opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 03:02:44 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/pkg/registry/apis/folders/folder_storage_test.go
Ieva e385237daf Access control: Make sure that user permission cache is cleared after new dashboard and folder creation (#104193) 
* make sure that user permission cache is cleared after new dashboard and folder creation

* more test fixes

* Update pkg/services/dashboards/service/dashboard_service.go

* check identity type in SetDefaultPermissionsAfterCreate, set default permissions for service accounts

* set SA permissions for folders as well

* fix tests
2025-04-24 16:02:39 +03:00

136 lines
4.2 KiB
Go
Raw Blame History

package folders
import (
"context"
"testing"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"gopkg.in/ini.v1"
"k8s.io/apimachinery/pkg/apis/meta/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/apiserver/pkg/registry/rest"
folders "github.com/grafana/grafana/apps/folder/pkg/apis/folder/v1beta1"
"github.com/grafana/grafana/pkg/apimachinery/identity"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
acmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/setting"
)
func TestSetDefaultPermissionsWhenCreatingFolder(t *testing.T) {
type testCase struct {
description string
expectedCallsToSetPermissions int
}
tcs := []testCase{
{
description: "folder creation succeeds, via legacy storage",
expectedCallsToSetPermissions: 1,
},
}
for _, tc := range tcs {
t.Run(tc.description, func(t *testing.T) {
folderPermService := acmock.NewMockedPermissionsService()
folderPermService.On("SetPermissions", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return([]accesscontrol.ResourcePermission{}, nil)
cfg := setting.NewCfg()
f := ini.Empty()
f.Section("rbac").Key("resources_with_managed_permissions_on_creation").SetValue("folder")
tempCfg, err := setting.NewCfgFromINIFile(f)
require.NoError(t, err)
cfg.RBAC = tempCfg.RBAC
fs := folderStorage{
folderPermissionsSvc: folderPermService,
acService: actest.FakeService{},
store: &fakeStorage{},
cfg: cfg,
}
obj := &folders.Folder{}
ctx := request.WithNamespace(context.Background(), "org-2")
ctx = identity.WithRequester(ctx, &user.SignedInUser{
UserID: 1,
})
out, err := fs.Create(ctx, obj, func(ctx context.Context,
obj runtime.Object) error {
return nil
},
&metav1.CreateOptions{})
require.NoError(t, err)
require.NotNil(t, out)
folderPermService.AssertNumberOfCalls(t, "SetPermissions", tc.expectedCallsToSetPermissions)
})
}
}
var (
_ rest.Scoper = (*fakeStorage)(nil)
_ rest.SingularNameProvider = (*fakeStorage)(nil)
_ rest.Getter = (*fakeStorage)(nil)
_ rest.Lister = (*fakeStorage)(nil)
_ rest.Storage = (*fakeStorage)(nil)
_ rest.Creater = (*fakeStorage)(nil)
_ rest.Updater = (*fakeStorage)(nil)
_ rest.GracefulDeleter = (*fakeStorage)(nil)
)
type fakeStorage struct{}
func (s *fakeStorage) New() runtime.Object {
return nil
}
func (s *fakeStorage) Destroy() {}
func (s *fakeStorage) NamespaceScoped() bool {
return true
}
func (s *fakeStorage) GetSingularName() string {
return ""
}
func (s *fakeStorage) NewList() runtime.Object {
return nil
}
func (s *fakeStorage) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) {
return nil, nil
}
func (s *fakeStorage) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) {
return nil, nil
}
func (s *fakeStorage) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) {
return nil, nil
}
func (s *fakeStorage) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
return obj, nil
}
func (s *fakeStorage) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc,
updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) {
return nil, false, nil
}
func (s *fakeStorage) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) {
return nil, false, nil
}
func (s *fakeStorage) DeleteCollection(ctx context.Context, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *internalversion.ListOptions) (runtime.Object, error) {
return nil, nil
}
Reference in New Issue View Git Blame Copy Permalink