hostsharing/hs.hsadmin.ng
7
0
Fork 0
Code Pull Requests 1 Activity

replace unixuser test entities with domain

Browse Source
This commit is contained in:
Michael Hoennig 2022-08-31 14:57:15 +02:00
parent 84ce90b28f
commit a117258085
14 changed files with 163 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/rbac.md
View File

@ -103,7 +103,7 @@ package RBAC {
enum RbacOperation {
add-package
add-domain
add-unixuser
add-domain
...
view
edit
@ -359,7 +359,7 @@ A full example is shown here:
SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
FROM emailaddress_rv ema
JOIN domain_rv dom ON dom.uuid = ema.domainuuid
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid
JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN package_rv p ON p.uuid = uu.packageuuid
JOIN customer_rv c ON c.uuid = p.customeruuid;
END TRANSACTION;
@ -387,11 +387,11 @@ entity EMailAddress
entity Domain
Domain o-- "*" EMailAddress
entity UnixUser
UnixUser o-- "*" Domain
entity domain
domain o-- "*" Domain
entity Package
Package o.. "*" UnixUser
Package o.. "*" domain
entity Customer
Customer o-- "*" Package
@ -497,7 +497,7 @@ together {
entity "Perm package#xyz00 *" as permPackageXyzAll
permPackageXyzAll --> boPacXyz00
entity "Perm package#xyz00 add-unixuser" as permPacXyz00AddUser
entity "Perm package#xyz00 add-domain" as permPacXyz00AddUser
permPacXyz00AddUser --> boPacXyz00
entity "Perm package#xyz00 edit" as permPacXyz00Edit

16
sql/24-hs-domain.sql
View File

@ -8,7 +8,7 @@ create table if not exists Domain
(
uuid uuid unique references RbacObject (uuid),
name character varying(32),
unixUserUuid uuid references unixuser (uuid)
domainUuid uuid references domain (uuid)
);
drop trigger if exists createRbacObjectForDomain_Trigger on Domain;
@ -48,7 +48,7 @@ create or replace function createRbacRulesForDomain()
language plpgsql
strict as $$
declare
parentUser UnixUser;
parentUser domain;
parentPackage package;
domainOwnerRoleUuid uuid;
domainAdminRoleUuid uuid;
@ -57,10 +57,10 @@ begin
raise exception 'invalid usage of TRIGGER AFTER INSERT';
end if;
select * from UnixUser where uuid = NEW.unixUserUuid into parentUser;
select * from domain where uuid = NEW.domainUuid into parentUser;
select * from Package where uuid = parentUser.packageuuid into parentPackage;
-- a domain owner role is created and assigned to the unixuser's admin role
-- a domain owner role is created and assigned to the domain's admin role
domainOwnerRoleUuid = createRole(
domainOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
@ -79,7 +79,7 @@ begin
domainTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(domainAdminRoleUuid),
beingItselfA(createUnixUserTenantRoleIfNotExists(parentUser))
beingItselfA(createdomainTenantRoleIfNotExists(parentUser))
);
return NEW;
@ -118,7 +118,7 @@ do language plpgsql $$
set hsadminng.currentUser to '';
for uu in (select u.uuid, u.name, u.packageuuid, c.reference
from unixuser u
from domain u
join package p on u.packageuuid = p.uuid
join customer c on p.customeruuid = c.uuid
-- WHERE c.reference >= 18000
@ -127,7 +127,7 @@ do language plpgsql $$
if (random() < 0.3) then
for t in 0..1
loop
currentTask = 'creating RBAC test Domain #' || t || ' for UnixUser ' || uu.name || ' #' || uu.uuid;
currentTask = 'creating RBAC test Domain #' || t || ' for domain ' || uu.name || ' #' || uu.uuid;
raise notice 'task: %', currentTask;
select * from package where uuid = uu.packageUuid into pac;
@ -137,7 +137,7 @@ do language plpgsql $$
set local hsadminng.assumedRoles = '';
insert
into Domain (name, unixUserUuid)
into Domain (name, domainUuid)
values ('dom-' || t || '.' || uu.name || '.example.org', uu.uuid);
commit;

6
sql/25-hs-emailaddress.sql
View File

@ -48,7 +48,7 @@ begin
select d.*
from domain d
left join unixuser u on u.uuid = d.unixuseruuid
left join domain u on u.uuid = d.domainuuid
where d.uuid = NEW.domainUuid
into parentDomain;
@ -59,7 +59,7 @@ begin
beneathRole(domainAdmin(parentDomain))
);
-- and an admin role is created and assigned to the unixuser owner as well
-- and an admin role is created and assigned to the domain owner as well
perform createRole(
emailAddressAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
@ -102,7 +102,7 @@ do language plpgsql $$
for dom in (select d.uuid, d.name, p.name as packageName
from domain d
join unixuser u on u.uuid = d.unixuseruuid
join domain u on u.uuid = d.domainuuid
join package p on u.packageuuid = p.uuid
join customer c on p.customeruuid = c.uuid
-- WHERE c.reference >= 18000

14
sql/28-hs-tests.sql
View File

@ -49,7 +49,7 @@ BEGIN
SET LOCAL hsadminng.assumedRoles = '';
-- SELECT *
SELECT count(*) INTO resultCount
FROM unixuser_rv;
FROM domain_rv;
call expectBetween(resultCount, 20, 50);
-- hostsharing admin assuming customer role and listing all accessible packages
@ -61,13 +61,13 @@ BEGIN
FROM test_package_rv p;
call expectBetween(resultCount, 2, 10);
-- hostsharing admin assuming two customer admin roles and listing all accessible unixusers
-- hostsharing admin assuming two customer admin roles and listing all accessible domains
SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin';
-- SELECT c.prefix, c.reference, uu.*
SELECT count(*) INTO resultCount
FROM unixuser_rv uu
FROM domain_rv uu
JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 40, 60);
@ -80,7 +80,7 @@ BEGIN
-- SELECT p.name, uu.name, dom.name
SELECT count(*) INTO resultCount
FROM domain_rv dom
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid
JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 20, 40);
@ -94,7 +94,7 @@ BEGIN
SELECT count(*) INTO resultCount
FROM emailaddress_rv ema
JOIN domain_rv dom ON dom.uuid = ema.domainuuid
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid
JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 100, 300);
@ -112,7 +112,7 @@ END; $$;
no count required factor table
1 7 000 7 000 1.000 customers
2 17 436 15 000 1.162 packages
3 174 360 150 000 1.162 unixuser
3 174 360 150 000 1.162 domain
4 105 206 100 000 1.052 domain
5 526 030 500 000 1.052 emailaddress
@ -126,7 +126,7 @@ in average +9,33%
no count required factor table
1 10 000 7 000 1.429 customers
2 24 904 15 000 1.660 packages
3 249 040 150 000 1.660 unixuser
3 249 040 150 000 1.660 domain
4 149 946 100 000 1.499 domain
5 749 730 500 000 1.499 emailaddress

4
sql/29-hs-statistics.sql
View File

@ -15,8 +15,8 @@ select no,
select 2 as no, count(*) as "count", 15000 as "required", 'packages' as "table"
from package
union
select 3 as no, count(*) as "count", 150000 as "required", 'unixuser' as "table"
from unixuser
select 3 as no, count(*) as "count", 150000 as "required", 'domain' as "table"
from domain
union
select 4 as no, count(*) as "count", 100000 as "required", 'domain' as "table"
from domain

2
src/main/resources/db/changelog/123-test-package-rbac.sql
View File

@ -76,7 +76,7 @@ begin
-- an owner role is created and assigned to the package owner role
packageAdminRoleUuid = createRole(
testPackageAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-unixuser', 'add-domain']),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-domain']),
beneathRole(packageOwnerRoleUuid)
);

6
src/main/resources/db/changelog/130-test-unixuser.sql → src/main/resources/db/changelog/130-test-domain.sql
View File

@ -1,14 +1,14 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-unixuser-MAIN-TABLE:1 endDelimiter:--//
--changeset test-domain-MAIN-TABLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists test_unixuser
create table if not exists test_domain
(
uuid uuid unique references RbacObject (uuid),
packageUuid uuid references test_package (uuid),
name character varying(32),
name character varying(253),
description character varying(96)
);
--//

124
src/main/resources/db/changelog/133-test-unixuser-rbac.sql → src/main/resources/db/changelog/133-test-domain-rbac.sql
View File

@ -6,81 +6,81 @@
/*
Creates the related RbacObject through a BEFORE INSERT TRIGGER.
*/
drop trigger if exists createRbacObjectFortest_unixuser_Trigger on test_unixuser;
create trigger createRbacObjectFortest_unixuser_Trigger
drop trigger if exists createRbacObjectFortest_domain_Trigger on test_domain;
create trigger createRbacObjectFortest_domain_Trigger
before insert
on test_unixuser
on test_domain
for each row
execute procedure createRbacObject();
--//
-- ============================================================================
--changeset test-unixuser-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function testUnixUserOwner(uu test_unixuser)
create or replace function testdomainOwner(uu test_domain)
returns RbacRoleDescriptor
returns null on null input
language plpgsql as $$
begin
return roleDescriptor('test_unixuser', uu.uuid, 'owner');
return roleDescriptor('test_domain', uu.uuid, 'owner');
end; $$;
create or replace function testUnixUserAdmin(uu test_unixuser)
create or replace function testdomainAdmin(uu test_domain)
returns RbacRoleDescriptor
returns null on null input
language plpgsql as $$
begin
return roleDescriptor('test_unixuser', uu.uuid, 'admin');
return roleDescriptor('test_domain', uu.uuid, 'admin');
end; $$;
create or replace function testUnixUserTenant(uu test_unixuser)
create or replace function testdomainTenant(uu test_domain)
returns RbacRoleDescriptor
returns null on null input
language plpgsql as $$
begin
return roleDescriptor('test_unixuser', uu.uuid, 'tenant');
return roleDescriptor('test_domain', uu.uuid, 'tenant');
end; $$;
create or replace function createTestUnixUserTenantRoleIfNotExists(unixUser test_unixuser)
create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain)
returns uuid
returns null on null input
language plpgsql as $$
declare
unixUserTenantRoleDesc RbacRoleDescriptor;
unixUserTenantRoleUuid uuid;
domainTenantRoleDesc RbacRoleDescriptor;
domainTenantRoleUuid uuid;
begin
unixUserTenantRoleDesc = testUnixUserTenant(unixUser);
unixUserTenantRoleUuid = findRoleId(unixUserTenantRoleDesc);
if unixUserTenantRoleUuid is not null then
return unixUserTenantRoleUuid;
domainTenantRoleDesc = testdomainTenant(domain);
domainTenantRoleUuid = findRoleId(domainTenantRoleDesc);
if domainTenantRoleUuid is not null then
return domainTenantRoleUuid;
end if;
return createRole(
unixUserTenantRoleDesc,
grantingPermissions(forObjectUuid => unixUser.uuid, permitOps => array ['view']),
beneathRole(testUnixUserAdmin(unixUser))
domainTenantRoleDesc,
grantingPermissions(forObjectUuid => domain.uuid, permitOps => array ['view']),
beneathRole(testdomainAdmin(domain))
);
end; $$;
--//
-- ============================================================================
--changeset test-unixuser-rbac-ROLES-CREATION:1 endDelimiter:--//
--changeset test-domain-rbac-ROLES-CREATION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles and their assignments for a new UnixUser for the AFTER INSERT TRIGGER.
Creates the roles and their assignments for a new domain for the AFTER INSERT TRIGGER.
*/
create or replace function createRbacRulesForTestUnixUser()
create or replace function createRbacRulesForTestDomain()
returns trigger
language plpgsql
strict as $$
declare
parentPackage test_package;
unixuserOwnerRoleId uuid;
unixuserAdminRoleId uuid;
domainOwnerRoleId uuid;
domainAdminRoleId uuid;
begin
if TG_OP <> 'INSERT' then
raise exception 'invalid usage of TRIGGER AFTER INSERT';
@ -89,17 +89,17 @@ begin
select * from test_package where uuid = NEW.packageUuid into parentPackage;
-- an owner role is created and assigned to the package's admin group
unixuserOwnerRoleId = createRole(
testUnixUserOwner(NEW),
domainOwnerRoleId = createRole(
testdomainOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(testPackageAdmin(parentPackage))
);
-- and a unixuser admin role is created and assigned to the unixuser owner as well
unixuserAdminRoleId = createRole(
testUnixUserAdmin(NEW),
-- and a domain admin role is created and assigned to the domain owner as well
domainAdminRoleId = createRole(
testdomainAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
beneathRole(unixuserOwnerRoleId),
beneathRole(domainOwnerRoleId),
beingItselfA(testPackageTenant(parentPackage))
);
@ -110,86 +110,86 @@ end; $$;
/*
An AFTER INSERT TRIGGER which creates the role structure for a new UnixUser.
An AFTER INSERT TRIGGER which creates the role structure for a new domain.
*/
drop trigger if exists createRbacRulesForTestUnixuser_Trigger on test_unixuser;
create trigger createRbacRulesForTestUnixuser_Trigger
drop trigger if exists createRbacRulesForTestDomain_Trigger on test_domain;
create trigger createRbacRulesForTestDomain_Trigger
after insert
on test_unixuser
on test_domain
for each row
execute procedure createRbacRulesForTestUnixUser();
execute procedure createRbacRulesForTestDomain();
--//
-- ============================================================================
--changeset test-unixuser-rbac-ROLES-REMOVAL:1 endDelimiter:--//
--changeset test-domain-rbac-ROLES-REMOVAL:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Deletes the roles and their assignments of a deleted UnixUser for the BEFORE DELETE TRIGGER.
Deletes the roles and their assignments of a deleted domain for the BEFORE DELETE TRIGGER.
*/
create or replace function deleteRbacRulesForTestUnixUser()
create or replace function deleteRbacRulesForTestDomain()
returns trigger
language plpgsql
strict as $$
begin
if TG_OP = 'DELETE' then
call deleteRole(findRoleId(testUnixUserOwner(OLD)));
call deleteRole(findRoleId(testUnixUserAdmin(OLD)));
call deleteRole(findRoleId(testUnixUserTenant(OLD)));
call deleteRole(findRoleId(testdomainOwner(OLD)));
call deleteRole(findRoleId(testdomainAdmin(OLD)));
call deleteRole(findRoleId(testdomainTenant(OLD)));
else
raise exception 'invalid usage of TRIGGER BEFORE DELETE';
end if;
end; $$;
/*
An BEFORE DELETE TRIGGER which deletes the role structure of a UnixUser.
An BEFORE DELETE TRIGGER which deletes the role structure of a domain.
*/
drop trigger if exists deleteRbacRulesForTestUnixUser_Trigger on test_package;
create trigger deleteRbacRulesForTestUnixUser_Trigger
drop trigger if exists deleteRbacRulesForTestDomain_Trigger on test_package;
create trigger deleteRbacRulesForTestDomain_Trigger
before delete
on test_unixuser
on test_domain
for each row
execute procedure deleteRbacRulesForTestUnixUser();
execute procedure deleteRbacRulesForTestDomain();
--//
-- ============================================================================
--changeset test-unixuser-rbac-IDENTITY-VIEW:1 endDelimiter:--//
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the UnixUser main table which maps the identifying name
Creates a view to the domain main table which maps the identifying name
(in this case, actually the column `name`) to the objectUuid.
*/
drop view if exists test_unixuser_iv;
create or replace view test_unixuser_iv as
drop view if exists test_domain_iv;
create or replace view test_domain_iv as
select distinct target.uuid, target.name as idName
from test_unixuser as target;
from test_domain as target;
-- TODO: Is it ok that everybody has access to this information?
grant all privileges on test_unixuser_iv to restricted;
grant all privileges on test_domain_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
*/
create or replace function test_unixUserUuidByIdName(idName varchar)
create or replace function test_domainUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from test_unixuser_iv iv where iv.idName = test_unixUserUuidByIdName.idName;
select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the name).
*/
create or replace function test_unixUserIdNameByUuid(uuid uuid)
create or replace function test_domainIdNameByUuid(uuid uuid)
returns varchar
stable leakproof
language sql
strict as $$
select idName from test_unixuser_iv iv where iv.uuid = test_unixUserIdNameByUuid.uuid;
select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid;
$$;
--//
@ -202,10 +202,10 @@ $$;
Creates a view to the customer main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
drop view if exists test_unixuser_rv;
create or replace view test_unixuser_rv as
drop view if exists test_domain_rv;
create or replace view test_domain_rv as
select target.*
from test_unixuser as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'unixuser', currentSubjectsUuids()));
grant all privileges on test_unixuser_rv to restricted;
from test_domain as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'domain', currentSubjectsUuids()));
grant all privileges on test_domain_rv to restricted;
--//

34
src/main/resources/db/changelog/138-test-unixuser-test-data.sql → src/main/resources/db/changelog/138-test-domain-test-data.sql
View File

@ -1,12 +1,12 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-unixuser-TEST-DATA-GENERATOR:1 endDelimiter:--//
--changeset hs-domain-TEST-DATA-GENERATOR:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the given count of test unix users for a single package.
*/
create or replace procedure createUnixUserTestData( packageName varchar, unixUserCount int )
create or replace procedure createdomainTestData( packageName varchar, domainCount int )
language plpgsql as $$
declare
pac record;
@ -19,15 +19,15 @@ begin
where p.name = packageName
into pac;
for t in 0..(unixUserCount-1)
for t in 0..(domainCount-1)
loop
currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid;
currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid;
raise notice 'task: %', currentTask;
pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
call defineContext(currentTask, null, pacAdmin, null);
insert
into test_unixuser (name, packageUuid)
into test_domain (name, packageUuid)
values (pac.name || '-' || intToVarChar(t, 4), pac.uuid);
end loop;
end; $$;
@ -35,7 +35,7 @@ end; $$;
/*
Creates a range of unix users for mass data generation.
*/
create or replace procedure createUnixUserTestData( unixUserPerPackage integer )
create or replace procedure createdomainTestData( domainPerPackage integer )
language plpgsql as $$
declare
pac record;
@ -48,7 +48,7 @@ begin
join test_customer c on p.customeruuid = c.uuid
where c.reference < 90000) -- reserved for functional testing
loop
call createUnixUserTestData(pac.name, 2);
call createdomainTestData(pac.name, 2);
commit;
end loop;
@ -57,22 +57,22 @@ end; $$;
-- ============================================================================
--changeset hs-unixuser-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
--changeset hs-domain-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
do language plpgsql $$
begin
call createUnixUserTestData('xxx00', 2);
call createUnixUserTestData('xxx01', 2);
call createUnixUserTestData('xxx02', 2);
call createdomainTestData('xxx00', 2);
call createdomainTestData('xxx01', 2);
call createdomainTestData('xxx02', 2);
call createUnixUserTestData('yyy00', 2);
call createUnixUserTestData('yyy01', 2);
call createUnixUserTestData('yyy02', 2);
call createdomainTestData('yyy00', 2);
call createdomainTestData('yyy01', 2);
call createdomainTestData('yyy02', 2);
call createUnixUserTestData('zzz00', 2);
call createUnixUserTestData('zzz01', 2);
call createUnixUserTestData('zzz02', 2);
call createdomainTestData('zzz00', 2);
call createdomainTestData('zzz01', 2);
call createdomainTestData('zzz02', 2);
end;
$$;
--//

6
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@ -42,10 +42,10 @@ databaseChangeLog:
- include:
file: db/changelog/128-test-package-test-data.sql
- include:
file: db/changelog/130-test-unixuser.sql
file: db/changelog/130-test-domain.sql
- include:
file: db/changelog/133-test-unixuser-rbac.sql
file: db/changelog/133-test-domain-rbac.sql
- include:
file: db/changelog/138-test-unixuser-test-data.sql
file: db/changelog/138-test-domain-test-data.sql

18
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java
View File

@ -57,7 +57,7 @@ class RbacRoleControllerAcceptanceTest {
.body("", hasItem(hasEntry("roleName", "global#test-global.admin")))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner")))
.body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner")))
.body( "size()", greaterThanOrEqualTo(73)); // increases with new test data
// @formatter:on
}
@ -79,10 +79,10 @@ class RbacRoleControllerAcceptanceTest {
.assertThat()
.statusCode(200)
.contentType("application/json")
.body("[0].roleName", is("test_customer#yyy.tenant"))
.body("[1].roleName", is("test_package#yyy00.admin"))
.body("[2].roleName", is("test_package#yyy00.tenant"))
.body("[3].roleName", is("test_unixuser#yyy00-aaaa.admin"))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.tenant")))
.body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.tenant")))
.body("size()", is(7)); // increases with new test data
// @formatter:on
}
@ -101,10 +101,10 @@ class RbacRoleControllerAcceptanceTest {
.then().assertThat()
.statusCode(200)
.contentType("application/json")
.body("[0].roleName", is("test_customer#zzz.tenant"))
.body("[1].roleName", is("test_package#zzz00.admin"))
.body("[2].roleName", is("test_package#zzz00.tenant"))
.body("[3].roleName", is("test_unixuser#zzz00-aaaa.admin"))
.body("", hasItem(hasEntry("roleName", "test_customer#zzz.tenant")))
.body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#zzz00.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#zzz00.tenant")))
.body("size()", is(7)); // increases with new test data
// @formatter:on
}

16
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
View File

@ -101,11 +101,11 @@ class RbacRoleRepositoryIntegrationTest {
"test_package#xxx01.owner",
"test_package#xxx01.tenant",
// ...
"test_unixuser#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner",
"test_domain#xxx00-aaaa.admin",
"test_domain#xxx00-aaaa.owner",
// ..
"test_unixuser#xxx01-aaab.admin",
"test_unixuser#xxx01-aaab.owner"
"test_domain#xxx01-aaab.admin",
"test_domain#xxx01-aaab.owner"
// @formatter:on
);
noneOfTheseRbacRolesIsReturned(
@ -131,10 +131,10 @@ class RbacRoleRepositoryIntegrationTest {
"test_customer#xxx.tenant",
"test_package#xxx00.admin",
"test_package#xxx00.tenant",
"test_unixuser#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner",
"test_unixuser#xxx00-aaab.admin",
"test_unixuser#xxx00-aaab.owner");
"test_domain#xxx00-aaaa.admin",
"test_domain#xxx00-aaaa.owner",
"test_domain#xxx00-aaab.admin",
"test_domain#xxx00-aaab.owner");
}
@Test

18
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
View File

@ -297,14 +297,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(
allOf(
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
hasEntry("op", "add-domain"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
.body("size()", is(7));
// @formatter:on
}
@ -332,14 +332,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(
allOf(
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
hasEntry("op", "add-domain"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
.body("size()", is(7));
// @formatter:on
}
@ -366,14 +366,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem(
allOf(
hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser"))
hasEntry("op", "add-domain"))
))
.body("", hasItem(
allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"),
hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*"))
))
.body("size()", is(8));
.body("size()", is(7));
// @formatter:on
}

50
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
View File

@ -191,13 +191,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#xxx.owner -> test_customer#xxx: *",
"test_customer#xxx.tenant -> test_customer#xxx: view",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.tenant -> test_package#xxx01: view",
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser",
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.tenant -> test_package#xxx02: view",
"test_customer#yyy.admin -> test_customer#yyy: add-package",
@ -205,13 +205,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.owner -> test_customer#yyy: *",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
"test_package#yyy01.admin -> test_package#yyy01: add-unixuser",
"test_package#yyy01.admin -> test_package#yyy01: add-domain",
"test_package#yyy01.tenant -> test_package#yyy01: view",
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
"test_package#yyy02.admin -> test_package#yyy02: add-unixuser",
"test_package#yyy02.admin -> test_package#yyy02: add-domain",
"test_package#yyy02.tenant -> test_package#yyy02: view",
"test_customer#zzz.admin -> test_customer#zzz: add-package",
@ -219,13 +219,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#zzz.owner -> test_customer#zzz: *",
"test_customer#zzz.tenant -> test_customer#zzz: view",
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
"test_package#zzz00.admin -> test_package#zzz00: add-unixuser",
"test_package#zzz00.admin -> test_package#zzz00: add-domain",
"test_package#zzz00.tenant -> test_package#zzz00: view",
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
"test_package#zzz01.admin -> test_package#zzz01: add-unixuser",
"test_package#zzz01.admin -> test_package#zzz01: add-domain",
"test_package#zzz01.tenant -> test_package#zzz01: view",
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
"test_package#zzz02.admin -> test_package#zzz02: add-unixuser",
"test_package#zzz02.admin -> test_package#zzz02: add-domain",
"test_package#zzz02.tenant -> test_package#zzz02: view"
// @formatter:on
);
@ -259,19 +259,19 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#xxx.tenant -> test_customer#xxx: view",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *",
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser",
"test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.tenant -> test_package#xxx01: view",
"test_unixuser#xxx01-aaaa.owner -> test_unixuser#xxx01-aaaa: *",
"test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: *",
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser",
"test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.tenant -> test_package#xxx02: view",
"test_unixuser#xxx02-aaaa.owner -> test_unixuser#xxx02-aaaa: *"
"test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: *"
// @formatter:on
);
noneOfTheseRbacPermissionsAreReturned(
@ -316,11 +316,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// @formatter:off
"test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *",
"test_unixuser#xxx00-aaab.owner -> test_unixuser#xxx00-aaab: *"
"test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
"test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: *"
// @formatter:on
);
noneOfTheseRbacPermissionsAreReturned(
@ -329,11 +329,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *",
"test_unixuser#yyy00-aaab.owner -> test_unixuser#yyy00-aaab: *"
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
"test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: *"
// @formatter:on
);
}
@ -364,7 +364,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// @formatter:off
"test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view"
// @formatter:on
@ -378,11 +378,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *",
"test_unixuser#yyy00-xxxb.owner -> test_unixuser#yyy00-xxxb: *"
"test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
"test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: *"
// @formatter:on
);
}