Merge pull request #13439 from wy65701436/robot2-mgr

add role permission manager for robot enhancement
This commit is contained in:
stonezdj(Daojun Zhang) 2020-11-11 10:35:10 +08:00 committed by GitHub
commit ca8cb87790
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 972 additions and 0 deletions

View File

@ -11,3 +11,30 @@ BEGIN
UPDATE artifact SET size=art_size WHERE id = art.id;
END LOOP;
END $$;
ALTER TABLE robot ADD COLUMN IF NOT EXISTS secret varchar(2048);
CREATE TABLE IF NOT EXISTS role_permission (
id SERIAL PRIMARY KEY NOT NULL,
role_type varchar(255) NOT NULL,
role_id int NOT NULL,
permission_policy_id int NOT NULL,
creation_time timestamp default CURRENT_TIMESTAMP,
CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, permission_policy_id)
);
CREATE TABLE IF NOT EXISTS permission_policy (
id SERIAL PRIMARY KEY NOT NULL,
/*
scope:
system level: /system
project level: /project/{id}
all project: /project/ *
*/
scope varchar(255) NOT NULL,
resource varchar(255),
action varchar(255),
effect varchar(255),
creation_time timestamp default CURRENT_TIMESTAMP,
CONSTRAINT unique_rbac_policy UNIQUE (scope, resource, action, effect)
);

149
src/pkg/rbac/dao/dao.go Normal file
View File

@ -0,0 +1,149 @@
package dao
import (
"context"
"github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/orm"
"github.com/goharbor/harbor/src/lib/q"
"github.com/goharbor/harbor/src/pkg/rbac/model"
"time"
)
// DAO is the data access object interface for rbac policy
type DAO interface {
// CreatePermission ...
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
// DeletePermission ...
DeletePermission(ctx context.Context, id int64) error
// ListPermissions ...
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
// DeletePermissionsByRole ...
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
// CreateRbacPolicy ...
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
// DeleteRbacPolicy ...
DeleteRbacPolicy(ctx context.Context, id int64) error
// ListRbacPolicies list PermissionPolicy according to the query.
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
// GetPermissionsByRole ...
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
}
// New returns an instance of the default DAO
func New() DAO {
return &dao{}
}
type dao struct{}
func (d *dao) CreatePermission(ctx context.Context, rp *model.RolePermission) (id int64, err error) {
ormer, err := orm.FromContext(ctx)
if err != nil {
return 0, err
}
rp.CreationTime = time.Now()
return ormer.InsertOrUpdate(rp, "role_type, role_id, permission_policy_id")
}
func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) {
ormer, err := orm.FromContext(ctx)
if err != nil {
return err
}
n, err := ormer.Delete(&model.RolePermission{
ID: id,
})
if err != nil {
return err
}
if n == 0 {
return errors.NotFoundError(nil).WithMessage("role permission %d not found", id)
}
return nil
}
func (d *dao) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
rps := []*model.RolePermission{}
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, query)
if err != nil {
return nil, err
}
if _, err = qs.All(&rps); err != nil {
return nil, err
}
return rps, nil
}
func (d *dao) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, &q.Query{
Keywords: map[string]interface{}{
"role_type": roleType,
"role_id": roleID,
},
})
if err != nil {
return err
}
n, err := qs.Delete()
if err != nil {
return err
}
if n == 0 {
return errors.NotFoundError(nil).WithMessage("role permission %s:%d not found", roleType, roleID)
}
return err
}
func (d *dao) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (id int64, err error) {
ormer, err := orm.FromContext(ctx)
if err != nil {
return 0, err
}
pp.CreationTime = time.Now()
return ormer.InsertOrUpdate(pp, "scope, resource, action, effect")
}
func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
ormer, err := orm.FromContext(ctx)
if err != nil {
return err
}
n, err := ormer.Delete(&model.PermissionPolicy{
ID: id,
})
if err != nil {
return err
}
if n == 0 {
return errors.NotFoundError(nil).WithMessage("rbac policy %d not found", id)
}
return nil
}
func (d *dao) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
pps := []*model.PermissionPolicy{}
qs, err := orm.QuerySetter(ctx, &model.PermissionPolicy{}, query)
if err != nil {
return nil, err
}
if _, err = qs.All(&pps); err != nil {
return nil, err
}
return pps, nil
}
func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
var rps []*model.UniversalRolePermission
ormer, err := orm.FromContext(ctx)
if err != nil {
return rps, err
}
_, err = ormer.Raw("SELECT rper.role_type, rper.role_id, ppo.scope, ppo.resource, ppo.action, ppo.effect FROM role_permission AS rper LEFT JOIN permission_policy ppo ON (rper.permission_policy_id=ppo.id) where rper.role_type=? and rper.role_id=?", roleType, roleID).QueryRows(&rps)
if err != nil {
return rps, err
}
return rps, nil
}

View File

@ -0,0 +1,216 @@
package dao
import (
"fmt"
"github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/orm"
"github.com/goharbor/harbor/src/lib/q"
"github.com/goharbor/harbor/src/pkg/rbac/model"
htesting "github.com/goharbor/harbor/src/testing"
"github.com/stretchr/testify/suite"
"testing"
)
type DaoTestSuite struct {
htesting.Suite
dao DAO
permissionID1 int64
permissionID2 int64
permissionID3 int64
permissionID4 int64
rbacPolicyID1 int64
rbacPolicyID2 int64
rbacPolicyID3 int64
rbacPolicyID4 int64
}
func (suite *DaoTestSuite) SetupSuite() {
suite.Suite.SetupSuite()
suite.dao = New()
suite.Suite.ClearTables = []string{"rbac_policy", "role_permission"}
suite.prepareRolePermission()
suite.preparePermissionPolicy()
}
func (suite *DaoTestSuite) prepareRolePermission() {
rp := &model.RolePermission{
RoleType: "robot",
RoleID: 1,
PermissionPolicyID: 2,
}
id, err := suite.dao.CreatePermission(orm.Context(), rp)
suite.permissionID1 = id
suite.Nil(err)
rp2 := &model.RolePermission{
RoleType: "robot",
RoleID: 1,
PermissionPolicyID: 3,
}
id2, err := suite.dao.CreatePermission(orm.Context(), rp2)
suite.permissionID2 = id2
suite.Nil(err)
rp3 := &model.RolePermission{
RoleType: "robot",
RoleID: 1,
PermissionPolicyID: 4,
}
id3, err := suite.dao.CreatePermission(orm.Context(), rp3)
suite.permissionID3 = id3
suite.Nil(err)
rp4 := &model.RolePermission{
RoleType: "serviceaccount",
RoleID: 2,
PermissionPolicyID: 1,
}
id4, err := suite.dao.CreatePermission(orm.Context(), rp4)
suite.permissionID4 = id4
suite.Nil(err)
}
func (suite *DaoTestSuite) preparePermissionPolicy() {
rp := &model.PermissionPolicy{
Scope: "/system",
Resource: "label",
Action: "create",
}
id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
suite.rbacPolicyID1 = id
suite.Nil(err)
rp2 := &model.PermissionPolicy{
Scope: "/project/1",
Resource: "repository",
Action: "push",
}
id2, err := suite.dao.CreateRbacPolicy(orm.Context(), rp2)
suite.rbacPolicyID2 = id2
suite.Nil(err)
rp3 := &model.PermissionPolicy{
Scope: "/project/1",
Resource: "repository",
Action: "pull",
}
id3, err := suite.dao.CreateRbacPolicy(orm.Context(), rp3)
suite.rbacPolicyID3 = id3
suite.Nil(err)
rp4 := &model.PermissionPolicy{
Scope: "/project/2",
Resource: "helm-chart",
Action: "create",
}
id4, err := suite.dao.CreateRbacPolicy(orm.Context(), rp4)
suite.rbacPolicyID4 = id4
suite.Nil(err)
}
func (suite *DaoTestSuite) TestCreatePermission() {
rp := &model.RolePermission{
RoleType: "robot",
RoleID: 1,
PermissionPolicyID: 2,
}
_, err := suite.dao.CreatePermission(orm.Context(), rp)
suite.Nil(err)
}
func (suite *DaoTestSuite) TestDeletePermission() {
err := suite.dao.DeletePermission(orm.Context(), 1234)
suite.Require().NotNil(err)
suite.True(errors.IsErr(err, errors.NotFoundCode))
err = suite.dao.DeletePermission(orm.Context(), suite.permissionID2)
suite.Nil(err)
}
func (suite *DaoTestSuite) TestListPermissions() {
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
Keywords: map[string]interface{}{
"role_type": "robot",
"role_id": 1,
"permission_policy_id": 4,
},
})
suite.Require().Nil(err)
suite.Equal(int64(4), rps[0].PermissionPolicyID)
}
func (suite *DaoTestSuite) TestDeletePermissionsByRole() {
err := suite.dao.DeletePermissionsByRole(orm.Context(), "serviceaccount", 2)
suite.Require().Nil(err)
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
Keywords: map[string]interface{}{
"role_type": "serviceaccount",
"role_id": 2,
},
})
suite.Require().Nil(err)
suite.Equal(0, len(rps))
}
func (suite *DaoTestSuite) TestCreateRbacPolicy() {
rp := &model.PermissionPolicy{
Scope: "/system",
Resource: "label",
Action: "create",
}
_, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
suite.Nil(err)
}
func (suite *DaoTestSuite) TestDeleteRbacPolicy() {
err := suite.dao.DeleteRbacPolicy(orm.Context(), 1234)
suite.Require().NotNil(err)
suite.True(errors.IsErr(err, errors.NotFoundCode))
err = suite.dao.DeleteRbacPolicy(orm.Context(), suite.rbacPolicyID2)
suite.Nil(err)
}
func (suite *DaoTestSuite) TestListRbacPolicies() {
rps, err := suite.dao.ListRbacPolicies(orm.Context(), &q.Query{
Keywords: map[string]interface{}{
"scope": "/project/1",
"resource": "repository",
"action": "pull",
},
})
suite.Require().Nil(err)
suite.Equal(suite.rbacPolicyID3, rps[0].ID)
}
func (suite *DaoTestSuite) TestGetPermissionsByRole() {
rp := &model.PermissionPolicy{
Scope: "/system",
Resource: "label",
Action: "delete",
}
id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
suite.Nil(err)
rpe := &model.RolePermission{
RoleType: "TestGetPermissionsByRole",
RoleID: 1,
PermissionPolicyID: id,
}
_, err = suite.dao.CreatePermission(orm.Context(), rpe)
suite.Nil(err)
rpes, err := suite.dao.GetPermissionsByRole(orm.Context(), "TestGetPermissionsByRole", 1)
suite.Nil(err)
fmt.Println(rpes[0])
suite.Equal("/system", rpes[0].Scope)
}
func TestDaoTestSuite(t *testing.T) {
suite.Run(t, &DaoTestSuite{})
}

79
src/pkg/rbac/manager.go Normal file
View File

@ -0,0 +1,79 @@
package rbac
import (
"context"
"github.com/goharbor/harbor/src/lib/q"
"github.com/goharbor/harbor/src/pkg/rbac/dao"
"github.com/goharbor/harbor/src/pkg/rbac/model"
)
var (
// Mgr is a global role permission/rbac policy manager instance
Mgr = NewManager()
)
// Manager is the interface of role permission and rbac policy
type Manager interface {
// CreatePermission ...
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
// DeletePermission ...
DeletePermission(ctx context.Context, id int64) error
// ListPermissions list role permissions according to the query.
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
// DeletePermissionsByRole get permissions by role type and id
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
// CreateRbacPolicy ...
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
// DeleteRbacPolicy ...
DeleteRbacPolicy(ctx context.Context, id int64) error
// ListRbacPolicies list PermissionPolicy according to the query.
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
// GetPermissionsByRole ...
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
}
// NewManager returns an instance of the default manager
func NewManager() Manager {
return &manager{
dao.New(),
}
}
var _ Manager = &manager{}
type manager struct {
dao dao.DAO
}
func (m *manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
return m.dao.CreatePermission(ctx, rp)
}
func (m *manager) DeletePermission(ctx context.Context, id int64) error {
return m.dao.DeletePermission(ctx, id)
}
func (m *manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
return m.dao.ListPermissions(ctx, query)
}
func (m *manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
return m.dao.DeletePermissionsByRole(ctx, roleType, roleID)
}
func (m *manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
return m.dao.CreateRbacPolicy(ctx, pp)
}
func (m *manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
return m.dao.DeleteRbacPolicy(ctx, id)
}
func (m *manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
return m.dao.ListRbacPolicies(ctx, query)
}
func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
return m.dao.GetPermissionsByRole(ctx, roleType, roleID)
}

View File

@ -0,0 +1,108 @@
package rbac
import (
"context"
"github.com/goharbor/harbor/src/pkg/rbac/model"
"github.com/goharbor/harbor/src/testing/mock"
"github.com/goharbor/harbor/src/testing/pkg/rbac/dao"
"github.com/stretchr/testify/suite"
"testing"
)
type managerTestSuite struct {
suite.Suite
mgr *manager
dao *dao.DAO
}
func (m *managerTestSuite) SetupTest() {
m.dao = &dao.DAO{}
m.mgr = &manager{
dao: m.dao,
}
}
func (m *managerTestSuite) TestCreatePermission() {
m.dao.On("CreatePermission", mock.Anything, mock.Anything).Return(int64(1), nil)
_, err := m.mgr.CreatePermission(context.Background(), &model.RolePermission{})
m.Require().Nil(err)
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestDeletePermission() {
m.dao.On("DeletePermission", mock.Anything, mock.Anything).Return(nil)
err := m.mgr.DeletePermission(context.Background(), 1)
m.Require().Nil(err)
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestListPermissions() {
m.dao.On("ListPermissions", mock.Anything, mock.Anything).Return([]*model.RolePermission{
{
ID: 1,
RoleType: "robot",
RoleID: 2,
PermissionPolicyID: 3,
},
}, nil)
rpers, err := m.mgr.ListPermissions(context.Background(), nil)
m.Require().Nil(err)
m.Equal(1, len(rpers))
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestDeletePermissionsByRole() {
m.dao.On("DeletePermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil)
err := m.mgr.DeletePermissionsByRole(context.Background(), "robot", 1)
m.Require().Nil(err)
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestCreateRbacPolicy() {
m.dao.On("CreateRbacPolicy", mock.Anything, mock.Anything).Return(int64(1), nil)
_, err := m.mgr.CreateRbacPolicy(context.Background(), &model.PermissionPolicy{})
m.Require().Nil(err)
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestDeleteRbacPolicy() {
m.dao.On("DeleteRbacPolicy", mock.Anything, mock.Anything).Return(nil)
err := m.mgr.DeleteRbacPolicy(context.Background(), 1)
m.Require().Nil(err)
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestListRbacPolicies() {
m.dao.On("ListRbacPolicies", mock.Anything, mock.Anything).Return([]*model.PermissionPolicy{
{
ID: 1,
Scope: "/system",
Resource: "repository",
Action: "create",
},
}, nil)
rpers, err := m.mgr.ListRbacPolicies(context.Background(), nil)
m.Require().Nil(err)
m.Equal(1, len(rpers))
m.dao.AssertExpectations(m.T())
}
func (m *managerTestSuite) TestGetPermissionsByRole() {
m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.UniversalRolePermission{
{
RoleType: "robot",
RoleID: 1,
Scope: "/system",
Resource: "repository",
Action: "create",
},
}, nil)
rpers, err := m.mgr.GetPermissionsByRole(context.Background(), "robot", 1)
m.Require().Nil(err)
m.Equal(1, len(rpers))
m.dao.AssertExpectations(m.T())
}
func TestManager(t *testing.T) {
suite.Run(t, &managerTestSuite{})
}

View File

@ -0,0 +1,50 @@
package model
import (
"github.com/astaxie/beego/orm"
"time"
)
func init() {
orm.RegisterModel(&RolePermission{})
orm.RegisterModel(&PermissionPolicy{})
}
// RolePermission records the relations of role and permission
type RolePermission struct {
ID int64 `orm:"pk;auto;column(id)"`
RoleType string `orm:"column(role_type)"`
RoleID int64 `orm:"column(role_id)"`
PermissionPolicyID int64 `orm:"column(permission_policy_id)"`
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
}
// TableName for role permission
func (rp *RolePermission) TableName() string {
return "role_permission"
}
// PermissionPolicy records the policy of rbac
type PermissionPolicy struct {
ID int64 `orm:"pk;auto;column(id)"`
Scope string `orm:"column(scope)"`
Resource string `orm:"column(resource)"`
Action string `orm:"column(action)"`
Effect string `orm:"column(effect)"`
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
}
// TableName for permission policy
func (permissionPolicy *PermissionPolicy) TableName() string {
return "permission_policy"
}
// UniversalRolePermission ...
type UniversalRolePermission struct {
RoleType string `orm:"column(role_type)"`
RoleID int64 `orm:"column(role_id)"`
Scope string `orm:"column(scope)"`
Resource string `orm:"column(resource)"`
Action string `orm:"column(action)"`
Effect string `orm:"column(effect)"`
}

View File

@ -29,3 +29,5 @@ package pkg
//go:generate mockery --case snake --dir ../../pkg/task --name ExecutionManager --output ./task --outpkg task
//go:generate mockery --case snake --dir ../../pkg/user --name Manager --output ./user --outpkg user
//go:generate mockery --case snake --dir ../../pkg/robot/dao --name RobotAccountDao --output ./robot/dao --outpkg dao
//go:generate mockery --case snake --dir ../../pkg/rbac --name Manager --output ./rbac --outpkg rbac
//go:generate mockery --case snake --dir ../../pkg/rbac/dao --name DAO --output ./rbac/dao --outpkg dao

View File

@ -0,0 +1,171 @@
// Code generated by mockery v2.1.0. DO NOT EDIT.
package dao
import (
context "context"
mock "github.com/stretchr/testify/mock"
model "github.com/goharbor/harbor/src/pkg/rbac/model"
q "github.com/goharbor/harbor/src/lib/q"
)
// DAO is an autogenerated mock type for the DAO type
type DAO struct {
mock.Mock
}
// CreatePermission provides a mock function with given fields: ctx, rp
func (_m *DAO) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
ret := _m.Called(ctx, rp)
var r0 int64
if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
r0 = rf(ctx, rp)
} else {
r0 = ret.Get(0).(int64)
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
r1 = rf(ctx, rp)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
func (_m *DAO) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
ret := _m.Called(ctx, pp)
var r0 int64
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
r0 = rf(ctx, pp)
} else {
r0 = ret.Get(0).(int64)
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
r1 = rf(ctx, pp)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// DeletePermission provides a mock function with given fields: ctx, id
func (_m *DAO) DeletePermission(ctx context.Context, id int64) error {
ret := _m.Called(ctx, id)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
r0 = rf(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
func (_m *DAO) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
ret := _m.Called(ctx, roleType, roleID)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
r0 = rf(ctx, roleType, roleID)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeleteRbacPolicy provides a mock function with given fields: ctx, id
func (_m *DAO) DeleteRbacPolicy(ctx context.Context, id int64) error {
ret := _m.Called(ctx, id)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
r0 = rf(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
ret := _m.Called(ctx, roleType, roleID)
var r0 []*model.UniversalRolePermission
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
r0 = rf(ctx, roleType, roleID)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.UniversalRolePermission)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
r1 = rf(ctx, roleType, roleID)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListPermissions provides a mock function with given fields: ctx, query
func (_m *DAO) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
ret := _m.Called(ctx, query)
var r0 []*model.RolePermission
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
r0 = rf(ctx, query)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.RolePermission)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
r1 = rf(ctx, query)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListRbacPolicies provides a mock function with given fields: ctx, query
func (_m *DAO) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
ret := _m.Called(ctx, query)
var r0 []*model.PermissionPolicy
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
r0 = rf(ctx, query)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.PermissionPolicy)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
r1 = rf(ctx, query)
} else {
r1 = ret.Error(1)
}
return r0, r1
}

View File

@ -0,0 +1,170 @@
// Code generated by mockery v2.1.0. DO NOT EDIT.
package rbac
import (
context "context"
model "github.com/goharbor/harbor/src/pkg/rbac/model"
mock "github.com/stretchr/testify/mock"
q "github.com/goharbor/harbor/src/lib/q"
)
// Manager is an autogenerated mock type for the Manager type
type Manager struct {
mock.Mock
}
// CreatePermission provides a mock function with given fields: ctx, rp
func (_m *Manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
ret := _m.Called(ctx, rp)
var r0 int64
if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
r0 = rf(ctx, rp)
} else {
r0 = ret.Get(0).(int64)
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
r1 = rf(ctx, rp)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
func (_m *Manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
ret := _m.Called(ctx, pp)
var r0 int64
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
r0 = rf(ctx, pp)
} else {
r0 = ret.Get(0).(int64)
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
r1 = rf(ctx, pp)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// DeletePermission provides a mock function with given fields: ctx, id
func (_m *Manager) DeletePermission(ctx context.Context, id int64) error {
ret := _m.Called(ctx, id)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
r0 = rf(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
func (_m *Manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
ret := _m.Called(ctx, roleType, roleID)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
r0 = rf(ctx, roleType, roleID)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeleteRbacPolicy provides a mock function with given fields: ctx, id
func (_m *Manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
ret := _m.Called(ctx, id)
var r0 error
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
r0 = rf(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
ret := _m.Called(ctx, roleType, roleID)
var r0 []*model.UniversalRolePermission
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
r0 = rf(ctx, roleType, roleID)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.UniversalRolePermission)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
r1 = rf(ctx, roleType, roleID)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListPermissions provides a mock function with given fields: ctx, query
func (_m *Manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
ret := _m.Called(ctx, query)
var r0 []*model.RolePermission
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
r0 = rf(ctx, query)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.RolePermission)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
r1 = rf(ctx, query)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListRbacPolicies provides a mock function with given fields: ctx, query
func (_m *Manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
ret := _m.Called(ctx, query)
var r0 []*model.PermissionPolicy
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
r0 = rf(ctx, query)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*model.PermissionPolicy)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
r1 = rf(ctx, query)
} else {
r1 = ret.Error(1)
}
return r0, r1
}