mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
f82264c2b1
* ServiceAccounts: able to get upgrade status * Banner with API keys migration info * Show API keys migration info on Service accounts page * Migrate individual API keys * Use transaction for key migration * Migrate all api keys to service accounts * Hide api keys after migration * Migrate API keys separately for each org * Revert API key * Revert key API method * Rename migration actions and reducers * Fix linter errors * Tests for migrating single API key * Tests for migrating all api keys * More tests * Fix reverting tokens * API: rename convert to migrate * Add api route descriptions to methods * rearrange methods in api.go * Refactor: rename and move some methods * Prevent assigning tokens to non-existing service accounts * Refactor: ID TO Id * Refactor: fix error message * Delete service account if migration failed * Fix linter errors
136 lines
3.7 KiB
Go
136 lines
3.7 KiB
Go
package database
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/components/apikeygen"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/serviceaccounts"
|
|
"github.com/grafana/grafana/pkg/services/serviceaccounts/tests"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestStore_AddServiceAccountToken(t *testing.T) {
|
|
userToCreate := tests.TestUser{Login: "servicetestwithTeam@admin", IsServiceAccount: true}
|
|
db, store := setupTestDatabase(t)
|
|
user := tests.SetupUserServiceAccount(t, db, userToCreate)
|
|
|
|
type testCasesAdd struct {
|
|
secondsToLive int64
|
|
desc string
|
|
}
|
|
|
|
testCases := []testCasesAdd{{-10, "invalid"}, {0, "no expiry"}, {10, "valid"}}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.desc, func(t *testing.T) {
|
|
keyName := t.Name()
|
|
key, err := apikeygen.New(user.OrgId, keyName)
|
|
require.NoError(t, err)
|
|
|
|
cmd := serviceaccounts.AddServiceAccountTokenCommand{
|
|
Name: keyName,
|
|
OrgId: user.OrgId,
|
|
Key: key.HashedKey,
|
|
SecondsToLive: tc.secondsToLive,
|
|
Result: &models.ApiKey{},
|
|
}
|
|
|
|
err = store.AddServiceAccountToken(context.Background(), user.Id, &cmd)
|
|
if tc.secondsToLive < 0 {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
|
|
require.NoError(t, err)
|
|
newKey := cmd.Result
|
|
require.Equal(t, t.Name(), newKey.Name)
|
|
|
|
// Verify against DB
|
|
keys, errT := store.ListTokens(context.Background(), user.OrgId, user.Id)
|
|
|
|
require.NoError(t, errT)
|
|
|
|
found := false
|
|
for _, k := range keys {
|
|
if k.Name == keyName {
|
|
found = true
|
|
require.Equal(t, key.HashedKey, newKey.Key)
|
|
if tc.secondsToLive == 0 {
|
|
require.Nil(t, k.Expires)
|
|
} else {
|
|
require.NotNil(t, k.Expires)
|
|
}
|
|
}
|
|
}
|
|
|
|
require.True(t, found, "Key not found")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestStore_AddServiceAccountToken_WrongServiceAccount(t *testing.T) {
|
|
saToCreate := tests.TestUser{Login: "servicetestwithTeam@admin", IsServiceAccount: true}
|
|
db, store := setupTestDatabase(t)
|
|
sa := tests.SetupUserServiceAccount(t, db, saToCreate)
|
|
|
|
keyName := t.Name()
|
|
key, err := apikeygen.New(sa.OrgId, keyName)
|
|
require.NoError(t, err)
|
|
|
|
cmd := serviceaccounts.AddServiceAccountTokenCommand{
|
|
Name: keyName,
|
|
OrgId: sa.OrgId,
|
|
Key: key.HashedKey,
|
|
SecondsToLive: 0,
|
|
Result: &models.ApiKey{},
|
|
}
|
|
|
|
err = store.AddServiceAccountToken(context.Background(), sa.Id+1, &cmd)
|
|
require.Error(t, err, "It should not be possible to add token to non-existing service account")
|
|
}
|
|
|
|
func TestStore_DeleteServiceAccountToken(t *testing.T) {
|
|
userToCreate := tests.TestUser{Login: "servicetestwithTeam@admin", IsServiceAccount: true}
|
|
db, store := setupTestDatabase(t)
|
|
sa := tests.SetupUserServiceAccount(t, db, userToCreate)
|
|
|
|
keyName := t.Name()
|
|
key, err := apikeygen.New(sa.OrgId, keyName)
|
|
require.NoError(t, err)
|
|
|
|
cmd := serviceaccounts.AddServiceAccountTokenCommand{
|
|
Name: keyName,
|
|
OrgId: sa.OrgId,
|
|
Key: key.HashedKey,
|
|
SecondsToLive: 0,
|
|
Result: &models.ApiKey{},
|
|
}
|
|
|
|
err = store.AddServiceAccountToken(context.Background(), sa.Id, &cmd)
|
|
require.NoError(t, err)
|
|
newKey := cmd.Result
|
|
|
|
// Delete key from wrong service account
|
|
err = store.DeleteServiceAccountToken(context.Background(), sa.OrgId, sa.Id+2, newKey.Id)
|
|
require.Error(t, err)
|
|
|
|
// Delete key from wrong org
|
|
err = store.DeleteServiceAccountToken(context.Background(), sa.OrgId+2, sa.Id, newKey.Id)
|
|
require.Error(t, err)
|
|
|
|
err = store.DeleteServiceAccountToken(context.Background(), sa.OrgId, sa.Id, newKey.Id)
|
|
require.NoError(t, err)
|
|
|
|
// Verify against DB
|
|
keys, errT := store.ListTokens(context.Background(), sa.OrgId, sa.Id)
|
|
require.NoError(t, errT)
|
|
|
|
for _, k := range keys {
|
|
if k.Name == keyName {
|
|
require.Fail(t, "Key not deleted")
|
|
}
|
|
}
|
|
}
|