Update Another User Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Identify an Update Policies on Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix GoDocs on Disconnect Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Change Authorize To Use AccessRequest Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * For Evaluate Policy Use AccessRequest (#1814) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add SDK Tests (#1812) * Add Things Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Channel Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Certs Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Consumer Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enrich Group Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Health Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Tokens Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename SDK for Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Linter Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Make Variable Defination Inline Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Make Cache Key Duration Configurable (#1815) * Make Cache Key Duration Configurable Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename ENV Var Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update GoDocs (#1816) * Add GoDocs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Missing GoDoc Files Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enable godot Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add License Information Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add Call Home Client to Mainflux services (#1751) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> * collect and send data package Signed-off-by: SammyOina <sammyoina@gmail.com> * create telemetry migrations Signed-off-by: SammyOina <sammyoina@gmail.com> * add telemetry endpoints Signed-off-by: SammyOina <sammyoina@gmail.com> * add transport Signed-off-by: SammyOina <sammyoina@gmail.com> * create service Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing server Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to adapters Signed-off-by: SammyOina <sammyoina@gmail.com> * add last seen Signed-off-by: SammyOina <sammyoina@gmail.com> * rename logger Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing client Signed-off-by: SammyOina <sammyoina@gmail.com> * use unmerged repo Signed-off-by: SammyOina <sammyoina@gmail.com> * use renamed module Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home version Signed-off-by: SammyOina <sammyoina@gmail.com> * edit documentation Signed-off-by: SammyOina <sammyoina@gmail.com> * align table Signed-off-by: SammyOina <sammyoina@gmail.com> * use alias for call home client Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home pkg Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home Signed-off-by: SammyOina <sammyoina@gmail.com> * fix modules Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * restore default Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home for users and things Signed-off-by: SammyOina <sammyoina@gmail.com> * enable opting on call home Signed-off-by: SammyOina <sammyoina@gmail.com> * remove full stops Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome client Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to all services Signed-off-by: SammyOina <sammyoina@gmail.com> * fix build Signed-off-by: SammyOina <sammyoina@gmail.com> * restore sdk tests Signed-off-by: SammyOina <sammyoina@gmail.com> * remove unnecessary changes Signed-off-by: SammyOina <sammyoina@gmail.com> * restore health_test.go Signed-off-by: SammyOina <sammyoina@gmail.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
2023-06-14 12:40:37 +02:00
},
}
for _, tc := range cases {
err := repo.Save(context.Background(), tc.policy)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
}
}
func TestPoliciesEvaluate(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
grepo := gpostgres.NewRepository(database)
client1 := mfclients.Client{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "connectedclients-clientA@example.com",
Credentials: mfclients.Credentials{
Identity: "connectedclients-clientA@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
client2 := mfclients.Client{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "connectedclients-clientB@example.com",
Credentials: mfclients.Credentials{
Identity: "connectedclients-clientB@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
group := mfgroups.Group{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "connecting-group@example.com",
}
clients1, err := crepo.Save(context.Background(), client1)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
client1 = clients1[0]
clients2, err := crepo.Save(context.Background(), client2)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
client2 = clients2[0]
group, err = grepo.Save(context.Background(), group)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
policy1 := policies.Policy{
OwnerID: client1.ID,
Subject: client1.ID,
Object: group.ID,
Actions: []string{"c_update", "c_list", "g_list", "g_update"},
}
policy2 := policies.Policy{
OwnerID: client2.ID,
Subject: client2.ID,
Object: group.ID,
Actions: []string{"c_update", "g_update"},
}
err = repo.Save(context.Background(), policy1)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
err = repo.Save(context.Background(), policy2)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
cases := map[string]struct {
Subject string
Object string
Action string
Domain string
err error
}{
"evaluate valid client update": {client1.ID, client2.ID, "c_update", "client", nil},
"evaluate valid group update": {client1.ID, group.ID, "g_update", "group", nil},
"evaluate valid client list": {client1.ID, client2.ID, "c_list", "client", nil},
"evaluate valid group list": {client1.ID, group.ID, "g_list", "group", nil},
"evaluate invalid client delete": {client1.ID, client2.ID, "c_delete", "client", errors.ErrAuthorization},
"evaluate invalid group delete": {client1.ID, group.ID, "g_delete", "group", errors.ErrAuthorization},
"evaluate invalid client update": {"unknown", "unknown", "c_update", "client", errors.ErrAuthorization},
"evaluate invalid group update": {"unknown", "unknown", "c_update", "group", errors.ErrAuthorization},
}
for desc, tc := range cases {
aReq := policies.AccessRequest{
Subject: tc.Subject,
Object: tc.Object,
Action: tc.Action,
}
var err error
switch tc.Domain {
case "client":
_, err = repo.EvaluateUserAccess(context.Background(), aReq)
case "group":
_, err = repo.EvaluateGroupAccess(context.Background(), aReq)
}
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
}
}
func TestPoliciesRetrieve(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
uid := testsutil.GenerateUUID(t, idProvider)
client := mfclients.Client{
ID: uid,
Name: "single-policy-retrieval@example.com",
Credentials: mfclients.Credentials{
Identity: "single-policy-retrieval@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
clients, err := crepo.Save(context.Background(), client)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
client = clients[0]
uid, err = idProvider.ID()
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
policy := policies.Policy{
OwnerID: client.ID,
Subject: client.ID,
Object: uid,
Actions: []string{"c_delete"},
}
err = repo.Save(context.Background(), policy)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
cases := map[string]struct {
Subject string
Object string
err error
}{
"retrieve existing policy": {uid, uid, nil},
"retrieve non-existing policy": {"unknown", "unknown", nil},
}
for desc, tc := range cases {
pm := policies.Page{
Subject: tc.Subject,
Object: tc.Object,
}
_, err := repo.RetrieveAll(context.Background(), pm)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
}
}
func TestPoliciesUpdate(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
cid := testsutil.GenerateUUID(t, idProvider)
pid := testsutil.GenerateUUID(t, idProvider)
client := mfclients.Client{
ID: cid,
Name: "policy-update@example.com",
Credentials: mfclients.Credentials{
Identity: "policy-update@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
_, err := crepo.Save(context.Background(), client)
require.Nil(t, err, fmt.Sprintf("unexpected error during saving client: %s", err))
policy := policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
}
err = repo.Save(context.Background(), policy)
require.Nil(t, err, fmt.Sprintf("unexpected error during saving policy: %s", err))
cases := []struct {
desc string
policy policies.Policy
resp policies.Policy
err error
}{
{
desc: "update policy successfully",
policy: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_update"},
},
resp: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_update"},
},
err: nil,
},
{
desc: "update policy with missing owner id",
policy: policies.Policy{
OwnerID: "",
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
},
resp: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
},
err: nil,
},
{
desc: "update policy with missing subject",
policy: policies.Policy{
OwnerID: cid,
Subject: "",
Object: pid,
Actions: []string{"c_add"},
},
resp: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
},
err: apiutil.ErrMissingPolicySub,
},
{
desc: "update policy with missing object",
policy: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: "",
Actions: []string{"c_add"},
},
resp: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
},
err: apiutil.ErrMissingPolicyObj,
},
{
desc: "update policy with missing action",
policy: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{""},
},
resp: policies.Policy{
OwnerID: cid,
Subject: cid,
Object: pid,
Actions: []string{"c_delete"},
},
err: apiutil.ErrMalformedPolicyAct,
},
}
for _, tc := range cases {
err := repo.Update(context.Background(), tc.policy)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
policPage, err := repo.RetrieveAll(context.Background(), policies.Page{
Offset: uint64(0),
Limit: uint64(10),
Subject: tc.policy.Subject,
})
if err == nil {
assert.Equal(t, tc.resp, policPage.Policies[0], fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
}
}
}
func TestPoliciesRetrievalAll(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
postgres.NewDatabase(db, tracer)
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
var nPolicies = uint64(10)
clientA := mfclients.Client{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "policyA-retrievalall@example.com",
Credentials: mfclients.Credentials{
Identity: "policyA-retrievalall@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
clientB := mfclients.Client{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "policyB-retrievalall@example.com",
Credentials: mfclients.Credentials{
Identity: "policyB-retrievalall@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
clientsA, err := crepo.Save(context.Background(), clientA)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
clientA = clientsA[0]
clientsB, err := crepo.Save(context.Background(), clientB)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
clientB = clientsB[0]
for i := uint64(0); i < nPolicies; i++ {
obj := fmt.Sprintf("TestRetrieveAll%d@example.com", i)
if i%2 == 0 {
policy := policies.Policy{
OwnerID: clientA.ID,
Subject: clientA.ID,
Object: obj,
Actions: []string{"c_delete"},
}
err = repo.Save(context.Background(), policy)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
}
policy := policies.Policy{
Subject: clientB.ID,
Object: obj,
Actions: []string{"c_add", "c_update"},
}
err = repo.Save(context.Background(), policy)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
}
cases := map[string]struct {
size uint64
pm policies.Page
}{
"retrieve all policies with limit and offset": {
pm: policies.Page{
Offset: 5,
Limit: nPolicies,
},
size: 10,
},
"retrieve all policies by owner id": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
},
size: 5,
},
"retrieve policies by wrong owner id": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
},
size: 0,
},
"retrieve all policies by Subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Subject: clientA.ID,
},
size: 5,
},
"retrieve policies by wrong Subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Subject: "wrongSubject",
},
size: 0,
},
"retrieve all policies by Object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Object: "TestRetrieveAll1@example.com",
},
size: 1,
},
"retrieve policies by wrong Object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Object: "TestRetrieveAll45@example.com",
},
size: 0,
},
"retrieve all policies by Action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Action: "c_delete",
},
size: 5,
},
"retrieve policies by wrong Action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
Action: "wrongAction",
},
size: 0,
},
"retrieve all policies by owner id and subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Subject: clientA.ID,
},
size: 5,
},
"retrieve policies by wrong owner id and correct subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
Subject: clientA.ID,
},
size: 0,
},
"retrieve policies by correct owner id and wrong subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Subject: "wrongSubject",
},
size: 0,
},
"retrieve policies by wrong owner id and wrong subject": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
},
size: 0,
},
"retrieve all policies by owner id and object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Object: "TestRetrieveAll2@example.com",
},
size: 1,
},
"retrieve policies by wrong owner id and correct object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
Object: "TestRetrieveAll1@example.com",
},
size: 0,
},
"retrieve policies by correct owner id and wrong object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Object: "TestRetrieveAll45@example.com",
},
size: 0,
},
"retrieve policies by wrong owner id and wrong object": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
Object: "TestRetrieveAll45@example.com",
},
size: 0,
},
"retrieve all policies by owner id and action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Action: "c_delete",
},
size: 5,
},
"retrieve policies by wrong owner id and correct action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
Action: "c_delete",
},
size: 0,
},
"retrieve policies by correct owner id and wrong action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientA.ID,
Action: "wrongAction",
},
size: 0,
},
"retrieve policies by wrong owner id and wrong action": {
pm: policies.Page{
Offset: 0,
Limit: nPolicies,
Total: nPolicies,
OwnerID: clientB.ID,
Action: "wrongAction",
},
size: 0,
},
}
for desc, tc := range cases {
page, err := repo.RetrieveAll(context.Background(), tc.pm)
size := uint64(len(page.Policies))
assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected size %d got %d\n", desc, tc.size, size))
assert.Nil(t, err, fmt.Sprintf("%s: expected no error got %d\n", desc, err))
}
}
func TestPoliciesDelete(t *testing.T) {
t.Cleanup(func() { testsutil.CleanUpDB(t, db) })
repo := ppostgres.NewRepository(database)
crepo := cpostgres.NewRepository(database)
client := mfclients.Client{
ID: testsutil.GenerateUUID(t, idProvider),
Name: "policy-delete@example.com",
Credentials: mfclients.Credentials{
Identity: "policy-delete@example.com",
Secret: "pass",
},
Status: mfclients.EnabledStatus,
}
subject, err := crepo.Save(context.Background(), client)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
objectID := testsutil.GenerateUUID(t, idProvider)
policy := policies.Policy{
OwnerID: subject[0].ID,
Subject: subject[0].ID,
Object: objectID,
Actions: []string{"c_delete"},
}
err = repo.Save(context.Background(), policy)
require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
cases := map[string]struct {
Subject string
Object string
err error
}{
"delete non-existing policy": {"unknown", "unknown", nil},
"delete non-existing policy with correct subject": {subject[0].ID, "unknown", nil},
"delete non-existing policy with correct object": {"unknown", objectID, nil},
"delete existing policy": {subject[0].ID, objectID, nil},
}
for desc, tc := range cases {
policy := policies.Policy{
Subject: tc.Subject,
Object: tc.Object,
}
err := repo.Delete(context.Background(), policy)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", desc, tc.err, err))
}
pm := policies.Page{
OwnerID: subject[0].ID,
Subject: subject[0].ID,
Object: objectID,
Action: "c_delete",
}
policyPage, err := repo.RetrieveAll(context.Background(), pm)
assert.Equal(t, uint64(0), policyPage.Total, fmt.Sprintf("retrieve policies unexpected total %d\n", policyPage.Total))
require.Nil(t, err, fmt.Sprintf("retrieve policies unexpected error: %s", err))
}
Reference in New Issue Copy Permalink