test: add e2e-tests

goto · Jul 9, 2024 · f149322 · f149322
1 parent 652e968
commit f149322
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 6 deletions.
diff --git a/internal/adapter/relation.go b/internal/adapter/relation.go
@@ -2,7 +2,6 @@ package adapter
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"slices"
 
@@ -48,14 +47,12 @@ func (a Relation) TransformRelation(ctx context.Context, rlt relation.RelationV2
 			roleID := rel.Object.NamespaceID + ":" + rel.Subject.RoleID
 			role, err := a.roleService.Get(ctx, roleID)
 			if err != nil {
-				return relation.RelationV2{}, err
+				return relation.RelationV2{}, fmt.Errorf("error fetching role: %s", err.Error())
 			}
 			if !slices.Contains(role.Types, schema.UserPrincipalWildcard) {
-				return relation.RelationV2{}, errors.New("this does not allow wildcard")
+				return relation.RelationV2{}, fmt.Errorf("%s does not allow wildcard for subject %s", rlt.Object.NamespaceID, rlt.Subject.Namespace)
 			}
-		}
-
-		if !uuid.IsValid(userID) && userID != WILDCARD {
+		} else if !uuid.IsValid(userID) {
 			fetchedUser, err := a.userService.GetByEmail(ctx, rel.Subject.ID)
 			if err != nil {
 				return relation.RelationV2{}, fmt.Errorf("%w: %s", relation.ErrFetchingUser, err.Error())

diff --git a/test/e2e_test/smoke/api_test.go b/test/e2e_test/smoke/api_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/goto/shield/config"
+	"github.com/goto/shield/internal/schema"
 	shieldv1beta1 "github.com/goto/shield/proto/v1beta1"
 	"github.com/goto/shield/test/e2e_test/testbench"
 	"github.com/stretchr/testify/suite"
@@ -91,6 +92,42 @@ func (s *EndToEndAPISmokeTestSuite) TestUserAPI() {
 	})
 }
 
+func (s *EndToEndAPISmokeTestSuite) TestRelationsAPI() {
+	ctxOrgAdminAuth := metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{
+		testbench.IdentityHeader: testbench.OrgAdminEmail,
+	}))
+
+	s.Run("1. should fail when trying to create wildcard relation", func() {
+		oRes, err := s.client.ListOrganizations(ctxOrgAdminAuth, &shieldv1beta1.ListOrganizationsRequest{})
+		s.Require().NoError(err)
+
+		_, err = s.client.CreateRelation(ctxOrgAdminAuth, &shieldv1beta1.CreateRelationRequest{
+			Body: &shieldv1beta1.RelationRequestBody{
+				ObjectId:        oRes.Organizations[0].Id,
+				ObjectNamespace: schema.OrganizationNamespace,
+				Subject:         schema.UserPrincipalWildcard,
+				RoleName:        schema.OwnerRole,
+			},
+		})
+		s.Assert().Error(err)
+	})
+
+	s.Run("2. should allow relation creation with wildcard", func() {
+		res, err := s.client.ListResources(ctxOrgAdminAuth, &shieldv1beta1.ListResourcesRequest{})
+		s.Require().NoError(err)
+
+		_, err = s.client.CreateRelation(ctxOrgAdminAuth, &shieldv1beta1.CreateRelationRequest{
+			Body: &shieldv1beta1.RelationRequestBody{
+				ObjectId:        res.Resources[0].Id,
+				ObjectNamespace: schema.ServiceDataKeyNamespace,
+				Subject:         schema.UserPrincipalWildcard,
+				RoleName:        schema.ViewerRole,
+			},
+		})
+		s.Assert().NoError(err)
+	})
+}
+
 func TestEndToEndAPISmokeTestSuite(t *testing.T) {
 	suite.Run(t, new(EndToEndAPISmokeTestSuite))
 }