diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index 9165f59c..4b05ec34 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -10,7 +10,6 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder; -import javax.persistence.EntityManager; import java.util.List; import java.util.UUID; diff --git a/src/main/resources/db/changelog/118-hs-customer-test-data.sql b/src/main/resources/db/changelog/118-hs-customer-test-data.sql index 6f69c831..b7b8c102 100644 --- a/src/main/resources/db/changelog/118-hs-customer-test-data.sql +++ b/src/main/resources/db/changelog/118-hs-customer-test-data.sql @@ -15,48 +15,51 @@ begin return 10000 + customerCount; end; $$; + /* - Creates test data for the customer main table. + Creates a single customer test record with dist. */ create or replace procedure createCustomerTestData( - startCount integer, -- count of auto generated rows before the run - endCount integer, -- count of auto generated rows after the run - doCommitAfterEach boolean -- only for mass data creation outside of Liquibase + custReference integer, + custPrefix varchar ) language plpgsql as $$ declare currentTask varchar; - custReference integer; custRowId uuid; - custPrefix varchar; custAdminName varchar; +begin + currentTask = 'creating RBAC test customer #' || custReference || '/' || custPrefix; + set local hsadminng.currentUser to 'mike@hostsharing.net'; + set local hsadminng.assumedRoles to 'global#hostsharing.admin'; + execute format('set local hsadminng.currentTask to %L', currentTask); + + custRowId = uuid_generate_v4(); + custAdminName = 'customer-admin@' || custPrefix || '.example.com'; + + raise notice 'creating customer %:%', custReference, custPrefix; + insert + into customer (reference, prefix, adminUserName) + values (custReference, custPrefix, custAdminName); +end; $$; +--// + +/* + Creates a range of test customers for mass data generation. + */ +create or replace procedure createCustomerTestData( + startCount integer, -- count of auto generated rows before the run + endCount integer -- count of auto generated rows after the run +) + language plpgsql as $$ begin set hsadminng.currentUser to ''; for t in startCount..endCount loop - currentTask = 'creating RBAC test customer #' || t; - set local hsadminng.currentUser to 'mike@hostsharing.net'; - set local hsadminng.assumedRoles to 'global#hostsharing.admin'; - execute format('set local hsadminng.currentTask to %L', currentTask); - - -- When a new customer is created, - custReference = testCustomerReference(t); - custRowId = uuid_generate_v4(); - custPrefix = intToVarChar(t, 3); - custAdminName = 'admin@' || custPrefix || '.example.com'; - - raise notice 'creating customer %:%', custReference, custPrefix; - insert - into customer (reference, prefix, adminUserName) - values (custReference, custPrefix, custAdminName); - - if doCommitAfterEach then - commit; - end if; - + call createCustomerTestData(testCustomerReference(t), intToVarChar(t, 3)); + commit; end loop; - end; $$; --// @@ -67,7 +70,9 @@ end; $$; do language plpgsql $$ begin - call createCustomerTestData(0, 2, false); + call createCustomerTestData(99901, 'xxx'); + call createCustomerTestData(99902, 'yyy'); + call createCustomerTestData(99903, 'zzz'); end; $$; --// diff --git a/src/main/resources/db/changelog/128-hs-package-test-data.sql b/src/main/resources/db/changelog/128-hs-package-test-data.sql index f38435ec..b8263b21 100644 --- a/src/main/resources/db/changelog/128-hs-package-test-data.sql +++ b/src/main/resources/db/changelog/128-hs-package-test-data.sql @@ -4,12 +4,9 @@ --changeset hs-package-TEST-DATA-GENERATOR:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates test data for the package main table. + Creates the given number of test packages for the given customer. */ -create or replace procedure createPackageTestData( - minCustomerReference integer, -- skip customers with reference below this - doCommitAfterEach boolean -- only for mass data creation outside of Liquibase -) +create or replace procedure createPackageTestData(customerPrefix varchar, pacCount int) language plpgsql as $$ declare cust customer; @@ -18,43 +15,53 @@ declare pacName varchar; currentTask varchar; pac package; +begin + select * from customer where customer.prefix = customerPrefix into cust; + + for t in 0..(pacCount-1) + loop + pacName = cust.prefix || to_char(t, 'fm00'); + currentTask = 'creating RBAC test package #' || pacName || ' for customer ' || cust.prefix || ' #' || + cust.uuid; + + custAdminUser = 'customer-admin@' || cust.prefix || '.example.com'; + custAdminRole = 'customer#' || cust.prefix || '.admin'; + execute format('set local hsadminng.currentUser to %L', custAdminUser); + execute format('set local hsadminng.assumedRoles to %L', custAdminRole); + execute format('set local hsadminng.currentTask to %L', currentTask); + raise notice 'task: % by % as %', currentTask, custAdminUser, custAdminRole; + + insert + into package (customerUuid, name, description) + values (cust.uuid, pacName, 'Here can add your own description of package ' || pacName || '.') + returning * into pac; + + call grantRoleToUser( + getRoleId(customerAdmin(cust), 'fail'), + findRoleId(packageAdmin(pac)), + createRbacUser('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), + true); + + end loop; +end; $$; + +/* + Creates a range of test packages for mass data generation. + */ +create or replace procedure createPackageTestData() + language plpgsql as $$ +declare + cust customer; begin set hsadminng.currentUser to ''; for cust in (select * from customer) loop - continue when cust.reference < minCustomerReference; - - for t in 0..2 - loop - pacName = cust.prefix || to_char(t, 'fm00'); - currentTask = 'creating RBAC test package #' || pacName || ' for customer ' || cust.prefix || ' #' || - cust.uuid; - - custAdminUser = 'admin@' || cust.prefix || '.example.com'; - custAdminRole = 'customer#' || cust.prefix || '.admin'; - execute format('set local hsadminng.currentUser to %L', custAdminUser); - execute format('set local hsadminng.assumedRoles to %L', custAdminRole); - execute format('set local hsadminng.currentTask to %L', currentTask); - raise notice 'task: % by % as %', currentTask, custAdminUser, custAdminRole; - - insert - into package (customerUuid, name, description) - values (cust.uuid, pacName, 'Here can add your own description of package ' || pacName || '.') - returning * into pac; - - call grantRoleToUser( - getRoleId(customerAdmin(cust), 'fail'), - findRoleId(packageAdmin(pac)), - createRbacUser(pacName || '@' || cust.prefix || '.example.com'), - true); - - end loop; + continue when cust.reference >= 90000; -- reserved for functional testing + call createPackageTestData(cust.prefix, 3); end loop; - if doCommitAfterEach then - commit; - end if; + commit; end ; $$; --// @@ -66,7 +73,9 @@ $$; do language plpgsql $$ begin - call createPackageTestData(0, false); + call createPackageTestData('xxx', 3); + call createPackageTestData('yyy', 3); + call createPackageTestData('zzz', 3); end; $$; --// diff --git a/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql b/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql index b849b91f..2d6607e9 100644 --- a/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql +++ b/src/main/resources/db/changelog/138-hs-unixuser-test-data.sql @@ -4,13 +4,42 @@ --changeset hs-unixuser-TEST-DATA-GENERATOR:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates test data for the package main table. + Creates the given count of test unix users for a single package. */ -create or replace procedure createUnixUserTestData( - minCustomerReference integer, -- skip customers with reference below this - unixUserPerPackage integer, -- create this many unix users for each package - doCommitAfterEach boolean -- only for mass data creation outside of Liquibase -) +create or replace procedure createUnixUserTestData( packageName varchar, unixUserCount int ) + language plpgsql as $$ +declare + pac record; + pacAdmin varchar; + currentTask varchar; +begin + set hsadminng.currentUser to ''; + + select p.uuid, p.name, c.prefix as custPrefix + from package p + join customer c on p.customeruuid = c.uuid + where p.name = packageName + into pac; + + for t in 0..(unixUserCount-1) + loop + currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid; + raise notice 'task: %', currentTask; + pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; + execute format('set local hsadminng.currentTask to %L', currentTask); + execute format('set local hsadminng.currentUser to %L', pacAdmin); + set local hsadminng.assumedRoles = ''; + + insert + into unixuser (name, packageUuid) + values (pac.name || '-' || intToVarChar(t, 4), pac.uuid); + end loop; +end; $$; + +/* + Creates a range of unix users for mass data generation. + */ +create or replace procedure createUnixUserTestData( unixUserPerPackage integer ) language plpgsql as $$ declare pac record; @@ -23,30 +52,13 @@ begin (select p.uuid, p.name from package p join customer c on p.customeruuid = c.uuid - where c.reference >= minCustomerReference) + where c.reference < 90000) -- reserved for functional testing loop - - for t in 0..(unixUserPerPackage-1) - loop - currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid; - raise notice 'task: %', currentTask; - pacAdmin = 'admin@' || pac.name || '.example.com'; - execute format('set local hsadminng.currentTask to %L', currentTask); - execute format('set local hsadminng.currentUser to %L', pacAdmin); - set local hsadminng.assumedRoles = ''; - - insert - into unixuser (name, packageUuid) - values (pac.name || '-' || intToVarChar(t, 4), pac.uuid); - - if doCommitAfterEach then - commit; - end if; - end loop; + call createUnixUserTestData(pac.name, 2); + commit; end loop; -end; -$$; +end; $$; --// @@ -56,7 +68,17 @@ $$; do language plpgsql $$ begin - call createUnixUserTestData(0, 2, false); + call createUnixUserTestData('xxx00', 2); + call createUnixUserTestData('xxx01', 2); + call createUnixUserTestData('xxx02', 2); + + call createUnixUserTestData('yyy00', 2); + call createUnixUserTestData('yyy01', 2); + call createUnixUserTestData('yyy02', 2); + + call createUnixUserTestData('zzz00', 2); + call createUnixUserTestData('zzz01', 2); + call createUnixUserTestData('zzz02', 2); end; $$; --// diff --git a/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java index 292fe9b5..7e007fea 100644 --- a/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java @@ -33,12 +33,12 @@ class ContextIntegrationTests { @Transactional void assumeRoles() { context.setCurrentUser("mike@hostsharing.net"); - context.assumeRoles("customer#aaa.owner;customer#aab.owner"); + context.assumeRoles("customer#xxx.owner;customer#yyy.owner"); final var currentUser = context.getCurrentUser(); assertThat(currentUser).isEqualTo("mike@hostsharing.net"); final var assumedRoles = context.getAssumedRoles(); - assertThat(assumedRoles).containsExactlyInAnyOrder("customer#aaa.owner", "customer#aab.owner"); + assertThat(assumedRoles).containsExactlyInAnyOrder("customer#xxx.owner", "customer#yyy.owner"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerRestTest.java index 8f200632..b16e1c51 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerControllerRestTest.java @@ -92,7 +92,7 @@ class CustomerControllerRestTest { mockMvc.perform(MockMvcRequestBuilders .get("/api/customers") .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "admin@yyy.example.com") + .header("assumed-roles", "customer-admin@yyy.example.com") .accept(MediaType.APPLICATION_JSON)) // then @@ -103,7 +103,7 @@ class CustomerControllerRestTest { // then verify(contextMock).setCurrentUser("mike@hostsharing.net"); - verify(contextMock).assumeRoles("admin@yyy.example.com"); + verify(contextMock).assumeRoles("customer-admin@yyy.example.com"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java index a8c60a82..c972889c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hscustomer/CustomerRepositoryIntegrationTest.java @@ -42,7 +42,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { final var result = attempt(em, () -> { final var newCustomer = new CustomerEntity( - UUID.randomUUID(), "xxx", 90001, "admin@xxx.example.com"); + UUID.randomUUID(), "www", 90001, "customer-admin@www.example.com"); return customerRepository.save(newCustomer); }); @@ -56,37 +56,37 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { @Test public void hostsharingAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() { // given - context("mike@hostsharing.net", "customer#aaa.admin"); + context("mike@hostsharing.net", "customer#xxx.admin"); // when final var result = attempt(em, () -> { final var newCustomer = new CustomerEntity( - UUID.randomUUID(), "xxx", 90001, "admin@xxx.example.com"); + UUID.randomUUID(), "www", 90001, "customer-admin@www.example.com"); return customerRepository.save(newCustomer); }); // then result.assertExceptionWithRootCauseMessage( PersistenceException.class, - "add-customer not permitted for customer#aaa.admin"); + "add-customer not permitted for customer#xxx.admin"); } @Test public void customerAdmin_withoutAssumedRole_cannotCreateNewCustomer() { // given - context("admin@aaa.example.com", null); + context("customer-admin@xxx.example.com", null); // when final var result = attempt(em, () -> { final var newCustomer = new CustomerEntity( - UUID.randomUUID(), "yyy", 90002, "admin@yyy.example.com"); + UUID.randomUUID(), "www", 90001, "customer-admin@www.example.com"); return customerRepository.save(newCustomer); }); // then result.assertExceptionWithRootCauseMessage( PersistenceException.class, - "add-customer not permitted for admin@aaa.example.com"); + "add-customer not permitted for customer-admin@xxx.example.com"); } @@ -108,7 +108,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { final var result = customerRepository.findCustomerByOptionalPrefixLike(null); // then - exactlyTheseCustomersAreReturned(result, "aaa", "aab", "aac"); + exactlyTheseCustomersAreReturned(result, "xxx", "yyy", "zzz"); } @Test @@ -120,34 +120,34 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { final var result = customerRepository.findCustomerByOptionalPrefixLike(null); then: - exactlyTheseCustomersAreReturned(result, "aaa", "aab", "aac"); + exactlyTheseCustomersAreReturned(result, "xxx", "yyy", "zzz"); } @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnCustomer() { // given: - context("admin@aaa.example.com", null); + context("customer-admin@xxx.example.com", null); // when: final var result = customerRepository.findCustomerByOptionalPrefixLike(null); // then: - exactlyTheseCustomersAreReturned(result, "aaa"); + exactlyTheseCustomersAreReturned(result, "xxx"); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() { - context("admin@aaa.example.com", "package#aaa00.admin"); + context("customer-admin@xxx.example.com", "package#xxx00.admin"); final var result = customerRepository.findCustomerByOptionalPrefixLike(null); - exactlyTheseCustomersAreReturned(result, "aaa"); + exactlyTheseCustomersAreReturned(result, "xxx"); } @Test public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyCustomer() { // given: - context("admin@aaa.example.com", "package#aab00.admin"); + context("customer-admin@xxx.example.com", "package#yyy00.admin"); // when final var result = attempt( @@ -157,7 +157,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] user admin@aaa.example.com", "has no permission to assume role package#aab00#admin"); + "[403] user customer-admin@xxx.example.com", "has no permission to assume role package#yyy00#admin"); } @Test @@ -176,7 +176,7 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { @Test @Transactional void unknownUser_withAssumedCustomerRole_cannotViewAnyCustomers() { - context("unknown@example.org", "customer#aaa.admin"); + context("unknown@example.org", "customer#xxx.admin"); final var result = attempt( em, @@ -198,19 +198,19 @@ class CustomerRepositoryIntegrationTest extends ContextBasedTest { context("mike@hostsharing.net", null); // when - final var result = customerRepository.findCustomerByOptionalPrefixLike("aab"); + final var result = customerRepository.findCustomerByOptionalPrefixLike("yyy"); // then - exactlyTheseCustomersAreReturned(result, "aab"); + exactlyTheseCustomersAreReturned(result, "yyy"); } @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnCustomer() { // given: - context("admin@aaa.example.com", null); + context("customer-admin@xxx.example.com", null); // when: - final var result = customerRepository.findCustomerByOptionalPrefixLike("aab"); + final var result = customerRepository.findCustomerByOptionalPrefixLike("yyy"); // then: exactlyTheseCustomersAreReturned(result); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java index 6fd8c15d..dab9934d 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageControllerAcceptanceTest.java @@ -44,19 +44,19 @@ class PackageControllerAcceptanceTest { RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .port(port) .when() .get("http://localhost/api/packages") .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aaa00")) - .body("[0].customer.reference", is(10000)) - .body("[1].name", is("aaa01")) - .body("[1].customer.reference", is(10000)) - .body("[2].name", is("aaa02")) - .body("[2].customer.reference", is(10000)); + .body("[0].name", is("xxx00")) + .body("[0].customer.reference", is(99901)) + .body("[1].name", is("xxx01")) + .body("[1].customer.reference", is(99901)) + .body("[2].name", is("xxx02")) + .body("[2].customer.reference", is(99901)); // @formatter:on } @@ -66,15 +66,15 @@ class PackageControllerAcceptanceTest { RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .port(port) .when() - .get("http://localhost/api/packages?name=aaa01") + .get("http://localhost/api/packages?name=xxx01") .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aaa01")) - .body("[0].customer.reference", is(10000)); + .body("[0].name", is("xxx01")) + .body("[0].customer.reference", is(99901)); // @formatter:on } } @@ -85,8 +85,8 @@ class PackageControllerAcceptanceTest { @Test void withDescriptionUpdatesDescription() { - assumeThat(getDescriptionOfPackage("aaa00")) - .isEqualTo("Here can add your own description of package aaa00."); + assumeThat(getDescriptionOfPackage("xxx00")) + .isEqualTo("Here can add your own description of package xxx00."); final var randomDescription = RandomStringUtils.randomAlphanumeric(80); @@ -94,7 +94,7 @@ class PackageControllerAcceptanceTest { RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .contentType(ContentType.JSON) .body(format(""" { @@ -103,12 +103,12 @@ class PackageControllerAcceptanceTest { """, randomDescription)) .port(port) .when() - .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("aaa00")) + .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("xxx00")) .then() .assertThat() .statusCode(200) .contentType("application/json") - .body("name", is("aaa00")) + .body("name", is("xxx00")) .body("description", is(randomDescription)); // @formatter:on @@ -117,14 +117,14 @@ class PackageControllerAcceptanceTest { @Test void withNullDescriptionUpdatesDescriptionToNull() { - assumeThat(getDescriptionOfPackage("aaa01")) - .isEqualTo("Here can add your own description of package aaa01."); + assumeThat(getDescriptionOfPackage("xxx01")) + .isEqualTo("Here can add your own description of package xxx01."); // @formatter:off RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .contentType(ContentType.JSON) .body(""" { @@ -133,12 +133,12 @@ class PackageControllerAcceptanceTest { """) .port(port) .when() - .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("aaa01")) + .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("xxx01")) .then() .assertThat() .statusCode(200) .contentType("application/json") - .body("name", is("aaa01")) + .body("name", is("xxx01")) .body("description", equalTo(null)); // @formatter:on } @@ -146,24 +146,24 @@ class PackageControllerAcceptanceTest { @Test void withoutDescriptionDoesNothing() { - assumeThat(getDescriptionOfPackage("aaa02")) - .isEqualTo("Here can add your own description of package aaa02."); + assumeThat(getDescriptionOfPackage("xxx02")) + .isEqualTo("Here can add your own description of package xxx02."); // @formatter:off RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .contentType(ContentType.JSON) .body("{}") .port(port) .when() - .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("aaa02")) + .patch("http://localhost/api/packages/{uuidOfPackage}", getUuidOfPackage("xxx02")) .then().assertThat() .statusCode(200) .contentType("application/json") - .body("name", is("aaa02")) - .body("description", is("Here can add your own description of package aaa02.")); // unchanged + .body("name", is("xxx02")) + .body("description", is("Here can add your own description of package xxx02.")); // unchanged // @formatter:on } } @@ -173,7 +173,7 @@ class PackageControllerAcceptanceTest { return UUID.fromString(RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "customer#aaa.admin") + .header("assumed-roles", "customer#xxx.admin") .port(port) .when() .get("http://localhost/api/packages?name={packageName}", packageName) @@ -186,7 +186,7 @@ class PackageControllerAcceptanceTest { String getDescriptionOfPackage(final String packageName) { context.setCurrentUser("mike@hostsharing.net"); - context.assumeRoles("customer#aaa.admin"); + context.assumeRoles("customer#xxx.admin"); return packageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription(); } } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java index e5a552a4..170ac919 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hspackage/PackageRepositoryIntegrationTest.java @@ -67,30 +67,30 @@ class PackageRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnPackages() { // given: - currentUser("admin@aaa.example.com"); + currentUser("customer-admin@xxx.example.com"); // when: final var result = packageRepository.findAllByOptionalNameLike(null); // then: - exactlyThesePackagesAreReturned(result, "aaa00", "aaa01", "aaa02"); + exactlyThesePackagesAreReturned(result, "xxx00", "xxx01", "xxx02"); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() { - currentUser("admin@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + currentUser("customer-admin@xxx.example.com"); + assumedRoles("package#xxx00.admin"); final var result = packageRepository.findAllByOptionalNameLike(null); - exactlyThesePackagesAreReturned(result, "aaa00"); + exactlyThesePackagesAreReturned(result, "xxx00"); } @Test public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyPackages() { // given: - currentUser("admin@aaa.example.com"); - assumedRoles("package#aab00.admin"); + currentUser("customer-admin@xxx.example.com"); + assumedRoles("package#yyy00.admin"); // when final var result = attempt( @@ -100,7 +100,7 @@ class PackageRepositoryIntegrationTest { // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] user admin@aaa.example.com", "has no permission to assume role package#aab00#admin"); + "[403] user customer-admin@xxx.example.com", "has no permission to assume role package#yyy00#admin"); } @Test @@ -120,7 +120,7 @@ class PackageRepositoryIntegrationTest { @Transactional void unknownUser_withAssumedCustomerRole_cannotViewAnyPackages() { currentUser("unknown@example.org"); - assumedRoles("customer#aaa.admin"); + assumedRoles("customer#xxx.admin"); final var result = attempt( em, @@ -139,17 +139,17 @@ class PackageRepositoryIntegrationTest { @Test public void supportsOptimisticLocking() throws InterruptedException { // given - hostsharingAdminWithAssumedRole("package#aaa00.admin"); + hostsharingAdminWithAssumedRole("package#xxx00.admin"); final var pac = packageRepository.findAllByOptionalNameLike("%").get(0); // when final var result1 = jpaAttempt.transacted(() -> { - hostsharingAdminWithAssumedRole("package#aaa00.admin"); + hostsharingAdminWithAssumedRole("package#xxx00.admin"); pac.setDescription("description set by thread 1"); packageRepository.save(pac); }); final var result2 = jpaAttempt.transacted(() -> { - hostsharingAdminWithAssumedRole("package#aaa00.admin"); + hostsharingAdminWithAssumedRole("package#xxx00.admin"); pac.setDescription("description set by thread 2"); packageRepository.save(pac); sleep(1500); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index 7fc99c39..5b00bd10 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -62,9 +62,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Accepts({ "GRT:R(Read)" }) void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("admin@aaa.example.com"); - final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); - final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + final var givenCurrentUserAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); + final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin"); // when final var grant = givenCurrentUserAsPackageAdmin.getGrantById() @@ -73,18 +73,18 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("customer#aaa.admin")) - .body("grantedRoleIdName", is("package#aaa00.admin")) - .body("granteeUserName", is("aaa00@aaa.example.com")); + .body("grantedByRoleIdName", is("customer#xxx.admin")) + .body("grantedRoleIdName", is("package#xxx00.admin")) + .body("granteeUserName", is("pac-admin-xxx00@xxx.example.com")); } @Test @Accepts({ "GRT:R(Read)" }) void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com"); - final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); - final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); + final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin"); // when final var grant = givenCurrentUserAsPackageAdmin.getGrantById() @@ -93,18 +93,18 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("customer#aaa.admin")) - .body("grantedRoleIdName", is("package#aaa00.admin")) - .body("granteeUserName", is("aaa00@aaa.example.com")); + .body("grantedByRoleIdName", is("customer#xxx.admin")) + .body("grantedRoleIdName", is("package#xxx00.admin")) + .body("granteeUserName", is("pac-admin-xxx00@xxx.example.com")); } @Test @Accepts({ "GRT:R(Read)" }) void packageAdmin_withAssumedUnixUserAdmin_canNotReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", "unixuser#aaa00-aaaa.admin"); - final var givenGranteeUser = findRbacUserByName("aaa00@aaa.example.com"); - final var givenGrantedRole = findRbacRoleByName("package#aaa00.admin"); + final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", "unixuser#xxx00-xxxa.admin"); + final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGrantedRole = findRbacRoleByName("package#xxx00.admin"); // when final var grant = givenCurrentUserAsPackageAdmin.getGrantById() @@ -125,8 +125,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); - final var givenRoleToGrant = "package#aaa00.admin"; - final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", givenRoleToGrant); + final var givenRoleToGrant = "package#xxx00.admin"; + final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = findRbacRoleByName(givenCurrentUserAsPackageAdmin.assumedRole); @@ -149,9 +149,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); - final var givenRoleToGrant = "package#aaa00.admin"; - final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", givenRoleToGrant); - final var givenAlienPackageAdminRole = findRbacRoleByName("package#aab00.admin"); + final var givenRoleToGrant = "package#xxx00.admin"; + final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givenAlienPackageAdminRole = findRbacRoleByName("package#yyy00.admin"); // when final var result = givenCurrentUserAsPackageAdmin @@ -161,7 +161,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then result.assertThat() .body("message", containsString("Access to granted role")) - .body("message", containsString("forbidden for {package#aaa00.admin}")) + .body("message", containsString("forbidden for {package#xxx00.admin}")) .statusCode(403); assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) @@ -179,9 +179,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRBacUser(); - final var givenRoleToGrant = "package#aaa00.admin"; - final var givenCurrentUserAsPackageAdmin = new Subject("aaa00@aaa.example.com", givenRoleToGrant); - final var givenOwnPackageAdminRole = findRbacRoleByName("package#aaa00.admin"); + final var givenRoleToGrant = "package#xxx00.admin"; + final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givenOwnPackageAdminRole = findRbacRoleByName("package#xxx00.admin"); // and given an existing grant assumeCreated(givenCurrentUserAsPackageAdmin diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java index d7246a2d..3dfb033a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java @@ -55,7 +55,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Accepts({ "GRT:L(List)" }) public void packageAdmin_canViewItsRbacGrants() { // given - context("aaa00@aaa.example.com", null); + context("pac-admin-xxx00@xxx.example.com", null); // when final var result = rbacGrantRepository.findAll(); @@ -63,14 +63,14 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant assumed role package#aaa00.admin to user aaa00@aaa.example.com by role customer#aaa.admin }"); + "{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }"); } @Test @Accepts({ "GRT:L(List)" }) public void customerAdmin_canViewItsRbacGrants() { // given - context("admin@aaa.example.com", null); + context("customer-admin@xxx.example.com", null); // when final var result = rbacGrantRepository.findAll(); @@ -78,17 +78,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant assumed role customer#aaa.admin to user admin@aaa.example.com by role global#hostsharing.admin }", - "{ grant assumed role package#aaa00.admin to user aaa00@aaa.example.com by role customer#aaa.admin }", - "{ grant assumed role package#aaa01.admin to user aaa01@aaa.example.com by role customer#aaa.admin }", - "{ grant assumed role package#aaa02.admin to user aaa02@aaa.example.com by role customer#aaa.admin }"); + "{ grant assumed role customer#xxx.admin to user customer-admin@xxx.example.com by role global#hostsharing.admin }", + "{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }", + "{ grant assumed role package#xxx01.admin to user pac-admin-xxx01@xxx.example.com by role customer#xxx.admin }", + "{ grant assumed role package#xxx02.admin to user pac-admin-xxx02@xxx.example.com by role customer#xxx.admin }"); } @Test @Accepts({ "GRT:L(List)" }) public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() { // given: - context("admin@aaa.example.com", "package#aaa00.admin"); + context("customer-admin@xxx.example.com", "package#xxx00.admin"); // when final var result = rbacGrantRepository.findAll(); @@ -96,7 +96,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant assumed role package#aaa00.admin to user aaa00@aaa.example.com by role customer#aaa.admin }"); + "{ grant assumed role package#xxx00.admin to user pac-admin-xxx00@xxx.example.com by role customer#xxx.admin }"); } } @@ -106,9 +106,9 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given - context("admin@aaa.example.com", "customer#aaa.admin"); - final var givenArbitraryUserUuid = rbacUserRepository.findByName("aac00@aac.example.com").getUuid(); - final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#aaa00.admin").getUuid(); + context("customer-admin@xxx.example.com", "customer#xxx.admin"); + final var givenArbitraryUserUuid = rbacUserRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid(); + final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("package#xxx00.admin").getUuid(); // when final var grant = RbacGrantEntity.builder() @@ -124,7 +124,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::toDisplay) .contains( - "{ grant assumed role package#aaa00.admin to user aac00@aac.example.com by role customer#aaa.admin }"); + "{ grant assumed role package#xxx00.admin to user pac-admin-zzz00@zzz.example.com by role customer#xxx.admin }"); } @Test @@ -134,17 +134,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {} final var given = jpaAttempt.transacted(() -> { // to find the uuids of we need to have access rights to these - context("admin@aaa.example.com", null); + context("customer-admin@xxx.example.com", null); return new Given( createNewUser(), - rbacRoleRepository.findByRoleName("package#aaa00.owner").getUuid() + rbacRoleRepository.findByRoleName("package#xxx00.owner").getUuid() ); }).assumeSuccessful().returnedValue(); // when final var attempt = jpaAttempt.transacted(() -> { // now we try to use these uuids as a less privileged user - context("aaa00@aaa.example.com", "package#aaa00.admin"); + context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin"); final var grant = RbacGrantEntity.builder() .granteeUserUuid(given.arbitraryUser.getUuid()) .grantedRoleUuid(given.packageOwnerRoleUuid) @@ -157,7 +157,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { attempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, "ERROR: [403] Access to granted role " + given.packageOwnerRoleUuid - + " forbidden for {package#aaa00.admin}"); + + " forbidden for {package#xxx00.admin}"); jpaAttempt.transacted(() -> { // finally, we use the new user to make sure, no roles were granted context(given.arbitraryUser.getName(), null); @@ -175,21 +175,21 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() { // given final var grant = create(grant() - .byUser("admin@aaa.example.com").withAssumedRole("customer#aaa.admin") - .grantingRole("package#aaa00.admin").toUser("aac00@aac.example.com")); + .byUser("customer-admin@xxx.example.com").withAssumedRole("customer#xxx.admin") + .grantingRole("package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com")); // when - context("admin@aaa.example.com", "customer#aaa.admin"); + context("customer-admin@xxx.example.com", "customer#xxx.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); // then - context("admin@aaa.example.com", "customer#aaa.admin"); + context("customer-admin@xxx.example.com", "customer#xxx.admin"); assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeUserName) - .doesNotContain("aac00@aac.example.com"); + .doesNotContain("pac-admin-zzz00@zzz.example.com"); } @Test @@ -197,33 +197,33 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // given final var newUser = createNewUserTransacted(); final var grant = create(grant() - .byUser("admin@aaa.example.com").withAssumedRole("package#aaa00.admin") - .grantingRole("package#aaa00.admin").toUser(newUser.getName())); + .byUser("customer-admin@xxx.example.com").withAssumedRole("package#xxx00.admin") + .grantingRole("package#xxx00.admin").toUser(newUser.getName())); // when - context("aaa00@aaa.example.com", "package#aaa00.admin"); + context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); // then assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); - context("admin@aaa.example.com", "customer#aaa.admin"); + context("customer-admin@xxx.example.com", "customer#xxx.admin"); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeUserName) - .doesNotContain("aac00@aac.example.com"); + .doesNotContain("pac-admin-zzz00@zzz.example.com"); } @Test public void packageAdmin_canNotRevokeOwnPackageAdminRoleGrantedByOwnerRoleOfThatPackage() { // given final var grant = create(grant() - .byUser("admin@aaa.example.com").withAssumedRole("package#aaa00.owner") - .grantingRole("package#aaa00.admin").toUser("aac00@aac.example.com")); - final var grantedByRole = rbacRoleRepository.findByRoleName("package#aaa00.owner"); + .byUser("customer-admin@xxx.example.com").withAssumedRole("package#xxx00.owner") + .grantingRole("package#xxx00.admin").toUser("pac-admin-zzz00@zzz.example.com")); + final var grantedByRole = rbacRoleRepository.findByRoleName("package#xxx00.owner"); // when - context("aaa00@aaa.example.com", "package#aaa00.admin"); + context("pac-admin-xxx00@xxx.example.com", "package#xxx00.admin"); final var revokeAttempt = attempt(em, () -> { rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()); }); @@ -231,7 +231,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then revokeAttempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "ERROR: [403] Revoking role created by %s is forbidden for {package#aaa00.admin}.".formatted( + "ERROR: [403] Revoking role created by %s is forbidden for {package#xxx00.admin}.".formatted( grantedByRole.getUuid() )); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index d00e7872..ebc02317 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -50,14 +50,14 @@ class RbacRoleControllerAcceptanceTest { .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].roleName", is("customer#aaa.admin")) - .body("[1].roleName", is("customer#aaa.owner")) - .body("[2].roleName", is("customer#aaa.tenant")) + .body("[0].roleName", is("customer#xxx.admin")) + .body("[1].roleName", is("customer#xxx.owner")) + .body("[2].roleName", is("customer#xxx.tenant")) // ... .body("", hasItem(hasEntry("roleName", "global#hostsharing.admin"))) - .body("", hasItem(hasEntry("roleName", "customer#aab.admin"))) - .body("", hasItem(hasEntry("roleName", "package#aab00.admin"))) - .body("", hasItem(hasEntry("roleName", "unixuser#aab00-aaaa.owner"))) + .body("", hasItem(hasEntry("roleName", "customer#yyy.admin"))) + .body("", hasItem(hasEntry("roleName", "package#yyy00.admin"))) + .body("", hasItem(hasEntry("roleName", "unixuser#yyy00-aaaa.owner"))) .body( "size()", is(73)); // increases with new test data // @formatter:on } @@ -70,17 +70,19 @@ class RbacRoleControllerAcceptanceTest { RestAssured .given() .header("current-user", "mike@hostsharing.net") - .header("assumed-roles", "package#aab00.admin") + .header("assumed-roles", "package#yyy00.admin") .port(port) .when() .get("http://localhost/api/rbac-roles") - .then().assertThat() + .then() + .log().body() + .assertThat() .statusCode(200) .contentType("application/json") - .body("[0].roleName", is("customer#aab.tenant")) - .body("[1].roleName", is("package#aab00.admin")) - .body("[2].roleName", is("package#aab00.tenant")) - .body("[3].roleName", is("unixuser#aab00-aaaa.admin")) + .body("[0].roleName", is("customer#yyy.tenant")) + .body("[1].roleName", is("package#yyy00.admin")) + .body("[2].roleName", is("package#yyy00.tenant")) + .body("[3].roleName", is("unixuser#yyy00-aaaa.admin")) .body("size()", is(7)); // increases with new test data // @formatter:on } @@ -92,18 +94,18 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "aac00@aac.example.com") - .port(port) + .header("current-user", "pac-admin-zzz00@zzz.example.com") + .port(port) .when() - .get("http://localhost/api/rbac-roles") + .get("http://localhost/api/rbac-roles") .then().assertThat() - .statusCode(200) - .contentType("application/json") - .body("[0].roleName", is("customer#aac.tenant")) - .body("[1].roleName", is("package#aac00.admin")) - .body("[2].roleName", is("package#aac00.tenant")) - .body("[3].roleName", is("unixuser#aac00-aaaa.admin")) - .body("size()", is(7)); // increases with new test data + .statusCode(200) + .contentType("application/json") + .body("[0].roleName", is("customer#zzz.tenant")) + .body("[1].roleName", is("package#zzz00.admin")) + .body("[2].roleName", is("package#zzz00.tenant")) + .body("[3].roleName", is("unixuser#zzz00-aaaa.admin")) + .body("size()", is(7)); // increases with new test data // @formatter:on } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index d39491a7..92bcd456 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -35,18 +35,18 @@ class RbacRoleRepositoryIntegrationTest { private static final String[] ALL_TEST_DATA_ROLES = Array.of( // @formatter:off "global#hostsharing.admin", - "customer#aaa.admin", "customer#aaa.owner", "customer#aaa.tenant", - "package#aaa00.admin", "package#aaa00.owner", "package#aaa00.tenant", - "package#aaa01.admin", "package#aaa01.owner", "package#aaa01.tenant", - "package#aaa02.admin", "package#aaa02.owner", "package#aaa02.tenant", - "customer#aab.admin", "customer#aab.owner", "customer#aab.tenant", - "package#aab00.admin", "package#aab00.owner", "package#aab00.tenant", - "package#aab01.admin", "package#aab01.owner", "package#aab01.tenant", - "package#aab02.admin", "package#aab02.owner", "package#aab02.tenant", - "customer#aac.admin", "customer#aac.owner", "customer#aac.tenant", - "package#aac00.admin", "package#aac00.owner", "package#aac00.tenant", - "package#aac01.admin", "package#aac01.owner", "package#aac01.tenant", - "package#aac02.admin", "package#aac02.owner", "package#aac02.tenant" + "customer#xxx.admin", "customer#xxx.owner", "customer#xxx.tenant", + "package#xxx00.admin", "package#xxx00.owner", "package#xxx00.tenant", + "package#xxx01.admin", "package#xxx01.owner", "package#xxx01.tenant", + "package#xxx02.admin", "package#xxx02.owner", "package#xxx02.tenant", + "customer#yyy.admin", "customer#yyy.owner", "customer#yyy.tenant", + "package#yyy00.admin", "package#yyy00.owner", "package#yyy00.tenant", + "package#yyy01.admin", "package#yyy01.owner", "package#yyy01.tenant", + "package#yyy02.admin", "package#yyy02.owner", "package#yyy02.tenant", + "customer#zzz.admin", "customer#zzz.owner", "customer#zzz.tenant", + "package#zzz00.admin", "package#zzz00.owner", "package#zzz00.tenant", + "package#zzz01.admin", "package#zzz01.owner", "package#zzz01.tenant", + "package#zzz02.admin", "package#zzz02.owner", "package#zzz02.tenant" // @formatter:on ); @@ -78,7 +78,7 @@ class RbacRoleRepositoryIntegrationTest { @Test public void customerAdmin_withoutAssumedRole_canViewOnlyItsOwnRbacRole() { // given: - currentUser("admin@aaa.example.com"); + currentUser("customer-admin@xxx.example.com"); // when: final var result = rbacRoleRepository.findAll(); @@ -87,57 +87,57 @@ class RbacRoleRepositoryIntegrationTest { allTheseRbacRolesAreReturned( result, // @formatter:off - "customer#aaa.admin", - "customer#aaa.tenant", - "package#aaa00.admin", - "package#aaa00.owner", - "package#aaa00.tenant", - "package#aaa01.admin", - "package#aaa01.owner", - "package#aaa01.tenant", + "customer#xxx.admin", + "customer#xxx.tenant", + "package#xxx00.admin", + "package#xxx00.owner", + "package#xxx00.tenant", + "package#xxx01.admin", + "package#xxx01.owner", + "package#xxx01.tenant", // ... - "unixuser#aaa00-aaaa.admin", - "unixuser#aaa00-aaaa.owner", + "unixuser#xxx00-aaaa.admin", + "unixuser#xxx00-aaaa.owner", // .. - "unixuser#aaa01-aaaa.admin", - "unixuser#aaa01-aaaa.owner" + "unixuser#xxx01-aaab.admin", + "unixuser#xxx01-aaab.owner" // @formatter:on ); noneOfTheseRbacRolesIsReturned( result, // @formatter:off "global#hostsharing.admin", - "customer#aaa.owner", - "package#aab00.admin", - "package#aab00.owner", - "package#aab00.tenant" + "customer#xxx.owner", + "package#yyy00.admin", + "package#yyy00.owner", + "package#yyy00.tenant" // @formatter:on ); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() { - currentUser("admin@aaa.example.com"); - assumedRoles("package#aaa00.admin"); + currentUser("customer-admin@xxx.example.com"); + assumedRoles("package#xxx00.admin"); final var result = rbacRoleRepository.findAll(); exactlyTheseRbacRolesAreReturned( result, - "customer#aaa.tenant", - "package#aaa00.admin", - "package#aaa00.tenant", - "unixuser#aaa00-aaaa.admin", - "unixuser#aaa00-aaaa.owner", - "unixuser#aaa00-aaab.admin", - "unixuser#aaa00-aaab.owner"); + "customer#xxx.tenant", + "package#xxx00.admin", + "package#xxx00.tenant", + "unixuser#xxx00-aaaa.admin", + "unixuser#xxx00-aaaa.owner", + "unixuser#xxx00-aaab.admin", + "unixuser#xxx00-aaab.owner"); } @Test public void customerAdmin_withAssumedAlienPackageAdminRole_cannotViewAnyRbacRole() { // given: - currentUser("admin@aaa.example.com"); - assumedRoles("package#aab00.admin"); + currentUser("customer-admin@xxx.example.com"); + assumedRoles("package#yyy00.admin"); // when final var result = attempt( @@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest { // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] user admin@aaa.example.com", "has no permission to assume role package#aab00#admin"); + "[403] user customer-admin@xxx.example.com", "has no permission to assume role package#yyy00#admin"); } @Test @@ -166,7 +166,7 @@ class RbacRoleRepositoryIntegrationTest { @Test void unknownUser_withAssumedRbacRoleRole_cannotViewAnyRbacRoles() { currentUser("unknown@example.org"); - assumedRoles("RbacRole#aaa.admin"); + assumedRoles("RbacRole#xxx.admin"); final var result = attempt( em, @@ -183,19 +183,19 @@ class RbacRoleRepositoryIntegrationTest { @Test void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() { - currentUser("admin@aaa.example.com"); + currentUser("customer-admin@xxx.example.com"); - final var result = rbacRoleRepository.findByRoleName("customer#aaa.admin"); + final var result = rbacRoleRepository.findByRoleName("customer#xxx.admin"); assertThat(result).isNotNull(); assertThat(result.getObjectTable()).isEqualTo("customer"); - assertThat(result.getObjectIdName()).isEqualTo("aaa"); + assertThat(result.getObjectIdName()).isEqualTo("xxx"); assertThat(result.getRoleType()).isEqualTo(RbacRoleType.admin); } @Test void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() { - currentUser("admin@aaa.example.com"); + currentUser("customer-admin@xxx.example.com"); final var result = rbacRoleRepository.findByRoleName("customer#bbb.admin"); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index f554f027..b300b871 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -49,16 +49,16 @@ class RbacUserControllerAcceptanceTest { .port(port) .when() .get("http://localhost/api/rbac-users") - .then().assertThat() + .then().log().body().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aaa00@aaa.example.com")) - .body("[1].name", is("aaa01@aaa.example.com")) - .body("[2].name", is("aaa02@aaa.example.com")) - .body("[3].name", is("aab00@aab.example.com")) + .body("[0].name", is("customer-admin@xxx.example.com")) + .body("[1].name", is("customer-admin@yyy.example.com")) + .body("[2].name", is("customer-admin@zzz.example.com")) + .body("[3].name", is("mike@hostsharing.net")) // ... - .body("[11].name", is("admin@aac.example.com")) - .body("[12].name", is("mike@hostsharing.net")) + .body("[11].name", is("pac-admin-zzz01@zzz.example.com")) + .body("[12].name", is("pac-admin-zzz02@zzz.example.com")) .body("[13].name", is("sven@hostsharing.net")) .body("size()", greaterThanOrEqualTo(14)); // @formatter:on @@ -73,13 +73,13 @@ class RbacUserControllerAcceptanceTest { .header("current-user", "mike@hostsharing.net") .port(port) .when() - .get("http://localhost/api/rbac-users?name=aac") - .then().assertThat() + .get("http://localhost/api/rbac-users?name=pac-admin-zzz0") + .then().log().body().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aac00@aac.example.com")) - .body("[1].name", is("aac01@aac.example.com")) - .body("[2].name", is("aac02@aac.example.com")) + .body("[0].name", is("pac-admin-zzz00@zzz.example.com")) + .body("[1].name", is("pac-admin-zzz01@zzz.example.com")) + .body("[2].name", is("pac-admin-zzz02@zzz.example.com")) .body("size()", is(3)); // @formatter:on } @@ -90,17 +90,17 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "admin@aab.example.com") + .header("current-user", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac-users") .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aab00@aab.example.com")) - .body("[1].name", is("aab01@aab.example.com")) - .body("[2].name", is("aab02@aab.example.com")) - .body("[3].name", is("admin@aab.example.com")) + .body("[0].name", is("customer-admin@yyy.example.com")) + .body("[1].name", is("pac-admin-yyy00@yyy.example.com")) + .body("[2].name", is("pac-admin-yyy01@yyy.example.com")) + .body("[3].name", is("pac-admin-yyy02@yyy.example.com")) .body("size()", is(4)); // @formatter:on } @@ -111,14 +111,14 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "aaa01@aaa.example.com") + .header("current-user", "pac-admin-xxx01@xxx.example.com") .port(port) .when() .get("http://localhost/api/rbac-users") .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].name", is("aaa01@aaa.example.com")) + .body("[0].name", is("pac-admin-xxx01@xxx.example.com")) .body("size()", is(1)); // @formatter:on } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java index c9042fcc..680f2501 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java @@ -66,7 +66,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // when: final var result = jpaAttempt.transacted(() -> { - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); return rbacUserRepository.create(new RbacUserEntity(givenUuid, newUserName)); }); @@ -88,12 +88,12 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { private static final String[] ALL_TEST_DATA_USERS = Array.of( // @formatter:off "mike@hostsharing.net", "sven@hostsharing.net", - "admin@aaa.example.com", - "aaa00@aaa.example.com", "aaa01@aaa.example.com", "aaa02@aaa.example.com", - "admin@aab.example.com", - "aab00@aab.example.com", "aab01@aab.example.com", "aab02@aab.example.com", - "admin@aac.example.com", - "aac00@aac.example.com", "aac01@aac.example.com", "aac02@aac.example.com" + "customer-admin@xxx.example.com", + "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com", + "customer-admin@yyy.example.com", + "pac-admin-yyy00@yyy.example.com", "pac-admin-yyy01@yyy.example.com", "pac-admin-yyy02@yyy.example.com", + "customer-admin@zzz.example.com", + "pac-admin-zzz00@zzz.example.com", "pac-admin-zzz01@zzz.example.com", "pac-admin-zzz02@zzz.example.com" // @formatter:on ); @@ -124,7 +124,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Test public void hostsharingAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { given: - context("mike@hostsharing.net", "customer#aaa.admin"); + context("mike@hostsharing.net", "customer#xxx.admin"); // when final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -132,15 +132,15 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { then: exactlyTheseRbacUsersAreReturned( result, - "admin@aaa.example.com", - "aaa00@aaa.example.com", "aaa01@aaa.example.com", "aaa02@aaa.example.com" + "customer-admin@xxx.example.com", + "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com" ); } @Test public void customerAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { // given: - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); // when: final var result = rbacUserRepository.findByOptionalNameLike(null); @@ -148,27 +148,27 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // then: exactlyTheseRbacUsersAreReturned( result, - "admin@aaa.example.com", - "aaa00@aaa.example.com", "aaa01@aaa.example.com", "aaa02@aaa.example.com" + "customer-admin@xxx.example.com", + "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com" ); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() { - context("admin@aaa.example.com", "package#aaa00.admin"); + context("customer-admin@xxx.example.com", "package#xxx00.admin"); final var result = rbacUserRepository.findByOptionalNameLike(null); - exactlyTheseRbacUsersAreReturned(result, "aaa00@aaa.example.com"); + exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com"); } @Test public void packageAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatPackage() { - context("aaa00@aaa.example.com"); + context("pac-admin-xxx00@xxx.example.com"); final var result = rbacUserRepository.findByOptionalNameLike(null); - exactlyTheseRbacUsersAreReturned(result, "aaa00@aaa.example.com"); + exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com"); } } @@ -180,47 +180,47 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // @formatter:off "global#hostsharing.admin -> global#hostsharing: add-customer", - "customer#aaa.admin -> customer#aaa: add-package", - "customer#aaa.admin -> customer#aaa: view", - "customer#aaa.owner -> customer#aaa: *", - "customer#aaa.tenant -> customer#aaa: view", - "package#aaa00.admin -> package#aaa00: add-domain", - "package#aaa00.admin -> package#aaa00: add-unixuser", - "package#aaa00.tenant -> package#aaa00: view", - "package#aaa01.admin -> package#aaa01: add-domain", - "package#aaa01.admin -> package#aaa01: add-unixuser", - "package#aaa01.tenant -> package#aaa01: view", - "package#aaa02.admin -> package#aaa02: add-domain", - "package#aaa02.admin -> package#aaa02: add-unixuser", - "package#aaa02.tenant -> package#aaa02: view", + "customer#xxx.admin -> customer#xxx: add-package", + "customer#xxx.admin -> customer#xxx: view", + "customer#xxx.owner -> customer#xxx: *", + "customer#xxx.tenant -> customer#xxx: view", + "package#xxx00.admin -> package#xxx00: add-domain", + "package#xxx00.admin -> package#xxx00: add-unixuser", + "package#xxx00.tenant -> package#xxx00: view", + "package#xxx01.admin -> package#xxx01: add-domain", + "package#xxx01.admin -> package#xxx01: add-unixuser", + "package#xxx01.tenant -> package#xxx01: view", + "package#xxx02.admin -> package#xxx02: add-domain", + "package#xxx02.admin -> package#xxx02: add-unixuser", + "package#xxx02.tenant -> package#xxx02: view", - "customer#aab.admin -> customer#aab: add-package", - "customer#aab.admin -> customer#aab: view", - "customer#aab.owner -> customer#aab: *", - "customer#aab.tenant -> customer#aab: view", - "package#aab00.admin -> package#aab00: add-domain", - "package#aab00.admin -> package#aab00: add-unixuser", - "package#aab00.tenant -> package#aab00: view", - "package#aab01.admin -> package#aab01: add-domain", - "package#aab01.admin -> package#aab01: add-unixuser", - "package#aab01.tenant -> package#aab01: view", - "package#aab02.admin -> package#aab02: add-domain", - "package#aab02.admin -> package#aab02: add-unixuser", - "package#aab02.tenant -> package#aab02: view", + "customer#yyy.admin -> customer#yyy: add-package", + "customer#yyy.admin -> customer#yyy: view", + "customer#yyy.owner -> customer#yyy: *", + "customer#yyy.tenant -> customer#yyy: view", + "package#yyy00.admin -> package#yyy00: add-domain", + "package#yyy00.admin -> package#yyy00: add-unixuser", + "package#yyy00.tenant -> package#yyy00: view", + "package#yyy01.admin -> package#yyy01: add-domain", + "package#yyy01.admin -> package#yyy01: add-unixuser", + "package#yyy01.tenant -> package#yyy01: view", + "package#yyy02.admin -> package#yyy02: add-domain", + "package#yyy02.admin -> package#yyy02: add-unixuser", + "package#yyy02.tenant -> package#yyy02: view", - "customer#aac.admin -> customer#aac: add-package", - "customer#aac.admin -> customer#aac: view", - "customer#aac.owner -> customer#aac: *", - "customer#aac.tenant -> customer#aac: view", - "package#aac00.admin -> package#aac00: add-domain", - "package#aac00.admin -> package#aac00: add-unixuser", - "package#aac00.tenant -> package#aac00: view", - "package#aac01.admin -> package#aac01: add-domain", - "package#aac01.admin -> package#aac01: add-unixuser", - "package#aac01.tenant -> package#aac01: view", - "package#aac02.admin -> package#aac02: add-domain", - "package#aac02.admin -> package#aac02: add-unixuser", - "package#aac02.tenant -> package#aac02: view" + "customer#zzz.admin -> customer#zzz: add-package", + "customer#zzz.admin -> customer#zzz: view", + "customer#zzz.owner -> customer#zzz: *", + "customer#zzz.tenant -> customer#zzz: view", + "package#zzz00.admin -> package#zzz00: add-domain", + "package#zzz00.admin -> package#zzz00: add-unixuser", + "package#zzz00.tenant -> package#zzz00: view", + "package#zzz01.admin -> package#zzz01: add-domain", + "package#zzz01.admin -> package#zzz01: add-unixuser", + "package#zzz01.tenant -> package#zzz01: view", + "package#zzz02.admin -> package#zzz02: add-domain", + "package#zzz02.admin -> package#zzz02: add-unixuser", + "package#zzz02.tenant -> package#zzz02: view" // @formatter:on ); @@ -255,41 +255,41 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withoutAssumedRole_canViewTheirOwnPermissions() { // given - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUser("admin@aaa.example.com"); + final var result = rbacUserRepository.findPermissionsOfUser("customer-admin@xxx.example.com"); // then allTheseRbacPermissionsAreReturned( result, // @formatter:off - "customer#aaa.admin -> customer#aaa: add-package", - "customer#aaa.admin -> customer#aaa: view", - "customer#aaa.tenant -> customer#aaa: view", + "customer#xxx.admin -> customer#xxx: add-package", + "customer#xxx.admin -> customer#xxx: view", + "customer#xxx.tenant -> customer#xxx: view", - "package#aaa00.admin -> package#aaa00: add-domain", - "package#aaa00.admin -> package#aaa00: add-unixuser", - "package#aaa00.tenant -> package#aaa00: view", - "unixuser#aaa00-aaaa.owner -> unixuser#aaa00-aaaa: *", + "package#xxx00.admin -> package#xxx00: add-domain", + "package#xxx00.admin -> package#xxx00: add-unixuser", + "package#xxx00.tenant -> package#xxx00: view", + "unixuser#xxx00-aaaa.owner -> unixuser#xxx00-aaaa: *", - "package#aaa01.admin -> package#aaa01: add-domain", - "package#aaa01.admin -> package#aaa01: add-unixuser", - "package#aaa01.tenant -> package#aaa01: view", - "unixuser#aaa01-aaaa.owner -> unixuser#aaa01-aaaa: *", + "package#xxx01.admin -> package#xxx01: add-domain", + "package#xxx01.admin -> package#xxx01: add-unixuser", + "package#xxx01.tenant -> package#xxx01: view", + "unixuser#xxx01-aaaa.owner -> unixuser#xxx01-aaaa: *", - "package#aaa02.admin -> package#aaa02: add-domain", - "package#aaa02.admin -> package#aaa02: add-unixuser", - "package#aaa02.tenant -> package#aaa02: view", - "unixuser#aaa02-aaaa.owner -> unixuser#aaa02-aaaa: *" + "package#xxx02.admin -> package#xxx02: add-domain", + "package#xxx02.admin -> package#xxx02: add-unixuser", + "package#xxx02.tenant -> package#xxx02: view", + "unixuser#xxx02-aaaa.owner -> unixuser#xxx02-aaaa: *" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "customer#aab.admin -> customer#aab: add-package", - "customer#aab.admin -> customer#aab: view", - "customer#aab.tenant -> customer#aab: view" + "customer#yyy.admin -> customer#yyy: add-package", + "customer#yyy.admin -> customer#yyy: view", + "customer#yyy.tenant -> customer#yyy: view" // @formatter:on ); } @@ -297,7 +297,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() { // given - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); // when final var result = attempt(em, () -> @@ -307,41 +307,41 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] permissions of user \"mike@hostsharing.net\" are not accessible to user \"admin@aaa.example.com\""); + "[403] permissions of user \"mike@hostsharing.net\" are not accessible to user \"customer-admin@xxx.example.com\""); } @Test public void customerAdmin_withoutAssumedRole_canViewAllPermissionsWithinThePacketsRealm() { // given - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com"); + final var result = rbacUserRepository.findPermissionsOfUser("pac-admin-xxx00@xxx.example.com"); // then allTheseRbacPermissionsAreReturned( result, // @formatter:off - "customer#aaa.tenant -> customer#aaa: view", - // "customer#aaa.admin -> customer#aaa: view" - Not permissions through the customer admin! - "package#aaa00.admin -> package#aaa00: add-unixuser", - "package#aaa00.admin -> package#aaa00: add-domain", - "package#aaa00.tenant -> package#aaa00: view", - "unixuser#aaa00-aaaa.owner -> unixuser#aaa00-aaaa: *", - "unixuser#aaa00-aaab.owner -> unixuser#aaa00-aaab: *" + "customer#xxx.tenant -> customer#xxx: view", + // "customer#xxx.admin -> customer#xxx: view" - Not permissions through the customer admin! + "package#xxx00.admin -> package#xxx00: add-unixuser", + "package#xxx00.admin -> package#xxx00: add-domain", + "package#xxx00.tenant -> package#xxx00: view", + "unixuser#xxx00-aaaa.owner -> unixuser#xxx00-aaaa: *", + "unixuser#xxx00-aaab.owner -> unixuser#xxx00-aaab: *" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "customer#aab.admin -> customer#aab: add-package", - "customer#aab.admin -> customer#aab: view", - "customer#aab.tenant -> customer#aab: view", - "package#aab00.admin -> package#aab00: add-unixuser", - "package#aab00.admin -> package#aab00: add-domain", - "package#aab00.tenant -> package#aab00: view", - "unixuser#aab00-aaaa.owner -> unixuser#aab00-aaaa: *", - "unixuser#aab00-aaab.owner -> unixuser#aab00-aaab: *" + "customer#yyy.admin -> customer#yyy: add-package", + "customer#yyy.admin -> customer#yyy: view", + "customer#yyy.tenant -> customer#yyy: view", + "package#yyy00.admin -> package#yyy00: add-unixuser", + "package#yyy00.admin -> package#yyy00: add-domain", + "package#yyy00.tenant -> package#yyy00: view", + "unixuser#yyy00-aaaa.owner -> unixuser#yyy00-aaaa: *", + "unixuser#yyy00-aaab.owner -> unixuser#yyy00-aaab: *" // @formatter:on ); } @@ -349,10 +349,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withoutAssumedRole_canNotViewPermissionsOfUnrelatedUsers() { // given - context("admin@aaa.example.com"); + context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUser("aab00@aab.example.com"); + final var result = rbacUserRepository.findPermissionsOfUser("pac-admin-yyy00@yyy.example.com"); // then noRbacPermissionsAreReturned(result); @@ -361,36 +361,36 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { @Test public void packetAdmin_withoutAssumedRole_canViewAllPermissionsWithinThePacketsRealm() { // given - context("aaa00@aaa.example.com"); + context("pac-admin-xxx00@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUser("aaa00@aaa.example.com"); + final var result = rbacUserRepository.findPermissionsOfUser("pac-admin-xxx00@xxx.example.com"); // then allTheseRbacPermissionsAreReturned( result, // @formatter:off - "customer#aaa.tenant -> customer#aaa: view", - // "customer#aaa.admin -> customer#aaa: view" - Not permissions through the customer admin! - "package#aaa00.admin -> package#aaa00: add-unixuser", - "package#aaa00.admin -> package#aaa00: add-domain", - "package#aaa00.tenant -> package#aaa00: view" + "customer#xxx.tenant -> customer#xxx: view", + // "customer#xxx.admin -> customer#xxx: view" - Not permissions through the customer admin! + "package#xxx00.admin -> package#xxx00: add-unixuser", + "package#xxx00.admin -> package#xxx00: add-domain", + "package#xxx00.tenant -> package#xxx00: view" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off // no customer admin permissions - "customer#aaa.admin -> customer#aaa: add-package", + "customer#xxx.admin -> customer#xxx: add-package", // no permissions on other customer's objects - "customer#aab.admin -> customer#aab: add-package", - "customer#aab.admin -> customer#aab: view", - "customer#aab.tenant -> customer#aab: view", - "package#aab00.admin -> package#aab00: add-unixuser", - "package#aab00.admin -> package#aab00: add-domain", - "package#aab00.tenant -> package#aab00: view", - "unixuser#aab00-aaaa.owner -> unixuser#aab00-aaaa: *", - "unixuser#aab00-aaab.owner -> unixuser#aab00-aaab: *" + "customer#yyy.admin -> customer#yyy: add-package", + "customer#yyy.admin -> customer#yyy: view", + "customer#yyy.tenant -> customer#yyy: view", + "package#yyy00.admin -> package#yyy00: add-unixuser", + "package#yyy00.admin -> package#yyy00: add-domain", + "package#yyy00.tenant -> package#yyy00: view", + "unixuser#yyy00-aaaa.owner -> unixuser#yyy00-aaaa: *", + "unixuser#yyy00-xxxb.owner -> unixuser#yyy00-xxxb: *" // @formatter:on ); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java index b7cc2f26..bd096c9e 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java @@ -5,8 +5,8 @@ import static java.util.UUID.randomUUID; public class TestRbacUser { - static final RbacUserEntity userAaa = rbacRole("admin@aaa.example.com"); - static final RbacUserEntity userBbb = rbacRole("admin@bbb.example.com"); + static final RbacUserEntity userxxx = rbacRole("customer-admin@xxx.example.com"); + static final RbacUserEntity userBbb = rbacRole("customer-admin@bbb.example.com"); static public RbacUserEntity rbacRole(final String userName) { return new RbacUserEntity(randomUUID(), userName);