106 lines
3.3 KiB
Go
106 lines
3.3 KiB
Go
package tests
|
|
|
|
import "testing"
|
|
|
|
import "codit/internal/models"
|
|
|
|
func createTestUserGroup(t *testing.T, store interface {
|
|
CreateUserGroup(models.UserGroup) (models.UserGroup, error)
|
|
AddUserGroupMember(string, string) error
|
|
}, name string, userID string) models.UserGroup {
|
|
var group models.UserGroup
|
|
var err error
|
|
|
|
group = models.UserGroup{
|
|
Name: name,
|
|
Description: name,
|
|
Disabled: false,
|
|
}
|
|
group, err = store.CreateUserGroup(group)
|
|
if err != nil {
|
|
t.Fatalf("create user group: %v", err)
|
|
}
|
|
err = store.AddUserGroupMember(group.ID, userID)
|
|
if err != nil {
|
|
t.Fatalf("add user group member: %v", err)
|
|
}
|
|
return group
|
|
}
|
|
|
|
func TestSSHAccessProfileVisibilityForUserAndGroupTargets(t *testing.T) {
|
|
var store = openTestStore(t)
|
|
var user models.User
|
|
var other models.User
|
|
var group models.UserGroup
|
|
var server models.SSHServer
|
|
var created models.SSHAccessProfile
|
|
var visible []models.SSHAccessProfile
|
|
var err error
|
|
|
|
defer store.Close()
|
|
user = createTestUser(t, store, "ssh-broker-alice")
|
|
other = createTestUser(t, store, "ssh-broker-bob")
|
|
group = createTestUserGroup(t, store, "ssh-broker-ops", other.ID)
|
|
server, err = store.CreateSSHServer(models.SSHServer{
|
|
Name: "web-01",
|
|
Host: "10.0.0.11",
|
|
Port: 22,
|
|
Description: "web",
|
|
Tags: []string{"prod", "web"},
|
|
Enabled: true,
|
|
CreatedByKind: "user",
|
|
CreatedBySubjectID: user.ID,
|
|
CreatedBySubjectName: user.Username,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("create ssh server: %v", err)
|
|
}
|
|
created, err = store.CreateSSHAccessProfile(models.SSHAccessProfile{
|
|
ServerID: server.ID,
|
|
Name: "web deploy",
|
|
Description: "deploy access",
|
|
RemoteUsername: "deploy",
|
|
AuthMethod: "stored_private_key",
|
|
OwnerScope: "admin_shared",
|
|
Enabled: true,
|
|
SecretPayload: "PRIVATE KEY",
|
|
AuthPublicKey: "ssh-ed25519 AAAA",
|
|
AuthPublicKeyFingerprint: "SHA256:test",
|
|
DefaultValidSeconds: 3600,
|
|
MaxValidSeconds: 3600,
|
|
CreatedByKind: "user",
|
|
CreatedBySubjectID: user.ID,
|
|
CreatedBySubjectName: user.Username,
|
|
Targets: []models.SSHAccessProfileTarget{
|
|
{TargetType: "user", TargetID: user.ID},
|
|
{TargetType: "group", TargetID: group.ID},
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("create ssh access profile: %v", err)
|
|
}
|
|
visible, err = store.ListSSHAccessProfilesForUser(user.ID)
|
|
if err != nil {
|
|
t.Fatalf("list visible ssh access profiles for user: %v", err)
|
|
}
|
|
if len(visible) != 1 {
|
|
t.Fatalf("unexpected direct visibility count: got=%d want=1", len(visible))
|
|
}
|
|
if visible[0].ID != created.ID {
|
|
t.Fatalf("unexpected direct visible profile id: got=%s want=%s", visible[0].ID, created.ID)
|
|
}
|
|
visible, err = store.ListSSHAccessProfilesForUser(other.ID)
|
|
if err != nil {
|
|
t.Fatalf("list visible ssh access profiles for group member: %v", err)
|
|
}
|
|
if len(visible) != 1 {
|
|
t.Fatalf("unexpected group visibility count: got=%d want=1", len(visible))
|
|
}
|
|
if visible[0].ID != created.ID {
|
|
t.Fatalf("unexpected group visible profile id: got=%s want=%s", visible[0].ID, created.ID)
|
|
}
|
|
if len(visible[0].Targets) != 2 {
|
|
t.Fatalf("unexpected target count: got=%d want=2", len(visible[0].Targets))
|
|
}
|
|
}
|