Skip to content

Commit

Permalink
fix(rbac): fix service to service requests for RBAC CRUD (#886)
Browse files Browse the repository at this point in the history
* fix(rbac): fix service to service requests for RBAC CRUD

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): limit service to service requests to only read operations

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix compilation after rebase

Signed-off-by: Oleksandr Andriienko <[email protected]>

---------

Signed-off-by: Oleksandr Andriienko <[email protected]>
  • Loading branch information
AndrienkoAleksandr authored Oct 30, 2023
1 parent 307c913 commit 0b72d73
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 136 deletions.
15 changes: 15 additions & 0 deletions plugins/rbac-backend/src/service/policies-rest-api.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ describe('REST policies api', () => {

expect(result.status).toBe(200);
expect(result.body).toEqual({ status: 'Authorized' });
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});

it('should return a status of Unauthorized', async () => {
Expand Down Expand Up @@ -287,6 +288,7 @@ describe('REST policies api', () => {
});

expect(result.statusCode).toBe(201);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});

it('should not be created permission policy, because it is has been already present', async () => {
Expand Down Expand Up @@ -357,6 +359,7 @@ describe('REST policies api', () => {
effect: 'allow',
},
]);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});
it('should be returned policies by user reference not found', async () => {
mockEnforcer.getFilteredPolicy = jest
Expand Down Expand Up @@ -423,6 +426,7 @@ describe('REST policies api', () => {
effect: 'allow',
},
]);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});
it('should be returned list filtered policies', async () => {
mockEnforcer.getFilteredPolicy = jest
Expand Down Expand Up @@ -573,6 +577,7 @@ describe('REST policies api', () => {
.send();

expect(result.statusCode).toEqual(204);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});
});

Expand Down Expand Up @@ -925,6 +930,7 @@ describe('REST policies api', () => {
});

expect(result.statusCode).toEqual(200);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});
});

Expand Down Expand Up @@ -1012,6 +1018,7 @@ describe('REST policies api', () => {
name: 'role:default/rbac_admin',
},
]);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});

it('should be returned roles by role reference not found', async () => {
Expand Down Expand Up @@ -1129,6 +1136,7 @@ describe('REST policies api', () => {
});

expect(result.statusCode).toBe(201);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});

it('should not be created role, because it is has been already present', async () => {
Expand Down Expand Up @@ -1409,6 +1417,7 @@ describe('REST policies api', () => {
});

expect(result.statusCode).toEqual(200);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});

it('should update role where newRole has multiple roles', async () => {
Expand Down Expand Up @@ -1607,6 +1616,7 @@ describe('REST policies api', () => {
.send();

expect(result.statusCode).toEqual(204);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});

it('should delete a role', async () => {
Expand Down Expand Up @@ -1713,6 +1723,7 @@ describe('REST policies api', () => {
const result = await request(app).get('/conditions').send();
expect(result.statusCode).toBe(200);
expect(result.body).toEqual(conditions);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});

it('should be returned condition decision by pluginId', async () => {
Expand Down Expand Up @@ -1827,6 +1838,7 @@ describe('REST policies api', () => {
const result = await request(app).delete('/conditions/1').send();

expect(result.statusCode).toEqual(204);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});

it('should fail to delete condition decision by id', async () => {
Expand Down Expand Up @@ -1899,6 +1911,7 @@ describe('REST policies api', () => {
const result = await request(app).get('/conditions/1').send();
expect(result.statusCode).toBe(200);
expect(result.body).toEqual(condition);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
});

it('should return return 404', async () => {
Expand Down Expand Up @@ -1962,6 +1975,7 @@ describe('REST policies api', () => {

expect(result.statusCode).toBe(201);
expect(result.body).toEqual({ id: 1 });
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});
});

Expand Down Expand Up @@ -2020,6 +2034,7 @@ describe('REST policies api', () => {
1,
conditionDecision,
);
expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
});
});
});
Expand Down
Loading

0 comments on commit 0b72d73

Please sign in to comment.