diff options
author | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
---|---|---|
committer | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
commit | 567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch) | |
tree | 4664a743e166a5e11aee7b9acd70ad8ee2617612 /controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java | |
parent | e9058b555d4dfea2f6c872d9a677e8678b569569 (diff) | |
parent | bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff) |
Merge branch 'master' into bjormel/aws-main-controllerbjormel/aws-main-controller
Diffstat (limited to 'controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java')
-rw-r--r-- | controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java | 136 |
1 files changed, 1 insertions, 135 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index a4ce45f44ea..c8020666906 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.role; import com.yahoo.config.provision.ApplicationName; @@ -8,7 +8,6 @@ import org.junit.jupiter.api.Test; import java.net.URI; import java.util.List; -import java.util.stream.Stream; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -146,139 +145,6 @@ public class RoleTest { } } - @Test - void payment_instrument() { - URI paymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument/foobar"); - URI tenantPaymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument"); - URI tokenUri = URI.create("/billing/v1/tenant/t1/token"); - - Role user = Role.reader(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(user, Action.read, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(user, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(user, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(user, Action.read, tokenUri)); - - Role developer = Role.developer(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(developer, Action.read, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(developer, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(developer, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(developer, Action.read, tokenUri)); - - Role admin = Role.administrator(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(admin, Action.read, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.read, tokenUri)); - } - - @Test - void billing_tenant() { - URI billing = URI.create("/billing/v1/tenant/t1/billing"); - - Role user = Role.reader(TenantName.from("t1")); - Role developer = Role.developer(TenantName.from("t1")); - Role admin = Role.administrator(TenantName.from("t1")); - - Stream.of(user, developer, admin).forEach(role -> { - assertTrue(publicCdEnforcer.allows(role, Action.read, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.update, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.delete, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.create, billing)); - }); - - } - - @Test - void billing_test() { - var tester = new EnforcerTester(publicEnforcer); - - var accountant = Role.hostedAccountant(); - var operator = Role.hostedOperator(); - var reader = Role.reader(TenantName.from("t1")); - var developer = Role.developer(TenantName.from("t1")); - var admin = Role.administrator(TenantName.from("t1")); - var otherAdmin = Role.administrator(TenantName.from("t2")); - - tester.on("/billing/v1/tenant/t1/token") - .assertAction(accountant) - .assertAction(operator) - .assertAction(reader) - .assertAction(developer) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/instrument") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read, Action.delete) - .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/instrument/i1") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read, Action.delete) - .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/billing") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read) - .assertAction(developer, Action.read) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/plan") - .assertAction(accountant, Action.update) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/collection") - .assertAction(accountant, Action.update) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/billing") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice/tenant/t1/line-item") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice/i1/status") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - } - private static class EnforcerTester { private final Enforcer enforcer; private final URI resource; |