-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes to jimmctl auth relation list
#1220
Changes from all commits
91a690b
8240162
5a90332
d9e2b53
3f0c0b8
09ba675
cfdd6d5
9d3e4ed
bae9a7f
45602ea
73ed66d
deb676a
97b0cfb
bf4fa43
fd4638d
0e588b3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -343,23 +343,12 @@ func initializeEnvironment(c *gc.C, ctx context.Context, db *db.Database, u dbmo | |
|
||
func (s *relationSuite) TestListRelations(c *gc.C) { | ||
env := initializeEnvironment(c, context.Background(), &s.JIMM.Database, *s.AdminUser) | ||
// alice is superuser | ||
bClient := jimmtest.NewUserSessionLogin(c, "alice") | ||
|
||
groups := []string{"group-1", "group-2", "group-3"} | ||
for _, group := range groups { | ||
_, err := cmdtesting.RunCommand(c, cmd.NewAddGroupCommandForTesting(s.ClientStore(), bClient), group) | ||
c.Assert(err, gc.IsNil) | ||
} | ||
bClient := jimmtest.NewUserSessionLogin(c, "alice") // alice is superuser | ||
|
||
relations := []apiparams.RelationshipTuple{{ | ||
Object: "user-" + env.users[0].Name, | ||
Relation: "member", | ||
TargetObject: "group-group-1", | ||
}, { | ||
Object: "user-" + env.users[1].Name, | ||
Relation: "member", | ||
TargetObject: "group-group-2", | ||
}, { | ||
Object: "group-group-2#member", | ||
Relation: "member", | ||
|
@@ -376,7 +365,24 @@ func (s *relationSuite) TestListRelations(c *gc.C) { | |
Object: "user-" + env.users[1].Name, | ||
Relation: "administrator", | ||
TargetObject: "applicationoffer-" + env.controllers[0].Name + ":" + env.applicationOffers[0].Model.OwnerIdentityName + "/" + env.applicationOffers[0].Model.Name + "." + env.applicationOffers[0].Name, | ||
}, { | ||
Object: "user-" + env.users[0].Name, | ||
Relation: "administrator", | ||
TargetObject: "serviceaccount-test@serviceaccount", | ||
}} | ||
|
||
for i := 0; i < cmd.DefaultPageSize+1; i++ { | ||
kian99 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
groupName := fmt.Sprintf("group-%d", i) | ||
_, err := cmdtesting.RunCommand(c, cmd.NewAddGroupCommandForTesting(s.ClientStore(), bClient), groupName) | ||
c.Assert(err, gc.IsNil) | ||
|
||
relations = append(relations, apiparams.RelationshipTuple{ | ||
Object: "user-" + env.users[1].Name, | ||
Relation: "member", | ||
TargetObject: "group-" + groupName, | ||
}) | ||
} | ||
|
||
for _, relation := range relations { | ||
_, err := cmdtesting.RunCommand(c, cmd.NewAddRelationCommandForTesting(s.ClientStore(), bClient), relation.Object, relation.Relation, relation.TargetObject) | ||
c.Assert(err, gc.IsNil) | ||
|
@@ -394,35 +400,26 @@ func (s *relationSuite) TestListRelations(c *gc.C) { | |
}}, | ||
relations..., | ||
)} | ||
expectedJSONData, err := json.Marshal(expectedData) | ||
|
||
context, err := cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient), "--format", "tabular") | ||
c.Assert(err, gc.IsNil) | ||
// Necessary to use yamlv2 to match what Juju does. | ||
expectedYAMLData, err := yamlv2.Marshal(expectedData) | ||
var builder strings.Builder | ||
err = cmd.FormatRelationsTabular(&builder, &expectedData) | ||
c.Assert(err, gc.IsNil) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, builder.String()) | ||
|
||
context, err := cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient), "--format", "json") | ||
expectedJSONData, err := json.Marshal(expectedData) | ||
c.Assert(err, gc.IsNil) | ||
context, err = cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient), "--format", "json") | ||
c.Assert(err, gc.IsNil) | ||
c.Assert(strings.TrimRight(cmdtesting.Stdout(context), "\n"), gc.Equals, string(expectedJSONData)) | ||
|
||
// Necessary to use yamlv2 to match what Juju does. | ||
expectedYAMLData, err := yamlv2.Marshal(expectedData) | ||
c.Assert(err, gc.IsNil) | ||
context, err = cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient)) | ||
c.Assert(err, gc.IsNil) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, string(expectedYAMLData)) | ||
|
||
context, err = cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient), "--format", "tabular") | ||
c.Assert(err, gc.IsNil) | ||
c.Assert( | ||
cmdtesting.Stdout(context), | ||
gc.Equals, | ||
`Object Relation Target Object | ||
user-admin administrator controller-jimm | ||
[email protected] administrator controller-jimm | ||
[email protected] member group-group-1 | ||
[email protected] member group-group-2 | ||
group-group-2#member member group-group-3 | ||
group-group-3#member administrator controller-test-controller-1 | ||
group-group-1#member administrator model-test-controller-1:[email protected]/test-model-1 | ||
[email protected] administrator applicationoffer-test-controller-1:[email protected]/test-model-1.testoffer1`, | ||
) | ||
} | ||
|
||
func (s *relationSuite) TestListRelationsWithError(c *gc.C) { | ||
|
@@ -482,16 +479,10 @@ func (s *relationSuite) TestListRelationsWithError(c *gc.C) { | |
|
||
context, err = cmdtesting.RunCommand(c, cmd.NewListRelationsCommandForTesting(s.ClientStore(), bClient), "--format", "tabular") | ||
c.Assert(err, gc.IsNil) | ||
expectedOutput := fmt.Sprintf( | ||
`Object Relation Target Object | ||
user-admin administrator controller-jimm | ||
[email protected] administrator controller-jimm | ||
[email protected] member group:%s | ||
|
||
Errors | ||
failed to parse target: failed to fetch group information: %s | ||
`, group.UUID, group.UUID) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, expectedOutput) | ||
var builder strings.Builder | ||
err = cmd.FormatRelationsTabular(&builder, &expectedData) | ||
c.Assert(err, gc.IsNil) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, builder.String()) | ||
} | ||
|
||
// TODO: remove boilerplate of env setup and use initialiseEnvironment | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -394,6 +394,8 @@ func (j *JIMM) ToJAASTag(ctx context.Context, tag *ofganames.Tag) (string, error | |
switch tag.Kind { | ||
case names.UserTagKind: | ||
return names.UserTagKind + "-" + tag.ID, nil | ||
case jimmnames.ServiceAccountTagKind: | ||
return jimmnames.ServiceAccountTagKind + "-" + tag.ID, nil | ||
Comment on lines
+397
to
+398
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks for adding this. We need to update the tests to cover this as well. You can find the test function here: Please, in addition to a test case for the service account tag, add one more for the group tags (which we've missed adding before). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this is still missing, a test in access_control.go for the changes to |
||
case names.ControllerTagKind: | ||
if tag.ID == j.ResourceTag().Id() { | ||
return "controller-jimm", nil | ||
|
@@ -603,6 +605,13 @@ func resolveTag(jimmUUID string, db *db.Database, tag string) (*ofganames.Tag, e | |
} | ||
|
||
return ofganames.ConvertTagWithRelation(names.NewApplicationOfferTag(offer.UUID), relation), nil | ||
case jimmnames.ServiceAccountTagKind: | ||
zapctx.Debug( | ||
ctx, | ||
"Resolving JIMM tags to Juju tags for tag kind: serviceaccount", | ||
zap.String("serviceaccount-name", trailer), | ||
) | ||
return ofganames.ConvertTagWithRelation(jimmnames.NewServiceAccountTag(trailer), relation), nil | ||
Comment on lines
+608
to
+614
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. (question) @alesstimec @ale8k @kian99 Just want to make sure; we cannot check for the service account existence at this stage? Because the tag might exist but the the service account has not yet logged in (and hence to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i don't think we need a DB lookup at this point, no.. it's better to show "stale" tuples that might be left-overs and give admins the ability to delete them There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @babakks I believe that is correct:
Users work the same way |
||
} | ||
return nil, errors.E("failed to map tag " + matches[1]) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I checked there are still a few more instances that point to
sysdeps
. Can you please update them as well?