diff --git a/pkg/httphelper/client.go b/pkg/httphelper/client.go index f9dcfe5d..34475f10 100644 --- a/pkg/httphelper/client.go +++ b/pkg/httphelper/client.go @@ -291,13 +291,17 @@ func (client *NodeMgmtClient) CallSchemaVersionsEndpoint(pod *corev1.Pod) (map[s return result, nil } -// Create a new superuser with the given username and password +// CallCreateRoleEndpoint creates a new user with the given username and password func (client *NodeMgmtClient) CallCreateRoleEndpoint(pod *corev1.Pod, username string, password string, superuser bool) error { client.Log.Info( "calling Management API create role - POST /api/v0/ops/auth/role", "pod", pod.Name, ) + if username == "" || password == "" { + return errors.New("username and password cannot be empty") + } + postData := url.Values{} postData.Set("username", username) postData.Set("password", password) @@ -324,13 +328,17 @@ func (client *NodeMgmtClient) CallCreateRoleEndpoint(pod *corev1.Pod, username s return nil } -// Create a new superuser with the given username and password +// CallDropRoleEndpoint drops an existing role from the cluster func (client *NodeMgmtClient) CallDropRoleEndpoint(pod *corev1.Pod, username string) error { client.Log.Info( "calling Management API drop role - DELETE /api/v0/ops/auth/role", "pod", pod.Name, ) + if username == "" { + return errors.New("username cannot be empty") + } + postData := url.Values{} postData.Set("username", username) @@ -368,7 +376,7 @@ func parseListRoles(body []byte) ([]User, error) { return users, nil } -// Create a new superuser with the given username and password +// CallListRolesEndpoint lists existing roles in the cluster func (client *NodeMgmtClient) CallListRolesEndpoint(pod *corev1.Pod) ([]User, error) { client.Log.Info( "calling Management API list roles - GET /api/v0/ops/auth/role", diff --git a/pkg/httphelper/client_test.go b/pkg/httphelper/client_test.go index 0daadac9..d2921ecf 100644 --- a/pkg/httphelper/client_test.go +++ b/pkg/httphelper/client_test.go @@ -457,12 +457,56 @@ func TestListRoles(t *testing.T) { require.NoError(err) require.Equal(3, len(roles)) - mgmtClient := newMockMgmtClient(newMockHttpClient(newHttpResponse(payload, http.StatusOK), nil)) + mockHttpClient := mocks.NewHttpClient(t) + mockHttpClient.On("Do", + mock.MatchedBy( + func(req *http.Request) bool { + return req.URL.Path == "/api/v0/ops/auth/role" && req.Method == http.MethodGet + })). + Return(newHttpResponse(payload, http.StatusOK), nil). + Once() + + mgmtClient := newMockMgmtClient(mockHttpClient) roles, err = mgmtClient.CallListRolesEndpoint(goodPod) require.NoError(err) require.Equal(3, len(roles)) } +func TestCreateRole(t *testing.T) { + require := require.New(t) + mockHttpClient := mocks.NewHttpClient(t) + mockHttpClient.On("Do", + mock.MatchedBy( + func(req *http.Request) bool { + return req.URL.Path == "/api/v0/ops/auth/role" && req.Method == http.MethodPost && req.URL.Query().Get("username") == "role1" && req.URL.Query().Get("password") == "password1" && req.URL.Query().Get("is_superuser") == "true" + })). + Return(newHttpResponseMarshalled("OK", http.StatusOK), nil). + Once() + + mgmtClient := newMockMgmtClient(mockHttpClient) + err := mgmtClient.CallCreateRoleEndpoint(goodPod, "role1", "password1", true) + require.NoError(err) + require.True(mockHttpClient.AssertExpectations(t)) +} + +func TestDropRole(t *testing.T) { + require := require.New(t) + mockHttpClient := mocks.NewHttpClient(t) + mockHttpClient.On("Do", + mock.MatchedBy( + func(req *http.Request) bool { + return req.URL.Path == "/api/v0/ops/auth/role" && req.Method == http.MethodDelete + })). + Return(newHttpResponseMarshalled("OK", http.StatusOK), nil). + Once() + + mgmtClient := newMockMgmtClient(mockHttpClient) + err := mgmtClient.CallDropRoleEndpoint(goodPod, "role1") + + require.NoError(err) + require.True(mockHttpClient.AssertExpectations(t)) +} + func newMockMgmtClient(httpClient *mocks.HttpClient) *NodeMgmtClient { return &NodeMgmtClient{ Client: httpClient,