RBAC: Rewrite admin api test setup to not use mocked access control (#61741)

* RBAC: Rewrite admin api test setup to not use mocked access control
2025-02-25 18:55:37 -06:00 · 2023-01-19 11:36:44 +01:00 · 2023-01-19 11:36:44 +01:00 · f38e2856d8
commit f38e2856d8
parent c4ef47a70e
1 changed files with 47 additions and 42 deletions
--- a/pkg/api/admin_test.go
+++ b/pkg/api/admin_test.go
@ -1,25 +1,28 @@
 package api
 import (
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"github.com/grafana/grafana/pkg/infra/db/dbtest"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/stats/statstest"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/web/webtest"
 )
 type getSettingsTestCase struct {
 	desc         string
 	expectedCode int
 	expectedBody string
 	permissions  []accesscontrol.Permission
 }
 func TestAPI_AdminGetSettings(t *testing.T) {
-	tests := []getSettingsTestCase{
+	type testCase struct {
 		desc         string
 		expectedCode int
 		expectedBody string
 		permissions  []accesscontrol.Permission
 	}
 	tests := []testCase{
 		{
 			desc:         "should return all settings",
 			expectedCode: http.StatusOK,
@ -76,31 +79,37 @@ func TestAPI_AdminGetSettings(t *testing.T) {
 	_, err = proxy.NewKey("enable_login_token", "false")
 	assert.NoError(t, err)
-	for _, test := range tests {
+	for _, tt := range tests {
-		t.Run(test.desc, func(t *testing.T) {
+		t.Run(tt.desc, func(t *testing.T) {
-			sc, hs := setupAccessControlScenarioContext(t, cfg, "/api/admin/settings", test.permissions)
+			server := SetupAPITestServer(t, func(hs *HTTPServer) {
-			hs.SettingsProvider = &setting.OSSImpl{Cfg: cfg}
+				hs.Cfg = cfg
 				hs.SettingsProvider = setting.ProvideProvider(hs.Cfg)
 			})
-			sc.resp = httptest.NewRecorder()
+			res, err := server.Send(webtest.RequestWithSignedInUser(server.NewGetRequest("/api/admin/settings"), userWithPermissions(1, tt.permissions)))
-			var err error
+			require.NoError(t, err)
-			sc.req, err = http.NewRequest(http.MethodGet, "/api/admin/settings", nil)
+			assert.Equal(t, tt.expectedCode, res.StatusCode)
-			assert.NoError(t, err)
+			body, err := io.ReadAll(res.Body)
-
+			require.NoError(t, err)
-			sc.exec()
+			assert.Equal(t, tt.expectedBody, string(body))
-
+			require.NoError(t, res.Body.Close())
 			assert.Equal(t, test.expectedCode, sc.resp.Code)
 			assert.Equal(t, test.expectedBody, sc.resp.Body.String())
 		})
 	}
 }
 func TestAdmin_AccessControl(t *testing.T) {
-	tests := []accessControlTestCase{
+	type testCase struct {
 		desc         string
 		url          string
 		permissions  []accesscontrol.Permission
 		expectedCode int
 	}
 	tests := []testCase{
 		{
 			expectedCode: http.StatusOK,
 			desc:         "AdminGetStats should return 200 for user with correct permissions",
 			url:          "/api/admin/stats",
 			method:       http.MethodGet,
 			permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionServerStatsRead,
@ -111,7 +120,6 @@ func TestAdmin_AccessControl(t *testing.T) {
 			expectedCode: http.StatusForbidden,
 			desc:         "AdminGetStats should return 403 for user without required permissions",
 			url:          "/api/admin/stats",
 			method:       http.MethodGet,
 			permissions: []accesscontrol.Permission{
 				{
 					Action: "wrong",
@ -122,7 +130,6 @@ func TestAdmin_AccessControl(t *testing.T) {
 			expectedCode: http.StatusOK,
 			desc:         "AdminGetSettings should return 200 for user with correct permissions",
 			url:          "/api/admin/settings",
 			method:       http.MethodGet,
 			permissions: []accesscontrol.Permission{
 				{
 					Action: accesscontrol.ActionSettingsRead,
@ -133,7 +140,6 @@ func TestAdmin_AccessControl(t *testing.T) {
 			expectedCode: http.StatusForbidden,
 			desc:         "AdminGetSettings should return 403 for user without required permissions",
 			url:          "/api/admin/settings",
 			method:       http.MethodGet,
 			permissions: []accesscontrol.Permission{
 				{
 					Action: "wrong",
@ -142,20 +148,19 @@ func TestAdmin_AccessControl(t *testing.T) {
 		},
 	}
-	for _, test := range tests {
+	for _, tt := range tests {
-		t.Run(test.desc, func(t *testing.T) {
+		t.Run(tt.desc, func(t *testing.T) {
-			cfg := setting.NewCfg()
+			server := SetupAPITestServer(t, func(hs *HTTPServer) {
-			sc, hs := setupAccessControlScenarioContext(t, cfg, test.url, test.permissions)
+				hs.Cfg = setting.NewCfg()
-			sc.resp = httptest.NewRecorder()
+				hs.SQLStore = dbtest.NewFakeDB()
-			hs.SettingsProvider = &setting.OSSImpl{Cfg: cfg}
+				hs.SettingsProvider = &setting.OSSImpl{Cfg: hs.Cfg}
-			hs.SQLStore = dbtest.NewFakeDB()
+				hs.statsService = statstest.NewFakeService()
 			})
-			var err error
+			res, err := server.Send(webtest.RequestWithSignedInUser(server.NewGetRequest(tt.url), userWithPermissions(1, tt.permissions)))
-			sc.req, err = http.NewRequest(test.method, test.url, nil)
+			require.NoError(t, err)
-			assert.NoError(t, err)
+			assert.Equal(t, tt.expectedCode, res.StatusCode)
-
+			require.NoError(t, res.Body.Close())
 			sc.exec()
 			assert.Equal(t, test.expectedCode, sc.resp.Code)
 		})
 	}
 }