From 30f5542bb30398f1c8693984a6de5dde17db3b1b Mon Sep 17 00:00:00 2001 From: kobelb Date: Tue, 29 May 2018 11:30:33 -0400 Subject: [PATCH] Adding create default roles test --- .../create_default_roles.test.js.snap | 9 + .../create_default_roles.test.js | 216 ++++++++++++++++++ 2 files changed, 225 insertions(+) create mode 100644 x-pack/plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap create mode 100644 x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js diff --git a/x-pack/plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap b/x-pack/plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap new file mode 100644 index 0000000000000..9fdbc5479a022 --- /dev/null +++ b/x-pack/plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap @@ -0,0 +1,9 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`dashboard_only_user throws error when shield.getRole throws non 404 error 1`] = `undefined`; + +exports[`dashboard_only_user throws error when shield.putRole throws error 1`] = `"Some other error"`; + +exports[`rbac_user throws error when sheild.getRole throws non 404 error 1`] = `undefined`; + +exports[`rbac_user throws error when shield.putRole throws error 1`] = `"Some other error"`; diff --git a/x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js b/x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js new file mode 100644 index 0000000000000..98d95cd6e9fbf --- /dev/null +++ b/x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js @@ -0,0 +1,216 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { createDefaultRoles } from './create_default_roles'; +import { getClient } from '../../../../../server/lib/get_client_shield'; +import { DEFAULT_RESOURCE } from '../../../common/constants'; + +jest.mock('../../../../../server/lib/get_client_shield', () => ({ + getClient: jest.fn() +})); + +const mockShieldClient = () => { + const mockCallWithInternalUser = jest.fn(); + getClient.mockReturnValue({ + callWithInternalUser: mockCallWithInternalUser + }); + + return { + mockCallWithInternalUser + }; +}; + +const defaultApplication = 'foo-application'; + +const createMockServer = ({ settings = {} } = {}) => { + const mockServer = { + config: jest.fn().mockReturnValue({ + get: jest.fn() + }) + }; + + const defaultSettings = { + 'xpack.security.rbac.createDefaultRoles': true, + 'xpack.security.rbac.application': defaultApplication + }; + + mockServer.config().get.mockImplementation(key => { + return key in settings ? settings[key] : defaultSettings[key]; + }); + + return mockServer; +}; + +test(`doesn't create roles if createDefaultRoles is false`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer({ + settings: { + 'xpack.security.rbac.createDefaultRoles': false + } + }); + + await createDefaultRoles(mockServer); + + expect(mockCallWithInternalUser).toHaveBeenCalledTimes(0); +}); + +describe(`rbac_user`, () => { + test(`doesn't create \${application}_rbac_user when it exists`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockReturnValue(null); + + await createDefaultRoles(mockServer); + + expect(mockCallWithInternalUser).not.toHaveBeenCalledWith('shield.putRole', expect.anything()); + }); + + test(`creates \${application}_rbac_user when it doesn't exist`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_user`) { + throw { + statusCode: 404 + }; + } + + return null; + }); + + await createDefaultRoles(mockServer); + + expect(mockCallWithInternalUser).toHaveBeenCalledWith('shield.putRole', { + name: `${defaultApplication}_rbac_user`, + body: { + cluster: [], + index: [], + applications: [ + { + application: defaultApplication, + privileges: [ 'all' ], + resources: [ DEFAULT_RESOURCE ] + } + ] + } + }); + }); + + test(`throws error when sheild.getRole throws non 404 error`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_user`) { + throw { + statusCode: 500 + }; + } + + return null; + }); + + expect(createDefaultRoles(mockServer)).rejects.toThrowErrorMatchingSnapshot(); + }); + + test(`throws error when shield.putRole throws error`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_user`) { + throw { + statusCode: 404 + }; + } + + if (endpoint === 'shield.putRole' && params.name === `${defaultApplication}_rbac_user`) { + throw new Error('Some other error'); + } + + return null; + }); + + await expect(createDefaultRoles(mockServer)).rejects.toThrowErrorMatchingSnapshot(); + }); +}); + +describe(`dashboard_only_user`, () => { + test(`doesn't create \${application}_rbac_dashboard_only_user when it exists`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockReturnValue(null); + + await createDefaultRoles(mockServer); + + expect(mockCallWithInternalUser).not.toHaveBeenCalledWith('shield.putRole', expect.anything()); + }); + + test(`creates \${application}_rbac_dashboard_only_user when it doesn't exist`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_dashboard_only_user`) { + throw { + statusCode: 404 + }; + } + + return null; + }); + + await createDefaultRoles(mockServer); + + expect(mockCallWithInternalUser).toHaveBeenCalledWith('shield.putRole', { + name: `${defaultApplication}_rbac_dashboard_only_user`, + body: { + cluster: [], + index: [], + applications: [ + { + application: defaultApplication, + privileges: [ 'read' ], + resources: [ DEFAULT_RESOURCE ] + } + ] + } + }); + }); + + test(`throws error when shield.getRole throws non 404 error`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_dashboard_only_user`) { + throw { + statusCode: 500 + }; + } + + return null; + }); + + await expect(createDefaultRoles(mockServer)).rejects.toThrowErrorMatchingSnapshot(); + }); + + test(`throws error when shield.putRole throws error`, async () => { + const { mockCallWithInternalUser } = mockShieldClient(); + const mockServer = createMockServer(); + mockCallWithInternalUser.mockImplementation(async (endpoint, params) => { + if (endpoint === 'shield.getRole' && params.name === `${defaultApplication}_rbac_dashboard_only_user`) { + throw { + statusCode: 404 + }; + } + + if (endpoint === 'shield.putRole' && params.name === `${defaultApplication}_rbac_dashboard_only_user`) { + throw new Error('Some other error'); + } + + return null; + }); + + await expect(createDefaultRoles(mockServer)).rejects.toThrowErrorMatchingSnapshot(); + }); +});