From 8a483a640230c97f5f5ebf7ab09d1ea4fd0b784b Mon Sep 17 00:00:00 2001 From: Ciprian Tibulca Date: Thu, 29 Feb 2024 18:07:42 +0000 Subject: [PATCH 1/4] CLOUDP-234532: fix atlas customDbRoles update command --- internal/cli/atlas/customdbroles/update.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/internal/cli/atlas/customdbroles/update.go b/internal/cli/atlas/customdbroles/update.go index f4904321a7..b8ba6f99c9 100644 --- a/internal/cli/atlas/customdbroles/update.go +++ b/internal/cli/atlas/customdbroles/update.go @@ -24,7 +24,6 @@ import ( "github.com/mongodb/mongodb-atlas-cli/internal/config" "github.com/mongodb/mongodb-atlas-cli/internal/convert" "github.com/mongodb/mongodb-atlas-cli/internal/flag" - "github.com/mongodb/mongodb-atlas-cli/internal/pointer" "github.com/mongodb/mongodb-atlas-cli/internal/store" "github.com/mongodb/mongodb-atlas-cli/internal/usage" "github.com/spf13/cobra" @@ -69,20 +68,18 @@ func (opts *UpdateOpts) Run() error { } func (opts *UpdateOpts) newCustomDBRole(existingRole *atlasv2.UserCustomDBRole) *atlasv2.UserCustomDBRole { - out := &atlasv2.UserCustomDBRole{ - InheritedRoles: pointer.Get(convert.BuildAtlasInheritedRoles(opts.inheritedRoles)), - } + inheritedRoles := convert.BuildAtlasInheritedRoles(opts.inheritedRoles) actions := joinActions(convert.BuildAtlasActions(opts.action)) - inheritedRoles := []atlasv2.DatabaseInheritedRole{} if opts.append { actions = appendActions(existingRole.GetActions(), actions) inheritedRoles = append(inheritedRoles, existingRole.GetInheritedRoles()...) } - out.SetActions(actions) - out.SetInheritedRoles(inheritedRoles) - return out + return &atlasv2.UserCustomDBRole{ + Actions: &actions, + InheritedRoles: &inheritedRoles, + } } func (opts *UpdateOpts) validate() error { From 95ed4cb59a255cd338e15b6f167d568a10e8afb8 Mon Sep 17 00:00:00 2001 From: Ciprian Tibulca Date: Fri, 1 Mar 2024 08:48:03 +0000 Subject: [PATCH 2/4] CLOUDP-234532: fix atlas customDbRoles update command --- test/e2e/iam/atlas_custom_db_roles_test.go | 152 +++++++++++++++++++++ test/e2e/iam/helper_test.go | 1 + 2 files changed, 153 insertions(+) create mode 100644 test/e2e/iam/atlas_custom_db_roles_test.go diff --git a/test/e2e/iam/atlas_custom_db_roles_test.go b/test/e2e/iam/atlas_custom_db_roles_test.go new file mode 100644 index 0000000000..8d02d1f362 --- /dev/null +++ b/test/e2e/iam/atlas_custom_db_roles_test.go @@ -0,0 +1,152 @@ +// Copyright 2024 MongoDB Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build e2e || (iam && atlas) + +package iam_test + +import ( + "encoding/json" + "fmt" + "os" + "os/exec" + "testing" + + "github.com/mongodb/mongodb-atlas-cli/test/e2e" + "github.com/stretchr/testify/require" + atlasv2 "go.mongodb.org/atlas-sdk/v20231115007/admin" +) + +func TestAtlasCustomDbRoles(t *testing.T) { + cliPath, err := e2e.AtlasCLIBin() + require.NoError(t, err) + + n, err := e2e.RandInt(1000) + require.NoError(t, err) + + projectName := fmt.Sprintf("e2e-proj-%v", n) + projectID, err := e2e.CreateProject(projectName) + require.NoError(t, err) + t.Cleanup(func() { + e2e.DeleteProjectWithRetry(t, projectID) + }) + + role := "testDbRole" + clusterRes := &[]atlasv2.DatabasePermittedNamespaceResource{{Cluster: true}} + + t.Run("Create", func(t *testing.T) { + cmd := exec.Command(cliPath, + customDBRoles, + "create", + role, + "--inheritedRole", + "read@mydb", + "--privilege", + "LIST_DATABASES", + "--projectId", + projectID, + "-o=json") + cmd.Env = os.Environ() + resp, err := cmd.CombinedOutput() + require.NoError(t, err, string(resp)) + }) + + t.Run("Describe", func(t *testing.T) { + cmd := exec.Command(cliPath, + customDBRoles, + "describe", + role, + "--projectId", + projectID, + "-o=json") + cmd.Env = os.Environ() + resp, err := cmd.CombinedOutput() + require.NoError(t, err, string(resp)) + + var customDBRole atlasv2.UserCustomDBRole + require.NoError(t, json.Unmarshal(resp, &customDBRole), string(resp)) + expected := atlasv2.UserCustomDBRole{ + RoleName: role, + Actions: &[]atlasv2.DatabasePrivilegeAction{ + {Action: "LIST_DATABASES", Resources: clusterRes}, + }, + InheritedRoles: &[]atlasv2.DatabaseInheritedRole{ + {Db: "mydb", Role: "read"}, + }, + } + require.Equal(t, expected, customDBRole) + }) + + t.Run("Update", func(t *testing.T) { + cmd := exec.Command(cliPath, + customDBRoles, + "update", + role, + "--inheritedRole", + "readWrite@mydb", + "--privilege", + "GET_SHARD_MAP", + "--privilege", + "SHARDING_STATE", + "--append", + "--projectId", + projectID, + "-o=json") + cmd.Env = os.Environ() + resp, err := cmd.CombinedOutput() + require.NoError(t, err, string(resp)) + }) + + t.Run("List", func(t *testing.T) { + cmd := exec.Command(cliPath, + customDBRoles, + "list", + "--projectId", + projectID, + "-o=json") + cmd.Env = os.Environ() + resp, err := cmd.CombinedOutput() + require.NoError(t, err, string(resp)) + + var customDBRoles []atlasv2.UserCustomDBRole + require.NoError(t, json.Unmarshal(resp, &customDBRoles), string(resp)) + require.Len(t, customDBRoles, 1) + + expectedActions := []atlasv2.DatabasePrivilegeAction{ + {Action: "GET_SHARD_MAP", Resources: clusterRes}, + {Action: "SHARDING_STATE", Resources: clusterRes}, + {Action: "LIST_DATABASES", Resources: clusterRes}, + } + require.ElementsMatch(t, expectedActions, customDBRoles[0].GetActions()) + + expectedRoles := []atlasv2.DatabaseInheritedRole{ + {Db: "mydb", Role: "readWrite"}, + {Db: "mydb", Role: "read"}, + } + require.ElementsMatch(t, expectedRoles, customDBRoles[0].GetInheritedRoles()) + }) + + t.Run("Delete", func(t *testing.T) { + cmd := exec.Command(cliPath, + customDBRoles, + "delete", + role, + "--force", + "--projectId", + projectID) + cmd.Env = os.Environ() + resp, err := cmd.CombinedOutput() + require.NoError(t, err, string(resp)) + }) +} diff --git a/test/e2e/iam/helper_test.go b/test/e2e/iam/helper_test.go index 90002d7ae5..a3c5304c22 100644 --- a/test/e2e/iam/helper_test.go +++ b/test/e2e/iam/helper_test.go @@ -36,6 +36,7 @@ const ( projectsEntity = "projects" teamsEntity = "teams" invitationsEntity = "invitations" + customDBRoles = "customDbRoles" ) const ( From 53178bd60cf20222d630f05f675b8fbeab5da2b2 Mon Sep 17 00:00:00 2001 From: Ciprian Tibulca Date: Fri, 1 Mar 2024 10:14:53 +0000 Subject: [PATCH 3/4] CLOUDP-234532: fix atlas customDbRoles update command --- test/e2e/atlas/custom_db_roles_test.go | 25 ++-- test/e2e/iam/atlas_custom_db_roles_test.go | 152 --------------------- 2 files changed, 16 insertions(+), 161 deletions(-) delete mode 100644 test/e2e/iam/atlas_custom_db_roles_test.go diff --git a/test/e2e/atlas/custom_db_roles_test.go b/test/e2e/atlas/custom_db_roles_test.go index 9be10a40e1..c6412c7b86 100644 --- a/test/e2e/atlas/custom_db_roles_test.go +++ b/test/e2e/atlas/custom_db_roles_test.go @@ -29,10 +29,12 @@ import ( ) const ( - createPrivilege = "UPDATE" - updatePrivilege = "LIST_SESSIONS" - inheritedRole = "enableSharding@admin" - enableSharding = "enableSharding" + createPrivilege = "UPDATE" + updatePrivilege = "LIST_SESSIONS" + enableShardingRole = "enableSharding" + enableShardingInheritedRole = "enableSharding@admin" + readRole = "read" + readInheritedRole = "read@mydb" ) func TestDBRoles(t *testing.T) { @@ -50,7 +52,7 @@ func TestDBRoles(t *testing.T) { "create", roleName, "--privilege", fmt.Sprintf("%s@db.collection", createPrivilege), - "--inheritedRole", inheritedRole, + "--inheritedRole", enableShardingInheritedRole, "-o=json", ) cmd.Env = os.Environ() @@ -65,7 +67,7 @@ func TestDBRoles(t *testing.T) { a.Len(role.GetActions(), 1) a.Equal(createPrivilege, role.GetActions()[0].Action) a.Len(role.GetInheritedRoles(), 1) - a.Equal(enableSharding, role.GetInheritedRoles()[0].Role) + a.Equal(enableShardingRole, role.GetInheritedRoles()[0].Role) }) t.Run("List", func(t *testing.T) { @@ -101,7 +103,7 @@ func TestDBRoles(t *testing.T) { a.Len(role.GetActions(), 1) a.Equal(createPrivilege, role.GetActions()[0].Action) a.Len(role.GetInheritedRoles(), 1) - a.Equal(enableSharding, role.GetInheritedRoles()[0].Role) + a.Equal(enableShardingRole, role.GetInheritedRoles()[0].Role) }) t.Run("Update with append", func(t *testing.T) { @@ -109,6 +111,7 @@ func TestDBRoles(t *testing.T) { customDBRoleEntity, "update", roleName, + "--inheritedRole", readInheritedRole, "--privilege", updatePrivilege, "--privilege", fmt.Sprintf("%s@db2.collection", createPrivilege), "--append", @@ -126,8 +129,9 @@ func TestDBRoles(t *testing.T) { a.ElementsMatch( []string{role.GetActions()[0].Action, role.GetActions()[1].Action}, []string{updatePrivilege, createPrivilege}) - a.Len(role.GetInheritedRoles(), 1) - a.Equal(enableSharding, role.GetInheritedRoles()[0].Role) + a.ElementsMatch( + []string{enableShardingRole, readRole}, + []string{role.GetInheritedRoles()[0].Role, role.GetInheritedRoles()[1].Role}) }) t.Run("Update", func(t *testing.T) { @@ -135,6 +139,7 @@ func TestDBRoles(t *testing.T) { customDBRoleEntity, "update", roleName, + "--inheritedRole", enableShardingInheritedRole, "--privilege", updatePrivilege, "-o=json") cmd.Env = os.Environ() @@ -148,6 +153,8 @@ func TestDBRoles(t *testing.T) { a.Equal(roleName, role.RoleName) a.Len(role.GetActions(), 1) a.Equal(updatePrivilege, role.GetActions()[0].Action) + a.Len(role.GetInheritedRoles(), 1) + a.Equal(enableShardingRole, role.GetInheritedRoles()[0].Role) }) t.Run("Delete", func(t *testing.T) { diff --git a/test/e2e/iam/atlas_custom_db_roles_test.go b/test/e2e/iam/atlas_custom_db_roles_test.go deleted file mode 100644 index 8d02d1f362..0000000000 --- a/test/e2e/iam/atlas_custom_db_roles_test.go +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright 2024 MongoDB Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:build e2e || (iam && atlas) - -package iam_test - -import ( - "encoding/json" - "fmt" - "os" - "os/exec" - "testing" - - "github.com/mongodb/mongodb-atlas-cli/test/e2e" - "github.com/stretchr/testify/require" - atlasv2 "go.mongodb.org/atlas-sdk/v20231115007/admin" -) - -func TestAtlasCustomDbRoles(t *testing.T) { - cliPath, err := e2e.AtlasCLIBin() - require.NoError(t, err) - - n, err := e2e.RandInt(1000) - require.NoError(t, err) - - projectName := fmt.Sprintf("e2e-proj-%v", n) - projectID, err := e2e.CreateProject(projectName) - require.NoError(t, err) - t.Cleanup(func() { - e2e.DeleteProjectWithRetry(t, projectID) - }) - - role := "testDbRole" - clusterRes := &[]atlasv2.DatabasePermittedNamespaceResource{{Cluster: true}} - - t.Run("Create", func(t *testing.T) { - cmd := exec.Command(cliPath, - customDBRoles, - "create", - role, - "--inheritedRole", - "read@mydb", - "--privilege", - "LIST_DATABASES", - "--projectId", - projectID, - "-o=json") - cmd.Env = os.Environ() - resp, err := cmd.CombinedOutput() - require.NoError(t, err, string(resp)) - }) - - t.Run("Describe", func(t *testing.T) { - cmd := exec.Command(cliPath, - customDBRoles, - "describe", - role, - "--projectId", - projectID, - "-o=json") - cmd.Env = os.Environ() - resp, err := cmd.CombinedOutput() - require.NoError(t, err, string(resp)) - - var customDBRole atlasv2.UserCustomDBRole - require.NoError(t, json.Unmarshal(resp, &customDBRole), string(resp)) - expected := atlasv2.UserCustomDBRole{ - RoleName: role, - Actions: &[]atlasv2.DatabasePrivilegeAction{ - {Action: "LIST_DATABASES", Resources: clusterRes}, - }, - InheritedRoles: &[]atlasv2.DatabaseInheritedRole{ - {Db: "mydb", Role: "read"}, - }, - } - require.Equal(t, expected, customDBRole) - }) - - t.Run("Update", func(t *testing.T) { - cmd := exec.Command(cliPath, - customDBRoles, - "update", - role, - "--inheritedRole", - "readWrite@mydb", - "--privilege", - "GET_SHARD_MAP", - "--privilege", - "SHARDING_STATE", - "--append", - "--projectId", - projectID, - "-o=json") - cmd.Env = os.Environ() - resp, err := cmd.CombinedOutput() - require.NoError(t, err, string(resp)) - }) - - t.Run("List", func(t *testing.T) { - cmd := exec.Command(cliPath, - customDBRoles, - "list", - "--projectId", - projectID, - "-o=json") - cmd.Env = os.Environ() - resp, err := cmd.CombinedOutput() - require.NoError(t, err, string(resp)) - - var customDBRoles []atlasv2.UserCustomDBRole - require.NoError(t, json.Unmarshal(resp, &customDBRoles), string(resp)) - require.Len(t, customDBRoles, 1) - - expectedActions := []atlasv2.DatabasePrivilegeAction{ - {Action: "GET_SHARD_MAP", Resources: clusterRes}, - {Action: "SHARDING_STATE", Resources: clusterRes}, - {Action: "LIST_DATABASES", Resources: clusterRes}, - } - require.ElementsMatch(t, expectedActions, customDBRoles[0].GetActions()) - - expectedRoles := []atlasv2.DatabaseInheritedRole{ - {Db: "mydb", Role: "readWrite"}, - {Db: "mydb", Role: "read"}, - } - require.ElementsMatch(t, expectedRoles, customDBRoles[0].GetInheritedRoles()) - }) - - t.Run("Delete", func(t *testing.T) { - cmd := exec.Command(cliPath, - customDBRoles, - "delete", - role, - "--force", - "--projectId", - projectID) - cmd.Env = os.Environ() - resp, err := cmd.CombinedOutput() - require.NoError(t, err, string(resp)) - }) -} From e874959f715ec071ba411e41f4e93418c37140fd Mon Sep 17 00:00:00 2001 From: Ciprian Tibulca Date: Fri, 1 Mar 2024 10:15:43 +0000 Subject: [PATCH 4/4] CLOUDP-234532: fix atlas customDbRoles update command --- test/e2e/iam/helper_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/test/e2e/iam/helper_test.go b/test/e2e/iam/helper_test.go index a3c5304c22..90002d7ae5 100644 --- a/test/e2e/iam/helper_test.go +++ b/test/e2e/iam/helper_test.go @@ -36,7 +36,6 @@ const ( projectsEntity = "projects" teamsEntity = "teams" invitationsEntity = "invitations" - customDBRoles = "customDbRoles" ) const (