mirror of
https://github.com/grafana/grafana.git
synced 2025-02-20 11:48:34 -06:00
2795f9827a
* ExtSvcAccounts: Fix External Service Accounts Login check Co-authored-by: Karl Persson <kalle.persson@grafana.com> * Remove service accounts assignments and permissions on delete * Fix first set of tests * Fix second batch of tests * Fix third batch of tests --------- Co-authored-by: Karl Persson <kalle.persson@grafana.com>
149 lines
6.1 KiB
Go
149 lines
6.1 KiB
Go
package manager
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/grafana/grafana/pkg/extensions/accesscontrol/actest"
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
"github.com/grafana/grafana/pkg/services/apikey"
|
|
"github.com/grafana/grafana/pkg/services/org"
|
|
"github.com/grafana/grafana/pkg/services/serviceaccounts"
|
|
)
|
|
|
|
type FakeServiceAccountStore struct {
|
|
ExpectedServiceAccountID *serviceaccounts.ServiceAccount
|
|
ExpectedServiceAccountDTO *serviceaccounts.ServiceAccountDTO
|
|
ExpectedServiceAccountProfileDTO *serviceaccounts.ServiceAccountProfileDTO
|
|
ExpectedSearchServiceAccountQueryResult *serviceaccounts.SearchOrgServiceAccountsResult
|
|
ExpectedStats *serviceaccounts.Stats
|
|
expectedMigratedResults *serviceaccounts.MigrationResult
|
|
ExpectedAPIKeys []apikey.APIKey
|
|
ExpectedAPIKey *apikey.APIKey
|
|
ExpectedBoolean bool
|
|
ExpectedError error
|
|
}
|
|
|
|
var _ store = (*FakeServiceAccountStore)(nil)
|
|
|
|
func newServiceAccountStoreFake() *FakeServiceAccountStore {
|
|
return &FakeServiceAccountStore{}
|
|
}
|
|
|
|
// CreateServiceAccount is a fake creating a service account.
|
|
func (f *FakeServiceAccountStore) RetrieveServiceAccount(ctx context.Context, orgID, serviceAccountID int64) (*serviceaccounts.ServiceAccountProfileDTO, error) {
|
|
return f.ExpectedServiceAccountProfileDTO, f.ExpectedError
|
|
}
|
|
|
|
// RetrieveServiceAccountIdByName is a fake retrieving a service account id by name.
|
|
func (f *FakeServiceAccountStore) RetrieveServiceAccountIdByName(ctx context.Context, orgID int64, name string) (int64, error) {
|
|
return f.ExpectedServiceAccountID.Id, f.ExpectedError
|
|
}
|
|
|
|
// CreateServiceAccount is a fake creating a service account.
|
|
func (f *FakeServiceAccountStore) CreateServiceAccount(ctx context.Context, orgID int64, saForm *serviceaccounts.CreateServiceAccountForm) (*serviceaccounts.ServiceAccountDTO, error) {
|
|
return f.ExpectedServiceAccountDTO, f.ExpectedError
|
|
}
|
|
|
|
// EnableServiceAccount implements store.
|
|
func (f *FakeServiceAccountStore) EnableServiceAccount(ctx context.Context, orgID int64, serviceAccountID int64, enable bool) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// SearchOrgServiceAccounts is a fake searching for service accounts.
|
|
func (f *FakeServiceAccountStore) SearchOrgServiceAccounts(ctx context.Context, query *serviceaccounts.SearchOrgServiceAccountsQuery) (*serviceaccounts.SearchOrgServiceAccountsResult, error) {
|
|
return f.ExpectedSearchServiceAccountQueryResult, f.ExpectedError
|
|
}
|
|
|
|
// UpdateServiceAccount is a fake updating a service account.
|
|
func (f *FakeServiceAccountStore) UpdateServiceAccount(ctx context.Context, orgID, serviceAccountID int64,
|
|
saForm *serviceaccounts.UpdateServiceAccountForm) (*serviceaccounts.ServiceAccountProfileDTO, error) {
|
|
return f.ExpectedServiceAccountProfileDTO, f.ExpectedError
|
|
}
|
|
|
|
// DeleteServiceAccount is a fake deleting a service account.
|
|
func (f *FakeServiceAccountStore) DeleteServiceAccount(ctx context.Context, orgID, serviceAccountID int64) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// MigrateApiKeysToServiceAccounts is a fake migrating api keys to service accounts.
|
|
func (f *FakeServiceAccountStore) MigrateApiKeysToServiceAccounts(ctx context.Context, orgID int64) (*serviceaccounts.MigrationResult, error) {
|
|
return f.expectedMigratedResults, f.ExpectedError
|
|
}
|
|
|
|
// MigrateApiKey is a fake migrating an api key to a service account.
|
|
func (f *FakeServiceAccountStore) MigrateApiKey(ctx context.Context, orgID int64, keyId int64) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// RevertApiKey is a fake reverting an api key to a service account.
|
|
func (f *FakeServiceAccountStore) RevertApiKey(ctx context.Context, saId int64, keyId int64) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// ListTokens is a fake listing tokens.
|
|
func (f *FakeServiceAccountStore) ListTokens(ctx context.Context, query *serviceaccounts.GetSATokensQuery) ([]apikey.APIKey, error) {
|
|
return f.ExpectedAPIKeys, f.ExpectedError
|
|
}
|
|
|
|
// RevokeServiceAccountToken is a fake revoking a service account token.
|
|
func (f *FakeServiceAccountStore) RevokeServiceAccountToken(ctx context.Context, orgId, serviceAccountId, tokenId int64) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// AddServiceAccountToken is a fake adding a service account token.
|
|
func (f *FakeServiceAccountStore) AddServiceAccountToken(ctx context.Context, serviceAccountID int64, cmd *serviceaccounts.AddServiceAccountTokenCommand) (*apikey.APIKey, error) {
|
|
return f.ExpectedAPIKey, f.ExpectedError
|
|
}
|
|
|
|
// DeleteServiceAccountToken is a fake deleting a service account token.
|
|
func (f *FakeServiceAccountStore) DeleteServiceAccountToken(ctx context.Context, orgID, serviceAccountID, tokenID int64) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
// GetUsageMetrics is a fake getting usage metrics.
|
|
func (f *FakeServiceAccountStore) GetUsageMetrics(ctx context.Context) (*serviceaccounts.Stats, error) {
|
|
return f.ExpectedStats, f.ExpectedError
|
|
}
|
|
|
|
type SecretsCheckerFake struct {
|
|
ExpectedError error
|
|
}
|
|
|
|
func (f *SecretsCheckerFake) CheckTokens(ctx context.Context) error {
|
|
return f.ExpectedError
|
|
}
|
|
|
|
func TestProvideServiceAccount_DeleteServiceAccount(t *testing.T) {
|
|
acSvc := &actest.FakeService{}
|
|
storeMock := newServiceAccountStoreFake()
|
|
svc := ServiceAccountsService{acSvc, storeMock, log.New("test"), log.New("background.test"), &SecretsCheckerFake{}, false, 0}
|
|
testOrgId := 1
|
|
|
|
t.Run("should create service account", func(t *testing.T) {
|
|
serviceAccountName := "new Service Account"
|
|
serviceAccountRole := org.RoleAdmin
|
|
isDisabled := true
|
|
saForm := &serviceaccounts.CreateServiceAccountForm{
|
|
Name: serviceAccountName,
|
|
Role: &serviceAccountRole,
|
|
IsDisabled: &isDisabled,
|
|
}
|
|
storeMock.ExpectedServiceAccountDTO = &serviceaccounts.ServiceAccountDTO{
|
|
Id: 1,
|
|
Name: serviceAccountName,
|
|
Role: string(serviceAccountRole),
|
|
IsDisabled: isDisabled,
|
|
}
|
|
_, err := svc.CreateServiceAccount(context.Background(), int64(testOrgId), saForm)
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("should delete service account", func(t *testing.T) {
|
|
err := svc.DeleteServiceAccount(context.Background(), int64(testOrgId), 1)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|