mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-16 07:16:38 +00:00
f53155562f
* implement reverse proxy --------- Co-authored-by: Alisdair MacLeod <git@alisdairmacleod.co.uk> Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> Co-authored-by: Eduard Gert <kontakt@eduardgert.de> Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Diego Noguês <diego.sure@gmail.com> Co-authored-by: Diego Noguês <49420+diegocn@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Ashley Mensah <ashleyamo982@gmail.com>
449 lines
15 KiB
Go
449 lines
15 KiB
Go
package resources
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
|
|
"github.com/netbirdio/netbird/management/server/groups"
|
|
"github.com/netbirdio/netbird/management/server/mock_server"
|
|
"github.com/netbirdio/netbird/management/server/networks/resources/types"
|
|
"github.com/netbirdio/netbird/management/server/permissions"
|
|
"github.com/netbirdio/netbird/management/server/store"
|
|
"github.com/netbirdio/netbird/shared/management/status"
|
|
)
|
|
|
|
func Test_GetAllResourcesInNetworkReturnsResources(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resources, err := manager.GetAllResourcesInNetwork(ctx, accountID, userID, networkID)
|
|
require.NoError(t, err)
|
|
require.Len(t, resources, 2)
|
|
}
|
|
|
|
func Test_GetAllResourcesInNetworkReturnsPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testUserId"
|
|
networkID := "testNetworkId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resources, err := manager.GetAllResourcesInNetwork(ctx, accountID, userID, networkID)
|
|
require.Error(t, err)
|
|
require.Equal(t, status.NewPermissionDeniedError(), err)
|
|
require.Nil(t, resources)
|
|
}
|
|
func Test_GetAllResourcesInAccountReturnsResources(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resources, err := manager.GetAllResourcesInAccount(ctx, accountID, userID)
|
|
require.NoError(t, err)
|
|
require.Len(t, resources, 2)
|
|
}
|
|
|
|
func Test_GetAllResourcesInAccountReturnsPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testUserId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resources, err := manager.GetAllResourcesInAccount(ctx, accountID, userID)
|
|
require.Error(t, err)
|
|
require.Equal(t, status.NewPermissionDeniedError(), err)
|
|
require.Nil(t, resources)
|
|
}
|
|
|
|
func Test_GetResourceInNetworkReturnsResources(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resource, err := manager.GetResource(ctx, accountID, userID, networkID, resourceID)
|
|
require.NoError(t, err)
|
|
require.Equal(t, resourceID, resource.ID)
|
|
}
|
|
|
|
func Test_GetResourceInNetworkReturnsPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testUserId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
resources, err := manager.GetResource(ctx, accountID, userID, networkID, resourceID)
|
|
require.Error(t, err)
|
|
require.Equal(t, status.NewPermissionDeniedError(), err)
|
|
require.Nil(t, resources)
|
|
}
|
|
|
|
func Test_CreateResourceSuccessfully(t *testing.T) {
|
|
ctx := context.Background()
|
|
userID := "testAdminId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: "testAccountId",
|
|
NetworkID: "testNetworkId",
|
|
Name: "newResourceId",
|
|
Description: "description",
|
|
Address: "192.168.1.1",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
reverseProxyManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), resource.AccountID).Return(nil).AnyTimes()
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
createdResource, err := manager.CreateResource(ctx, userID, resource)
|
|
require.NoError(t, err)
|
|
require.Equal(t, resource.Name, createdResource.Name)
|
|
}
|
|
|
|
func Test_CreateResourceFailsWithPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
userID := "testUserId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: "testAccountId",
|
|
NetworkID: "testNetworkId",
|
|
Name: "testResourceId",
|
|
Description: "description",
|
|
Address: "192.168.1.1",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
createdResource, err := manager.CreateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Equal(t, status.NewPermissionDeniedError(), err)
|
|
require.Nil(t, createdResource)
|
|
}
|
|
|
|
func Test_CreateResourceFailsWithInvalidAddress(t *testing.T) {
|
|
ctx := context.Background()
|
|
userID := "testAdminId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: "testAccountId",
|
|
NetworkID: "testNetworkId",
|
|
Name: "testResourceId",
|
|
Description: "description",
|
|
Address: "-invalid",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
createdResource, err := manager.CreateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Nil(t, createdResource)
|
|
}
|
|
|
|
func Test_CreateResourceFailsWithUsedName(t *testing.T) {
|
|
ctx := context.Background()
|
|
userID := "testAdminId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: "testAccountId",
|
|
NetworkID: "testNetworkId",
|
|
Name: "used-name",
|
|
Description: "description",
|
|
Address: "example.com",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
createdResource, err := manager.CreateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Nil(t, createdResource)
|
|
}
|
|
|
|
func Test_UpdateResourceSuccessfully(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: accountID,
|
|
NetworkID: networkID,
|
|
Name: "someNewName",
|
|
ID: resourceID,
|
|
Description: "new-description",
|
|
Address: "1.2.3.0/24",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
reverseProxyManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), accountID).Return(nil).AnyTimes()
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
updatedResource, err := manager.UpdateResource(ctx, userID, resource)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, updatedResource)
|
|
require.Equal(t, "new-description", updatedResource.Description)
|
|
require.Equal(t, "1.2.3.0/24", updatedResource.Address)
|
|
require.Equal(t, types.NetworkResourceType("subnet"), updatedResource.Type)
|
|
}
|
|
|
|
func Test_UpdateResourceFailsWithResourceNotFound(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "otherResourceId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: accountID,
|
|
NetworkID: networkID,
|
|
Name: resourceID,
|
|
Description: "new-description",
|
|
Address: "1.2.3.0/24",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
updatedResource, err := manager.UpdateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Nil(t, updatedResource)
|
|
}
|
|
|
|
func Test_UpdateResourceFailsWithNameInUse(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: accountID,
|
|
NetworkID: networkID,
|
|
ID: resourceID,
|
|
Name: "used-name",
|
|
Description: "new-description",
|
|
Address: "1.2.3.0/24",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
updatedResource, err := manager.UpdateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Nil(t, updatedResource)
|
|
}
|
|
|
|
func Test_UpdateResourceFailsWithPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testUserId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
resource := &types.NetworkResource{
|
|
AccountID: accountID,
|
|
NetworkID: networkID,
|
|
Name: resourceID,
|
|
Description: "new-description",
|
|
Address: "1.2.3.0/24",
|
|
}
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
updatedResource, err := manager.UpdateResource(ctx, userID, resource)
|
|
require.Error(t, err)
|
|
require.Nil(t, updatedResource)
|
|
}
|
|
|
|
func Test_DeleteResourceSuccessfully(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testAdminId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
reverseProxyManager.EXPECT().GetServiceIDByTargetID(gomock.Any(), accountID, resourceID).Return("", nil).AnyTimes()
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
err = manager.DeleteResource(ctx, accountID, userID, networkID, resourceID)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func Test_DeleteResourceFailsWithPermissionDenied(t *testing.T) {
|
|
ctx := context.Background()
|
|
accountID := "testAccountId"
|
|
userID := "testUserId"
|
|
networkID := "testNetworkId"
|
|
resourceID := "testResourceId"
|
|
|
|
store, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Cleanup(cleanUp)
|
|
permissionsManager := permissions.NewManager(store)
|
|
am := mock_server.MockAccountManager{}
|
|
groupsManager := groups.NewManagerMock()
|
|
ctrl := gomock.NewController(t)
|
|
reverseProxyManager := reverseproxy.NewMockManager(ctrl)
|
|
manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
|
|
|
|
err = manager.DeleteResource(ctx, accountID, userID, networkID, resourceID)
|
|
require.Error(t, err)
|
|
}
|