constellation/cli/internal/gcp/client/project_test.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package client

import (
	"context"
	"errors"
	"testing"

	"github.com/stretchr/testify/assert"
	iampb "google.golang.org/genproto/googleapis/iam/v1"
	"google.golang.org/protobuf/proto"
)

func TestAddIAMPolicyBindings(t *testing.T) {
	someErr := errors.New("someErr")

	testCases := map[string]struct {
		projectsAPI stubProjectsAPI
		input       AddIAMPolicyBindingInput
		wantErr     bool
	}{
		"successful set without new bindings": {
			input: AddIAMPolicyBindingInput{
				Bindings: []PolicyBinding{},
			},
		},
		"successful set with bindings": {
			input: AddIAMPolicyBindingInput{
				Bindings: []PolicyBinding{
					{
						ServiceAccount: "service-account",
						Role:           "role",
					},
				},
			},
		},
		"retrieving iam policy fails": {
			projectsAPI: stubProjectsAPI{
				getPolicyErr: someErr,
			},
			wantErr: true,
		},
		"setting iam policy fails": {
			projectsAPI: stubProjectsAPI{
				setPolicyErr: someErr,
			},
			wantErr: true,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)

			ctx := context.Background()
			client := Client{
				project:     "project",
				zone:        "zone",
				name:        "name",
				uid:         "uid",
				projectsAPI: tc.projectsAPI,
			}

			err := client.addIAMPolicyBindings(ctx, tc.input)
			if tc.wantErr {
				assert.Error(err)
			} else {
				assert.NoError(err)
			}
		})
	}
}

func TestAddIAMPolicy(t *testing.T) {
	testCases := map[string]struct {
		binding    PolicyBinding
		policy     *iampb.Policy
		wantErr    bool
		wantPolicy *iampb.Policy
	}{
		"successful on empty policy": {
			binding: PolicyBinding{
				ServiceAccount: "service-account",
				Role:           "role",
			},
			policy: &iampb.Policy{
				Bindings: []*iampb.Binding{},
			},
			wantPolicy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "role",
						Members: []string{"serviceAccount:service-account"},
					},
				},
			},
		},
		"successful on existing policy with different role": {
			binding: PolicyBinding{
				ServiceAccount: "service-account",
				Role:           "role",
			},
			policy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "other-role",
						Members: []string{"other-member"},
					},
				},
			},
			wantPolicy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "other-role",
						Members: []string{"other-member"},
					},
					{
						Role:    "role",
						Members: []string{"serviceAccount:service-account"},
					},
				},
			},
		},
		"successful on existing policy with existing role": {
			binding: PolicyBinding{
				ServiceAccount: "service-account",
				Role:           "role",
			},
			policy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "role",
						Members: []string{"other-member"},
					},
				},
			},
			wantPolicy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "role",
						Members: []string{"other-member", "serviceAccount:service-account"},
					},
				},
			},
		},
		"already a member": {
			binding: PolicyBinding{
				ServiceAccount: "service-account",
				Role:           "role",
			},
			policy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "role",
						Members: []string{"serviceAccount:service-account"},
					},
				},
			},
			wantPolicy: &iampb.Policy{
				Bindings: []*iampb.Binding{
					{
						Role:    "role",
						Members: []string{"serviceAccount:service-account"},
					},
				},
			},
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)

			addIAMPolicy(tc.policy, tc.binding)
			assert.True(proto.Equal(tc.wantPolicy, tc.policy))
		})
	}
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`package client`

			`import (`
			`"context"`
			`"errors"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`iampb "google.golang.org/genproto/googleapis/iam/v1"`
			`"google.golang.org/protobuf/proto"`
			`)`

			`func TestAddIAMPolicyBindings(t *testing.T) {`
			`someErr := errors.New("someErr")`

			`testCases := map[string]struct {`
			`projectsAPI stubProjectsAPI`
			`input AddIAMPolicyBindingInput`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr bool`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`}{`
			`"successful set without new bindings": {`
			`input: AddIAMPolicyBindingInput{`
			`Bindings: []PolicyBinding{},`
			`},`
			`},`
			`"successful set with bindings": {`
			`input: AddIAMPolicyBindingInput{`
			`Bindings: []PolicyBinding{`
			`{`
			`ServiceAccount: "service-account",`
			`Role: "role",`
			`},`
			`},`
			`},`
			`},`
			`"retrieving iam policy fails": {`
			`projectsAPI: stubProjectsAPI{`
			`getPolicyErr: someErr,`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr: true,`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`},`
			`"setting iam policy fails": {`
			`projectsAPI: stubProjectsAPI{`
			`setPolicyErr: someErr,`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr: true,`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`

			`ctx := context.Background()`
			`client := Client{`
			`project: "project",`
			`zone: "zone",`
			`name: "name",`
			`uid: "uid",`
			`projectsAPI: tc.projectsAPI,`
			`}`

			`err := client.addIAMPolicyBindings(ctx, tc.input)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`if tc.wantErr {`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`assert.Error(err)`
			`} else {`
			`assert.NoError(err)`
			`}`
			`})`
			`}`
			`}`

			`func TestAddIAMPolicy(t *testing.T) {`
			`testCases := map[string]struct {`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`binding PolicyBinding`
			`policy *iampb.Policy`
			`wantErr bool`
			`wantPolicy *iampb.Policy`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`}{`
			`"successful on empty policy": {`
			`binding: PolicyBinding{`
			`ServiceAccount: "service-account",`
			`Role: "role",`
			`},`
			`policy: &iampb.Policy{`
			`Bindings: []*iampb.Binding{},`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantPolicy: &iampb.Policy{`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "role",`
			`Members: []string{"serviceAccount:service-account"},`
			`},`
			`},`
			`},`
			`},`
			`"successful on existing policy with different role": {`
			`binding: PolicyBinding{`
			`ServiceAccount: "service-account",`
			`Role: "role",`
			`},`
			`policy: &iampb.Policy{`
			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "other-role",`
			`Members: []string{"other-member"},`
			`},`
			`},`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantPolicy: &iampb.Policy{`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "other-role",`
			`Members: []string{"other-member"},`
			`},`
			`{`
			`Role: "role",`
			`Members: []string{"serviceAccount:service-account"},`
			`},`
			`},`
			`},`
			`},`
			`"successful on existing policy with existing role": {`
			`binding: PolicyBinding{`
			`ServiceAccount: "service-account",`
			`Role: "role",`
			`},`
			`policy: &iampb.Policy{`
			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "role",`
			`Members: []string{"other-member"},`
			`},`
			`},`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantPolicy: &iampb.Policy{`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "role",`
			`Members: []string{"other-member", "serviceAccount:service-account"},`
			`},`
			`},`
			`},`
			`},`
			`"already a member": {`
			`binding: PolicyBinding{`
			`ServiceAccount: "service-account",`
			`Role: "role",`
			`},`
			`policy: &iampb.Policy{`
			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "role",`
			`Members: []string{"serviceAccount:service-account"},`
			`},`
			`},`
			`},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantPolicy: &iampb.Policy{`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`Bindings: []*iampb.Binding{`
			`{`
			`Role: "role",`
			`Members: []string{"serviceAccount:service-account"},`
			`},`
			`},`
			`},`
			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`

			`addIAMPolicy(tc.policy, tc.binding)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`assert.True(proto.Equal(tc.wantPolicy, tc.policy))`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`})`
			`}`
			`}`