Adding Test resources

esnet · Sep 16, 2024 · b8e884e · b8e884e
1 parent f1d025d
commit b8e884e
Show file tree

Hide file tree

Showing 29 changed files with 682 additions and 32 deletions.
diff --git a/internal/api/extended.go b/internal/api/extended.go
@@ -27,7 +27,7 @@ func (extended *ExtendedApi) getRequestBuilder() *requests.Builder {
 	req := requests.URL(extended.grafanaCfg.URL)
 	if config.Config().IgnoreSSL() {
 		customTransport := http.DefaultTransport.(*http.Transport).Clone()
-		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec G402
 		req = req.Transport(customTransport)
 	}
 

diff --git a/internal/config/connection_config.go b/internal/config/connection_config.go
@@ -25,7 +25,7 @@ func (r RegexMatchesList) GetConnectionAuth(path string) (*GrafanaConnection, er
 	}
 	secretLocation := filepath.Join(path, r.SecureData)
 	result := new(GrafanaConnection)
-	raw, err := os.ReadFile(secretLocation)
+	raw, err := os.ReadFile(secretLocation) // #nosec G304
 	if err != nil {
 		msg := "unable to read secrets at location"
 		slog.Error(msg, slog.String("file", secretLocation))

diff --git a/internal/service/contracts.go b/internal/service/contracts.go
@@ -59,7 +59,7 @@ type DashboardsApi interface {
 }
 
 type DashboardPermissionsApi interface {
-	ListDashboardPermissions(filterReq filters.Filter) ([]DashboardAndPermissions, error)
+	ListDashboardPermissions(filterReq filters.Filter) ([]gdgType.DashboardAndPermissions, error)
 	DownloadDashboardPermissions(filterReq filters.Filter) ([]string, error)
 	ClearDashboardPermissions(filterReq filters.Filter) error
 	UploadDashboardPermissions(filterReq filters.Filter) ([]string, error)

diff --git a/internal/service/dashboard_permissions.go b/internal/service/dashboard_permissions.go
@@ -9,23 +9,20 @@ import (
 	"slices"
 	"strings"
 
+	"github.com/esnet/gdg/internal/types"
+
 	"github.com/esnet/gdg/internal/config"
 	"github.com/esnet/gdg/internal/service/filters"
 	"github.com/gosimple/slug"
 	"github.com/grafana/grafana-openapi-client-go/models"
 )
 
-type DashboardAndPermissions struct {
-	Dashboard   *models.Hit
-	Permissions []*models.DashboardACLInfoDTO
-}
-
-func (s *DashNGoImpl) ListDashboardPermissions(filterReq filters.Filter) ([]DashboardAndPermissions, error) {
+func (s *DashNGoImpl) ListDashboardPermissions(filterReq filters.Filter) ([]types.DashboardAndPermissions, error) {
 	validateDashboardEnterpriseSupport(s)
 	dashboards := s.ListDashboards(filterReq)
-	var result []DashboardAndPermissions
+	var result []types.DashboardAndPermissions
 	for _, dashboard := range dashboards {
-		item := DashboardAndPermissions{Dashboard: dashboard}
+		item := types.DashboardAndPermissions{Dashboard: dashboard}
 		perms, err := s.GetClient().DashboardPermissions.GetDashboardPermissionsListByUID(dashboard.UID)
 		if err != nil {
 			slog.Warn("Unable to retrieve permissions for dashboard",

diff --git a/internal/service/login.go b/internal/service/login.go
@@ -136,7 +136,7 @@ func (s *DashNGoImpl) GetBasicAuthClient() *client.GrafanaHTTPAPI {
 // only to be used for testing, highly discouraged in production.
 func ignoreSSLErrors() (*http.Client, *http.Transport) {
 	customTransport := http.DefaultTransport.(*http.Transport).Clone()
-	customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec G402
 	httpclient := &http.Client{Transport: customTransport}
 	return httpclient, customTransport
 }
diff --git a/internal/service/mocks/DashboardPermissionsApi.go b/internal/service/mocks/DashboardPermissionsApi.go
diff --git a/internal/service/mocks/GrafanaService.go b/internal/service/mocks/GrafanaService.go
diff --git a/internal/templating/templating.go b/internal/templating/templating.go
@@ -74,7 +74,7 @@ func (t *templateImpl) Generate(templateName string) (map[string][]string, error
 			slog.Warn("Continuing to process remaining templates")
 			continue
 		}
-		templateData, err := os.ReadFile(fileLocation)
+		templateData, err := os.ReadFile(fileLocation) // #nosec G304
 		if err != nil {
 			slog.Error("unable to open file", slog.Any("file", fileLocation))
 			slog.Warn("Continuing to process remaining templates")

diff --git a/internal/types/models.go b/internal/types/models.go
@@ -26,3 +26,8 @@ type ConnectionPermissionItem struct {
 	Connection  *models.DataSourceListItemDTO
 	Permissions []*models.ResourcePermissionDTO
 }
+
+type DashboardAndPermissions struct {
+	Dashboard   *models.Hit
+	Permissions []*models.DashboardACLInfoDTO
+}
diff --git a/test/dashboard_integration_test.go b/test/dashboard_integration_test.go
@@ -8,6 +8,11 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/esnet/gdg/internal/tools"
+	"github.com/esnet/gdg/internal/types"
+	"github.com/esnet/gdg/pkg/test_tooling/containers"
+	"github.com/samber/lo"
+
 	"github.com/testcontainers/testcontainers-go"
 
 	"github.com/esnet/gdg/internal/config"
@@ -237,6 +242,74 @@ func TestDashboardTagsFilter(t *testing.T) {
 	assert.Equal(t, len(boards), 0)
 }
 
+func TestDashboardPermissionsCrud(t *testing.T) {
+	//if os.Getenv(test_tooling.EnableTokenTestsEnv) == "1" {
+	//	t.Skip("Skipping Token configuration, Team and User CRUD requires Basic SecureData")
+	//}
+	props := containers.DefaultGrafanaEnv()
+	err := containers.SetupGrafanaLicense(&props)
+	if err != nil {
+		slog.Error("no valid grafana license found, skipping enterprise tests")
+		t.Skip()
+	}
+	apiClient, _, _, cleanup := test_tooling.InitTest(t, nil, props)
+	defer cleanup()
+	// Upload all dashboards
+	apiClient.UploadDashboards(nil)
+	// Upload all users
+	newUsers := apiClient.UploadUsers(service.NewUserFilter(""))
+	assert.Equal(t, len(newUsers), 2)
+	// Upload all teams
+	filter := service.NewTeamFilter("")
+	teams := apiClient.UploadTeams(filter)
+	assert.Equal(t, len(teams), 2)
+	// Get current Permissions
+	currentPerms, err := apiClient.ListDashboardPermissions(nil)
+	assert.Equal(t, len(currentPerms), 16)
+	entry := tools.PtrOf(lo.FirstOrEmpty(lo.Filter(currentPerms, func(item types.DashboardAndPermissions, index int) bool {
+		return item.Dashboard.Title == "Bandwidth Dashboard"
+	})))
+	assert.NotNil(t, entry)
+	assert.Equal(t, len(entry.Permissions), 3)
+
+	assert.NoError(t, apiClient.ClearDashboardPermissions(nil))
+	currentPerms, err = apiClient.ListDashboardPermissions(nil)
+	assert.NoError(t, err)
+	assert.Equal(t, len(currentPerms), 16)
+	assert.Equal(t, len(currentPerms[0].Permissions), 0)
+	addPerms, err := apiClient.UploadDashboardPermissions(nil)
+	assert.NoError(t, err)
+	assert.Equal(t, len(addPerms), 16)
+	currentPerms, err = apiClient.ListDashboardPermissions(nil)
+	entry = nil
+	entry = tools.PtrOf(lo.FirstOrEmpty(lo.Filter(currentPerms, func(item types.DashboardAndPermissions, index int) bool {
+		return item.Dashboard.Title == "Bandwidth Dashboard"
+	})))
+	assert.NotNil(t, entry)
+	assert.Equal(t, 5, len(entry.Permissions))
+	var bobPerm *models.DashboardACLInfoDTO
+	var teamMusic *models.DashboardACLInfoDTO
+	for ndx, entryPerm := range entry.Permissions {
+		if entryPerm.Team == "musicians" {
+			teamMusic = entry.Permissions[ndx]
+		}
+		if entryPerm.UserLogin == "bob" {
+			bobPerm = entry.Permissions[ndx]
+		}
+	}
+	assert.NotNil(t, bobPerm)
+	assert.NotNil(t, teamMusic)
+	// validate bob
+	assert.Equal(t, bobPerm.PermissionName, "Edit")
+	assert.Equal(t, bobPerm.UserEmail, "[email protected]")
+	assert.Equal(t, bobPerm.UserID, int64(2))
+	assert.Equal(t, bobPerm.Permission, models.PermissionType(2))
+	// validate team permission
+	assert.Equal(t, teamMusic.PermissionName, "Admin")
+	assert.Equal(t, teamMusic.TeamID, int64(2))
+	assert.Equal(t, teamMusic.Permission, models.PermissionType(4))
+}
+
 func TestWildcardFilter(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping integration test")

diff --git a/test/data/org_main-org/dashboards-permissions/General/bandwidth-dashboard.json b/test/data/org_main-org/dashboards-permissions/General/bandwidth-dashboard.json
@@ -0,0 +1,70 @@
+[
+	{
+		"created": "2024-09-15T16:38:16.000Z",
+		"dashboardId": 1,
+		"permission": 2,
+		"permissionName": "Edit",
+		"slug": "bandwidth-dashboard",
+		"title": "Bandwidth Dashboard",
+		"uid": "000000003",
+		"updated": "2024-09-15T16:38:16.000Z",
+		"url": "/d/000000003/bandwidth-dashboard",
+		"userAvatarUrl": "/avatar/64029c12d260bd5e3cb2504f4155998f",
+		"userEmail": "[email protected]",
+		"userId": 2,
+		"userLogin": "bob"
+	},
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 1,
+		"permission": 4,
+		"permissionName": "Admin",
+		"slug": "bandwidth-dashboard",
+		"title": "Bandwidth Dashboard",
+		"uid": "000000003",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000003/bandwidth-dashboard",
+		"userAvatarUrl": "/avatar/46d229b033af06a191ff2267bca9ae56",
+		"userEmail": "admin@localhost",
+		"userId": 1,
+		"userLogin": "admin"
+	},
+	{
+		"created": "2024-09-15T16:38:26.000Z",
+		"dashboardId": 1,
+		"permission": 4,
+		"permissionName": "Admin",
+		"slug": "bandwidth-dashboard",
+		"team": "musicians",
+		"teamAvatarUrl": "/avatar/80ca0095115d85b522e59fa72b51a213",
+		"teamId": 2,
+		"title": "Bandwidth Dashboard",
+		"uid": "000000003",
+		"updated": "2024-09-15T16:38:26.000Z",
+		"url": "/d/000000003/bandwidth-dashboard"
+	},
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 1,
+		"permission": 1,
+		"permissionName": "View",
+		"role": "Viewer",
+		"slug": "bandwidth-dashboard",
+		"title": "Bandwidth Dashboard",
+		"uid": "000000003",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000003/bandwidth-dashboard"
+	},
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 1,
+		"permission": 2,
+		"permissionName": "Edit",
+		"role": "Editor",
+		"slug": "bandwidth-dashboard",
+		"title": "Bandwidth Dashboard",
+		"uid": "000000003",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000003/bandwidth-dashboard"
+	}
+]
diff --git a/test/data/org_main-org/dashboards-permissions/General/bandwidth-patterns.json b/test/data/org_main-org/dashboards-permissions/General/bandwidth-patterns.json
@@ -0,0 +1,41 @@
+[
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 2,
+		"permission": 4,
+		"permissionName": "Admin",
+		"slug": "bandwidth-patterns",
+		"title": "Bandwidth Patterns",
+		"uid": "000000004",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000004/bandwidth-patterns",
+		"userAvatarUrl": "/avatar/46d229b033af06a191ff2267bca9ae56",
+		"userEmail": "admin@localhost",
+		"userId": 1,
+		"userLogin": "admin"
+	},
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 2,
+		"permission": 2,
+		"permissionName": "Edit",
+		"role": "Editor",
+		"slug": "bandwidth-patterns",
+		"title": "Bandwidth Patterns",
+		"uid": "000000004",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000004/bandwidth-patterns"
+	},
+	{
+		"created": "2024-09-14T20:51:23.000Z",
+		"dashboardId": 2,
+		"permission": 1,
+		"permissionName": "View",
+		"role": "Viewer",
+		"slug": "bandwidth-patterns",
+		"title": "Bandwidth Patterns",
+		"uid": "000000004",
+		"updated": "2024-09-14T20:51:23.000Z",
+		"url": "/d/000000004/bandwidth-patterns"
+	}
+]