diff --git a/rgw/admin/user_test.go b/rgw/admin/user_test.go index be83497c7..0b8f0ea48 100644 --- a/rgw/admin/user_test.go +++ b/rgw/admin/user_test.go @@ -74,10 +74,21 @@ var ( func TestUnmarshal(t *testing.T) { u := &User{} + // XXX: add subuser-foo to the fake-response err := json.Unmarshal(fakeUserResponse, &u) assert.NoError(t, err) } +func TestValidateSubuserAccess(t *testing.T) { + assert.True(t, SubuserSpec{Access: SubuserAccessNone}.validateSubuserAccess()) + assert.True(t, SubuserSpec{Access: SubuserAccessRead}.validateSubuserAccess()) + assert.True(t, SubuserSpec{Access: SubuserAccessWrite}.validateSubuserAccess()) + assert.True(t, SubuserSpec{Access: SubuserAccessReadWrite}.validateSubuserAccess()) + assert.True(t, SubuserSpec{Access: SubuserAccessFull}.validateSubuserAccess()) + assert.False(t, SubuserSpec{Access: SubuserAccessReplyFull}.validateSubuserAccess()) + assert.False(t, SubuserSpec{Access: SubuserAccess("bar")}.validateSubuserAccess()) +} + func (suite *RadosGWTestSuite) TestUser() { suite.SetupConnection() co, err := New(suite.endpoint, suite.accessKey, suite.secretKey, newDebugHTTPClient(http.DefaultClient)) @@ -164,12 +175,81 @@ func (suite *RadosGWTestSuite) TestUser() { assert.NotNil(suite.T(), user.Stat.Size) }) + suite.T().Run("create a subuser", func(t *testing.T) { + err := co.CreateSubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo", Access: SubuserAccessReadWrite}) + assert.NoError(suite.T(), err) + + user, err := co.GetUser(context.Background(), User{ID: "leseb"}) + assert.NoError(suite.T(), err) + if err == nil { + assert.Equal(suite.T(), user.Subusers[0].Name, "leseb:foo") + // Note: the returned values are not equal to the input values ... + assert.Equal(suite.T(), user.Subusers[0].Access, SubuserAccess("read-write")) + } + }) + + suite.T().Run("modify a subuser", func(t *testing.T) { + err := co.ModifySubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo", Access: SubuserAccessRead}) + assert.NoError(suite.T(), err) + + user, err := co.GetUser(context.Background(), User{ID: "leseb"}) + assert.NoError(suite.T(), err) + if err == nil { + assert.Equal(suite.T(), user.Subusers[0].Name, "leseb:foo") + assert.Equal(suite.T(), user.Subusers[0].Access, SubuserAccess("read")) + } + }) + + suite.T().Run("remove a subuser", func(t *testing.T) { + err := co.RemoveSubuser(context.Background(), User{ID: "leseb"}, SubuserSpec{Name: "foo"}) + assert.NoError(suite.T(), err) + + user, err := co.GetUser(context.Background(), User{ID: "leseb"}) + assert.NoError(suite.T(), err) + if err == nil { + assert.Equal(suite.T(), len(user.Subusers), 0) + } + }) + suite.T().Run("remove user", func(t *testing.T) { err = co.RemoveUser(context.Background(), User{ID: "leseb"}) assert.NoError(suite.T(), err) }) } +func TestCreateSubuserMockAPI(t *testing.T) { + t.Run("test create subuser validation: neither is set", func(t *testing.T) { + api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser()) + assert.NoError(t, err) + err = api.CreateSubuser(context.TODO(), User{}, SubuserSpec{}) + assert.Equal(t, err, errMissingUserID) + }) + t.Run("test create subuser validation: no user ID", func(t *testing.T) { + api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser()) + assert.NoError(t, err) + err = api.CreateSubuser(context.TODO(), User{}, SubuserSpec{Name: "foo"}) + assert.Equal(t, err, errMissingUserID) + }) + t.Run("test create subuser validation: no subuser ID", func(t *testing.T) { + api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser()) + assert.NoError(t, err) + err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{}) + assert.Equal(t, err, errMissingSubuserID) + }) + t.Run("test create subuser validation: valid", func(t *testing.T) { + api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser()) + assert.NoError(t, err) + err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{Name: "foo"}) + assert.NoError(t, err) + }) + t.Run("test create subuser validation: invalid access", func(t *testing.T) { + api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClientCreateSubuser()) + assert.NoError(t, err) + err = api.CreateSubuser(context.TODO(), User{ID: "dashboard-admin"}, SubuserSpec{Name: "foo", Access: SubuserAccess("foo")}) + assert.NotNil(t, err) // this needs a better matcher + }) +} + func TestGetUserMockAPI(t *testing.T) { t.Run("test simple api mock", func(t *testing.T) { api, err := New("127.0.0.1", "accessKey", "secretKey", returnMockClient()) @@ -215,3 +295,18 @@ func returnMockClient() *mockClient { }, } } + +func returnMockClientCreateSubuser() *mockClient { + r := ioutil.NopCloser(bytes.NewReader([]byte(""))) + return &mockClient{ + mockDo: func(req *http.Request) (*http.Response, error) { + if req.Method == http.MethodPut && req.URL.Path == "127.0.0.1/admin/user" { + return &http.Response{ + StatusCode: 201, + Body: r, + }, nil + } + return nil, fmt.Errorf("unexpected request: %q. method %q. path %q", req.URL.RawQuery, req.Method, req.URL.Path) + }, + } +}