-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam_v2.go
111 lines (102 loc) · 3.29 KB
/
iam_v2.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package integration
import (
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
"github.com/chef/automate/components/automate-cli/pkg/diagnostics"
"github.com/chef/automate/components/automate-cli/pkg/diagnostics/lbrequest"
uuid "github.com/chef/automate/lib/uuid4"
)
type save struct {
PolicyID string `json:"id"`
}
// This is used to ensure the response body is valid JSON, where we don't
// actually care about the content.
type empty struct{}
const v2PolicyCreateTemplateStr = `
{
"id": "{{ .ID }}",
"name": "{{ .Name }}",
"members": ["user:local:testuser", "team:local:testteam"],
"statements": [
{
"effect": "DENY",
"role": "testrole"
},
{
"effect": "ALLOW",
"actions": ["test:svc:someaction", "test:svc:otheraction"]
}
]
}
`
// CreateIAMV2Diagnostic create the diagnostic struct for IAM v2 data.
func CreateIAMV2Diagnostic() diagnostics.Diagnostic {
policyID := "test-policy-" + uuid.Must(uuid.NewV4()).String()
policyName := "This is a test IAM v2 backup and restore policy."
policyType := "CUSTOM"
return diagnostics.Diagnostic{
Name: "iam-v2",
Tags: diagnostics.Tags{"auth", "skip-for-deep-upgrade"},
Generate: func(tstCtx diagnostics.TestContext) error {
tstCtx.SetValue("iam-v2-policy-id", save{PolicyID: policyID})
err := MustJSONDecodeSuccess(
tstCtx.DoLBRequest("/apis/iam/v2beta/policies",
lbrequest.WithMethod("POST"),
lbrequest.WithJSONStringTemplateBody(v2PolicyCreateTemplateStr,
struct{ ID, Name string }{ID: policyID, Name: policyName}),
)).WithValue(&empty{})
return errors.Wrap(err, "Could not create IAM v2 policy")
},
Verify: func(tstCtx diagnostics.VerificationTestContext) {
loaded := save{}
require.NoError(tstCtx, tstCtx.GetValue("iam-v2-policy-id", &loaded),
"Generated context was not found")
type Statement struct {
Resources []string
Actions []string
Role string
Effect string
}
resp := struct {
Policy struct {
Id, Name, Type string
Statements []Statement
}
}{}
expectedStmts := []Statement{
{
Actions: []string{"test:svc:someaction", "test:svc:otheraction"},
Resources: []string{"*"},
Effect: "ALLOW",
},
{
Role: "testrole",
Actions: []string{},
Resources: []string{"*"},
Effect: "DENY",
},
}
err := MustJSONDecodeSuccess(tstCtx.DoLBRequest("/apis/iam/v2beta/policies/" + loaded.PolicyID)).
WithValue(&resp)
require.NoError(tstCtx, err, "Expected to be able to retrieve stored IAM v2 policy")
require.Equal(tstCtx, policyName, resp.Policy.Name)
require.Equal(tstCtx, loaded.PolicyID, resp.Policy.Id)
require.Equal(tstCtx, policyType, resp.Policy.Type)
require.ElementsMatch(tstCtx, expectedStmts, resp.Policy.Statements)
},
Cleanup: func(tstCtx diagnostics.TestContext) error {
loaded := save{}
if err := tstCtx.GetValue("iam-v2-policy-id", &loaded); err != nil {
return errors.Wrap(err, "Generated context was not found")
}
err := MustJSONDecodeSuccess(
tstCtx.DoLBRequest("/apis/iam/v2beta/policies/"+loaded.PolicyID,
lbrequest.WithMethod("DELETE")),
).WithValue(&empty{})
return errors.Wrap(err, "Could not delete IAM v2 policy")
},
}
}
func init() {
diagnostics.RegisterDiagnostic(CreateIAMV2Diagnostic())
}