Enable deletion of integration resources (#1294)

* Enforce admin service user role for integration group deletion Added a check to prevent non-admin service users from deleting integration groups. * Restrict deletion of integration user to admin service user only * Refactor user and group deletion tests
2026-04-18 08:16:39 +00:00 · 2023-11-07 17:02:51 +03:00
parent 8be6e92563
commit 9f7e13fc87
4 changed files with 26 additions and 8 deletions
--- a/management/server/group_test.go
+++ b/management/server/group_test.go
@@ -1,9 +1,11 @@
 package server

 import (
+	"errors"
 	"testing"

 	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/route"
 )

@@ -55,19 +57,28 @@ func TestDefaultAccountManager_DeleteGroup(t *testing.T) {
 		{
 			"integration",
 			"grp-for-integration",
-			"integration",
+			"only admins service user can delete integration group",
 		},
 	}

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			err = am.DeleteGroup(account.Id, "", testCase.groupID)
+			err = am.DeleteGroup(account.Id, groupAdminUserID, testCase.groupID)
 			if err == nil {
 				t.Errorf("delete %s group successfully", testCase.groupID)
 				return
 			}

-			gErr, ok := err.(*GroupLinkError)
+			var sErr *status.Error
+			if errors.As(err, &sErr) {
+				if sErr.Message != testCase.expectedReason {
+					t.Errorf("invalid error case: %s, expected: %s", sErr.Message, testCase.expectedReason)
+				}
+				return
+			}
+
+			var gErr *GroupLinkError
+			ok := errors.As(err, &gErr)
 			if !ok {
 				t.Error("invalid error type")
 				return