Skip to content

Commit

Permalink
chore: update roles test
Browse files Browse the repository at this point in the history 
Add tests to ensure that roles are now created based on the project ID
and name only, ignoring groups.
  • Loading branch information
@smlx
smlx committed Jan 17, 2025
1 parent bcb8704 commit 164bb8e
Showing 1 changed file with 227 additions and 2 deletions.
229 changes: 227 additions & 2 deletions internal/sync/roles_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func TestGenerateRoles(t *testing.T) {
input generateRolesInput
expect generateRolesOutput
}{
"generate roles for regular group": {
"generate roles for regular group and projects": {
input: generateRolesInput{
groups: []keycloak.Group{
{
Expand Down Expand Up @@ -121,10 +121,98 @@ func TestGenerateRoles(t *testing.T) {
},
},
},
"p31": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-drupal9-base-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p34": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-somelongerprojectname-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p35": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-drupal10-prerelease-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p36": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-delta-backend-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
},
},
},
"generate roles for project group": {
"generate roles for projects ignoring project group": {
input: generateRolesInput{
groups: []keycloak.Group{
{
Expand All @@ -148,6 +236,28 @@ func TestGenerateRoles(t *testing.T) {
},
expect: generateRolesOutput{
roles: map[string]opensearch.Role{
"p26": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-abc-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p27": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
Expand All @@ -170,6 +280,121 @@ func TestGenerateRoles(t *testing.T) {
},
},
},
"p48": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-somelongprojectname-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
},
},
},
"generate roles for multi-project project group": {
input: generateRolesInput{
groups: []keycloak.Group{
{
ID: "3fc60c90-b72d-4704-8a57-80438adac98d",
GroupUpdateRepresentation: keycloak.GroupUpdateRepresentation{
Name: "project-beta-ui",
Attributes: map[string][]string{
"type": {`project-default-group`},
},
},
},
},
projectNames: map[int]string{
26: "abc",
27: "beta-ui",
48: "somelongprojectname",
},
groupProjectsMap: map[string][]int{
"3fc60c90-b72d-4704-8a57-80438adac98d": {48, 27, 26},
},
},
expect: generateRolesOutput{
roles: map[string]opensearch.Role{
"p26": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-abc-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p27": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-beta-ui-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
"p48": {
RolePermissions: opensearch.RolePermissions{
ClusterPermissions: []string{},
IndexPermissions: []opensearch.IndexPermission{
{
AllowedActions: []string{
"read",
"indices:monitor/settings/get",
},
IndexPatterns: []string{
"/^(application|container|lagoon|router)-logs-somelongprojectname-_-.+/",
},
},
},
TenantPermissions: []opensearch.TenantPermission{
{
AllowedActions: []string{"kibana_all_read"},
TenantPatterns: []string{"global_tenant"},
},
},
},
},
},
},
},
Expand Down

0 comments on commit 164bb8e

Please sign in to comment.