mirror of
https://github.com/netbirdio/netbird.git
synced 2025-08-10 15:48:29 +02:00
[management] Add option to disable default all-to-all policy (#3970)
This PR introduces a new configuration option `DisableDefaultPolicy` that prevents the creation of the default all-to-all policy when new accounts are created. This is useful for automation scenarios where explicit policies are preferred. ### Key Changes: - Added DisableDefaultPolicy flag to the management server config - Modified account creation logic to respect this flag - Updated all test cases to explicitly pass the flag (defaulting to false to maintain backward compatibility) - Propagated the flag through the account manager initialization chain ### Testing: - Verified default behavior remains unchanged when flag is false - Confirmed no default policy is created when flag is true - All existing tests pass with the new parameter
This commit is contained in:
Ali Amer
GitHub
@ -134,6 +134,7 @@ jobs:
|
|||||||
NETBIRD_STORE_ENGINE_MYSQL_DSN: '${{ env.NETBIRD_STORE_ENGINE_MYSQL_DSN }}$'
|
NETBIRD_STORE_ENGINE_MYSQL_DSN: '${{ env.NETBIRD_STORE_ENGINE_MYSQL_DSN }}$'
|
||||||
CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
|
CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
|
||||||
CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
|
CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
|
||||||
|
CI_NETBIRD_MGMT_DISABLE_DEFAULT_POLICY: false
|
||||||
|
|
||||||
run: |
|
run: |
|
||||||
set -x
|
set -x
|
||||||
@ -180,6 +181,7 @@ jobs:
|
|||||||
grep -A 7 Relay management.json | egrep '"Secret": ".+"'
|
grep -A 7 Relay management.json | egrep '"Secret": ".+"'
|
||||||
grep DisablePromptLogin management.json | grep 'true'
|
grep DisablePromptLogin management.json | grep 'true'
|
||||||
grep LoginFlag management.json | grep 0
|
grep LoginFlag management.json | grep 0
|
||||||
|
grep DisableDefaultPolicy management.json | grep "$CI_NETBIRD_MGMT_DISABLE_DEFAULT_POLICY"
|
||||||
|
|
||||||
- name: Install modules
|
- name: Install modules
|
||||||
run: go mod tidy
|
run: go mod tidy
|
||||||
|
|||||||
@ -103,7 +103,7 @@ func startManagement(t *testing.T, config *types.Config, testFile string) (*grpc
|
|||||||
Return(&types.Settings{}, nil).
|
Return(&types.Settings{}, nil).
|
||||||
AnyTimes()
|
AnyTimes()
|
||||||
|
|
||||||
accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, iv, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock)
|
accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, iv, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1476,7 +1476,7 @@ func startManagement(t *testing.T, dataDir, testFile string) (*grpc.Server, stri
|
|||||||
|
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
|
|
||||||
accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -206,7 +206,7 @@ func startManagement(t *testing.T, signalAddr string, counter *int) (*grpc.Serve
|
|||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManagerMock := permissions.NewMockManager(ctrl)
|
permissionsManagerMock := permissions.NewMockManager(ctrl)
|
||||||
|
|
||||||
accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock)
|
accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -15,6 +15,7 @@ NETBIRD_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAI
|
|||||||
NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
|
NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
|
||||||
NETBIRD_MGMT_DNS_DOMAIN=${NETBIRD_MGMT_DNS_DOMAIN:-netbird.selfhosted}
|
NETBIRD_MGMT_DNS_DOMAIN=${NETBIRD_MGMT_DNS_DOMAIN:-netbird.selfhosted}
|
||||||
NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=${NETBIRD_MGMT_IDP_SIGNKEY_REFRESH:-false}
|
NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=${NETBIRD_MGMT_IDP_SIGNKEY_REFRESH:-false}
|
||||||
|
NETBIRD_MGMT_DISABLE_DEFAULT_POLICY=${NETBIRD_MGMT_DISABLE_DEFAULT_POLICY:-false}
|
||||||
|
|
||||||
# Signal
|
# Signal
|
||||||
NETBIRD_SIGNAL_PROTOCOL="http"
|
NETBIRD_SIGNAL_PROTOCOL="http"
|
||||||
@ -139,3 +140,4 @@ export NETBIRD_RELAY_PORT
|
|||||||
export NETBIRD_RELAY_ENDPOINT
|
export NETBIRD_RELAY_ENDPOINT
|
||||||
export NETBIRD_RELAY_AUTH_SECRET
|
export NETBIRD_RELAY_AUTH_SECRET
|
||||||
export NETBIRD_RELAY_TAG
|
export NETBIRD_RELAY_TAG
|
||||||
|
export NETBIRD_MGMT_DISABLE_DEFAULT_POLICY
|
||||||
|
|||||||
@ -38,6 +38,7 @@
|
|||||||
"0.0.0.0/0"
|
"0.0.0.0/0"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"DisableDefaultPolicy": $NETBIRD_MGMT_DISABLE_DEFAULT_POLICY,
|
||||||
"Datadir": "",
|
"Datadir": "",
|
||||||
"DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY",
|
"DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY",
|
||||||
"StoreConfig": {
|
"StoreConfig": {
|
||||||
|
|||||||
@ -92,7 +92,8 @@ NETBIRD_LETSENCRYPT_EMAIL=""
|
|||||||
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
|
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
|
||||||
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
|
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
|
||||||
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
|
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
|
||||||
|
# Disable default all-to-all policy for new accounts
|
||||||
|
NETBIRD_MGMT_DISABLE_DEFAULT_POLICY=false
|
||||||
# -------------------------------------------
|
# -------------------------------------------
|
||||||
# Relay settings
|
# Relay settings
|
||||||
# -------------------------------------------
|
# -------------------------------------------
|
||||||
|
|||||||
@ -29,3 +29,4 @@ NETBIRD_TURN_EXTERNAL_IP=1.2.3.4
|
|||||||
NETBIRD_RELAY_PORT=33445
|
NETBIRD_RELAY_PORT=33445
|
||||||
NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN=true
|
NETBIRD_AUTH_PKCE_DISABLE_PROMPT_LOGIN=true
|
||||||
NETBIRD_AUTH_PKCE_LOGIN_FLAG=0
|
NETBIRD_AUTH_PKCE_LOGIN_FLAG=0
|
||||||
|
NETBIRD_MGMT_DISABLE_DEFAULT_POLICY=$CI_NETBIRD_MGMT_DISABLE_DEFAULT_POLICY
|
||||||
|
|||||||
@ -100,7 +100,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
|
|||||||
Return(true, nil).
|
Return(true, nil).
|
||||||
AnyTimes()
|
AnyTimes()
|
||||||
|
|
||||||
accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock)
|
accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -215,7 +215,7 @@ var (
|
|||||||
peersManager := peers.NewManager(store, permissionsManager)
|
peersManager := peers.NewManager(store, permissionsManager)
|
||||||
proxyController := integrations.NewController(store)
|
proxyController := integrations.NewController(store)
|
||||||
accountManager, err := server.BuildManager(ctx, store, peersUpdateManager, idpManager, mgmtSingleAccModeDomain,
|
accountManager, err := server.BuildManager(ctx, store, peersUpdateManager, idpManager, mgmtSingleAccModeDomain,
|
||||||
dnsDomain, eventStore, geo, userDeleteFromIDPEnabled, integratedPeerValidator, appMetrics, proxyController, settingsManager, permissionsManager)
|
dnsDomain, eventStore, geo, userDeleteFromIDPEnabled, integratedPeerValidator, appMetrics, proxyController, settingsManager, permissionsManager, config.DisableDefaultPolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to build default manager: %v", err)
|
return fmt.Errorf("failed to build default manager: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -102,6 +102,8 @@ type DefaultAccountManager struct {
|
|||||||
|
|
||||||
accountUpdateLocks sync.Map
|
accountUpdateLocks sync.Map
|
||||||
updateAccountPeersBufferInterval atomic.Int64
|
updateAccountPeersBufferInterval atomic.Int64
|
||||||
|
|
||||||
|
disableDefaultPolicy bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// getJWTGroupsChanges calculates the changes needed to sync a user's JWT groups.
|
// getJWTGroupsChanges calculates the changes needed to sync a user's JWT groups.
|
||||||
@ -170,6 +172,7 @@ func BuildManager(
|
|||||||
proxyController port_forwarding.Controller,
|
proxyController port_forwarding.Controller,
|
||||||
settingsManager settings.Manager,
|
settingsManager settings.Manager,
|
||||||
permissionsManager permissions.Manager,
|
permissionsManager permissions.Manager,
|
||||||
|
disableDefaultPolicy bool,
|
||||||
) (*DefaultAccountManager, error) {
|
) (*DefaultAccountManager, error) {
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
defer func() {
|
defer func() {
|
||||||
@ -195,6 +198,7 @@ func BuildManager(
|
|||||||
proxyController: proxyController,
|
proxyController: proxyController,
|
||||||
settingsManager: settingsManager,
|
settingsManager: settingsManager,
|
||||||
permissionsManager: permissionsManager,
|
permissionsManager: permissionsManager,
|
||||||
|
disableDefaultPolicy: disableDefaultPolicy,
|
||||||
}
|
}
|
||||||
|
|
||||||
am.startWarmup(ctx)
|
am.startWarmup(ctx)
|
||||||
@ -543,7 +547,7 @@ func (am *DefaultAccountManager) newAccount(ctx context.Context, userID, domain
|
|||||||
log.WithContext(ctx).Warnf("an account with ID already exists, retrying...")
|
log.WithContext(ctx).Warnf("an account with ID already exists, retrying...")
|
||||||
continue
|
continue
|
||||||
case statusErr.Type() == status.NotFound:
|
case statusErr.Type() == status.NotFound:
|
||||||
newAccount := newAccountWithId(ctx, accountId, userID, domain)
|
newAccount := newAccountWithId(ctx, accountId, userID, domain, am.disableDefaultPolicy)
|
||||||
am.StoreEvent(ctx, userID, newAccount.Id, accountId, activity.AccountCreated, nil)
|
am.StoreEvent(ctx, userID, newAccount.Id, accountId, activity.AccountCreated, nil)
|
||||||
return newAccount, nil
|
return newAccount, nil
|
||||||
default:
|
default:
|
||||||
@ -1688,7 +1692,7 @@ func (am *DefaultAccountManager) GetAccountSettings(ctx context.Context, account
|
|||||||
}
|
}
|
||||||
|
|
||||||
// newAccountWithId creates a new Account with a default SetupKey (doesn't store in a Store) and provided id
|
// newAccountWithId creates a new Account with a default SetupKey (doesn't store in a Store) and provided id
|
||||||
func newAccountWithId(ctx context.Context, accountID, userID, domain string) *types.Account {
|
func newAccountWithId(ctx context.Context, accountID, userID, domain string, disableDefaultPolicy bool) *types.Account {
|
||||||
log.WithContext(ctx).Debugf("creating new account")
|
log.WithContext(ctx).Debugf("creating new account")
|
||||||
|
|
||||||
network := types.NewNetwork()
|
network := types.NewNetwork()
|
||||||
@ -1731,7 +1735,7 @@ func newAccountWithId(ctx context.Context, accountID, userID, domain string) *ty
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := acc.AddAllGroup(); err != nil {
|
if err := acc.AddAllGroup(disableDefaultPolicy); err != nil {
|
||||||
log.WithContext(ctx).Errorf("error adding all group to account %s: %v", acc.Id, err)
|
log.WithContext(ctx).Errorf("error adding all group to account %s: %v", acc.Id, err)
|
||||||
}
|
}
|
||||||
return acc
|
return acc
|
||||||
@ -1833,7 +1837,7 @@ func (am *DefaultAccountManager) GetOrCreateAccountByPrivateDomain(ctx context.C
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := newAccount.AddAllGroup(); err != nil {
|
if err := newAccount.AddAllGroup(am.disableDefaultPolicy); err != nil {
|
||||||
return nil, false, status.Errorf(status.Internal, "failed to add all group to new account by private domain")
|
return nil, false, status.Errorf(status.Internal, "failed to add all group to new account by private domain")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -373,7 +373,7 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, testCase := range tt {
|
for _, testCase := range tt {
|
||||||
account := newAccountWithId(context.Background(), "account-1", userID, "netbird.io")
|
account := newAccountWithId(context.Background(), "account-1", userID, "netbird.io", false)
|
||||||
account.UpdateSettings(&testCase.accountSettings)
|
account.UpdateSettings(&testCase.accountSettings)
|
||||||
account.Network = network
|
account.Network = network
|
||||||
account.Peers = testCase.peers
|
account.Peers = testCase.peers
|
||||||
@ -398,7 +398,7 @@ func TestNewAccount(t *testing.T) {
|
|||||||
domain := "netbird.io"
|
domain := "netbird.io"
|
||||||
userId := "account_creator"
|
userId := "account_creator"
|
||||||
accountID := "account_id"
|
accountID := "account_id"
|
||||||
account := newAccountWithId(context.Background(), accountID, userId, domain)
|
account := newAccountWithId(context.Background(), accountID, userId, domain, false)
|
||||||
verifyNewAccountHasDefaultFields(t, account, userId, domain, []string{userId})
|
verifyNewAccountHasDefaultFields(t, account, userId, domain, []string{userId})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -640,7 +640,7 @@ func TestDefaultAccountManager_GetAccountIDFromToken(t *testing.T) {
|
|||||||
func TestDefaultAccountManager_SyncUserJWTGroups(t *testing.T) {
|
func TestDefaultAccountManager_SyncUserJWTGroups(t *testing.T) {
|
||||||
userId := "user-id"
|
userId := "user-id"
|
||||||
domain := "test.domain"
|
domain := "test.domain"
|
||||||
_ = newAccountWithId(context.Background(), "", userId, domain)
|
_ = newAccountWithId(context.Background(), "", userId, domain, false)
|
||||||
manager, err := createManager(t)
|
manager, err := createManager(t)
|
||||||
require.NoError(t, err, "unable to create account manager")
|
require.NoError(t, err, "unable to create account manager")
|
||||||
accountID, err := manager.GetAccountIDByUserID(context.Background(), userId, domain)
|
accountID, err := manager.GetAccountIDByUserID(context.Background(), userId, domain)
|
||||||
@ -793,7 +793,7 @@ func TestAccountManager_GetAccountByUserID(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func createAccount(am *DefaultAccountManager, accountID, userID, domain string) (*types.Account, error) {
|
func createAccount(am *DefaultAccountManager, accountID, userID, domain string) (*types.Account, error) {
|
||||||
account := newAccountWithId(context.Background(), accountID, userID, domain)
|
account := newAccountWithId(context.Background(), accountID, userID, domain, false)
|
||||||
err := am.Store.SaveAccount(context.Background(), account)
|
err := am.Store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -2879,7 +2879,7 @@ func createManager(t testing.TB) (*DefaultAccountManager, error) {
|
|||||||
|
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
|
|
||||||
manager, err := BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
manager, err := BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -217,7 +217,7 @@ func createDNSManager(t *testing.T) (*DefaultAccountManager, error) {
|
|||||||
|
|
||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.test", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.test", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func createDNSStore(t *testing.T) (store.Store, error) {
|
func createDNSStore(t *testing.T) (store.Store, error) {
|
||||||
@ -267,7 +267,7 @@ func initTestDNSAccount(t *testing.T, am *DefaultAccountManager) (*types.Account
|
|||||||
|
|
||||||
domain := "example.com"
|
domain := "example.com"
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), dnsAccountID, dnsAdminUserID, domain)
|
account := newAccountWithId(context.Background(), dnsAccountID, dnsAdminUserID, domain, false)
|
||||||
|
|
||||||
account.Users[dnsRegularUserID] = &types.User{
|
account.Users[dnsRegularUserID] = &types.User{
|
||||||
Id: dnsRegularUserID,
|
Id: dnsRegularUserID,
|
||||||
|
|||||||
@ -127,7 +127,7 @@ func TestNewManagerPeerDisconnected(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int) {
|
func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int) {
|
||||||
store.account = newAccountWithId(context.Background(), "my account", "", "")
|
store.account = newAccountWithId(context.Background(), "my account", "", "", false)
|
||||||
|
|
||||||
for i := 0; i < numberOfPeers; i++ {
|
for i := 0; i < numberOfPeers; i++ {
|
||||||
peerId := fmt.Sprintf("peer_%d", i)
|
peerId := fmt.Sprintf("peer_%d", i)
|
||||||
|
|||||||
@ -369,7 +369,7 @@ func initTestGroupAccount(am *DefaultAccountManager) (*DefaultAccountManager, *t
|
|||||||
Id: "example user",
|
Id: "example user",
|
||||||
AutoGroups: []string{groupForUsers.ID},
|
AutoGroups: []string{groupForUsers.ID},
|
||||||
}
|
}
|
||||||
account := newAccountWithId(context.Background(), accountID, groupAdminUserID, domain)
|
account := newAccountWithId(context.Background(), accountID, groupAdminUserID, domain, false)
|
||||||
account.Routes[routeResource.ID] = routeResource
|
account.Routes[routeResource.ID] = routeResource
|
||||||
account.Routes[routePeerGroupResource.ID] = routePeerGroupResource
|
account.Routes[routePeerGroupResource.ID] = routePeerGroupResource
|
||||||
account.NameServerGroups[nameServerGroup.ID] = nameServerGroup
|
account.NameServerGroups[nameServerGroup.ID] = nameServerGroup
|
||||||
|
|||||||
@ -1,5 +1,4 @@
|
|||||||
package testing_tools
|
package testing_tools
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
@ -138,7 +137,7 @@ func BuildApiBlackBoxWithDBState(t TB, sqlFile string, expectedPeerUpdate *serve
|
|||||||
userManager := users.NewManager(store)
|
userManager := users.NewManager(store)
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
settingsManager := settings.NewManager(store, userManager, integrations.NewManager(&activity.InMemoryEventStore{}), permissionsManager)
|
settingsManager := settings.NewManager(store, userManager, integrations.NewManager(&activity.InMemoryEventStore{}), permissionsManager)
|
||||||
am, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "", &activity.InMemoryEventStore{}, geoMock, false, validatorMock, metrics, proxyController, settingsManager, permissionsManager)
|
am, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "", &activity.InMemoryEventStore{}, geoMock, false, validatorMock, metrics, proxyController, settingsManager, permissionsManager, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create manager: %v", err)
|
t.Fatalf("Failed to create manager: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -444,7 +444,7 @@ func startManagementForTest(t *testing.T, testFile string, config *types.Config)
|
|||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
|
|
||||||
accountManager, err := BuildManager(ctx, store, peersUpdateManager, nil, "", "netbird.selfhosted",
|
accountManager, err := BuildManager(ctx, store, peersUpdateManager, nil, "", "netbird.selfhosted",
|
||||||
eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
cleanup()
|
cleanup()
|
||||||
|
|||||||
@ -211,7 +211,7 @@ func startServer(
|
|||||||
port_forwarding.NewControllerMock(),
|
port_forwarding.NewControllerMock(),
|
||||||
settingsMockManager,
|
settingsMockManager,
|
||||||
permissionsManager,
|
permissionsManager,
|
||||||
)
|
false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("failed creating an account manager: %v", err)
|
t.Fatalf("failed creating an account manager: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -779,7 +779,7 @@ func createNSManager(t *testing.T) (*DefaultAccountManager, error) {
|
|||||||
t.Cleanup(ctrl.Finish)
|
t.Cleanup(ctrl.Finish)
|
||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.selfhosted", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.selfhosted", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func createNSStore(t *testing.T) (store.Store, error) {
|
func createNSStore(t *testing.T) (store.Store, error) {
|
||||||
@ -848,7 +848,7 @@ func initTestNSAccount(t *testing.T, am *DefaultAccountManager) (*types.Account,
|
|||||||
userID := testUserID
|
userID := testUserID
|
||||||
domain := "example.com"
|
domain := "example.com"
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), accountID, userID, domain)
|
account := newAccountWithId(context.Background(), accountID, userID, domain, false)
|
||||||
|
|
||||||
account.NameServerGroups[existingNSGroup.ID] = &existingNSGroup
|
account.NameServerGroups[existingNSGroup.ID] = &existingNSGroup
|
||||||
|
|
||||||
|
|||||||
@ -480,7 +480,7 @@ func TestDefaultAccountManager_GetPeer(t *testing.T) {
|
|||||||
accountID := "test_account"
|
accountID := "test_account"
|
||||||
adminUser := "account_creator"
|
adminUser := "account_creator"
|
||||||
someUser := "some_user"
|
someUser := "some_user"
|
||||||
account := newAccountWithId(context.Background(), accountID, adminUser, "")
|
account := newAccountWithId(context.Background(), accountID, adminUser, "", false)
|
||||||
account.Users[someUser] = &types.User{
|
account.Users[someUser] = &types.User{
|
||||||
Id: someUser,
|
Id: someUser,
|
||||||
Role: types.UserRoleUser,
|
Role: types.UserRoleUser,
|
||||||
@ -667,7 +667,7 @@ func TestDefaultAccountManager_GetPeers(t *testing.T) {
|
|||||||
accountID := "test_account"
|
accountID := "test_account"
|
||||||
adminUser := "account_creator"
|
adminUser := "account_creator"
|
||||||
someUser := "some_user"
|
someUser := "some_user"
|
||||||
account := newAccountWithId(context.Background(), accountID, adminUser, "")
|
account := newAccountWithId(context.Background(), accountID, adminUser, "", false)
|
||||||
account.Users[someUser] = &types.User{
|
account.Users[someUser] = &types.User{
|
||||||
Id: someUser,
|
Id: someUser,
|
||||||
Role: testCase.role,
|
Role: testCase.role,
|
||||||
@ -737,7 +737,7 @@ func setupTestAccountManager(b testing.TB, peers int, groups int) (*DefaultAccou
|
|||||||
adminUser := "account_creator"
|
adminUser := "account_creator"
|
||||||
regularUser := "regular_user"
|
regularUser := "regular_user"
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), accountID, adminUser, "")
|
account := newAccountWithId(context.Background(), accountID, adminUser, "", false)
|
||||||
account.Users[regularUser] = &types.User{
|
account.Users[regularUser] = &types.User{
|
||||||
Id: regularUser,
|
Id: regularUser,
|
||||||
Role: types.UserRoleUser,
|
Role: types.UserRoleUser,
|
||||||
@ -1267,7 +1267,7 @@ func Test_RegisterPeerByUser(t *testing.T) {
|
|||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManager := permissions.NewManager(s)
|
permissionsManager := permissions.NewManager(s)
|
||||||
|
|
||||||
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
||||||
@ -1342,7 +1342,7 @@ func Test_RegisterPeerBySetupKey(t *testing.T) {
|
|||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManager := permissions.NewManager(s)
|
permissionsManager := permissions.NewManager(s)
|
||||||
|
|
||||||
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
||||||
@ -1477,7 +1477,7 @@ func Test_RegisterPeerRollbackOnFailure(t *testing.T) {
|
|||||||
|
|
||||||
permissionsManager := permissions.NewManager(s)
|
permissionsManager := permissions.NewManager(s)
|
||||||
|
|
||||||
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
||||||
@ -1546,7 +1546,7 @@ func Test_LoginPeer(t *testing.T) {
|
|||||||
settingsMockManager := settings.NewMockManager(ctrl)
|
settingsMockManager := settings.NewMockManager(ctrl)
|
||||||
permissionsManager := permissions.NewManager(s)
|
permissionsManager := permissions.NewManager(s)
|
||||||
|
|
||||||
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
|
||||||
@ -2052,7 +2052,7 @@ func Test_DeletePeer(t *testing.T) {
|
|||||||
// account with an admin and a regular user
|
// account with an admin and a regular user
|
||||||
accountID := "test_account"
|
accountID := "test_account"
|
||||||
adminUser := "account_creator"
|
adminUser := "account_creator"
|
||||||
account := newAccountWithId(context.Background(), accountID, adminUser, "")
|
account := newAccountWithId(context.Background(), accountID, adminUser, "", false)
|
||||||
account.Peers = map[string]*nbpeer.Peer{
|
account.Peers = map[string]*nbpeer.Peer{
|
||||||
"peer1": {
|
"peer1": {
|
||||||
ID: "peer1",
|
ID: "peer1",
|
||||||
|
|||||||
@ -106,7 +106,7 @@ func initTestPostureChecksAccount(am *DefaultAccountManager) (*types.Account, er
|
|||||||
Role: types.UserRoleUser,
|
Role: types.UserRoleUser,
|
||||||
}
|
}
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), accountID, groupAdminUserID, domain)
|
account := newAccountWithId(context.Background(), accountID, groupAdminUserID, domain, false)
|
||||||
account.Users[admin.Id] = admin
|
account.Users[admin.Id] = admin
|
||||||
account.Users[user.Id] = user
|
account.Users[user.Id] = user
|
||||||
|
|
||||||
|
|||||||
@ -1284,7 +1284,7 @@ func createRouterManager(t *testing.T) (*DefaultAccountManager, error) {
|
|||||||
|
|
||||||
permissionsManager := permissions.NewManager(store)
|
permissionsManager := permissions.NewManager(store)
|
||||||
|
|
||||||
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.selfhosted", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
|
return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.selfhosted", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func createRouterStore(t *testing.T) (store.Store, error) {
|
func createRouterStore(t *testing.T) (store.Store, error) {
|
||||||
@ -1305,7 +1305,7 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
|
|||||||
accountID := "testingAcc"
|
accountID := "testingAcc"
|
||||||
domain := "example.com"
|
domain := "example.com"
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), accountID, userID, domain)
|
account := newAccountWithId(context.Background(), accountID, userID, domain, false)
|
||||||
err := am.Store.SaveAccount(context.Background(), account)
|
err := am.Store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@ -1184,7 +1184,7 @@ func NewSqliteStoreFromFileStore(ctx context.Context, fileStore *FileStore, data
|
|||||||
for _, account := range fileStore.GetAllAccounts(ctx) {
|
for _, account := range fileStore.GetAllAccounts(ctx) {
|
||||||
_, err = account.GetGroupAll()
|
_, err = account.GetGroupAll()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err := account.AddAllGroup(); err != nil {
|
if err := account.AddAllGroup(false); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2044,7 +2044,7 @@ func newAccountWithId(ctx context.Context, accountID, userID, domain string) *ty
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := acc.AddAllGroup(); err != nil {
|
if err := acc.AddAllGroup(false); err != nil {
|
||||||
log.WithContext(ctx).Errorf("error adding all group to account %s: %v", acc.Id, err)
|
log.WithContext(ctx).Errorf("error adding all group to account %s: %v", acc.Id, err)
|
||||||
}
|
}
|
||||||
return acc
|
return acc
|
||||||
|
|||||||
@ -391,7 +391,7 @@ func addAllGroupToAccount(ctx context.Context, store Store) error {
|
|||||||
|
|
||||||
_, err := account.GetGroupAll()
|
_, err := account.GetGroupAll()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err := account.AddAllGroup(); err != nil {
|
if err := account.AddAllGroup(false); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
shouldSave = true
|
shouldSave = true
|
||||||
|
|||||||
@ -1546,7 +1546,7 @@ func getPoliciesSourcePeers(policies []*Policy, groups map[string]*Group) map[st
|
|||||||
}
|
}
|
||||||
|
|
||||||
// AddAllGroup to account object if it doesn't exist
|
// AddAllGroup to account object if it doesn't exist
|
||||||
func (a *Account) AddAllGroup() error {
|
func (a *Account) AddAllGroup(disableDefaultPolicy bool) error {
|
||||||
if len(a.Groups) == 0 {
|
if len(a.Groups) == 0 {
|
||||||
allGroup := &Group{
|
allGroup := &Group{
|
||||||
ID: xid.New().String(),
|
ID: xid.New().String(),
|
||||||
@ -1558,6 +1558,10 @@ func (a *Account) AddAllGroup() error {
|
|||||||
}
|
}
|
||||||
a.Groups = map[string]*Group{allGroup.ID: allGroup}
|
a.Groups = map[string]*Group{allGroup.ID: allGroup}
|
||||||
|
|
||||||
|
if disableDefaultPolicy {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
id := xid.New().String()
|
id := xid.New().String()
|
||||||
|
|
||||||
defaultPolicy := &Policy{
|
defaultPolicy := &Policy{
|
||||||
|
|||||||
@ -53,6 +53,9 @@ type Config struct {
|
|||||||
StoreConfig StoreConfig
|
StoreConfig StoreConfig
|
||||||
|
|
||||||
ReverseProxy ReverseProxy
|
ReverseProxy ReverseProxy
|
||||||
|
|
||||||
|
// disable default all-to-all policy
|
||||||
|
DisableDefaultPolicy bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetAuthAudiences returns the audience from the http config and device authorization flow config
|
// GetAuthAudiences returns the audience from the http config and device authorization flow config
|
||||||
|
|||||||
@ -56,7 +56,7 @@ func TestUser_CreatePAT_ForSameUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = s.SaveAccount(context.Background(), account)
|
err = s.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -103,7 +103,7 @@ func TestUser_CreatePAT_ForDifferentUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockTargetUserId] = &types.User{
|
account.Users[mockTargetUserId] = &types.User{
|
||||||
Id: mockTargetUserId,
|
Id: mockTargetUserId,
|
||||||
IsServiceUser: false,
|
IsServiceUser: false,
|
||||||
@ -131,7 +131,7 @@ func TestUser_CreatePAT_ForServiceUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockTargetUserId] = &types.User{
|
account.Users[mockTargetUserId] = &types.User{
|
||||||
Id: mockTargetUserId,
|
Id: mockTargetUserId,
|
||||||
IsServiceUser: true,
|
IsServiceUser: true,
|
||||||
@ -163,7 +163,7 @@ func TestUser_CreatePAT_WithWrongExpiration(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -188,7 +188,7 @@ func TestUser_CreatePAT_WithEmptyName(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -213,7 +213,7 @@ func TestUser_DeletePAT(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockUserID] = &types.User{
|
account.Users[mockUserID] = &types.User{
|
||||||
Id: mockUserID,
|
Id: mockUserID,
|
||||||
PATs: map[string]*types.PersonalAccessToken{
|
PATs: map[string]*types.PersonalAccessToken{
|
||||||
@ -256,7 +256,7 @@ func TestUser_GetPAT(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockUserID] = &types.User{
|
account.Users[mockUserID] = &types.User{
|
||||||
Id: mockUserID,
|
Id: mockUserID,
|
||||||
AccountID: mockAccountID,
|
AccountID: mockAccountID,
|
||||||
@ -296,7 +296,7 @@ func TestUser_GetAllPATs(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockUserID] = &types.User{
|
account.Users[mockUserID] = &types.User{
|
||||||
Id: mockUserID,
|
Id: mockUserID,
|
||||||
AccountID: mockAccountID,
|
AccountID: mockAccountID,
|
||||||
@ -406,7 +406,7 @@ func TestUser_CreateServiceUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -453,7 +453,7 @@ func TestUser_CreateUser_ServiceUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -501,7 +501,7 @@ func TestUser_CreateUser_RegularUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -532,7 +532,7 @@ func TestUser_InviteNewUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -639,7 +639,7 @@ func TestUser_DeleteUser_ServiceUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockServiceUserID] = tt.serviceUser
|
account.Users[mockServiceUserID] = tt.serviceUser
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
@ -678,7 +678,7 @@ func TestUser_DeleteUser_SelfDelete(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -705,7 +705,7 @@ func TestUser_DeleteUser_regularUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
targetId := "user2"
|
targetId := "user2"
|
||||||
account.Users[targetId] = &types.User{
|
account.Users[targetId] = &types.User{
|
||||||
@ -792,7 +792,7 @@ func TestUser_DeleteUser_RegularUsers(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
targetId := "user2"
|
targetId := "user2"
|
||||||
account.Users[targetId] = &types.User{
|
account.Users[targetId] = &types.User{
|
||||||
@ -952,7 +952,7 @@ func TestDefaultAccountManager_GetUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
|
|
||||||
err = store.SaveAccount(context.Background(), account)
|
err = store.SaveAccount(context.Background(), account)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -988,7 +988,7 @@ func TestDefaultAccountManager_ListUsers(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users["normal_user1"] = types.NewRegularUser("normal_user1")
|
account.Users["normal_user1"] = types.NewRegularUser("normal_user1")
|
||||||
account.Users["normal_user2"] = types.NewRegularUser("normal_user2")
|
account.Users["normal_user2"] = types.NewRegularUser("normal_user2")
|
||||||
|
|
||||||
@ -1030,7 +1030,7 @@ func TestDefaultAccountManager_ExternalCache(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
externalUser := &types.User{
|
externalUser := &types.User{
|
||||||
Id: "externalUser",
|
Id: "externalUser",
|
||||||
Role: types.UserRoleUser,
|
Role: types.UserRoleUser,
|
||||||
@ -1098,7 +1098,7 @@ func TestUser_GetUsersFromAccount_ForAdmin(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockServiceUserID] = &types.User{
|
account.Users[mockServiceUserID] = &types.User{
|
||||||
Id: mockServiceUserID,
|
Id: mockServiceUserID,
|
||||||
Role: "user",
|
Role: "user",
|
||||||
@ -1132,7 +1132,7 @@ func TestUser_GetUsersFromAccount_ForUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
|
account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "", false)
|
||||||
account.Users[mockServiceUserID] = &types.User{
|
account.Users[mockServiceUserID] = &types.User{
|
||||||
Id: mockServiceUserID,
|
Id: mockServiceUserID,
|
||||||
Role: "user",
|
Role: "user",
|
||||||
@ -1499,7 +1499,7 @@ func TestSaveOrAddUser_PreventAccountSwitch(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account1 := newAccountWithId(context.Background(), "account1", "ownerAccount1", "")
|
account1 := newAccountWithId(context.Background(), "account1", "ownerAccount1", "", false)
|
||||||
targetId := "user2"
|
targetId := "user2"
|
||||||
account1.Users[targetId] = &types.User{
|
account1.Users[targetId] = &types.User{
|
||||||
Id: targetId,
|
Id: targetId,
|
||||||
@ -1508,7 +1508,7 @@ func TestSaveOrAddUser_PreventAccountSwitch(t *testing.T) {
|
|||||||
}
|
}
|
||||||
require.NoError(t, s.SaveAccount(context.Background(), account1))
|
require.NoError(t, s.SaveAccount(context.Background(), account1))
|
||||||
|
|
||||||
account2 := newAccountWithId(context.Background(), "account2", "ownerAccount2", "")
|
account2 := newAccountWithId(context.Background(), "account2", "ownerAccount2", "", false)
|
||||||
require.NoError(t, s.SaveAccount(context.Background(), account2))
|
require.NoError(t, s.SaveAccount(context.Background(), account2))
|
||||||
|
|
||||||
permissionsManager := permissions.NewManager(s)
|
permissionsManager := permissions.NewManager(s)
|
||||||
@ -1535,7 +1535,7 @@ func TestDefaultAccountManager_GetCurrentUserInfo(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Cleanup(cleanup)
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
account1 := newAccountWithId(context.Background(), "account1", "account1Owner", "")
|
account1 := newAccountWithId(context.Background(), "account1", "account1Owner", "", false)
|
||||||
account1.Settings.RegularUsersViewBlocked = false
|
account1.Settings.RegularUsersViewBlocked = false
|
||||||
account1.Users["blocked-user"] = &types.User{
|
account1.Users["blocked-user"] = &types.User{
|
||||||
Id: "blocked-user",
|
Id: "blocked-user",
|
||||||
@ -1557,7 +1557,7 @@ func TestDefaultAccountManager_GetCurrentUserInfo(t *testing.T) {
|
|||||||
}
|
}
|
||||||
require.NoError(t, store.SaveAccount(context.Background(), account1))
|
require.NoError(t, store.SaveAccount(context.Background(), account1))
|
||||||
|
|
||||||
account2 := newAccountWithId(context.Background(), "account2", "account2Owner", "")
|
account2 := newAccountWithId(context.Background(), "account2", "account2Owner", "", false)
|
||||||
account2.Users["settings-blocked-user"] = &types.User{
|
account2.Users["settings-blocked-user"] = &types.User{
|
||||||
Id: "settings-blocked-user",
|
Id: "settings-blocked-user",
|
||||||
Role: types.UserRoleUser,
|
Role: types.UserRoleUser,
|
||||||
|
|||||||
Reference in New Issue
Block a user