extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-10-05 09:42:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
50caacff69
netbird/management/server/account_test.go

1243 lines
32 KiB
Go
Raw Normal View History

test: add AddAccount test
2021-08-20 15:18:29 +02:00
package server
import (
Add account copy test (#549)
2022-11-07 17:37:28 +01:00
"fmt"
nbdns "github.com/netbirdio/netbird/dns"
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
"github.com/netbirdio/netbird/route"
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
"net"
Add account copy test (#549)
2022-11-07 17:37:28 +01:00
"reflect"
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
"sync"
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
"testing"
Rename module to netbirdio/netbird (#288) rename the go module to netbirdio/netbird as part of our rebranding.
2022-03-26 12:08:54 +01:00
"github.com/netbirdio/netbird/management/server/jwtclaims"
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
"github.com/stretchr/testify/assert"
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
"github.com/stretchr/testify/require"
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
test: add AddAccount test
2021-08-20 15:18:29 +02:00
)
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
func verifyCanAddPeerToAccount(t *testing.T, manager AccountManager, account *Account, userID string) {
peer := &Peer{
Key: "BhRPtynAAYRDy08+q4HTMsos8fs4plTP4NOSh7C1ry8=",
Name: "test-host@netbird.io",
Meta: PeerSystemMeta{
Hostname: "test-host@netbird.io",
GoOS: "linux",
Kernel: "Linux",
Core: "21.04",
Platform: "x86_64",
OS: "Ubuntu",
WtVersion: "development",
UIVersion: "development",
},
}
var setupKey string
for _, key := range account.SetupKeys {
setupKey = key.Key
}
_, err := manager.AddPeer(setupKey, userID, peer)
if err != nil {
t.Error("expected to add new peer successfully after creating new account, but failed", err)
}
}
func verifyNewAccountHasDefaultFields(t *testing.T, account *Account, createdBy string, domain string, expectedUsers []string) {
if len(account.Peers) != 0 {
t.Errorf("expected account to have len(Peers) = %v, got %v", 0, len(account.Peers))
}
if len(account.SetupKeys) != 2 {
t.Errorf("expected account to have len(SetupKeys) = %v, got %v", 2, len(account.SetupKeys))
}
ipNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 192, 0, 0}}
if !ipNet.Contains(account.Network.Net.IP) {
t.Errorf("expected account's Network to be a subnet of %v, got %v", ipNet.String(), account.Network.Net.String())
}
g, err := account.GetGroupAll()
if err != nil {
t.Fatal(err)
}
if g.Name != "All" {
t.Errorf("expecting account to have group ALL added by default")
}
if len(account.Users) != len(expectedUsers) {
t.Errorf("expecting account to have %d users, got %d", len(expectedUsers), len(account.Users))
}
if account.Users[createdBy] == nil {
t.Errorf("expecting account to have createdBy user %s in a user map ", createdBy)
}
for _, expectedUserID := range expectedUsers {
if account.Users[expectedUserID] == nil {
t.Errorf("expecting account to have a user %s in a user map", expectedUserID)
}
}
if account.CreatedBy != createdBy {
t.Errorf("expecting newly created account to be created by user %s, got %s", createdBy, account.CreatedBy)
}
if account.Domain != domain {
t.Errorf("expecting newly created account to have domain %s, got %s", domain, account.Domain)
}
if len(account.Rules) != 1 {
t.Errorf("expecting newly created account to have 1 rule, got %d", len(account.Rules))
}
for _, rule := range account.Rules {
if rule.Name != "Default" {
t.Errorf("expecting newly created account to have Default rule, got %s", rule.Name)
}
}
}
func TestNewAccount(t *testing.T) {
domain := "netbird.io"
userId := "account_creator"
Check if new account ID is already being used (#364)
2022-06-20 18:20:43 +02:00
accountID := "account_id"
account := newAccountWithId(accountID, userId, domain)
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
verifyNewAccountHasDefaultFields(t, account, userId, domain, []string{userId})
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
func TestAccountManager_GetOrCreateAccountByUser(t *testing.T) {
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
manager, err := createManager(t)
test: add AddAccount test
2021-08-20 15:18:29 +02:00
if err != nil {
t.Fatal(err)
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
return
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
userId := "test_user"
Store domain information (#217) * extract claim information from JWT * get account function * Store domain * tests missing domain * update existing account with domain * add store domain tests
2022-02-11 17:18:18 +01:00
account, err := manager.GetOrCreateAccountByUser(userId, "")
test: add AddAccount test
2021-08-20 15:18:29 +02:00
if err != nil {
t.Fatal(err)
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
if account == nil {
t.Fatalf("expected to create an account for a user %s", userId)
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccountByUser(userId)
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
if err != nil {
t.Errorf("expected to get existing account after creation, no account was found for a user %s", userId)
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
if account != nil && account.Users[userId] == nil {
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
t.Fatalf("expected to create an account for a user %s but no user was found after creation udner the account %s", userId, account.Id)
}
}
Super user invites (#483) This PR brings user invites logic to the Management service via HTTP API. The POST /users/ API endpoint creates a new user in the Idp and then in the local storage. Once the invited user signs ups, the account invitation is redeemed. There are a few limitations. This works only with an enabled IdP manager. Users that already have a registered account can't be invited.
2022-10-13 18:26:31 +02:00
func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
type initUserParams jwtclaims.AuthorizationClaims
type test struct {
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
name string
inputClaims jwtclaims.AuthorizationClaims
inputInitUserParams initUserParams
inputUpdateAttrs bool
inputUpdateClaimAccount bool
testingFunc require.ComparisonAssertionFunc
expectedMSG string
expectedUserRole UserRole
expectedDomainCategory string
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain string
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedPrimaryDomainStatus bool
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy string
expectedUsers []string
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
var (
publicDomain = "public.com"
privateDomain = "private.com"
unknownDomain = "unknown.com"
)
defaultInitAccount := initUserParams{
Domain: publicDomain,
UserId: "defaultUser",
}
testCase1 := test{
name: "New User With Public Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: publicDomain,
UserId: "pub-domain-user",
DomainCategory: PublicCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputInitUserParams: defaultInitAccount,
testingFunc: require.NotEqual,
expectedMSG: "account IDs shouldn't match",
expectedUserRole: UserRoleAdmin,
expectedDomainCategory: "",
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: publicDomain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedPrimaryDomainStatus: false,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: "pub-domain-user",
expectedUsers: []string{"pub-domain-user"},
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
initUnknown := defaultInitAccount
initUnknown.DomainCategory = UnknownCategory
initUnknown.Domain = unknownDomain
testCase2 := test{
name: "New User With Unknown Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: unknownDomain,
UserId: "unknown-domain-user",
DomainCategory: UnknownCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputInitUserParams: initUnknown,
testingFunc: require.NotEqual,
expectedMSG: "account IDs shouldn't match",
expectedUserRole: UserRoleAdmin,
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: unknownDomain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedDomainCategory: "",
expectedPrimaryDomainStatus: false,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: "unknown-domain-user",
expectedUsers: []string{"unknown-domain-user"},
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
testCase3 := test{
name: "New User With Private Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: privateDomain,
UserId: "pvt-domain-user",
DomainCategory: PrivateCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputInitUserParams: defaultInitAccount,
testingFunc: require.NotEqual,
expectedMSG: "account IDs shouldn't match",
expectedUserRole: UserRoleAdmin,
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: privateDomain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedDomainCategory: PrivateCategory,
expectedPrimaryDomainStatus: true,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: "pvt-domain-user",
expectedUsers: []string{"pvt-domain-user"},
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
privateInitAccount := defaultInitAccount
privateInitAccount.Domain = privateDomain
privateInitAccount.DomainCategory = PrivateCategory
testCase4 := test{
name: "New Regular User With Existing Private Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: privateDomain,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
UserId: "new-pvt-domain-user",
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
DomainCategory: PrivateCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputUpdateAttrs: true,
inputInitUserParams: privateInitAccount,
testingFunc: require.Equal,
expectedMSG: "account IDs should match",
expectedUserRole: UserRoleUser,
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: privateDomain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedDomainCategory: PrivateCategory,
expectedPrimaryDomainStatus: true,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: defaultInitAccount.UserId,
expectedUsers: []string{defaultInitAccount.UserId, "new-pvt-domain-user"},
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
testCase5 := test{
name: "Existing User With Existing Reclassified Private Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: defaultInitAccount.Domain,
UserId: defaultInitAccount.UserId,
DomainCategory: PrivateCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputInitUserParams: defaultInitAccount,
testingFunc: require.Equal,
expectedMSG: "account IDs should match",
expectedUserRole: UserRoleAdmin,
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: defaultInitAccount.Domain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedDomainCategory: PrivateCategory,
expectedPrimaryDomainStatus: true,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: defaultInitAccount.UserId,
expectedUsers: []string{defaultInitAccount.UserId},
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Handle category change with provided Acc Id (#252) When account id supplied via claim, we should handle change of the domain classification. If category of domain change to private, we should re-evaluate the private account
2022-03-09 13:31:42 +01:00
testCase6 := test{
name: "Existing Account Id With Existing Reclassified Private Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: defaultInitAccount.Domain,
UserId: defaultInitAccount.UserId,
DomainCategory: PrivateCategory,
},
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
inputUpdateClaimAccount: true,
inputInitUserParams: defaultInitAccount,
testingFunc: require.Equal,
expectedMSG: "account IDs should match",
expectedUserRole: UserRoleAdmin,
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
expectedDomain: defaultInitAccount.Domain,
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
expectedDomainCategory: PrivateCategory,
expectedPrimaryDomainStatus: true,
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
expectedCreatedBy: defaultInitAccount.UserId,
expectedUsers: []string{defaultInitAccount.UserId},
Handle category change with provided Acc Id (#252) When account id supplied via claim, we should handle change of the domain classification. If category of domain change to private, we should re-evaluate the private account
2022-03-09 13:31:42 +01:00
}
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
testCase7 := test{
name: "User With Private Category And Empty Domain",
inputClaims: jwtclaims.AuthorizationClaims{
Domain: "",
UserId: "pvt-domain-user",
DomainCategory: PrivateCategory,
},
inputInitUserParams: defaultInitAccount,
testingFunc: require.NotEqual,
expectedMSG: "account IDs shouldn't match",
expectedUserRole: UserRoleAdmin,
expectedDomain: "",
expectedDomainCategory: "",
expectedPrimaryDomainStatus: false,
expectedCreatedBy: "pvt-domain-user",
expectedUsers: []string{"pvt-domain-user"},
}
for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5, testCase6, testCase7} {
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
t.Run(testCase.name, func(t *testing.T) {
manager, err := createManager(t)
require.NoError(t, err, "unable to create account manager")
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
initAccount, err := manager.GetAccountByUserOrAccountID(testCase.inputInitUserParams.UserId, testCase.inputInitUserParams.AccountId, testCase.inputInitUserParams.Domain)
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
require.NoError(t, err, "create init user failed")
if testCase.inputUpdateAttrs {
err = manager.updateAccountDomainAttributes(initAccount, jwtclaims.AuthorizationClaims{UserId: testCase.inputInitUserParams.UserId, Domain: testCase.inputInitUserParams.Domain, DomainCategory: testCase.inputInitUserParams.DomainCategory}, true)
require.NoError(t, err, "update init user failed")
}
Handle category change with provided Acc Id (#252) When account id supplied via claim, we should handle change of the domain classification. If category of domain change to private, we should re-evaluate the private account
2022-03-09 13:31:42 +01:00
if testCase.inputUpdateClaimAccount {
testCase.inputClaims.AccountId = initAccount.Id
}
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
account, _, err := manager.GetAccountFromToken(testCase.inputClaims)
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
require.NoError(t, err, "support function failed")
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
verifyNewAccountHasDefaultFields(t, account, testCase.expectedCreatedBy, testCase.inputClaims.Domain, testCase.expectedUsers)
verifyCanAddPeerToAccount(t, manager, account, testCase.expectedCreatedBy)
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
testCase.testingFunc(t, initAccount.Id, account.Id, testCase.expectedMSG)
Improve private domain's behavior tests and logic (#256) Improved the behavior tests for private domains and its logic as well because on existing accounts there was no primary status update
2022-03-10 13:47:36 +01:00
require.EqualValues(t, testCase.expectedUserRole, account.Users[testCase.inputClaims.UserId].Role, "expected user role should match")
require.EqualValues(t, testCase.expectedDomainCategory, account.DomainCategory, "expected account domain category should match")
require.EqualValues(t, testCase.expectedPrimaryDomainStatus, account.IsDomainPrimaryAccount, "expected account primary status should match")
Check if domain from claim is valid (#485) If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 10:51:18 +02:00
require.EqualValues(t, testCase.expectedDomain, account.Domain, "expected account domain should match")
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
})
}
}
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
func TestAccountManager_PrivateAccount(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
userId := "test_user"
account, err := manager.GetOrCreateAccountByUser(userId, "")
if err != nil {
t.Fatal(err)
}
if account == nil {
t.Fatalf("expected to create an account for a user %s", userId)
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccountByUser(userId)
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
if err != nil {
t.Errorf("expected to get existing account after creation, no account was found for a user %s", userId)
}
if account != nil && account.Users[userId] == nil {
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
t.Fatalf("expected to create an account for a user %s but no user was found after creation udner the account %s", userId, account.Id)
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
}
Store domain information (#217) * extract claim information from JWT * get account function * Store domain * tests missing domain * update existing account with domain * add store domain tests
2022-02-11 17:18:18 +01:00
func TestAccountManager_SetOrUpdateDomain(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
userId := "test_user"
domain := "hotmail.com"
account, err := manager.GetOrCreateAccountByUser(userId, domain)
if err != nil {
t.Fatal(err)
}
if account == nil {
t.Fatalf("expected to create an account for a user %s", userId)
}
if account.Domain != domain {
t.Errorf("setting account domain failed, expected %s, got %s", domain, account.Domain)
}
domain = "gmail.com"
account, err = manager.GetOrCreateAccountByUser(userId, domain)
if err != nil {
t.Fatalf("got the following error while retrieving existing acc: %v", err)
}
if account == nil {
t.Fatalf("expected to get an account for a user %s", userId)
}
if account.Domain != domain {
t.Errorf("updating domain. expected %s got %s", domain, account.Domain)
}
}
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
2022-01-24 11:21:30 +01:00
func TestAccountManager_GetAccountByUserOrAccountId(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
userId := "test_user"
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err := manager.GetAccountByUserOrAccountID(userId, "", "")
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
2022-01-24 11:21:30 +01:00
if err != nil {
t.Fatal(err)
}
if account == nil {
t.Fatalf("expected to create an account for a user %s", userId)
}
accountId := account.Id
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
_, err = manager.GetAccountByUserOrAccountID("", accountId, "")
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
2022-01-24 11:21:30 +01:00
if err != nil {
t.Errorf("expected to get existing account after creation using userid, no account was found for a account %s", accountId)
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
_, err = manager.GetAccountByUserOrAccountID("", "", "")
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
2022-01-24 11:21:30 +01:00
if err == nil {
t.Errorf("expected an error when user and account IDs are empty")
}
}
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
func createAccount(am *DefaultAccountManager, accountID, userID, domain string) (*Account, error) {
account := newAccountWithId(accountID, userID, domain)
err := am.Store.SaveAccount(account)
if err != nil {
return nil, err
}
return account, nil
}
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
func TestAccountManager_AccountExists(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
expectedId := "test_account"
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
userId := "account_creator"
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
_, err = createAccount(manager, expectedId, userId, "")
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if err != nil {
t.Fatal(err)
}
exists, err := manager.AccountExists(expectedId)
if err != nil {
t.Fatal(err)
}
if !*exists {
t.Errorf("expected account to exist after creation, got false")
}
}
func TestAccountManager_GetAccount(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
expectedId := "test_account"
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
userId := "account_creator"
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, expectedId, userId, "")
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if err != nil {
t.Fatal(err)
}
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
// AddAccount has been already tested so we can assume it is correct and compare results
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
getAccount, err := manager.Store.GetAccount(account.Id)
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if err != nil {
t.Fatal(err)
return
}
if account.Id != getAccount.Id {
feature: add update setup key endpoint
2021-08-20 22:33:43 +02:00
t.Errorf("expected account.Id %s, got %s", account.Id, getAccount.Id)
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
}
for _, peer := range account.Peers {
if _, ok := getAccount.Peers[peer.Key]; !ok {
t.Errorf("expected account to have peer %s, not found", peer.Key)
}
}
for _, key := range account.SetupKeys {
if _, ok := getAccount.SetupKeys[key.Key]; !ok {
t.Errorf("expected account to have setup key %s, not found", key.Key)
}
}
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
func TestAccountManager_AddPeer(t *testing.T) {
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
test: add AddAccount test
2021-08-20 15:18:29 +02:00
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, "test_account", "account_creator", "")
test: add AddAccount test
2021-08-20 15:18:29 +02:00
if err != nil {
t.Fatal(err)
}
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
serial := account.Network.CurrentSerial() // should be 0
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
var setupKey *SetupKey
for _, key := range account.SetupKeys {
setupKey = key
}
if setupKey == nil {
t.Errorf("expecting account to have a default setup key")
return
}
test: add AddAccount test
2021-08-20 15:18:29 +02:00
Persist Network Serial to Store to avoid outdated netmap sent (#260) Fix outdated update coming from management even when it is actually not outdated.
2022-03-10 18:18:38 +01:00
if account.Network.Serial != 0 {
t.Errorf("expecting account network to have an initial Serial=0")
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
return
}
Change Management Sync protocol to support incremental (serial) network changes (#191) * feature: introduce NetworkMap to the management protocol with a Serial ID * test: add Management Sync method protocol test * test: add Management Sync method NetworkMap field check [FAILING] * test: add Management Sync method NetworkMap field check [FAILING] * feature: fill NetworkMap property to when Deleting peer * feature: fill NetworkMap in the Sync protocol * test: code review mentions - GeneratePrivateKey() in the test * fix: wiretrustee client use wireguard GeneratePrivateKey() instead of GenerateKey() * test: add NetworkMap test * fix: management_proto test remove store.json on test finish
2022-01-16 17:10:36 +01:00
key, err := wgtypes.GeneratePrivateKey()
test: add AddAccount test
2021-08-20 15:18:29 +02:00
if err != nil {
t.Fatal(err)
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
return
}
expectedPeerKey := key.PublicKey().String()
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
expectedSetupKey := setupKey.Key
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
Add peer meta data (#95) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * feature: add peer system metadata * feature: add peer status * test: fix removal
2021-08-24 11:50:19 +02:00
Key: expectedPeerKey,
Meta: PeerSystemMeta{},
Name: expectedPeerKey,
})
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if err != nil {
t.Errorf("expecting peer to be added, got failure %v", err)
return
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccount(account.Id)
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
if err != nil {
t.Fatal(err)
return
}
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if peer.Key != expectedPeerKey {
t.Errorf("expecting just added peer to have key = %s, got %s", expectedPeerKey, peer.Key)
}
Replace IP allocation logic (#342) The peer IP allocation logic was allocating sequential peer IP from the 100.64.0.0/10 address block. Each account is created with a random subnet from 100.64.0.0/10. The total amount of potential subnets is 64. The new logic allocates random peer IP from the account subnet. This gives us flexibility to add support for multi subnet accounts without overlapping IPs.
2022-05-29 22:43:39 +02:00
if !account.Network.Net.Contains(peer.IP) {
t.Errorf("expecting just added peer's IP %s to be in a network range %s", peer.IP.String(), account.Network.Net.String())
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
}
if peer.SetupKey != expectedSetupKey {
t.Errorf("expecting just added peer to have SetupKey = %s, got %s", expectedSetupKey, peer.SetupKey)
}
if account.Network.CurrentSerial() != 1 {
t.Errorf("expecting Network Serial=%d to be incremented by 1 and be equal to %d when adding new peer to account", serial, account.Network.CurrentSerial())
}
}
func TestAccountManager_AddPeerWithUserID(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
userId := "account_creator"
account, err := manager.GetOrCreateAccountByUser(userId, "")
if err != nil {
t.Fatal(err)
}
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
serial := account.Network.CurrentSerial() // should be 0
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
if account.Network.Serial != 0 {
t.Errorf("expecting account network to have an initial Serial=0")
return
}
key, err := wgtypes.GeneratePrivateKey()
if err != nil {
t.Fatal(err)
return
}
expectedPeerKey := key.PublicKey().String()
expectedUserId := userId
peer, err := manager.AddPeer("", userId, &Peer{
Key: expectedPeerKey,
Meta: PeerSystemMeta{},
Name: expectedPeerKey,
})
if err != nil {
t.Errorf("expecting peer to be added, got failure %v, account users: %v", err, account.CreatedBy)
return
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccount(account.Id)
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
if err != nil {
t.Fatal(err)
return
}
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
if peer.Key != expectedPeerKey {
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
t.Errorf("expecting just added peer to have key = %s, got %s", expectedPeerKey, peer.Key)
}
Replace IP allocation logic (#342) The peer IP allocation logic was allocating sequential peer IP from the 100.64.0.0/10 address block. Each account is created with a random subnet from 100.64.0.0/10. The total amount of potential subnets is 64. The new logic allocates random peer IP from the account subnet. This gives us flexibility to add support for multi subnet accounts without overlapping IPs.
2022-05-29 22:43:39 +02:00
if !account.Network.Net.Contains(peer.IP) {
t.Errorf("expecting just added peer's IP %s to be in a network range %s", peer.IP.String(), account.Network.Net.String())
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
if peer.UserID != expectedUserId {
t.Errorf("expecting just added peer to have UserID = %s, got %s", expectedUserId, peer.UserID)
}
Persist Network Serial to Store to avoid outdated netmap sent (#260) Fix outdated update coming from management even when it is actually not outdated.
2022-03-10 18:18:38 +01:00
if account.Network.CurrentSerial() != 1 {
t.Errorf("expecting Network Serial=%d to be incremented by 1 and be equal to %d when adding new peer to account", serial, account.Network.CurrentSerial())
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
}
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
}
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
func TestAccountManager_NetworkUpdates(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, "test_account", "account_creator", "")
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
if err != nil {
t.Fatal(err)
}
var setupKey *SetupKey
for _, key := range account.SetupKeys {
setupKey = key
if setupKey.Type == SetupKeyReusable {
break
}
}
if setupKey == nil {
t.Errorf("expecting account to have a default setup key")
return
}
if account.Network.Serial != 0 {
t.Errorf("expecting account network to have an initial Serial=0")
return
}
getPeer := func() *Peer {
key, err := wgtypes.GeneratePrivateKey()
if err != nil {
t.Fatal(err)
return nil
}
expectedPeerKey := key.PublicKey().String()
peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
Key: expectedPeerKey,
Meta: PeerSystemMeta{},
Name: expectedPeerKey,
})
if err != nil {
t.Fatalf("expecting peer1 to be added, got failure %v", err)
return nil
}
return peer
}
peer1 := getPeer()
peer2 := getPeer()
peer3 := getPeer()
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccount(account.Id)
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
if err != nil {
t.Fatal(err)
return
}
updMsg := manager.peersUpdateManager.CreateChannel(peer1.Key)
defer manager.peersUpdateManager.CloseChannel(peer1.Key)
group := Group{
ID: "group-id",
Name: "GroupA",
Peers: []string{peer1.Key, peer2.Key, peer3.Key},
}
rule := Rule{
Source: []string{"group-id"},
Destination: []string{"group-id"},
Flow: TrafficFlowBidirect,
}
wg := sync.WaitGroup{}
t.Run("save group update", func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
message := <-updMsg
networkMap := message.Update.GetNetworkMap()
if len(networkMap.RemotePeers) != 2 {
t.Errorf("mismatch peers count: 2 expected, got %v", len(networkMap.RemotePeers))
}
}()
if err := manager.SaveGroup(account.Id, &group); err != nil {
t.Errorf("save group: %v", err)
return
}
wg.Wait()
})
t.Run("delete rule update", func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
message := <-updMsg
networkMap := message.Update.GetNetworkMap()
if len(networkMap.RemotePeers) != 0 {
t.Errorf("mismatch peers count: 0 expected, got %v", len(networkMap.RemotePeers))
}
}()
var defaultRule *Rule
for _, r := range account.Rules {
defaultRule = r
}
if err := manager.DeleteRule(account.Id, defaultRule.ID); err != nil {
t.Errorf("delete default rule: %v", err)
return
}
wg.Wait()
})
t.Run("save rule update", func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
message := <-updMsg
networkMap := message.Update.GetNetworkMap()
if len(networkMap.RemotePeers) != 2 {
t.Errorf("mismatch peers count: 2 expected, got %v", len(networkMap.RemotePeers))
}
}()
if err := manager.SaveRule(account.Id, &rule); err != nil {
t.Errorf("delete default rule: %v", err)
return
}
wg.Wait()
})
t.Run("delete peer update", func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
message := <-updMsg
networkMap := message.Update.GetNetworkMap()
if len(networkMap.RemotePeers) != 1 {
t.Errorf("mismatch peers count: 1 expected, got %v", len(networkMap.RemotePeers))
}
}()
if _, err := manager.DeletePeer(account.Id, peer3.Key); err != nil {
t.Errorf("delete peer: %v", err)
return
}
wg.Wait()
})
t.Run("delete group update", func(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
message := <-updMsg
networkMap := message.Update.GetNetworkMap()
if len(networkMap.RemotePeers) != 0 {
t.Errorf("mismatch peers count: 0 expected, got %v", len(networkMap.RemotePeers))
}
}()
if err := manager.DeleteGroup(account.Id, group.ID); err != nil {
t.Errorf("delete group rule: %v", err)
return
}
wg.Wait()
})
}
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
func TestAccountManager_DeletePeer(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, "test_account", "account_creator", "")
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
if err != nil {
t.Fatal(err)
}
var setupKey *SetupKey
for _, key := range account.SetupKeys {
setupKey = key
}
key, err := wgtypes.GenerateKey()
if err != nil {
t.Fatal(err)
return
}
peerKey := key.PublicKey().String()
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
_, err = manager.AddPeer(setupKey.Key, "", &Peer{
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
Key: peerKey,
Meta: PeerSystemMeta{},
Name: peerKey,
})
if err != nil {
t.Errorf("expecting peer to be added, got failure %v", err)
return
}
_, err = manager.DeletePeer(account.Id, peerKey)
if err != nil {
return
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
account, err = manager.Store.GetAccount(account.Id)
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
if err != nil {
t.Fatal(err)
return
}
Persist Network Serial to Store to avoid outdated netmap sent (#260) Fix outdated update coming from management even when it is actually not outdated.
2022-03-10 18:18:38 +01:00
if account.Network.CurrentSerial() != 2 {
t.Errorf("expecting Network Serial=%d to be incremented and be equal to 2 after adding and deleteing a peer", account.Network.CurrentSerial())
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
}
}
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
func TestGetUsersFromAccount(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
}
users := map[string]*User{"1": {Id: "1", Role: "admin"}, "2": {Id: "2", Role: "user"}, "3": {Id: "3", Role: "user"}}
accountId := "test_account_id"
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, accountId, users["1"].Id, "")
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
if err != nil {
t.Fatal(err)
}
// add a user to the account
for _, user := range users {
account.Users[user.Id] = user
}
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
userInfos, err := manager.GetUsersFromAccount(accountId, "1")
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
if err != nil {
t.Fatal(err)
}
for _, userInfo := range userInfos {
id := userInfo.ID
assert.Equal(t, userInfo.ID, users[id].Id)
Replace IP allocation logic (#342) The peer IP allocation logic was allocating sequential peer IP from the 100.64.0.0/10 address block. Each account is created with a random subnet from 100.64.0.0/10. The total amount of potential subnets is 64. The new logic allocates random peer IP from the account subnet. This gives us flexibility to add support for multi subnet accounts without overlapping IPs.
2022-05-29 22:43:39 +02:00
assert.Equal(t, userInfo.Role, string(users[id].Role))
Add User HTTP Endpoint to the Management service (#303) Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2022-05-05 08:58:34 +02:00
assert.Equal(t, userInfo.Name, "")
assert.Equal(t, userInfo.Email, "")
}
}
Store updated system info on Login to Management (#323)
2022-05-23 13:03:57 +02:00
func TestAccountManager_UpdatePeerMeta(t *testing.T) {
manager, err := createManager(t)
if err != nil {
t.Fatal(err)
return
}
Create account in once place (#358) There are a few places where an account is created. When we create a new account, there should be some defaults set. E.g. created by and group ALL. It makes sense to add it in one place to avoid inconsistencies.
2022-06-09 13:14:34 +02:00
account, err := createAccount(manager, "test_account", "account_creator", "")
Store updated system info on Login to Management (#323)
2022-05-23 13:03:57 +02:00
if err != nil {
t.Fatal(err)
}
var setupKey *SetupKey
for _, key := range account.SetupKeys {
setupKey = key
}
key, err := wgtypes.GeneratePrivateKey()
if err != nil {
t.Fatal(err)
return
}
peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
Key: key.PublicKey().String(),
Meta: PeerSystemMeta{
Hostname: "Hostname",
GoOS: "GoOS",
Kernel: "Kernel",
Core: "Core",
Platform: "Platform",
OS: "OS",
WtVersion: "WtVersion",
},
Name: key.PublicKey().String(),
})
if err != nil {
t.Errorf("expecting peer to be added, got failure %v", err)
return
}
newMeta := PeerSystemMeta{
Hostname: "new-Hostname",
GoOS: "new-GoOS",
Kernel: "new-Kernel",
Core: "new-Core",
Platform: "new-Platform",
OS: "new-OS",
WtVersion: "new-WtVersion",
}
err = manager.UpdatePeerMeta(peer.Key, newMeta)
if err != nil {
t.Error(err)
return
}
p, err := manager.GetPeer(peer.Key)
if err != nil {
return
}
if err != nil {
t.Fatal(err)
return
}
assert.Equal(t, newMeta, p.Meta)
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
func TestAccount_GetPeerRules(t *testing.T) {
groups := map[string]*Group{
"group_1": {
ID: "group_1",
Name: "group_1",
Peers: []string{"peer-1", "peer-2"},
},
"group_2": {
ID: "group_2",
Name: "group_2",
Peers: []string{"peer-2", "peer-3"},
},
"group_3": {
ID: "group_3",
Name: "group_3",
Peers: []string{"peer-4"},
},
"group_4": {
ID: "group_4",
Name: "group_4",
Peers: []string{"peer-1"},
},
"group_5": {
ID: "group_5",
Name: "group_5",
Peers: []string{"peer-1"},
},
}
rules := map[string]*Rule{
"rule-1": {
ID: "rule-1",
Name: "rule-1",
Description: "rule-1",
Disabled: false,
Source: []string{"group_1", "group_5"},
Destination: []string{"group_2"},
Flow: 0,
},
"rule-2": {
ID: "rule-2",
Name: "rule-2",
Description: "rule-2",
Disabled: false,
Source: []string{"group_1"},
Destination: []string{"group_1"},
Flow: 0,
},
"rule-3": {
ID: "rule-3",
Name: "rule-3",
Description: "rule-3",
Disabled: false,
Source: []string{"group_3"},
Destination: []string{"group_3"},
Flow: 0,
},
}
account := &Account{
Groups: groups,
Rules: rules,
}
srcRules, dstRules := account.GetPeerRules("peer-1")
assert.Equal(t, 2, len(srcRules))
assert.Equal(t, 1, len(dstRules))
}
func TestFileStore_GetRoutesByPrefix(t *testing.T) {
_, prefix, err := route.ParseNetwork("192.168.64.0/24")
if err != nil {
t.Fatal(err)
}
account := &Account{
Routes: map[string]*route.Route{
"route-1": {
ID: "route-1",
Network: prefix,
NetID: "network-1",
Description: "network-1",
Peer: "peer-1",
NetworkType: 0,
Masquerade: false,
Metric: 999,
Enabled: true,
},
"route-2": {
ID: "route-2",
Network: prefix,
NetID: "network-1",
Description: "network-1",
Peer: "peer-2",
NetworkType: 0,
Masquerade: false,
Metric: 999,
Enabled: true,
},
},
}
routes := account.GetRoutesByPrefix(prefix)
assert.Len(t, routes, 2)
routeIDs := make(map[string]struct{}, 2)
for _, r := range routes {
routeIDs[r.ID] = struct{}{}
}
assert.Contains(t, routeIDs, "route-1")
assert.Contains(t, routeIDs, "route-2")
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
func TestAccount_GetRoutesToSync(t *testing.T) {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
_, prefix, err := route.ParseNetwork("192.168.64.0/24")
if err != nil {
t.Fatal(err)
}
Filter routes to sync from same HA group (#618) An additional check and filter for routes that are part of the same HA group where the peer is a routing peer
2022-12-08 15:15:50 +01:00
_, prefix2, err := route.ParseNetwork("192.168.0.0/24")
if err != nil {
t.Fatal(err)
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
account := &Account{
Peers: map[string]*Peer{
"peer-1": {Key: "peer-1"}, "peer-2": {Key: "peer-2"}, "peer-3": {Key: "peer-1"},
},
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
Groups: map[string]*Group{"group1": {ID: "group1", Peers: []string{"peer-1", "peer-2"}}},
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Routes: map[string]*route.Route{
"route-1": {
ID: "route-1",
Network: prefix,
NetID: "network-1",
Description: "network-1",
Peer: "peer-1",
NetworkType: 0,
Masquerade: false,
Metric: 999,
Enabled: true,
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
Groups: []string{"group1"},
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
},
"route-2": {
ID: "route-2",
Filter routes to sync from same HA group (#618) An additional check and filter for routes that are part of the same HA group where the peer is a routing peer
2022-12-08 15:15:50 +01:00
Network: prefix2,
NetID: "network-2",
Description: "network-2",
Peer: "peer-2",
NetworkType: 0,
Masquerade: false,
Metric: 999,
Enabled: true,
Groups: []string{"group1"},
},
"route-3": {
ID: "route-3",
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Network: prefix,
NetID: "network-1",
Description: "network-1",
Peer: "peer-2",
NetworkType: 0,
Masquerade: false,
Metric: 999,
Enabled: true,
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
Groups: []string{"group1"},
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
},
},
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
routes := account.getRoutesToSync("peer-2", []*Peer{{Key: "peer-1"}, {Key: "peer-3"}})
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
assert.Len(t, routes, 2)
routeIDs := make(map[string]struct{}, 2)
for _, r := range routes {
routeIDs[r.ID] = struct{}{}
}
assert.Contains(t, routeIDs, "route-2")
Filter routes to sync from same HA group (#618) An additional check and filter for routes that are part of the same HA group where the peer is a routing peer
2022-12-08 15:15:50 +01:00
assert.Contains(t, routeIDs, "route-3")
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
emptyRoutes := account.getRoutesToSync("peer-3", []*Peer{{Key: "peer-1"}, {Key: "peer-2"}})
assert.Len(t, emptyRoutes, 0)
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
}
Add account copy test (#549)
2022-11-07 17:37:28 +01:00
func TestAccount_Copy(t *testing.T) {
account := &Account{
Id: "account1",
CreatedBy: "tester",
Domain: "test.com",
DomainCategory: "public",
IsDomainPrimaryAccount: true,
SetupKeys: map[string]*SetupKey{
"setup1": {
Id: "setup1",
AutoGroups: []string{"group1"},
},
},
Network: &Network{
Id: "net1",
},
Peers: map[string]*Peer{
"peer1": {
Key: "key1",
},
},
Users: map[string]*User{
"user1": {
Id: "user1",
Role: UserRoleAdmin,
AutoGroups: []string{"group1"},
},
},
Groups: map[string]*Group{
"group1": {
ID: "group1",
},
},
Rules: map[string]*Rule{
"rule1": {
ID: "rule1",
},
},
Routes: map[string]*route.Route{
"route1": {
ID: "route1",
},
},
NameServerGroups: map[string]*nbdns.NameServerGroup{
"nsGroup1": {
ID: "nsGroup1",
},
},
}
err := hasNilField(account)
if err != nil {
t.Fatal(err)
}
accountCopy := account.Copy()
assert.Equal(t, account, accountCopy, "account copy returned a different value than expected")
}
// hasNilField validates pointers, maps and slices if they are nil
func hasNilField(x interface{}) error {
rv := reflect.ValueOf(x)
rv = rv.Elem()
for i := 0; i < rv.NumField(); i++ {
if f := rv.Field(i); f.IsValid() {
k := f.Kind()
switch k {
case reflect.Ptr:
if f.IsNil() {
return fmt.Errorf("field %s is nil", f.String())
}
case reflect.Map, reflect.Slice:
if f.Len() == 0 || f.IsNil() {
return fmt.Errorf("field %s is nil", f.String())
}
}
}
}
return nil
}
Extracted AccountManager to interface (#230)
2022-02-22 11:28:19 +01:00
func createManager(t *testing.T) (*DefaultAccountManager, error) {
test: add more AccountManager tests
2021-08-20 15:44:18 +02:00
store, err := createStore(t)
if err != nil {
return nil, err
}
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
return BuildManager(store, NewPeersUpdateManager(), nil, "", "")
test: add AddAccount test
2021-08-20 15:18:29 +02:00
}
func createStore(t *testing.T) (Store, error) {
dataDir := t.TempDir()
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
store, err := NewFileStore(dataDir)
test: add AddAccount test
2021-08-20 15:18:29 +02:00
if err != nil {
return nil, err
}
return store, nil
}
Reference in New Issue Copy Permalink