-
Notifications
You must be signed in to change notification settings - Fork 113
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Abdul-Az <aazeez@progress.com>
- Loading branch information
Showing
6 changed files
with
352 additions
and
116 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
227 changes: 227 additions & 0 deletions
227
e2e/cypress/integration/api/iam/policyfiles_actions.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,227 @@ | ||
describe('PolicyFiles get', () => { | ||
let withInfraServersPolicyFlesGetActionToken = ''; | ||
let withoutInfraServersPolicyFlesGetActionToken = ''; | ||
|
||
const cypressPrefix = 'infra-server-policyfiles-actions-get'; | ||
const policyId1 = `${cypressPrefix}-pol-1-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const policyId2 = `${cypressPrefix}-pol-2-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const tokenId1 = `${cypressPrefix}-token-1-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const tokenId2 = `${cypressPrefix}-token-2-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const objectsToCleanUp = ['tokens', 'policies']; | ||
|
||
const withInfraServersPolicyFilesPolicy = { | ||
id: policyId1, | ||
name: tokenId1, | ||
projects: [], | ||
members: [`token:${tokenId1}`], | ||
statements: [ | ||
{ | ||
effect: 'ALLOW', | ||
actions: [ | ||
'infra:infraServersOrgsPolicyFiles:get' | ||
], | ||
projects: ['*'] | ||
}] | ||
}; | ||
|
||
|
||
const withoutInfraServersPolicyFilesPolicy = { | ||
id: policyId2, | ||
name: tokenId2, | ||
projects: [], | ||
members: [`token:${tokenId2}`], | ||
statements: [ | ||
{ | ||
effect: 'DENY', | ||
actions: [ | ||
'infra:infraServersOrgsPolicyFiles:get' | ||
], | ||
projects: ['*'] | ||
}] | ||
}; | ||
|
||
before(() => { | ||
cy.cleanupIAMObjectsByIDPrefixes(cypressPrefix, objectsToCleanUp); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/tokens', | ||
body: { | ||
id: tokenId1, | ||
name: tokenId1 | ||
} | ||
}).then((resp) => { | ||
withInfraServersPolicyFlesGetActionToken = resp.body.token.value; | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/policies', | ||
body: withInfraServersPolicyFilesPolicy | ||
}).then((resp) => { | ||
expect(resp.status).to.equal(200); | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/tokens', | ||
body: { | ||
id: tokenId2, | ||
name: tokenId2 | ||
} | ||
}).then((resp) => { | ||
withoutInfraServersPolicyFlesGetActionToken = resp.body.token.value; | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/policies', | ||
body: withoutInfraServersPolicyFilesPolicy | ||
}).then((resp) => { | ||
expect(resp.status).to.equal(200); | ||
}); | ||
}); | ||
|
||
after(() => { | ||
cy.cleanupIAMObjectsByIDPrefixes(cypressPrefix, objectsToCleanUp); | ||
}); | ||
|
||
it('policyfiles get returns 200 when get actions is allowed', () => { | ||
cy.request({ | ||
headers: { 'api-token': withInfraServersPolicyFlesGetActionToken }, | ||
method: 'GET', | ||
url: '/api/v0/infra/servers/local-dev/orgs/test-org/policyfiles' | ||
}).then((resp) => { | ||
assert.equal(resp.status, 200); | ||
}); | ||
}); | ||
|
||
it('policyfiles get returns 403 when get actions is denied', () => { | ||
cy.request({ | ||
headers: { 'api-token': withoutInfraServersPolicyFlesGetActionToken }, | ||
method: 'GET', | ||
url: '/api/v0/infra/servers/local-dev/orgs/test-org/policyfiles', | ||
failOnStatusCode: false | ||
}).then((resp) => { | ||
assert.equal(resp.status, 403); | ||
}); | ||
}); | ||
}); | ||
|
||
describe('PolicyFiles delete', () => { | ||
let withInfraServersPolicyFilesDeleteActionToken = ''; | ||
let withoutInfraServersPolicyFilesDeleteActionToken = ''; | ||
|
||
const cypressPrefix = 'infra-server-policyfiles-actions-delete'; | ||
const policyId1 = `${cypressPrefix}-pol-1-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const policyId2 = `${cypressPrefix}-pol-2-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const tokenId1 = `${cypressPrefix}-token-1-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const tokenId2 = `${cypressPrefix}-token-2-${Cypress.moment().format('MMDDYYhhmm')}`; | ||
const objectsToCleanUp = ['tokens', 'policies']; | ||
|
||
const withInfraServersPolicyFilesDeletePolicy = { | ||
id: policyId1, | ||
name: tokenId1, | ||
projects: [], | ||
members: [`token:${tokenId1}`], | ||
statements: [ | ||
{ | ||
effect: 'ALLOW', | ||
actions: [ | ||
'infra:infraServersOrgsPolicyFiles:delete' | ||
], | ||
projects: ['*'] | ||
}] | ||
}; | ||
|
||
|
||
const withoutInfraServersPolicyFilesDeletePolicy = { | ||
id: policyId2, | ||
name: tokenId2, | ||
projects: [], | ||
members: [`token:${tokenId2}`], | ||
statements: [ | ||
{ | ||
effect: 'DENY', | ||
actions: [ | ||
'infra:infraServersOrgsPolicyFiles:delete' | ||
], | ||
projects: ['*'] | ||
}] | ||
}; | ||
|
||
before(() => { | ||
cy.cleanupIAMObjectsByIDPrefixes(cypressPrefix, objectsToCleanUp); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/tokens', | ||
body: { | ||
id: tokenId1, | ||
name: tokenId1 | ||
} | ||
}).then((resp) => { | ||
withInfraServersPolicyFilesDeleteActionToken = resp.body.token.value; | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/policies', | ||
body: withInfraServersPolicyFilesDeletePolicy | ||
}).then((resp) => { | ||
expect(resp.status).to.equal(200); | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/tokens', | ||
body: { | ||
id: tokenId2, | ||
name: tokenId2 | ||
} | ||
}).then((resp) => { | ||
withoutInfraServersPolicyFilesDeleteActionToken = resp.body.token.value; | ||
}); | ||
|
||
cy.request({ | ||
headers: { 'api-token': Cypress.env('ADMIN_TOKEN') }, | ||
method: 'POST', | ||
url: '/apis/iam/v2/policies', | ||
body: withoutInfraServersPolicyFilesDeletePolicy | ||
}).then((resp) => { | ||
expect(resp.status).to.equal(200); | ||
}); | ||
}); | ||
|
||
after(() => { | ||
cy.cleanupIAMObjectsByIDPrefixes(cypressPrefix, objectsToCleanUp); | ||
}); | ||
|
||
it('policyfiles delete returns 403 when delete actions is denied', () => { | ||
cy.request({ | ||
headers: { 'api-token': withoutInfraServersPolicyFilesDeleteActionToken }, | ||
method: 'DELETE', | ||
url: '/api/v0/infra/servers/local-dev/orgs/test-org/policyfiles/examplecb', | ||
failOnStatusCode: false | ||
}).then((resp) => { | ||
assert.equal(resp.status, 403); | ||
}); | ||
}); | ||
|
||
it('policyfiles delete returns 200 when delete actions is allowed', () => { | ||
cy.request({ | ||
headers: { 'api-token': withInfraServersPolicyFilesDeleteActionToken }, | ||
method: 'DELETE', | ||
url: '/api/v0/infra/servers/local-dev/orgs/test-org/policyfiles/examplecb' | ||
}).then((resp) => { | ||
assert.equal(resp.status, 200); | ||
}); | ||
}); | ||
}); |