grafana/pkg/services/accesscontrol/roles_test.go

package accesscontrol

import (
	"sort"
	"strings"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestFixedRoles(t *testing.T) {
	for name, role := range FixedRoles {
		assert.Truef(t,
			strings.HasPrefix(name, "fixed:"),
			"expected all fixed roles to be prefixed by 'fixed:', found role '%s'", name,
		)
		assert.Equal(t, name, role.Name)
		assert.NotZero(t, role.Version)
	}
}

func TestFixedRoleGrants(t *testing.T) {
	for _, grants := range FixedRoleGrants {
		// Check grants list is sorted
		assert.True(t,
			sort.SliceIsSorted(grants, func(i, j int) bool {
				return grants[i] < grants[j]
			}),
			"require role grant lists to be sorted",
		)

		// Check all granted roles have been registered
		for _, r := range grants {
			assert.Contains(t, FixedRoles, r)
		}
	}
}

func TestConcatPermissions(t *testing.T) {
	perms1 := []Permission{
		{
			Action: "test",
			Scope:  "test:*",
		},
		{
			Action: "test1",
			Scope:  "test1:*",
		},
	}
	perms2 := []Permission{
		{
			Action: "test1",
			Scope:  "*",
		},
	}

	expected := []Permission{
		{
			Action: "test",
			Scope:  "test:*",
		},
		{
			Action: "test1",
			Scope:  "test1:*",
		},
		{
			Action: "test1",
			Scope:  "*",
		},
	}

	perms := ConcatPermissions(perms1, perms2)
	assert.ElementsMatch(t, perms, expected)
}
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`package accesscontrol`

			`import (`
			`"sort"`
			`"strings"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`)`

Access Control: Rename fixed roles (#41288) * Rename fixed roles * Update descriptions * Update docs for fixed roles and permissions Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> 2021-11-17 08:40:39 -06:00			`func TestFixedRoles(t *testing.T) {`
Revert "Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)" (#37535) This reverts commit 55efeb0c02ef5261eb8a75ea27adfdc6194de7ad. 2021-08-04 07:44:37 -05:00			`for name, role := range FixedRoles {`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`assert.Truef(t,`
Access control: Rename predefined roles to fixed roles (code) (#34469) * s/grafana:roles:/fixed:/ * Update free text references to predefined roles 2021-05-25 08:36:01 -05:00			`strings.HasPrefix(name, "fixed:"),`
			`"expected all fixed roles to be prefixed by 'fixed:', found role '%s'", name,`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`)`
Revert "Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)" (#37535) This reverts commit 55efeb0c02ef5261eb8a75ea27adfdc6194de7ad. 2021-08-04 07:44:37 -05:00			`assert.Equal(t, name, role.Name)`
			`assert.NotZero(t, role.Version)`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`}`
			`}`

Access Control: Rename fixed roles (#41288) * Rename fixed roles * Update descriptions * Update docs for fixed roles and permissions Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> 2021-11-17 08:40:39 -06:00			`func TestFixedRoleGrants(t *testing.T) {`
Revert "Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)" (#37535) This reverts commit 55efeb0c02ef5261eb8a75ea27adfdc6194de7ad. 2021-08-04 07:44:37 -05:00			`for _, grants := range FixedRoleGrants {`
			`// Check grants list is sorted`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`assert.True(t,`
Revert "Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)" (#37535) This reverts commit 55efeb0c02ef5261eb8a75ea27adfdc6194de7ad. 2021-08-04 07:44:37 -05:00			`sort.SliceIsSorted(grants, func(i, j int) bool {`
			`return grants[i] < grants[j]`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`}),`
			`"require role grant lists to be sorted",`
			`)`
Revert "Revert "AccessControl: Implement a way to register fixed roles (#35641)" (#37397)" (#37535) This reverts commit 55efeb0c02ef5261eb8a75ea27adfdc6194de7ad. 2021-08-04 07:44:37 -05:00
			`// Check all granted roles have been registered`
			`for _, r := range grants {`
Access control: Rename predefined roles to fixed roles (code) (#34469) * s/grafana:roles:/fixed:/ * Update free text references to predefined roles 2021-05-25 08:36:01 -05:00			`assert.Contains(t, FixedRoles, r)`
Access control: Add access control based permissions to admins/users (#32409) Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> 2021-04-14 09:31:27 -05:00			`}`
			`}`
			`}`
Access control: Combine permissions through predefined roles (#33275) * Access control: Combine permissions through predefined roles When certain permission is required for built-in role, instead of adding those permissions to the existing predefined roles, we need to have granular predefined roles with those permissions. * Better copy... * Adding and fixing tests * Remove duplicated permission 2021-04-23 08:44:42 -05:00
Access control: Update evaluator to authorize when at least one of the scopes is a match (#33393) 2021-04-27 11:22:18 -05:00			`func TestConcatPermissions(t *testing.T) {`
Access control: Combine permissions through predefined roles (#33275) * Access control: Combine permissions through predefined roles When certain permission is required for built-in role, instead of adding those permissions to the existing predefined roles, we need to have granular predefined roles with those permissions. * Better copy... * Adding and fixing tests * Remove duplicated permission 2021-04-23 08:44:42 -05:00			`perms1 := []Permission{`
			`{`
			`Action: "test",`
			`Scope: "test:*",`
			`},`
			`{`
			`Action: "test1",`
			`Scope: "test1:*",`
			`},`
			`}`
			`perms2 := []Permission{`
			`{`
			`Action: "test1",`
			`Scope: "*",`
			`},`
			`}`

			`expected := []Permission{`
			`{`
			`Action: "test",`
			`Scope: "test:*",`
			`},`
			`{`
			`Action: "test1",`
			`Scope: "test1:*",`
			`},`
			`{`
			`Action: "test1",`
			`Scope: "*",`
			`},`
			`}`

Access control: Update evaluator to authorize when at least one of the scopes is a match (#33393) 2021-04-27 11:22:18 -05:00			`perms := ConcatPermissions(perms1, perms2)`
Access control: Combine permissions through predefined roles (#33275) * Access control: Combine permissions through predefined roles When certain permission is required for built-in role, instead of adding those permissions to the existing predefined roles, we need to have granular predefined roles with those permissions. * Better copy... * Adding and fixing tests * Remove duplicated permission 2021-04-23 08:44:42 -05:00			`assert.ElementsMatch(t, perms, expected)`
			`}`