Adjust unit tests (#4876)

Signed-off-by: Thomas Quandt <[email protected]>

Author: thquad

src/jetstream/auth_test.go

@@ -640,15 +640,19 @@ func TestLoginToCNSIWithUserEndpointsEnabled(t *testing.T) {
 		})
 		_, ctxConnectToUser2 := setupEchoContext(res, req)
 
+		adminAndUserEndpointRows := sqlmock.NewRows(rowFieldsForCNSI).AddRow(adminEndpointArgs...).AddRow(userEndpoint1Args...)
+
 		Convey("As admin", func() {
 
-			Convey("Connect to admin endpoint", func() {
+			Convey("Connect to system endpoint", func() {
 				if errSession := pp.setSessionValues(ctxConnectToAdmin, mockAdmin.SessionValues); errSession != nil {
 					t.Error(errors.New("unable to mock/stub user in session object"))
 				}
 
 				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(adminEndpointRows)
 
+				mock.ExpectQuery(selectAnyFromCNSIs).WillReturnRows(adminEndpointRows)
+
 				mock.ExpectQuery(selectAnyFromTokens).
 					WithArgs(adminEndpointArgs[0], mockAdmin.ConnectedUser.GUID).
 					WillReturnRows(sqlmock.NewRows([]string{"COUNT(*)"}).AddRow("0"))
@@ -674,22 +678,16 @@ func TestLoginToCNSIWithUserEndpointsEnabled(t *testing.T) {
 
 				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(userEndpoint1Rows)
 
-				mockStratosAuth.
-					EXPECT().
-					GetUser(gomock.Eq(mockAdmin.ConnectedUser.GUID)).
-					Return(mockAdmin.ConnectedUser, nil)
-
 				err := pp.loginToCNSI(ctxConnectToUser1)
 				dberr := mock.ExpectationsWereMet()
 
 				Convey("should fail", func() {
-					So(err, ShouldResemble, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - admins are not allowed to connect to user created endpoints"))
+					So(err, ShouldResemble, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - users are not allowed to connect to personal endpoints created by other users"))
 				})
 
 				Convey("there should be no db error", func() {
 					So(dberr, ShouldBeNil)
 				})
-
 			})
 		})
 		Convey("As user", func() {
@@ -698,13 +696,49 @@ func TestLoginToCNSIWithUserEndpointsEnabled(t *testing.T) {
 					t.Error(errors.New("unable to mock/stub user in session object"))
 				}
 
-				mockStratosAuth.
-					EXPECT().
-					GetUser(gomock.Eq(mockEndpointAdmin1.ConnectedUser.GUID)).
-					Return(mockEndpointAdmin1.ConnectedUser, nil)
+				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(userEndpoint1Rows)
+
+				mock.ExpectQuery(selectAnyFromCNSIs).WillReturnRows(userEndpoint1Rows)
+
+				mock.ExpectQuery(selectAnyFromTokens).
+					WithArgs(userEndpoint1Args[0], mockEndpointAdmin1.ConnectedUser.GUID).
+					WillReturnRows(sqlmock.NewRows([]string{"COUNT(*)"}).AddRow("0"))
+
+				mock.ExpectExec(insertIntoTokens).
+					WillReturnResult(sqlmock.NewResult(1, 1))
+
+				err := pp.loginToCNSI(ctxConnectToUser1)
+				dberr := mock.ExpectationsWereMet()
+
+				Convey("there should be no error", func() {
+					So(err, ShouldBeNil)
+				})
+
+				Convey("there should be no db error", func() {
+					So(dberr, ShouldBeNil)
+				})
+			})
+			Convey("Connect to own endpoint while already connected to same url with system endpoint", func() {
+				if errSession := pp.setSessionValues(ctxConnectToUser1, mockEndpointAdmin1.SessionValues); errSession != nil {
+					t.Error(errors.New("unable to mock/stub user in session object"))
+				}
 
 				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(userEndpoint1Rows)
 
+				// args is the api url
+				mock.ExpectQuery(selectAnyFromCNSIs).WithArgs(userEndpoint1Args[3]).WillReturnRows(adminAndUserEndpointRows)
+
+				// connected system endpoint found
+				mock.ExpectQuery(selectAnyFromTokens).
+					WithArgs(adminEndpointArgs[0], mockEndpointAdmin1.ConnectedUser.GUID, mockAdminGUID).
+					WillReturnRows(sqlmock.NewRows([]string{"token_guid", "auth_token", "refresh_token", "token_expiry", "disconnected", "auth_type", "meta_data", "user_guid", "linked_token"}).
+						AddRow("", mockUAAToken, mockUAAToken, time.Now().Add(-time.Hour).Unix(), false, "", "", "", nil))
+
+				// remove other connection, since it has the same api url
+				mock.ExpectExec(deleteTokens).
+					WithArgs(adminEndpointArgs[0], mockEndpointAdmin1.ConnectedUser.GUID).
+					WillReturnResult(sqlmock.NewResult(1, 1))
+
 				mock.ExpectQuery(selectAnyFromTokens).
 					WithArgs(userEndpoint1Args[0], mockEndpointAdmin1.ConnectedUser.GUID).
 					WillReturnRows(sqlmock.NewRows([]string{"COUNT(*)"}).AddRow("0"))
@@ -723,13 +757,15 @@ func TestLoginToCNSIWithUserEndpointsEnabled(t *testing.T) {
 					So(dberr, ShouldBeNil)
 				})
 			})
-			Convey("Connect to admin endpoint", func() {
+			Convey("Connect to system endpoint", func() {
 				if errSession := pp.setSessionValues(ctxConnectToAdmin, mockEndpointAdmin1.SessionValues); errSession != nil {
 					t.Error(errors.New("unable to mock/stub user in session object"))
 				}
 
 				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(adminEndpointRows)
 
+				mock.ExpectQuery(selectAnyFromCNSIs).WillReturnRows(adminEndpointRows)
+
 				mock.ExpectQuery(selectAnyFromTokens).
 					WithArgs(adminEndpointArgs[0], mockEndpointAdmin1.ConnectedUser.GUID).
 					WillReturnRows(sqlmock.NewRows([]string{"COUNT(*)"}).AddRow("0"))
@@ -755,16 +791,11 @@ func TestLoginToCNSIWithUserEndpointsEnabled(t *testing.T) {
 
 				mock.ExpectQuery(selectFromCNSIs).WillReturnRows(userEndpoint2Rows)
 
-				mockStratosAuth.
-					EXPECT().
-					GetUser(gomock.Eq(mockEndpointAdmin1.ConnectedUser.GUID)).
-					Return(mockEndpointAdmin1.ConnectedUser, nil)
-
 				err := pp.loginToCNSI(ctxConnectToUser2)
 				dberr := mock.ExpectationsWereMet()
 
 				Convey("should fail", func() {
-					So(err, ShouldResemble, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - non-admins are not allowed to connect to endpoints created by other non-admins"))
+					So(err, ShouldResemble, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - users are not allowed to connect to personal endpoints created by other users"))
 				})
 
 				Convey("there should be no db error", func() {

src/jetstream/authcnsi.go

@@ -153,6 +153,10 @@ func (p *portalProxy) DoLoginToCNSI(c echo.Context, cnsiGUID string, systemShare
 	// admins are note allowed to connect to user created endpoints
 	if p.GetConfig().UserEndpointsEnabled != config.UserEndpointsConfigEnum.Disabled {
 
+		if len(cnsiRecord.Creator) != 0 && cnsiRecord.Creator != userID {
+			return nil, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - users are not allowed to connect to personal endpoints created by other users")
+		}
+
 		// search for system or personal endpoints and check if they are connected
 		// automatically disconnect other endpoint if already connected to same url
 		cnsiList, err := p.listCNSIByAPIEndpoint(cnsiRecord.APIEndpoint.String())
@@ -165,17 +169,13 @@ func (p *portalProxy) DoLoginToCNSI(c echo.Context, cnsiGUID string, systemShare
 		}
 
 		for _, cnsi := range cnsiList {
-			if cnsi.Creator == userID || len(cnsi.Creator) == 0 {
+			if (cnsi.Creator == userID || len(cnsi.Creator) == 0) && cnsi.GUID != cnsiGUID {
 				_, ok := p.GetCNSITokenRecord(cnsi.GUID, userID)
 				if ok {
 					p.ClearCNSIToken(*cnsi, userID)
 				}
 			}
 		}
-
-		if len(cnsiRecord.Creator) != 0 && cnsiRecord.Creator != userID {
-			return nil, echo.NewHTTPError(http.StatusUnauthorized, "Can not connect - users are not allowed to connect to personal endpoints created by other users")
-		}
 	}
 
 	// Register as a system endpoint?

src/jetstream/cnsi.go

@@ -283,7 +283,7 @@ func (p *portalProxy) buildCNSIList(c echo.Context) ([]*interfaces.CNSIRecord, e
 		}
 
 		if p.GetConfig().UserEndpointsEnabled != config.UserEndpointsConfigEnum.AdminOnly {
-			// remove existing system endpoint if user endpoint already exists and sessionuser not admin
+			// if endpoint with same url exists as system and user endpoint, hide the system endpoint
 			unfilteredList, err := p.ListAdminEndpoints(userID.(string))
 			if err != nil {
 				return unfilteredList, err

src/jetstream/cnsi_test.go

@@ -307,9 +307,9 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 			pp.GetConfig().UserEndpointsEnabled = config.UserEndpointsConfigEnum.Enabled
 
 			Convey("as admin", func() {
-				Convey("with overwrite disabled", func() {
+				Convey("with createUserEndpoint disabled", func() {
 					// setup
-					adminEndpoint := setupMockEndpointRegisterRequest(t, mockAdmin.ConnectedUser, mockV2Info[0], "CF Cluster 1", false)
+					adminEndpoint := setupMockEndpointRegisterRequest(t, mockAdmin.ConnectedUser, mockV2Info[0], "CF Cluster 1", false, true)
 
 					if errSession := pp.setSessionValues(adminEndpoint.EchoContext, mockAdmin.SessionValues); errSession != nil {
 						t.Error(errors.New("unable to mock/stub user in session object"))
@@ -341,9 +341,9 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 							So(dberr, ShouldBeNil)
 						})
 					})
-					Convey("overwrite existing user endpoints", func() {
+					Convey("create system endpoint over existing user endpoints", func() {
 						// setup
-						userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1 User", false)
+						userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1 User", false, false)
 
 						// mock executions
 						mockStratosAuth.
@@ -355,33 +355,24 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 						rows := sqlmock.NewRows(rowFieldsForCNSI).AddRow(userEndpoint.QueryArgs...)
 						mock.ExpectQuery(selectAnyFromCNSIs).WithArgs(mockV2Info[0].URL).WillReturnRows(rows)
 
+						// save cnsi
+						mock.ExpectExec(insertIntoCNSIs).
+							WithArgs(adminEndpoint.InsertArgs...).
+							WillReturnResult(sqlmock.NewResult(1, 1))
+
 						// test
 						err := pp.RegisterEndpoint(adminEndpoint.EchoContext, getCFPlugin(pp, "cf").Info)
 						dberr := mock.ExpectationsWereMet()
 
 						Convey("there should be no error", func() {
-							So(err, ShouldResemble, interfaces.NewHTTPShadowError(
-								http.StatusBadRequest,
-								"Can not register same endpoint multiple times",
-								"Can not register same endpoint multiple times",
-							))
+							So(err, ShouldBeNil)
 						})
 
 						Convey("there should be no db error", func() {
 							So(dberr, ShouldBeNil)
 						})
 					})
-				})
-				Convey("with overwrite enabled", func() {
-
-					// setup
-					adminEndpoint := setupMockEndpointRegisterRequest(t, mockAdmin.ConnectedUser, mockV2Info[0], "CF Cluster 1", true)
-
-					if errSession := pp.setSessionValues(adminEndpoint.EchoContext, mockAdmin.SessionValues); errSession != nil {
-						t.Error(errors.New("unable to mock/stub user in session object"))
-					}
-
-					Convey("overwrite existing admin endpoints", func() {
+					Convey("create system endpoint over existing system endpoints", func() {
 						// mock executions
 						mockStratosAuth.
 							EXPECT().
@@ -399,36 +390,38 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 						Convey("should fail ", func() {
 							So(err, ShouldResemble, interfaces.NewHTTPShadowError(
 								http.StatusBadRequest,
-								"Can not register same admin endpoint multiple times",
-								"Can not register same admin endpoint multiple times",
+								"Can not register same system endpoint multiple times",
+								"Can not register same system endpoint multiple times",
 							))
 						})
 
 						Convey("no insert should be executed", func() {
 							So(dberr, ShouldBeNil)
 						})
 					})
-					Convey("overwrite existing user endpoints", func() {
+				})
+				Convey("with createUserEndpoint enabled", func() {
 
-						// setup
-						userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1 User", false)
+					// setup
+					adminEndpoint := setupMockEndpointRegisterRequest(t, mockAdmin.ConnectedUser, mockV2Info[0], "CF Cluster 1", true, false)
+					systemEndpoint := setupMockEndpointRegisterRequest(t, mockAdmin.ConnectedUser, mockV2Info[0], "CF Cluster 1", true, true)
+
+					if errSession := pp.setSessionValues(adminEndpoint.EchoContext, mockAdmin.SessionValues); errSession != nil {
+						t.Error(errors.New("unable to mock/stub user in session object"))
+					}
 
+					Convey("register personal endpoint over system endpoint", func() {
 						// mock executions
 						mockStratosAuth.
 							EXPECT().
 							GetUser(gomock.Eq(mockAdmin.ConnectedUser.GUID)).
 							Return(mockAdmin.ConnectedUser, nil)
 
-						// return a user endpoint with same apiurl
-						rows := sqlmock.NewRows(rowFieldsForCNSI).AddRow(userEndpoint.QueryArgs...)
+						// return a admin endpoint with same apiurl
+						rows := sqlmock.NewRows(rowFieldsForCNSI).AddRow(systemEndpoint.QueryArgs...)
 						mock.ExpectQuery(selectAnyFromCNSIs).WithArgs(mockV2Info[0].URL).WillReturnRows(rows)
 
-						// user endpoints should be deleted
-						mock.ExpectExec(deleteFromCNSIs).
-							WithArgs(userEndpoint.QueryArgs[0]).
-							WillReturnResult(sqlmock.NewResult(1, 1))
-
-						// a new admin endpoint with same url will be registered
+						// save cnsi
 						mock.ExpectExec(insertIntoCNSIs).
 							WithArgs(adminEndpoint.InsertArgs...).
 							WillReturnResult(sqlmock.NewResult(1, 1))
@@ -441,6 +434,33 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 							So(err, ShouldBeNil)
 						})
 
+						Convey("there should be no db error", func() {
+							So(dberr, ShouldBeNil)
+						})
+					})
+					Convey("register personal endpoint twice", func() {
+						// mock executions
+						mockStratosAuth.
+							EXPECT().
+							GetUser(gomock.Eq(mockAdmin.ConnectedUser.GUID)).
+							Return(mockAdmin.ConnectedUser, nil)
+
+						// return a user endpoint with same apiurl
+						rows := sqlmock.NewRows(rowFieldsForCNSI).AddRow(adminEndpoint.QueryArgs...)
+						mock.ExpectQuery(selectAnyFromCNSIs).WithArgs(mockV2Info[0].URL).WillReturnRows(rows)
+
+						// test
+						err := pp.RegisterEndpoint(adminEndpoint.EchoContext, getCFPlugin(pp, "cf").Info)
+						dberr := mock.ExpectationsWereMet()
+
+						Convey("there should be no error", func() {
+							So(err, ShouldResemble, interfaces.NewHTTPShadowError(
+								http.StatusBadRequest,
+								"Can not register same endpoint multiple times",
+								"Can not register same endpoint multiple times",
+							))
+						})
+
 						Convey("there should be no db error", func() {
 							So(dberr, ShouldBeNil)
 						})
@@ -449,9 +469,9 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 			})
 
 			Convey("as user", func() {
-				Convey("with overwrite disabled", func() {
+				Convey("with createUserEndpoint disabled", func() {
 					// setup
-					userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1", false)
+					userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1", false, false)
 
 					if errSession := pp.setSessionValues(userEndpoint.EchoContext, mockUser1.SessionValues); errSession != nil {
 						t.Error(errors.New("unable to mock/stub user in session object"))
@@ -483,7 +503,7 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 						})
 					})
 					Convey("register existing endpoint from different user", func() {
-						userEndpoint2 := setupMockEndpointRegisterRequest(t, mockUser2.ConnectedUser, mockV2Info[0], "CF Cluster 2", false)
+						userEndpoint2 := setupMockEndpointRegisterRequest(t, mockUser2.ConnectedUser, mockV2Info[0], "CF Cluster 2", false, false)
 
 						// mock executions
 						mockStratosAuth.
@@ -535,13 +555,13 @@ func TestRegisterWithUserEndpointsEnabled(t *testing.T) {
 						})
 					})
 				})
-				Convey("with overwrite enabled", func() {
-					userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1", false)
+				Convey("with createUserEndpoint enabled", func() {
+					userEndpoint := setupMockEndpointRegisterRequest(t, mockUser1.ConnectedUser, mockV2Info[0], "CF Cluster 1", true, false)
 
 					if errSession := pp.setSessionValues(userEndpoint.EchoContext, mockUser1.SessionValues); errSession != nil {
 						t.Error(errors.New("unable to mock/stub user in session object"))
 					}
-					Convey("overwrite existing endpoints from same user, with overwrite enabled", func() {
+					Convey("register existing endpoint from same user", func() {
 						// mock executions
 						mockStratosAuth.
 							EXPECT().