diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferential.kt b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferential.kt index e1722e156..98b15672f 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferential.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferential.kt @@ -14,7 +14,6 @@ data class SubjectReferential( val subjectId: Sub, val subjectType: SubjectType, val subjectInfo: Json, - val serviceAccountId: Sub? = null, val globalRoles: List? = null, val groupsMemberships: List? = null ) { diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferentialService.kt b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferentialService.kt index 135da645a..c932846a8 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferentialService.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/authorization/SubjectReferentialService.kt @@ -29,20 +29,16 @@ class SubjectReferentialService( .sql( """ INSERT INTO subject_referential - (subject_id, subject_type, subject_info, service_account_id, global_roles, - groups_memberships) - VALUES (:subject_id, :subject_type, :subject_info, :service_account_id, :global_roles, - :groups_memberships) + (subject_id, subject_type, subject_info, global_roles, groups_memberships) + VALUES (:subject_id, :subject_type, :subject_info, :global_roles, :groups_memberships) ON CONFLICT (subject_id) - DO UPDATE SET service_account_id = :service_account_id, - global_roles = :global_roles, + DO UPDATE SET global_roles = :global_roles, groups_memberships = :groups_memberships """.trimIndent() ) .bind("subject_id", subjectReferential.subjectId) .bind("subject_type", subjectReferential.subjectType.toString()) .bind("subject_info", subjectReferential.subjectInfo) - .bind("service_account_id", subjectReferential.serviceAccountId) .bind("global_roles", subjectReferential.globalRoles?.map { it.key }?.toTypedArray()) .bind("groups_memberships", subjectReferential.groupsMemberships?.toTypedArray()) .execute() @@ -53,7 +49,7 @@ class SubjectReferentialService( """ SELECT * FROM subject_referential - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", sub) @@ -65,18 +61,15 @@ class SubjectReferentialService( databaseClient .sql( """ - SELECT subject_id, service_account_id, groups_memberships + SELECT subject_id, groups_memberships FROM subject_referential - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", (sub as Some).value) .oneToResult(AccessDeniedException("No subject information found for ${sub.value}")) { - val subs = toOptionalList(it["groups_memberships"]).orEmpty() + toOptionalList(it["groups_memberships"]).orEmpty() .plus(it["subject_id"] as Sub) - if (it["service_account_id"] != null) - subs.plus(it["service_account_id"] as Sub) - else subs } suspend fun getGroups(sub: Option, offset: Int, limit: Int): List = @@ -86,7 +79,7 @@ class SubjectReferentialService( WITH groups_memberships AS ( SELECT unnest(groups_memberships) as groups FROM subject_referential - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id ) SELECT subject_id AS group_id, (subject_info->'value'->>'name') AS name FROM subject_referential @@ -114,7 +107,7 @@ class SubjectReferentialService( SELECT count(sr.g_m) as count FROM subject_referential CROSS JOIN LATERAL unnest(subject_referential.groups_memberships) as sr(g_m) - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", (sub as Some).value) @@ -127,7 +120,7 @@ class SubjectReferentialService( WITH groups_memberships AS ( SELECT distinct(unnest(groups_memberships)) as groups FROM subject_referential - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id ) SELECT subject_id AS group_id, (subject_info->'value'->>'name') AS name, (subject_id IN (SELECT groups FROM groups_memberships)) AS is_member @@ -223,7 +216,7 @@ class SubjectReferentialService( """ UPDATE subject_referential SET global_roles = :global_roles - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", sub) @@ -237,7 +230,7 @@ class SubjectReferentialService( """ UPDATE subject_referential SET global_roles = null - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", sub) @@ -250,7 +243,7 @@ class SubjectReferentialService( """ UPDATE subject_referential SET groups_memberships = array_append(groups_memberships, :group_id::text) - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", sub) @@ -264,7 +257,7 @@ class SubjectReferentialService( """ UPDATE subject_referential SET groups_memberships = array_remove(groups_memberships, :group_id::text) - WHERE (subject_id = :subject_id OR service_account_id = :subject_id) + WHERE subject_id = :subject_id """.trimIndent() ) .bind("subject_id", sub) @@ -277,7 +270,7 @@ class SubjectReferentialService( .sql( """ UPDATE subject_referential - SET service_account_id = :service_account_id + SET subject_id = :service_account_id WHERE subject_id = :subject_id """.trimIndent() ) @@ -314,7 +307,6 @@ class SubjectReferentialService( subjectId = row["subject_id"] as Sub, subjectType = SubjectType.valueOf(row["subject_type"] as String), subjectInfo = toJson(row["subject_info"]), - serviceAccountId = row["service_account_id"] as? Sub, globalRoles = toOptionalList(row["global_roles"]) ?.mapNotNull { GlobalRole.forKey(it).getOrElse { null } }, groupsMemberships = toOptionalList(row["groups_memberships"]) diff --git a/search-service/src/main/kotlin/com/egm/stellio/search/listener/IAMListener.kt b/search-service/src/main/kotlin/com/egm/stellio/search/listener/IAMListener.kt index 5e37b8502..1bb77b9e7 100644 --- a/search-service/src/main/kotlin/com/egm/stellio/search/listener/IAMListener.kt +++ b/search-service/src/main/kotlin/com/egm/stellio/search/listener/IAMListener.kt @@ -111,30 +111,34 @@ class IAMListener( val operationPayload = attributeAppendEvent.operationPayload.deserializeAsMap() val subjectUuid = attributeAppendEvent.entityId.extractSub() mono { - if (attributeAppendEvent.attributeName == AUTH_TERM_ROLES) { - val newRoles = (operationPayload[JSONLD_VALUE_TERM] as List<*>).map { - GlobalRole.forKey(it as String) - }.flattenOption() - if (newRoles.isNotEmpty()) - subjectReferentialService.setGlobalRoles(subjectUuid, newRoles) - else - subjectReferentialService.resetGlobalRoles(subjectUuid) - } else if (attributeAppendEvent.attributeName == AUTH_TERM_SID) { - val serviceAccountId = operationPayload[JSONLD_VALUE_TERM] as String - subjectReferentialService.addServiceAccountIdToClient( - subjectUuid, - serviceAccountId.extractSub() - ) - } else if (attributeAppendEvent.attributeName == AUTH_TERM_IS_MEMBER_OF) { - val groupId = operationPayload[JSONLD_OBJECT] as String - subjectReferentialService.addGroupMembershipToUser( - subjectUuid, - groupId.extractSub() - ) - } else { - BadRequestDataException( - "Received unknown attribute name: ${attributeAppendEvent.attributeName}" - ).left() + when (attributeAppendEvent.attributeName) { + AUTH_TERM_ROLES -> { + val newRoles = (operationPayload[JSONLD_VALUE_TERM] as List<*>).map { + GlobalRole.forKey(it as String) + }.flattenOption() + if (newRoles.isNotEmpty()) + subjectReferentialService.setGlobalRoles(subjectUuid, newRoles) + else + subjectReferentialService.resetGlobalRoles(subjectUuid) + } + AUTH_TERM_SID -> { + val serviceAccountId = operationPayload[JSONLD_VALUE_TERM] as String + subjectReferentialService.addServiceAccountIdToClient( + subjectUuid, + serviceAccountId.extractSub() + ) + } + AUTH_TERM_IS_MEMBER_OF -> { + val groupId = operationPayload[JSONLD_OBJECT] as String + subjectReferentialService.addGroupMembershipToUser( + subjectUuid, + groupId.extractSub() + ) + } + else -> + BadRequestDataException( + "Received unknown attribute name: ${attributeAppendEvent.attributeName}" + ).left() } }.writeContextAndSubscribe(tenantName, attributeAppendEvent) } diff --git a/search-service/src/main/resources/db/migration/V0_40__migrate_service_account_to_subject_column.sql b/search-service/src/main/resources/db/migration/V0_40__migrate_service_account_to_subject_column.sql new file mode 100644 index 000000000..50169e85d --- /dev/null +++ b/search-service/src/main/resources/db/migration/V0_40__migrate_service_account_to_subject_column.sql @@ -0,0 +1,7 @@ +update subject_referential + set subject_id = service_account_id + where service_account_id is not null + and subject_type = 'CLIENT'; + +alter table subject_referential + drop column service_account_id; diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt index 8b545b308..2c16afc3a 100644 --- a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt +++ b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/EntityAccessRightsServiceTests.kt @@ -543,12 +543,7 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { fun `it should get other subject rights for all kinds of subjects`() = runTest { createSubjectReferential(subjectUuid, SubjectType.USER, getSubjectInfoForUser("stellio")) createSubjectReferential(groupUuid, SubjectType.GROUP, getSubjectInfoForGroup("Stellio Team")) - createSubjectReferential( - UUID.randomUUID().toString(), - SubjectType.CLIENT, - getSubjectInfoForClient("IoT Device"), - clientUuid - ) + createSubjectReferential(clientUuid, SubjectType.CLIENT, getSubjectInfoForClient("IoT Device")) entityAccessRightsService.setRoleOnEntity(subjectUuid, entityId01, AccessRight.R_CAN_WRITE).shouldSucceed() entityAccessRightsService.setRoleOnEntity(groupUuid, entityId01, AccessRight.R_CAN_READ).shouldSucceed() @@ -588,15 +583,13 @@ class EntityAccessRightsServiceTests : WithTimescaleContainer { private suspend fun createSubjectReferential( subjectId: String, subjectType: SubjectType, - subjectInfo: Json, - serviceAccountId: String? = null + subjectInfo: Json ) { subjectReferentialService.create( SubjectReferential( subjectId = subjectId, subjectType = subjectType, - subjectInfo = subjectInfo, - serviceAccountId = serviceAccountId + subjectInfo = subjectInfo ) ) } diff --git a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/SubjectReferentialServiceTests.kt b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/SubjectReferentialServiceTests.kt index c27cac98e..26b21fedd 100644 --- a/search-service/src/test/kotlin/com/egm/stellio/search/authorization/SubjectReferentialServiceTests.kt +++ b/search-service/src/test/kotlin/com/egm/stellio/search/authorization/SubjectReferentialServiceTests.kt @@ -30,7 +30,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Autowired private lateinit var r2dbcEntityTemplate: R2dbcEntityTemplate - private val subjectUuid = "0768A6D5-D87B-4209-9A22-8C40A8961A79" + private val userUuid = "0768A6D5-D87B-4209-9A22-8C40A8961A79" private val serviceAccountUuid = "3CB80121-B2D6-4F76-BE97-B459CCC3AF72" private val groupUuid = "52A916AB-19E6-4D3B-B629-936BC8E5B640" @@ -44,7 +44,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should persist a subject referential`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_ADMIN) @@ -59,7 +59,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should retrieve a subject referential`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_ADMIN) @@ -67,9 +67,9 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential) - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { - assertEquals(subjectUuid, it.subjectId) + assertEquals(userUuid, it.subjectId) assertEquals(SubjectType.USER, it.subjectType) assertEquals(listOf(STELLIO_ADMIN), it.globalRoles) } @@ -78,7 +78,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should retrieve a subject referential with subject info`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = getSubjectInfoForUser("stellio"), globalRoles = listOf(STELLIO_ADMIN) @@ -86,7 +86,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential).shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { val subjectInfo = it.getSubjectInfoValue() assertTrue(subjectInfo.containsKey("username")) @@ -98,7 +98,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { fun `it should retrieve UUIDs from user and groups memberships`() = runTest { val groupsUuids = List(3) { UUID.randomUUID().toString() } val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, groupsMemberships = groupsUuids @@ -106,45 +106,44 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential) - subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)) + subjectReferentialService.getSubjectAndGroupsUUID(Some(userUuid)) .shouldSucceedWith { assertEquals(4, it.size) - assertTrue(it.containsAll(groupsUuids.plus(subjectUuid))) + assertTrue(it.containsAll(groupsUuids.plus(userUuid))) } } @Test fun `it should retrieve UUIDs from user when it has no groups memberships`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)) + subjectReferentialService.getSubjectAndGroupsUUID(Some(userUuid)) .shouldSucceedWith { assertEquals(1, it.size) - assertTrue(it.contains(subjectUuid)) + assertTrue(it.contains(userUuid)) } } @Test fun `it should retrieve UUIDs from client and service account`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = serviceAccountUuid, subjectType = SubjectType.CLIENT, - subjectInfo = EMPTY_JSON_PAYLOAD, - serviceAccountId = serviceAccountUuid + subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)) + subjectReferentialService.getSubjectAndGroupsUUID(Some(serviceAccountUuid)) .shouldSucceedWith { - assertEquals(2, it.size) - assertTrue(it.containsAll(listOf(serviceAccountUuid, subjectUuid))) + assertEquals(1, it.size) + assertThat(it).containsAll(listOf(serviceAccountUuid)) } } @@ -152,19 +151,18 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { fun `it should retrieve UUIDs from client, service account and groups memberships`() = runTest { val groupsUuids = List(2) { UUID.randomUUID().toString() } val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = serviceAccountUuid, subjectType = SubjectType.CLIENT, subjectInfo = EMPTY_JSON_PAYLOAD, - serviceAccountId = serviceAccountUuid, groupsMemberships = groupsUuids ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)) + subjectReferentialService.getSubjectAndGroupsUUID(Some(serviceAccountUuid)) .shouldSucceedWith { - assertEquals(4, it.size) - assertTrue(it.containsAll(groupsUuids.plus(serviceAccountUuid).plus(subjectUuid))) + assertEquals(3, it.size) + assertThat(it).containsAll(groupsUuids.plus(serviceAccountUuid)) } } @@ -183,7 +181,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { } val userGroupsUuids = allGroupsUuids.subList(0, 2) val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, groupsMemberships = userGroupsUuids @@ -191,7 +189,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential) - val groups = subjectReferentialService.getGroups(Some(subjectUuid), 0, 10) + val groups = subjectReferentialService.getGroups(Some(userUuid), 0, 10) assertEquals(2, groups.size) groups.forEach { @@ -200,7 +198,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { assertTrue(it.isMember) } - subjectReferentialService.getCountGroups(Some(subjectUuid)) + subjectReferentialService.getCountGroups(Some(userUuid)) .shouldSucceedWith { assertEquals(2, it) } } @@ -219,7 +217,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { } val userGroupsUuids = allGroupsUuids.subList(0, 2) val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, groupsMemberships = userGroupsUuids @@ -227,7 +225,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential) - val groups = subjectReferentialService.getAllGroups(Some(subjectUuid), 0, 10) + val groups = subjectReferentialService.getAllGroups(Some(userUuid), 0, 10) assertEquals(3, groups.size) groups.forEach { @@ -309,21 +307,21 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should update the global role of a subject`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectInfo = EMPTY_JSON_PAYLOAD, subjectType = SubjectType.USER ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.setGlobalRoles(subjectUuid, listOf(STELLIO_ADMIN)) - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.setGlobalRoles(userUuid, listOf(STELLIO_ADMIN)) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { assertEquals(listOf(STELLIO_ADMIN), it.globalRoles) } - subjectReferentialService.resetGlobalRoles(subjectUuid) - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.resetGlobalRoles(userUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { assertNull(it.globalRoles) } @@ -332,7 +330,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should find if an user is a stellio admin or not`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_ADMIN) @@ -340,21 +338,21 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(subjectReferential) - subjectReferentialService.hasStellioAdminRole(listOf(subjectUuid)) + subjectReferentialService.hasStellioAdminRole(listOf(userUuid)) .shouldSucceedWith { assertTrue(it) } - subjectReferentialService.resetGlobalRoles(subjectUuid) + subjectReferentialService.resetGlobalRoles(userUuid) - subjectReferentialService.hasStellioAdminRole(listOf(subjectUuid)) + subjectReferentialService.hasStellioAdminRole(listOf(userUuid)) .shouldSucceedWith { assertFalse(it) } - subjectReferentialService.setGlobalRoles(subjectUuid, listOf(STELLIO_ADMIN, STELLIO_CREATOR)) + subjectReferentialService.setGlobalRoles(userUuid, listOf(STELLIO_ADMIN, STELLIO_CREATOR)) - subjectReferentialService.hasStellioAdminRole(listOf(subjectUuid)) + subjectReferentialService.hasStellioAdminRole(listOf(userUuid)) .shouldSucceedWith { assertTrue(it) } @@ -363,17 +361,17 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should add a group membership to an user`() = runTest { val userAccessRights = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(userAccessRights) - subjectReferentialService.addGroupMembershipToUser(subjectUuid, groupUuid) + subjectReferentialService.addGroupMembershipToUser(userUuid, groupUuid) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { assertThat(it.groupsMemberships).containsAll(listOf(groupUuid)) } @@ -382,20 +380,20 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should add a group membership to an user inside an existing list`() = runTest { val userAccessRights = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(userAccessRights) - subjectReferentialService.addGroupMembershipToUser(subjectUuid, groupUuid) + subjectReferentialService.addGroupMembershipToUser(userUuid, groupUuid) val newGroupUuid = UUID.randomUUID().toString() - subjectReferentialService.addGroupMembershipToUser(subjectUuid, newGroupUuid) + subjectReferentialService.addGroupMembershipToUser(userUuid, newGroupUuid) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { assertThat(it.groupsMemberships).containsAll(listOf(groupUuid, newGroupUuid)) } @@ -404,18 +402,18 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should remove a group membership to an user`() = runTest { val userAccessRights = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(userAccessRights) - subjectReferentialService.addGroupMembershipToUser(subjectUuid, groupUuid) + subjectReferentialService.addGroupMembershipToUser(userUuid, groupUuid) - subjectReferentialService.removeGroupMembershipToUser(subjectUuid, groupUuid) + subjectReferentialService.removeGroupMembershipToUser(userUuid, groupUuid) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { assertTrue(it.groupsMemberships?.isEmpty() ?: false) } @@ -424,7 +422,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should add a service account id to a client`() = runTest { val userAccessRights = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) @@ -433,29 +431,29 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { val serviceAccountId = UUID.randomUUID().toString() - subjectReferentialService.addServiceAccountIdToClient(subjectUuid, serviceAccountId) + subjectReferentialService.addServiceAccountIdToClient(userUuid, serviceAccountId) .shouldSucceed() subjectReferentialService.retrieve(serviceAccountId) .shouldSucceedWith { - assertEquals(serviceAccountId, it.serviceAccountId) + assertEquals(serviceAccountId, it.subjectId) } } @Test fun `it should update an existing subject info for an user`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = getSubjectInfoForUser("stellio") ) subjectReferentialService.create(subjectReferential).shouldSucceed() - subjectReferentialService.updateSubjectInfo(subjectUuid, Pair("username", "stellio v2")) + subjectReferentialService.updateSubjectInfo(userUuid, Pair("username", "stellio v2")) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { val newValue = it.getSubjectInfoValue() assertTrue(newValue.containsKey("username")) @@ -466,17 +464,17 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should add a subject info for an user`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = getSubjectInfoForUser("stellio") ) subjectReferentialService.create(subjectReferential).shouldSucceed() - subjectReferentialService.updateSubjectInfo(subjectUuid, Pair("givenName", "Blaise")) + subjectReferentialService.updateSubjectInfo(userUuid, Pair("givenName", "Blaise")) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .shouldSucceedWith { val newValue = it.getSubjectInfoValue() assertTrue(newValue.containsKey("username")) @@ -489,7 +487,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should delete a subject referential`() = runTest { val userAccessRights = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_ADMIN) @@ -497,10 +495,10 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { subjectReferentialService.create(userAccessRights) - subjectReferentialService.delete(subjectUuid) + subjectReferentialService.delete(userUuid) .shouldSucceed() - subjectReferentialService.retrieve(subjectUuid) + subjectReferentialService.retrieve(userUuid) .fold({ assertInstanceOf(AccessDeniedException::class.java, it) }, { @@ -511,38 +509,38 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { @Test fun `it should return false when user does not have the requested roles`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.hasOneOfGlobalRoles(listOf(subjectUuid), CREATION_ROLES) + subjectReferentialService.hasOneOfGlobalRoles(listOf(userUuid), CREATION_ROLES) .shouldSucceedWith { assertFalse(it) } } @Test fun `it should return true when user has admin roles`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_ADMIN) ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.hasOneOfGlobalRoles(listOf(subjectUuid), ADMIN_ROLES) + subjectReferentialService.hasOneOfGlobalRoles(listOf(userUuid), ADMIN_ROLES) .shouldSucceedWith { assertTrue(it) } } @Test fun `it should return true when user has creation roles`() = runTest { val subjectReferential = SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = listOf(STELLIO_CREATOR, STELLIO_ADMIN) ) subjectReferentialService.create(subjectReferential) - subjectReferentialService.hasOneOfGlobalRoles(listOf(subjectUuid), CREATION_ROLES) + subjectReferentialService.hasOneOfGlobalRoles(listOf(userUuid), CREATION_ROLES) .shouldSucceedWith { assertTrue(it) } } @@ -550,7 +548,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { fun `it should return true when user has a global role inherited from a group`() = runTest { subjectReferentialService.create( SubjectReferential( - subjectId = subjectUuid, + subjectId = userUuid, subjectType = SubjectType.USER, subjectInfo = EMPTY_JSON_PAYLOAD, globalRoles = emptyList(), @@ -565,7 +563,7 @@ class SubjectReferentialServiceTests : WithTimescaleContainer { globalRoles = listOf(STELLIO_CREATOR, STELLIO_ADMIN) ) ) - val uuids = subjectReferentialService.getSubjectAndGroupsUUID(Some(subjectUuid)).shouldSucceedAndResult() + val uuids = subjectReferentialService.getSubjectAndGroupsUUID(Some(userUuid)).shouldSucceedAndResult() subjectReferentialService.hasOneOfGlobalRoles(uuids, CREATION_ROLES) .shouldSucceedWith { assertTrue(it) } }