add-domain-setup-validation #71
@ -204,7 +204,7 @@ public class HsHostingAssetEntity implements Stringifyable, RbacObject, Properti
|
||||
.switchOnColumn("type",
|
||||
inCaseOf("DOMAIN_SETUP", then -> {
|
||||
then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
|
||||
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // FIXME: remove
|
||||
then.toRole(GLOBAL, ADMIN).grantPermission(SELECT); // TODO.spec: replace by a proper solution
|
||||
})
|
||||
)
|
||||
|
||||
@ -226,8 +226,6 @@ public class HsHostingAssetEntity implements Stringifyable, RbacObject, Properti
|
||||
with.outgoingSubRole("bookingItem", TENANT);
|
||||
with.outgoingSubRole("parentAsset", TENANT);
|
||||
with.incomingSuperRole("alarmContact", ADMIN);
|
||||
with.incomingSuperRole(GLOBAL, GUEST); // FIXME: remove
|
||||
with.incomingSuperRole(GLOBAL, ADMIN); // FIXME: remove
|
||||
with.permission(SELECT);
|
||||
hsh-michaelhoennig marked this conversation as resolved
Outdated
|
||||
})
|
||||
|
||||
|
@ -99,8 +99,6 @@ role:asset:AGENT ==> role:asset:TENANT
|
||||
role:asset:TENANT ==> role:bookingItem:TENANT
|
||||
role:asset:TENANT ==> role:parentAsset:TENANT
|
||||
role:alarmContact:ADMIN ==> role:asset:TENANT
|
||||
role:global:GUEST ==> role:asset:TENANT
|
||||
role:global:ADMIN ==> role:asset:TENANT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:global:ADMIN ==> perm:asset:INSERT
|
||||
|
@ -75,8 +75,6 @@ begin
|
||||
hsHostingAssetTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
globalADMIN(),
|
||||
globalGUEST(),
|
||||
hsHostingAssetAGENT(NEW),
|
||||
hsOfficeContactADMIN(newAlarmContact)],
|
||||
outgoingSubRoles => array[
|
||||
|
@ -130,6 +130,9 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
.containsExactlyInAnyOrder(fromFormatted(
|
||||
initialGrantNames,
|
||||
|
||||
// global-admin
|
||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:global#global:ADMIN by system and assume }", // workaround
|
||||
|
||||
// owner
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
|
||||
@ -138,7 +141,6 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
// admin
|
||||
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#fir00:OWNER by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_booking_item#fir01:AGENT by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:INSERT>hs_hosting_asset to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:UPDATE to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
|
||||
|
||||
// agent
|
||||
@ -149,7 +151,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
"{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }", // workaround
|
||||
|
||||
null));
|
||||
}
|
||||
|
@ -43,6 +43,33 @@ class HsDomainDnsSetupHostingAssetValidatorUnitTest {
|
||||
));
|
||||
}
|
||||
|
||||
@Test
|
||||
void containsExpectedProperties() {
|
||||
// when
|
||||
final var validator = HsHostingAssetEntityValidatorRegistry.forType(DOMAIN_DNS_SETUP);
|
||||
|
||||
// then
|
||||
assertThat(validator.properties()).map(Map::toString).containsExactlyInAnyOrder(
|
||||
"{type=integer, propertyName=TTL, min=0, defaultValue=21600}",
|
||||
"{type=boolean, propertyName=auto-SOA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-NS-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-MX-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-A-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AAAA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-MAILSERVICES-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AUTOCONFIG-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AUTODISCOVER-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-DKIM-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-SPF-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-MX-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-A-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-AAAA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-DKIM-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-SPF-RR, defaultValue=true}",
|
||||
"{type=string[], propertyName=user-RR, elementsOf={type=string, propertyName=user-RR, matchesRegEx=[([a-z0-9\\.-]+|@)\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*IN\\s+[A-Z]+\\s+[^;].*(;.*)*, ([a-z0-9\\.-]+|@)\\s+IN\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*[A-Z]+\\s+[^;].*(;.*)*], required=true}}"
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
void preprocessesTakesIdentifierFromParent() {
|
||||
// given
|
||||
@ -84,33 +111,6 @@ class HsDomainDnsSetupHostingAssetValidatorUnitTest {
|
||||
assertThat(result).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void containsExpectedProperties() {
|
||||
// when
|
||||
final var validator = HsHostingAssetEntityValidatorRegistry.forType(DOMAIN_DNS_SETUP);
|
||||
|
||||
// then
|
||||
assertThat(validator.properties()).map(Map::toString).containsExactlyInAnyOrder(
|
||||
"{type=integer, propertyName=TTL, min=0, defaultValue=21600}",
|
||||
"{type=boolean, propertyName=auto-SOA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-NS-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-MX-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-A-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AAAA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-MAILSERVICES-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AUTOCONFIG-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-AUTODISCOVER-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-DKIM-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-SPF-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-MX-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-A-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-AAAA-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-DKIM-RR, defaultValue=true}",
|
||||
"{type=boolean, propertyName=auto-WILDCARD-SPF-RR, defaultValue=true}",
|
||||
"{type=string[], propertyName=user-RR, elementsOf={type=string, propertyName=user-RR, matchesRegEx=[([a-z0-9\\.-]+|@)\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*IN\\s+[A-Z]+\\s+[^;].*(;.*)*, ([a-z0-9\\.-]+|@)\\s+IN\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*[A-Z]+\\s+[^;].*(;.*)*], required=true}}"
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
void validatesReferencedEntities() {
|
||||
// given
|
||||
@ -131,6 +131,42 @@ class HsDomainDnsSetupHostingAssetValidatorUnitTest {
|
||||
"'DOMAIN_DNS_SETUP:example.org.assignedToAsset' must be null but is set to D-???????-?:null");
|
||||
}
|
||||
|
||||
@Test
|
||||
void acceptsValidEntity() {
|
||||
// given
|
||||
final var givenEntity = validEntityBuilder().build();
|
||||
final var validator = HsHostingAssetEntityValidatorRegistry.forType(givenEntity.getType());
|
||||
|
||||
// when
|
||||
final var errors = validator.validateEntity(givenEntity);
|
||||
|
||||
// then
|
||||
assertThat(errors).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void recectsInvalidProperties() {
|
||||
// given
|
||||
final var mangedServerHostingAssetEntity = validEntityBuilder()
|
||||
.config(Map.ofEntries(
|
||||
entry("TTL", "1d30m"), // currently only an integer for seconds is implemented here
|
||||
entry("user-RR", Array.of(
|
||||
"@ 1814400 IN 1814400 BAD1 TTL only allowed once",
|
||||
"www BAD1 Record-Class missing / not enough columns"))
|
||||
))
|
||||
.build();
|
||||
final var validator = HsHostingAssetEntityValidatorRegistry.forType(mangedServerHostingAssetEntity.getType());
|
||||
|
||||
// when
|
||||
final var result = validator.validateEntity(mangedServerHostingAssetEntity);
|
||||
|
||||
// then
|
||||
assertThat(result).containsExactlyInAnyOrder(
|
||||
"'DOMAIN_DNS_SETUP:example.org.config.TTL' is expected to be of type class java.lang.Integer, but is of type 'String'",
|
||||
"'DOMAIN_DNS_SETUP:example.org.config.user-RR' is expected to match any of [([a-z0-9\\.-]+|@)\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*IN\\s+[A-Z]+\\s+[^;].*(;.*)*, ([a-z0-9\\.-]+|@)\\s+IN\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*[A-Z]+\\s+[^;].*(;.*)*] but '@ 1814400 IN 1814400 BAD1 TTL only allowed once' does not match any",
|
||||
"'DOMAIN_DNS_SETUP:example.org.config.user-RR' is expected to match any of [([a-z0-9\\.-]+|@)\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*IN\\s+[A-Z]+\\s+[^;].*(;.*)*, ([a-z0-9\\.-]+|@)\\s+IN\\s+(([1-9][0-9]*[mMhHdDwW]{0,1})+\\s+)*[A-Z]+\\s+[^;].*(;.*)*] but 'www BAD1 Record-Class missing / not enough columns' does not match any");
|
||||
}
|
||||
|
||||
@Test
|
||||
void validStringMatchesRegEx() {
|
||||
assertThat("@ ").matches(RR_REGEX_NAME);
|
||||
@ -186,20 +222,7 @@ class HsDomainDnsSetupHostingAssetValidatorUnitTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
void acceptsValidEntity() {
|
||||
// given
|
||||
final var givenEntity = validEntityBuilder().build();
|
||||
final var validator = HsHostingAssetEntityValidatorRegistry.forType(givenEntity.getType());
|
||||
|
||||
// when
|
||||
final var errors = validator.validateEntity(givenEntity);
|
||||
|
||||
// then
|
||||
assertThat(errors).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void rejectsInvalidEntity() {
|
||||
void rejectsInvalidZonefile() {
|
||||
// given
|
||||
final var givenEntity = validEntityBuilder().config(Map.ofEntries(
|
||||
entry("user-RR", Array.of(
|
||||
|
Loading…
Reference in New Issue
Block a user
kann weg?