mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-24 17:13:30 +01:00
d7efea74b6
This PR adds support to Owner roles. The owner role has a similar access level as the admin, but it has the power to delete the account. Besides that, the role has the following constraints: - The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user - It can't be assigned to users being invited - It can't be assigned to service users
195 lines
4.4 KiB
Go
195 lines
4.4 KiB
Go
package server
|
|
|
|
import (
|
|
"errors"
|
|
"testing"
|
|
|
|
nbdns "github.com/netbirdio/netbird/dns"
|
|
"github.com/netbirdio/netbird/management/server/status"
|
|
"github.com/netbirdio/netbird/route"
|
|
)
|
|
|
|
const (
|
|
groupAdminUserID = "testingAdminUser"
|
|
)
|
|
|
|
func TestDefaultAccountManager_DeleteGroup(t *testing.T) {
|
|
am, err := createManager(t)
|
|
if err != nil {
|
|
t.Error("failed to create account manager")
|
|
}
|
|
|
|
account, err := initTestGroupAccount(am)
|
|
if err != nil {
|
|
t.Error("failed to init testing account")
|
|
}
|
|
|
|
testCases := []struct {
|
|
name string
|
|
groupID string
|
|
expectedReason string
|
|
}{
|
|
{
|
|
"route",
|
|
"grp-for-route",
|
|
"route",
|
|
},
|
|
{
|
|
"name server groups",
|
|
"grp-for-name-server-grp",
|
|
"name server groups",
|
|
},
|
|
{
|
|
"policy",
|
|
"grp-for-policies",
|
|
"policy",
|
|
},
|
|
{
|
|
"setup keys",
|
|
"grp-for-keys",
|
|
"setup key",
|
|
},
|
|
{
|
|
"users",
|
|
"grp-for-users",
|
|
"user",
|
|
},
|
|
{
|
|
"integration",
|
|
"grp-for-integration",
|
|
"only service users with admin power can delete integration group",
|
|
},
|
|
}
|
|
|
|
for _, testCase := range testCases {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
err = am.DeleteGroup(account.Id, groupAdminUserID, testCase.groupID)
|
|
if err == nil {
|
|
t.Errorf("delete %s group successfully", testCase.groupID)
|
|
return
|
|
}
|
|
|
|
var sErr *status.Error
|
|
if errors.As(err, &sErr) {
|
|
if sErr.Message != testCase.expectedReason {
|
|
t.Errorf("invalid error case: %s, expected: %s", sErr.Message, testCase.expectedReason)
|
|
}
|
|
return
|
|
}
|
|
|
|
var gErr *GroupLinkError
|
|
ok := errors.As(err, &gErr)
|
|
if !ok {
|
|
t.Error("invalid error type")
|
|
return
|
|
}
|
|
if gErr.Resource != testCase.expectedReason {
|
|
t.Errorf("invalid error case: %s, expected: %s", gErr.Resource, testCase.expectedReason)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func initTestGroupAccount(am *DefaultAccountManager) (*Account, error) {
|
|
accountID := "testingAcc"
|
|
domain := "example.com"
|
|
|
|
groupForRoute := &Group{
|
|
ID: "grp-for-route",
|
|
AccountID: "account-id",
|
|
Name: "Group for route",
|
|
Issued: GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForNameServerGroups := &Group{
|
|
ID: "grp-for-name-server-grp",
|
|
AccountID: "account-id",
|
|
Name: "Group for name server groups",
|
|
Issued: GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForPolicies := &Group{
|
|
ID: "grp-for-policies",
|
|
AccountID: "account-id",
|
|
Name: "Group for policies",
|
|
Issued: GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForSetupKeys := &Group{
|
|
ID: "grp-for-keys",
|
|
AccountID: "account-id",
|
|
Name: "Group for setup keys",
|
|
Issued: GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForUsers := &Group{
|
|
ID: "grp-for-users",
|
|
AccountID: "account-id",
|
|
Name: "Group for users",
|
|
Issued: GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForIntegration := &Group{
|
|
ID: "grp-for-integration",
|
|
AccountID: "account-id",
|
|
Name: "Group for users",
|
|
Issued: GroupIssuedIntegration,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
routeResource := &route.Route{
|
|
ID: "example route",
|
|
Groups: []string{groupForRoute.ID},
|
|
}
|
|
|
|
nameServerGroup := &nbdns.NameServerGroup{
|
|
ID: "example name server group",
|
|
Groups: []string{groupForNameServerGroups.ID},
|
|
}
|
|
|
|
policy := &Policy{
|
|
ID: "example policy",
|
|
Rules: []*PolicyRule{
|
|
{
|
|
ID: "example policy rule",
|
|
Destinations: []string{groupForPolicies.ID},
|
|
},
|
|
},
|
|
}
|
|
|
|
setupKey := &SetupKey{
|
|
Id: "example setup key",
|
|
AutoGroups: []string{groupForSetupKeys.ID},
|
|
}
|
|
|
|
user := &User{
|
|
Id: "example user",
|
|
AutoGroups: []string{groupForUsers.ID},
|
|
}
|
|
account := newAccountWithId(accountID, groupAdminUserID, domain)
|
|
account.Routes[routeResource.ID] = routeResource
|
|
account.NameServerGroups[nameServerGroup.ID] = nameServerGroup
|
|
account.Policies = append(account.Policies, policy)
|
|
account.SetupKeys[setupKey.Id] = setupKey
|
|
account.Users[user.Id] = user
|
|
|
|
err := am.Store.SaveAccount(account)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForRoute)
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForNameServerGroups)
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForPolicies)
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForSetupKeys)
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForUsers)
|
|
_ = am.SaveGroup(accountID, groupAdminUserID, groupForIntegration)
|
|
|
|
return am.Store.GetAccount(account.Id)
|
|
}
|