2022-03-22 11:03:15 -04:00
|
|
|
package client
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"testing"
|
|
|
|
|
2022-06-07 08:52:47 -04:00
|
|
|
"github.com/edgelesssys/constellation/internal/gcpshared"
|
2022-03-22 11:03:15 -04:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestCreateServiceAccount(t *testing.T) {
|
|
|
|
require := require.New(t)
|
|
|
|
someErr := errors.New("someErr")
|
2022-06-07 08:52:47 -04:00
|
|
|
key := gcpshared.ServiceAccountKey{
|
2022-03-22 11:03:15 -04:00
|
|
|
Type: "type",
|
|
|
|
ProjectID: "project-id",
|
|
|
|
PrivateKeyID: "private-key-id",
|
|
|
|
PrivateKey: "private-key",
|
|
|
|
ClientEmail: "client-email",
|
|
|
|
ClientID: "client-id",
|
|
|
|
AuthURI: "auth-uri",
|
|
|
|
TokenURI: "token-uri",
|
|
|
|
AuthProviderX509CertURL: "auth-provider-x509-cert-url",
|
|
|
|
ClientX509CertURL: "client-x509-cert-url",
|
|
|
|
}
|
|
|
|
keyData, err := json.Marshal(key)
|
|
|
|
require.NoError(err)
|
|
|
|
|
|
|
|
testCases := map[string]struct {
|
|
|
|
iamAPI iamAPI
|
|
|
|
projectsAPI stubProjectsAPI
|
|
|
|
input ServiceAccountInput
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr bool
|
2022-03-22 11:03:15 -04:00
|
|
|
}{
|
|
|
|
"successful create": {
|
|
|
|
iamAPI: stubIAMAPI{serviceAccountKeyData: keyData},
|
|
|
|
input: ServiceAccountInput{
|
|
|
|
Roles: []string{"someRole"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"successful create with roles": {
|
|
|
|
iamAPI: stubIAMAPI{serviceAccountKeyData: keyData},
|
|
|
|
},
|
|
|
|
"creating account fails": {
|
2022-04-26 10:54:05 -04:00
|
|
|
iamAPI: stubIAMAPI{createErr: someErr},
|
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"creating account key fails": {
|
2022-04-26 10:54:05 -04:00
|
|
|
iamAPI: stubIAMAPI{createKeyErr: someErr},
|
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"key data missing": {
|
2022-04-26 10:54:05 -04:00
|
|
|
iamAPI: stubIAMAPI{},
|
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"key data corrupt": {
|
2022-04-26 10:54:05 -04:00
|
|
|
iamAPI: stubIAMAPI{serviceAccountKeyData: []byte("invalid key data")},
|
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"retrieving iam policy bindings fails": {
|
|
|
|
iamAPI: stubIAMAPI{},
|
|
|
|
projectsAPI: stubProjectsAPI{getPolicyErr: someErr},
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"setting iam policy bindings fails": {
|
|
|
|
iamAPI: stubIAMAPI{},
|
|
|
|
projectsAPI: stubProjectsAPI{setPolicyErr: someErr},
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
client := Client{
|
|
|
|
project: "project",
|
|
|
|
zone: "zone",
|
|
|
|
name: "name",
|
|
|
|
uid: "uid",
|
|
|
|
iamAPI: tc.iamAPI,
|
|
|
|
projectsAPI: tc.projectsAPI,
|
|
|
|
}
|
|
|
|
|
|
|
|
serviceAccountKey, err := client.CreateServiceAccount(ctx, tc.input)
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Error(err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(err)
|
2022-06-07 08:52:47 -04:00
|
|
|
assert.Equal(key.ToCloudServiceAccountURI(), serviceAccountKey)
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Equal("email", client.serviceAccount)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestTerminateServiceAccount(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
2022-04-26 10:54:05 -04:00
|
|
|
iamAPI iamAPI
|
|
|
|
wantErr bool
|
2022-03-22 11:03:15 -04:00
|
|
|
}{
|
|
|
|
"delete works": {
|
|
|
|
iamAPI: stubIAMAPI{},
|
|
|
|
},
|
|
|
|
"delete fails": {
|
|
|
|
iamAPI: stubIAMAPI{
|
|
|
|
deleteServiceAccountErr: errors.New("someErr"),
|
|
|
|
},
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
client := Client{
|
|
|
|
project: "project",
|
|
|
|
zone: "zone",
|
|
|
|
name: "name",
|
|
|
|
uid: "uid",
|
|
|
|
serviceAccount: "service-account",
|
|
|
|
iamAPI: tc.iamAPI,
|
|
|
|
}
|
|
|
|
|
|
|
|
err := client.TerminateServiceAccount(ctx)
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Error(err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|