fix: e2e tests (#18)

goto · Oct 5, 2023 · 5a9a01c · 5a9a01c
1 parent 7a71e4f
commit 5a9a01c
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 7 deletions.
diff --git a/test/e2e_test/smoke/proxy_test.go b/test/e2e_test/smoke/proxy_test.go
@@ -130,6 +130,33 @@ func (s *EndToEndProxySmokeTestSuite) TestProxyToEchoServer() {
 		s.Assert().Equal(200, res.StatusCode)
 		s.Assert().Equal("test-resource", resourceName)
 	})
+
+	s.Run("user not part of group will not be authenticated by middleware auth", func() {
+		groupDetail, err := s.client.GetGroup(context.Background(), &shieldv1beta1.GetGroupRequest{Id: s.groupID})
+		s.Require().NoError(err)
+
+		url := fmt.Sprintf("http://localhost:%d/api/resource_slug", s.appConfig.Proxy.Services[0].Port)
+		reqBodyMap := map[string]string{
+			"project":    s.projID,
+			"name":       "test-resource-group-slug",
+			"group_slug": groupDetail.GetGroup().GetSlug(),
+		}
+		reqBodyBytes, err := json.Marshal(reqBodyMap)
+		s.Require().NoError(err)
+
+		req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(reqBodyBytes))
+		s.Require().NoError(err)
+
+		req.Header.Set(testbench.IdentityHeader, "[email protected]")
+		req.Header.Set("X-Shield-Org", s.orgID)
+
+		res, err := http.DefaultClient.Do(req)
+		s.Require().NoError(err)
+
+		defer res.Body.Close()
+
+		s.Assert().Equal(401, res.StatusCode)
+	})
 	s.Run("resource created on echo server should persist in shieldDB when using group slug", func() {
 		groupDetail, err := s.client.GetGroup(context.Background(), &shieldv1beta1.GetGroupRequest{Id: s.groupID})
 		s.Require().NoError(err)

diff --git a/test/e2e_test/testbench/helper.go b/test/e2e_test/testbench/helper.go
@@ -8,6 +8,7 @@ import (
 	"net"
 	"os"
 
+	"github.com/goto/shield/internal/schema"
 	"github.com/goto/shield/pkg/db"
 	shieldv1beta1 "github.com/goto/shield/proto/v1beta1"
 	"google.golang.org/grpc"
@@ -193,10 +194,11 @@ func BootstrapGroup(ctx context.Context, cl shieldv1beta1.ShieldServiceClient, c
 	data[1].OrgId = orgResp.GetOrganizations()[0].GetId()
 	data[2].OrgId = orgResp.GetOrganizations()[0].GetId()
 
+	ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
+		IdentityHeader: creatorEmail,
+	}))
+
 	for _, d := range data {
-		ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
-			IdentityHeader: creatorEmail,
-		}))
 		if _, err := cl.CreateGroup(ctx, &shieldv1beta1.CreateGroupRequest{
 			Body: d,
 		}); err != nil {
@@ -207,6 +209,43 @@ func BootstrapGroup(ctx context.Context, cl shieldv1beta1.ShieldServiceClient, c
 	return nil
 }
 
+func AssignGroupManager(ctx context.Context, cl shieldv1beta1.ShieldServiceClient, creatorEmail string) error {
+	groupsResp, err := cl.ListGroups(ctx, &shieldv1beta1.ListGroupsRequest{})
+	if err != nil {
+		return err
+	}
+
+	if len(groupsResp.GetGroups()) < 1 {
+		return errors.New("no groups found")
+	}
+
+	ctx = metadata.NewOutgoingContext(ctx, metadata.New(map[string]string{
+		IdentityHeader: creatorEmail,
+	}))
+
+	usr, err := cl.GetCurrentUser(ctx, &shieldv1beta1.GetCurrentUserRequest{})
+	if err != nil {
+		return err
+	}
+
+	for _, grp := range groupsResp.GetGroups() {
+		// assign admin to group
+		_, err = cl.CreateRelation(ctx, &shieldv1beta1.CreateRelationRequest{
+			Body: &shieldv1beta1.RelationRequestBody{
+				ObjectId:        grp.GetId(),
+				ObjectNamespace: schema.GroupNamespace,
+				Subject:         fmt.Sprintf("%s:%s", schema.UserPrincipal, usr.GetUser().GetId()),
+				RoleName:        schema.ManagerRole,
+			},
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func SetupDB(cfg db.Config) (dbc *db.Client, err error) {
 	dbc, err = db.New(cfg)
 	if err != nil {

diff --git a/test/e2e_test/testbench/testbench.go b/test/e2e_test/testbench/testbench.go
@@ -243,7 +243,10 @@ func SetupTests(t *testing.T) (shieldv1beta1.ShieldServiceClient, *config.Shield
 	if err := BootstrapGroup(ctx, client, OrgAdminEmail, testDataPath); err != nil {
 		t.Fatal(err)
 	}
-
+	time.Sleep(10 * time.Second)
+	if err := AssignGroupManager(ctx, client, OrgAdminEmail); err != nil {
+		t.Fatal(err)
+	}
 	return client, appConfig, cancelClient, cancelContextFunc
 }
 func migrateShield(appConfig *config.Shield) error {

diff --git a/test/e2e_test/testbench/testdata/configs/rules/rule.yaml b/test/e2e_test/testbench/testdata/configs/rules/rule.yaml
@@ -1,7 +1,7 @@
 rules:
   - backends:
       - name: entropy
-        target: "http://localhost:60127"
+        target: "http://localhost:61587"
         frontends:
           - name: ping
             path: "/api/ping"
@@ -48,7 +48,7 @@ rules:
                     value: org1-group1
                     type: constant
                 permissions:
-                  - name: view
+                  - name: membership
                     namespace: shield/group
                     attribute: owner_group
             hooks:

diff --git a/test/e2e_test/testbench/testdata/configs/rules/rule.yamltpl b/test/e2e_test/testbench/testdata/configs/rules/rule.yamltpl
@@ -48,7 +48,7 @@ rules:
                     value: org1-group1
                     type: constant
                 permissions:
-                  - name: view
+                  - name: membership
                     namespace: shield/group
                     attribute: owner_group
             hooks: