rgw/admin: Tests for the subuser API calls

Some unit tests for the validation and integration tests. Signed-off-by: Sebastian Riese <[email protected]>
ceph · Mar 17, 2022 · fac2574 · fac2574
1 parent 425a77b
commit fac2574
Show file tree

Hide file tree

Showing 2 changed files with 120 additions and 2 deletions.
diff --git a/rgw/admin/subuser_test.go b/rgw/admin/subuser_test.go
@@ -0,0 +1,72 @@
+package admin
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateSubuserAccess(t *testing.T) {
+	assert.True(t, SubuserSpec{Access: SubuserAccessNone}.validateSubuserAccess())
+	assert.True(t, SubuserSpec{Access: SubuserAccessRead}.validateSubuserAccess())
+	assert.True(t, SubuserSpec{Access: SubuserAccessWrite}.validateSubuserAccess())
+	assert.True(t, SubuserSpec{Access: SubuserAccessReadWrite}.validateSubuserAccess())
+	assert.True(t, SubuserSpec{Access: SubuserAccessFull}.validateSubuserAccess())
+	assert.False(t, SubuserSpec{Access: SubuserAccessReplyFull}.validateSubuserAccess())
+	assert.False(t, SubuserSpec{Access: SubuserAccess("bar")}.validateSubuserAccess())
+}
+
+func TestCreateSubuserMockAPI(t *testing.T) {
+	t.Run("test create subuser validation: neither is set", func(t *testing.T) {
+		api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser())
+		assert.NoError(t, err)
+		err = api.CreateSubuser(context.TODO(), User{}, SubuserSpec{})
+		assert.Equal(t, err, errMissingUserID)
+	})
+	t.Run("test create subuser validation: no user ID", func(t *testing.T) {
+		api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser())
+		assert.NoError(t, err)
+		err = api.CreateSubuser(context.TODO(), User{}, SubuserSpec{Name: "foo"})
+		assert.Equal(t, err, errMissingUserID)
+	})
+	t.Run("test create subuser validation: no subuser ID", func(t *testing.T) {
+		api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser())
+		assert.NoError(t, err)
+		err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{})
+		assert.Equal(t, err, errMissingSubuserID)
+	})
+	t.Run("test create subuser validation: valid", func(t *testing.T) {
+		api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser())
+		assert.NoError(t, err)
+		err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{Name: "foo"})
+		assert.NoError(t, err)
+	})
+	t.Run("test create subuser validation: invalid access", func(t *testing.T) {
+		api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser())
+		assert.NoError(t, err)
+		err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{Name: "foo", Access: SubuserAccess("foo")})
+		assert.Error(t, err)
+		assert.EqualError(t, err, `invalid subuser access level "foo"`)
+	})
+}
+
+// mockClient is defined in user_test.go
+func returnMockClientCreateSubuser() *mockClient {
+	r := ioutil.NopCloser(bytes.NewReader([]byte("")))
+	return &mockClient{
+		mockDo: func(req *http.Request) (*http.Response, error) {
+			if req.Method == http.MethodPut && req.URL.Path == "127.0.0.1/admin/user" {
+				return &http.Response{
+					StatusCode: 201,
+					Body:       r,
+				}, nil
+			}
+			return nil, fmt.Errorf("unexpected request: %q. method %q. path %q", req.URL.RawQuery, req.Method, req.URL.Path)
+		},
+	}
+}
diff --git a/rgw/admin/user_test.go b/rgw/admin/user_test.go
@@ -36,15 +36,25 @@ var (
   "email": "",
   "suspended": 0,
   "max_buckets": 1000,
-  "subusers": [],
+  "subusers": [
+     {
+        "id": "dashboard-admin:swift",
+        "permissions": "read"
+     }
+  ],
   "keys": [
     {
       "user": "dashboard-admin",
       "access_key": "4WD1FGM5PXKLC97YC0SZ",
       "secret_key": "YSaT5bEcJTjBJCDG5yvr2NhGQ9xzoTIg8B1gQHa3"
     }
   ],
-  "swift_keys": [],
+  "swift_keys": [
+    {
+      "user": "dashboard-admin:swift",
+      "secret_key": "VERY_SECRET"
+    }
+  ],
   "caps": [],
   "op_mask": "read, write, delete",
   "system": "true",
@@ -164,6 +174,42 @@ func (suite *RadosGWTestSuite) TestUser() {
 		assert.NotNil(suite.T(), user.Stat.Size)
 	})
 
+	suite.T().Run("create a subuser", func(t *testing.T) {
+		err := co.CreateSubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo", Access: SubuserAccessReadWrite})
+		assert.NoError(suite.T(), err)
+
+		user, err := co.GetUser(context.Background(), User{ID: "leseb"})
+		assert.NoError(suite.T(), err)
+		if err == nil {
+			assert.Equal(suite.T(), user.Subusers[0].Name, "leseb:foo")
+			// Note: the returned values are not equal to the input values ...
+			assert.Equal(suite.T(), user.Subusers[0].Access, SubuserAccess("read-write"))
+		}
+	})
+
+	suite.T().Run("modify a subuser", func(t *testing.T) {
+		err := co.ModifySubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo", Access: SubuserAccessRead})
+		assert.NoError(suite.T(), err)
+
+		user, err := co.GetUser(context.Background(), User{ID: "leseb"})
+		assert.NoError(suite.T(), err)
+		if err == nil {
+			assert.Equal(suite.T(), user.Subusers[0].Name, "leseb:foo")
+			assert.Equal(suite.T(), user.Subusers[0].Access, SubuserAccess("read"))
+		}
+	})
+
+	suite.T().Run("remove a subuser", func(t *testing.T) {
+		err := co.RemoveSubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo"})
+		assert.NoError(suite.T(), err)
+
+		user, err := co.GetUser(context.Background(), User{ID: "leseb"})
+		assert.NoError(suite.T(), err)
+		if err == nil {
+			assert.Equal(suite.T(), len(user.Subusers), 0)
+		}
+	})
+
 	suite.T().Run("remove user", func(t *testing.T) {
 		err = co.RemoveUser(context.Background(), User{ID: "leseb"})
 		assert.NoError(suite.T(), err)