mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-24 00:54:01 +01:00
0911163146
* Refactor user deletion logic and introduce batch delete * Prevent self-deletion for users * Add delete multiple groups * Refactor group deletion with validation * Fix tests * Add bulk delete functions for Users and Groups in account manager interface and mocks * Add tests for DeleteGroups method in group management * Add tests for DeleteUsers method in users management
387 lines
11 KiB
Go
387 lines
11 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"testing"
|
|
|
|
nbdns "github.com/netbirdio/netbird/dns"
|
|
nbgroup "github.com/netbirdio/netbird/management/server/group"
|
|
"github.com/netbirdio/netbird/management/server/status"
|
|
"github.com/netbirdio/netbird/route"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
const (
|
|
groupAdminUserID = "testingAdminUser"
|
|
)
|
|
|
|
func TestDefaultAccountManager_CreateGroup(t *testing.T) {
|
|
am, err := createManager(t)
|
|
if err != nil {
|
|
t.Error("failed to create account manager")
|
|
}
|
|
|
|
_, account, err := initTestGroupAccount(am)
|
|
if err != nil {
|
|
t.Error("failed to init testing account")
|
|
}
|
|
for _, group := range account.Groups {
|
|
group.Issued = nbgroup.GroupIssuedIntegration
|
|
err = am.SaveGroup(context.Background(), account.Id, groupAdminUserID, group)
|
|
if err != nil {
|
|
t.Errorf("should allow to create %s groups", nbgroup.GroupIssuedIntegration)
|
|
}
|
|
}
|
|
|
|
for _, group := range account.Groups {
|
|
group.Issued = nbgroup.GroupIssuedJWT
|
|
err = am.SaveGroup(context.Background(), account.Id, groupAdminUserID, group)
|
|
if err != nil {
|
|
t.Errorf("should allow to create %s groups", nbgroup.GroupIssuedJWT)
|
|
}
|
|
}
|
|
for _, group := range account.Groups {
|
|
group.Issued = nbgroup.GroupIssuedAPI
|
|
group.ID = ""
|
|
err = am.SaveGroup(context.Background(), account.Id, groupAdminUserID, group)
|
|
if err == nil {
|
|
t.Errorf("should not create api group with the same name, %s", group.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestDefaultAccountManager_DeleteGroup(t *testing.T) {
|
|
am, err := createManager(t)
|
|
if err != nil {
|
|
t.Error("failed to create account manager")
|
|
}
|
|
|
|
_, account, err := initTestGroupAccount(am)
|
|
if err != nil {
|
|
t.Error("failed to init testing account")
|
|
}
|
|
|
|
testCases := []struct {
|
|
name string
|
|
groupID string
|
|
expectedReason string
|
|
}{
|
|
{
|
|
"route",
|
|
"grp-for-route",
|
|
"route",
|
|
},
|
|
{
|
|
"route with peer groups",
|
|
"grp-for-route2",
|
|
"route",
|
|
},
|
|
{
|
|
"name server groups",
|
|
"grp-for-name-server-grp",
|
|
"name server groups",
|
|
},
|
|
{
|
|
"policy",
|
|
"grp-for-policies",
|
|
"policy",
|
|
},
|
|
{
|
|
"setup keys",
|
|
"grp-for-keys",
|
|
"setup key",
|
|
},
|
|
{
|
|
"users",
|
|
"grp-for-users",
|
|
"user",
|
|
},
|
|
{
|
|
"integration",
|
|
"grp-for-integration",
|
|
"only service users with admin power can delete integration group",
|
|
},
|
|
}
|
|
|
|
for _, testCase := range testCases {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
err = am.DeleteGroup(context.Background(), account.Id, groupAdminUserID, testCase.groupID)
|
|
if err == nil {
|
|
t.Errorf("delete %s group successfully", testCase.groupID)
|
|
return
|
|
}
|
|
|
|
var sErr *status.Error
|
|
if errors.As(err, &sErr) {
|
|
if sErr.Message != testCase.expectedReason {
|
|
t.Errorf("invalid error case: %s, expected: %s", sErr.Message, testCase.expectedReason)
|
|
}
|
|
return
|
|
}
|
|
|
|
var gErr *GroupLinkError
|
|
ok := errors.As(err, &gErr)
|
|
if !ok {
|
|
t.Error("invalid error type")
|
|
return
|
|
}
|
|
if gErr.Resource != testCase.expectedReason {
|
|
t.Errorf("invalid error case: %s, expected: %s", gErr.Resource, testCase.expectedReason)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestDefaultAccountManager_DeleteGroups(t *testing.T) {
|
|
am, err := createManager(t)
|
|
assert.NoError(t, err, "Failed to create account manager")
|
|
|
|
manager, account, err := initTestGroupAccount(am)
|
|
assert.NoError(t, err, "Failed to init testing account")
|
|
|
|
groups := make([]*nbgroup.Group, 10)
|
|
for i := 0; i < 10; i++ {
|
|
groups[i] = &nbgroup.Group{
|
|
ID: fmt.Sprintf("group-%d", i+1),
|
|
AccountID: account.Id,
|
|
Name: fmt.Sprintf("group-%d", i+1),
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
}
|
|
}
|
|
|
|
err = manager.SaveGroups(context.Background(), account.Id, groupAdminUserID, groups)
|
|
assert.NoError(t, err, "Failed to save test groups")
|
|
|
|
testCases := []struct {
|
|
name string
|
|
groupIDs []string
|
|
expectedReasons []string
|
|
expectedDeleted []string
|
|
expectedNotDeleted []string
|
|
}{
|
|
{
|
|
name: "route",
|
|
groupIDs: []string{"grp-for-route"},
|
|
expectedReasons: []string{"route"},
|
|
},
|
|
{
|
|
name: "route with peer groups",
|
|
groupIDs: []string{"grp-for-route2"},
|
|
expectedReasons: []string{"route"},
|
|
},
|
|
{
|
|
name: "name server groups",
|
|
groupIDs: []string{"grp-for-name-server-grp"},
|
|
expectedReasons: []string{"name server groups"},
|
|
},
|
|
{
|
|
name: "policy",
|
|
groupIDs: []string{"grp-for-policies"},
|
|
expectedReasons: []string{"policy"},
|
|
},
|
|
{
|
|
name: "setup keys",
|
|
groupIDs: []string{"grp-for-keys"},
|
|
expectedReasons: []string{"setup key"},
|
|
},
|
|
{
|
|
name: "users",
|
|
groupIDs: []string{"grp-for-users"},
|
|
expectedReasons: []string{"user"},
|
|
},
|
|
{
|
|
name: "integration",
|
|
groupIDs: []string{"grp-for-integration"},
|
|
expectedReasons: []string{"only service users with admin power can delete integration group"},
|
|
},
|
|
{
|
|
name: "successfully delete multiple groups",
|
|
groupIDs: []string{"group-1", "group-2"},
|
|
expectedDeleted: []string{"group-1", "group-2"},
|
|
},
|
|
{
|
|
name: "delete non-existent group",
|
|
groupIDs: []string{"non-existent-group"},
|
|
expectedDeleted: []string{"non-existent-group"},
|
|
},
|
|
{
|
|
name: "delete multiple groups with mixed results",
|
|
groupIDs: []string{"group-3", "grp-for-policies", "group-4", "grp-for-users"},
|
|
expectedReasons: []string{"policy", "user"},
|
|
expectedDeleted: []string{"group-3", "group-4"},
|
|
expectedNotDeleted: []string{"grp-for-policies", "grp-for-users"},
|
|
},
|
|
{
|
|
name: "delete groups with multiple errors",
|
|
groupIDs: []string{"grp-for-policies", "grp-for-users"},
|
|
expectedReasons: []string{"policy", "user"},
|
|
expectedNotDeleted: []string{"grp-for-policies", "grp-for-users"},
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
err = am.DeleteGroups(context.Background(), account.Id, groupAdminUserID, tc.groupIDs)
|
|
if len(tc.expectedReasons) > 0 {
|
|
assert.Error(t, err)
|
|
var foundExpectedErrors int
|
|
|
|
wrappedErr, ok := err.(interface{ Unwrap() []error })
|
|
assert.Equal(t, ok, true)
|
|
|
|
for _, e := range wrappedErr.Unwrap() {
|
|
var sErr *status.Error
|
|
if errors.As(e, &sErr) {
|
|
assert.Contains(t, tc.expectedReasons, sErr.Message, "unexpected error message")
|
|
foundExpectedErrors++
|
|
}
|
|
|
|
var gErr *GroupLinkError
|
|
if errors.As(e, &gErr) {
|
|
assert.Contains(t, tc.expectedReasons, gErr.Resource, "unexpected error resource")
|
|
foundExpectedErrors++
|
|
}
|
|
}
|
|
assert.Equal(t, len(tc.expectedReasons), foundExpectedErrors, "not all expected errors were found")
|
|
} else {
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
for _, groupID := range tc.expectedDeleted {
|
|
_, err := am.GetGroup(context.Background(), account.Id, groupID, groupAdminUserID)
|
|
assert.Error(t, err, "group should have been deleted: %s", groupID)
|
|
}
|
|
|
|
for _, groupID := range tc.expectedNotDeleted {
|
|
group, err := am.GetGroup(context.Background(), account.Id, groupID, groupAdminUserID)
|
|
assert.NoError(t, err, "group should not have been deleted: %s", groupID)
|
|
assert.NotNil(t, group, "group should exist: %s", groupID)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func initTestGroupAccount(am *DefaultAccountManager) (*DefaultAccountManager, *Account, error) {
|
|
accountID := "testingAcc"
|
|
domain := "example.com"
|
|
|
|
groupForRoute := &nbgroup.Group{
|
|
ID: "grp-for-route",
|
|
AccountID: "account-id",
|
|
Name: "Group for route",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForRoute2 := &nbgroup.Group{
|
|
ID: "grp-for-route2",
|
|
AccountID: "account-id",
|
|
Name: "Group for route",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForNameServerGroups := &nbgroup.Group{
|
|
ID: "grp-for-name-server-grp",
|
|
AccountID: "account-id",
|
|
Name: "Group for name server groups",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForPolicies := &nbgroup.Group{
|
|
ID: "grp-for-policies",
|
|
AccountID: "account-id",
|
|
Name: "Group for policies",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForSetupKeys := &nbgroup.Group{
|
|
ID: "grp-for-keys",
|
|
AccountID: "account-id",
|
|
Name: "Group for setup keys",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForUsers := &nbgroup.Group{
|
|
ID: "grp-for-users",
|
|
AccountID: "account-id",
|
|
Name: "Group for users",
|
|
Issued: nbgroup.GroupIssuedAPI,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
groupForIntegration := &nbgroup.Group{
|
|
ID: "grp-for-integration",
|
|
AccountID: "account-id",
|
|
Name: "Group for users integration",
|
|
Issued: nbgroup.GroupIssuedIntegration,
|
|
Peers: make([]string, 0),
|
|
}
|
|
|
|
routeResource := &route.Route{
|
|
ID: "example route",
|
|
Groups: []string{groupForRoute.ID},
|
|
}
|
|
|
|
routePeerGroupResource := &route.Route{
|
|
ID: "example route with peer groups",
|
|
PeerGroups: []string{groupForRoute2.ID},
|
|
}
|
|
|
|
nameServerGroup := &nbdns.NameServerGroup{
|
|
ID: "example name server group",
|
|
Groups: []string{groupForNameServerGroups.ID},
|
|
}
|
|
|
|
policy := &Policy{
|
|
ID: "example policy",
|
|
Rules: []*PolicyRule{
|
|
{
|
|
ID: "example policy rule",
|
|
Destinations: []string{groupForPolicies.ID},
|
|
},
|
|
},
|
|
}
|
|
|
|
setupKey := &SetupKey{
|
|
Id: "example setup key",
|
|
AutoGroups: []string{groupForSetupKeys.ID},
|
|
}
|
|
|
|
user := &User{
|
|
Id: "example user",
|
|
AutoGroups: []string{groupForUsers.ID},
|
|
}
|
|
account := newAccountWithId(context.Background(), accountID, groupAdminUserID, domain)
|
|
account.Routes[routeResource.ID] = routeResource
|
|
account.Routes[routePeerGroupResource.ID] = routePeerGroupResource
|
|
account.NameServerGroups[nameServerGroup.ID] = nameServerGroup
|
|
account.Policies = append(account.Policies, policy)
|
|
account.SetupKeys[setupKey.Id] = setupKey
|
|
account.Users[user.Id] = user
|
|
|
|
err := am.Store.SaveAccount(context.Background(), account)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForRoute)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForRoute2)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForNameServerGroups)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForPolicies)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForSetupKeys)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForUsers)
|
|
_ = am.SaveGroup(context.Background(), accountID, groupAdminUserID, groupForIntegration)
|
|
|
|
acc, err := am.Store.GetAccount(context.Background(), account.Id)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return am, acc, nil
|
|
}
|