mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-28 03:27:41 +01:00
Merge pull request #13439 from wy65701436/robot2-mgr
add role permission manager for robot enhancement
This commit is contained in:
commit
ca8cb87790
@ -11,3 +11,30 @@ BEGIN
|
||||
UPDATE artifact SET size=art_size WHERE id = art.id;
|
||||
END LOOP;
|
||||
END $$;
|
||||
|
||||
ALTER TABLE robot ADD COLUMN IF NOT EXISTS secret varchar(2048);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS role_permission (
|
||||
id SERIAL PRIMARY KEY NOT NULL,
|
||||
role_type varchar(255) NOT NULL,
|
||||
role_id int NOT NULL,
|
||||
permission_policy_id int NOT NULL,
|
||||
creation_time timestamp default CURRENT_TIMESTAMP,
|
||||
CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, permission_policy_id)
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS permission_policy (
|
||||
id SERIAL PRIMARY KEY NOT NULL,
|
||||
/*
|
||||
scope:
|
||||
system level: /system
|
||||
project level: /project/{id}
|
||||
all project: /project/ *
|
||||
*/
|
||||
scope varchar(255) NOT NULL,
|
||||
resource varchar(255),
|
||||
action varchar(255),
|
||||
effect varchar(255),
|
||||
creation_time timestamp default CURRENT_TIMESTAMP,
|
||||
CONSTRAINT unique_rbac_policy UNIQUE (scope, resource, action, effect)
|
||||
);
|
||||
|
149
src/pkg/rbac/dao/dao.go
Normal file
149
src/pkg/rbac/dao/dao.go
Normal file
@ -0,0 +1,149 @@
|
||||
package dao
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
"github.com/goharbor/harbor/src/lib/orm"
|
||||
"github.com/goharbor/harbor/src/lib/q"
|
||||
"github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
"time"
|
||||
)
|
||||
|
||||
// DAO is the data access object interface for rbac policy
|
||||
type DAO interface {
|
||||
// CreatePermission ...
|
||||
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
|
||||
// DeletePermission ...
|
||||
DeletePermission(ctx context.Context, id int64) error
|
||||
// ListPermissions ...
|
||||
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionsByRole ...
|
||||
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
|
||||
// CreateRbacPolicy ...
|
||||
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
|
||||
// DeleteRbacPolicy ...
|
||||
DeleteRbacPolicy(ctx context.Context, id int64) error
|
||||
// ListRbacPolicies list PermissionPolicy according to the query.
|
||||
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
|
||||
|
||||
// GetPermissionsByRole ...
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
|
||||
}
|
||||
|
||||
// New returns an instance of the default DAO
|
||||
func New() DAO {
|
||||
return &dao{}
|
||||
}
|
||||
|
||||
type dao struct{}
|
||||
|
||||
func (d *dao) CreatePermission(ctx context.Context, rp *model.RolePermission) (id int64, err error) {
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
rp.CreationTime = time.Now()
|
||||
return ormer.InsertOrUpdate(rp, "role_type, role_id, permission_policy_id")
|
||||
}
|
||||
|
||||
func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) {
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n, err := ormer.Delete(&model.RolePermission{
|
||||
ID: id,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if n == 0 {
|
||||
return errors.NotFoundError(nil).WithMessage("role permission %d not found", id)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *dao) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
rps := []*model.RolePermission{}
|
||||
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, err = qs.All(&rps); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return rps, nil
|
||||
}
|
||||
|
||||
func (d *dao) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": roleType,
|
||||
"role_id": roleID,
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n, err := qs.Delete()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if n == 0 {
|
||||
return errors.NotFoundError(nil).WithMessage("role permission %s:%d not found", roleType, roleID)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (d *dao) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (id int64, err error) {
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
pp.CreationTime = time.Now()
|
||||
return ormer.InsertOrUpdate(pp, "scope, resource, action, effect")
|
||||
}
|
||||
|
||||
func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n, err := ormer.Delete(&model.PermissionPolicy{
|
||||
ID: id,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if n == 0 {
|
||||
return errors.NotFoundError(nil).WithMessage("rbac policy %d not found", id)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *dao) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
pps := []*model.PermissionPolicy{}
|
||||
qs, err := orm.QuerySetter(ctx, &model.PermissionPolicy{}, query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, err = qs.All(&pps); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return pps, nil
|
||||
}
|
||||
|
||||
func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
var rps []*model.UniversalRolePermission
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return rps, err
|
||||
}
|
||||
_, err = ormer.Raw("SELECT rper.role_type, rper.role_id, ppo.scope, ppo.resource, ppo.action, ppo.effect FROM role_permission AS rper LEFT JOIN permission_policy ppo ON (rper.permission_policy_id=ppo.id) where rper.role_type=? and rper.role_id=?", roleType, roleID).QueryRows(&rps)
|
||||
if err != nil {
|
||||
return rps, err
|
||||
}
|
||||
|
||||
return rps, nil
|
||||
}
|
216
src/pkg/rbac/dao/dao_test.go
Normal file
216
src/pkg/rbac/dao/dao_test.go
Normal file
@ -0,0 +1,216 @@
|
||||
package dao
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
"github.com/goharbor/harbor/src/lib/orm"
|
||||
"github.com/goharbor/harbor/src/lib/q"
|
||||
"github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
htesting "github.com/goharbor/harbor/src/testing"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"testing"
|
||||
)
|
||||
|
||||
type DaoTestSuite struct {
|
||||
htesting.Suite
|
||||
dao DAO
|
||||
|
||||
permissionID1 int64
|
||||
permissionID2 int64
|
||||
permissionID3 int64
|
||||
permissionID4 int64
|
||||
|
||||
rbacPolicyID1 int64
|
||||
rbacPolicyID2 int64
|
||||
rbacPolicyID3 int64
|
||||
rbacPolicyID4 int64
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) SetupSuite() {
|
||||
suite.Suite.SetupSuite()
|
||||
suite.dao = New()
|
||||
suite.Suite.ClearTables = []string{"rbac_policy", "role_permission"}
|
||||
|
||||
suite.prepareRolePermission()
|
||||
suite.preparePermissionPolicy()
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) prepareRolePermission() {
|
||||
rp := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 2,
|
||||
}
|
||||
id, err := suite.dao.CreatePermission(orm.Context(), rp)
|
||||
suite.permissionID1 = id
|
||||
suite.Nil(err)
|
||||
|
||||
rp2 := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 3,
|
||||
}
|
||||
id2, err := suite.dao.CreatePermission(orm.Context(), rp2)
|
||||
suite.permissionID2 = id2
|
||||
suite.Nil(err)
|
||||
|
||||
rp3 := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 4,
|
||||
}
|
||||
id3, err := suite.dao.CreatePermission(orm.Context(), rp3)
|
||||
suite.permissionID3 = id3
|
||||
suite.Nil(err)
|
||||
|
||||
rp4 := &model.RolePermission{
|
||||
RoleType: "serviceaccount",
|
||||
RoleID: 2,
|
||||
PermissionPolicyID: 1,
|
||||
}
|
||||
id4, err := suite.dao.CreatePermission(orm.Context(), rp4)
|
||||
suite.permissionID4 = id4
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) preparePermissionPolicy() {
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "create",
|
||||
}
|
||||
id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
|
||||
suite.rbacPolicyID1 = id
|
||||
suite.Nil(err)
|
||||
|
||||
rp2 := &model.PermissionPolicy{
|
||||
Scope: "/project/1",
|
||||
Resource: "repository",
|
||||
Action: "push",
|
||||
}
|
||||
id2, err := suite.dao.CreateRbacPolicy(orm.Context(), rp2)
|
||||
suite.rbacPolicyID2 = id2
|
||||
suite.Nil(err)
|
||||
|
||||
rp3 := &model.PermissionPolicy{
|
||||
Scope: "/project/1",
|
||||
Resource: "repository",
|
||||
Action: "pull",
|
||||
}
|
||||
id3, err := suite.dao.CreateRbacPolicy(orm.Context(), rp3)
|
||||
suite.rbacPolicyID3 = id3
|
||||
suite.Nil(err)
|
||||
|
||||
rp4 := &model.PermissionPolicy{
|
||||
Scope: "/project/2",
|
||||
Resource: "helm-chart",
|
||||
Action: "create",
|
||||
}
|
||||
id4, err := suite.dao.CreateRbacPolicy(orm.Context(), rp4)
|
||||
suite.rbacPolicyID4 = id4
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestCreatePermission() {
|
||||
rp := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 2,
|
||||
}
|
||||
_, err := suite.dao.CreatePermission(orm.Context(), rp)
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestDeletePermission() {
|
||||
err := suite.dao.DeletePermission(orm.Context(), 1234)
|
||||
suite.Require().NotNil(err)
|
||||
suite.True(errors.IsErr(err, errors.NotFoundCode))
|
||||
|
||||
err = suite.dao.DeletePermission(orm.Context(), suite.permissionID2)
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestListPermissions() {
|
||||
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": "robot",
|
||||
"role_id": 1,
|
||||
"permission_policy_id": 4,
|
||||
},
|
||||
})
|
||||
suite.Require().Nil(err)
|
||||
suite.Equal(int64(4), rps[0].PermissionPolicyID)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestDeletePermissionsByRole() {
|
||||
err := suite.dao.DeletePermissionsByRole(orm.Context(), "serviceaccount", 2)
|
||||
suite.Require().Nil(err)
|
||||
|
||||
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": "serviceaccount",
|
||||
"role_id": 2,
|
||||
},
|
||||
})
|
||||
suite.Require().Nil(err)
|
||||
suite.Equal(0, len(rps))
|
||||
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestCreateRbacPolicy() {
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "create",
|
||||
}
|
||||
_, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestDeleteRbacPolicy() {
|
||||
err := suite.dao.DeleteRbacPolicy(orm.Context(), 1234)
|
||||
suite.Require().NotNil(err)
|
||||
suite.True(errors.IsErr(err, errors.NotFoundCode))
|
||||
|
||||
err = suite.dao.DeleteRbacPolicy(orm.Context(), suite.rbacPolicyID2)
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestListRbacPolicies() {
|
||||
rps, err := suite.dao.ListRbacPolicies(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"scope": "/project/1",
|
||||
"resource": "repository",
|
||||
"action": "pull",
|
||||
},
|
||||
})
|
||||
suite.Require().Nil(err)
|
||||
suite.Equal(suite.rbacPolicyID3, rps[0].ID)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestGetPermissionsByRole() {
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "delete",
|
||||
}
|
||||
id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
|
||||
suite.Nil(err)
|
||||
|
||||
rpe := &model.RolePermission{
|
||||
RoleType: "TestGetPermissionsByRole",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: id,
|
||||
}
|
||||
_, err = suite.dao.CreatePermission(orm.Context(), rpe)
|
||||
suite.Nil(err)
|
||||
|
||||
rpes, err := suite.dao.GetPermissionsByRole(orm.Context(), "TestGetPermissionsByRole", 1)
|
||||
suite.Nil(err)
|
||||
fmt.Println(rpes[0])
|
||||
suite.Equal("/system", rpes[0].Scope)
|
||||
}
|
||||
|
||||
func TestDaoTestSuite(t *testing.T) {
|
||||
suite.Run(t, &DaoTestSuite{})
|
||||
}
|
79
src/pkg/rbac/manager.go
Normal file
79
src/pkg/rbac/manager.go
Normal file
@ -0,0 +1,79 @@
|
||||
package rbac
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/goharbor/harbor/src/lib/q"
|
||||
"github.com/goharbor/harbor/src/pkg/rbac/dao"
|
||||
"github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
)
|
||||
|
||||
var (
|
||||
// Mgr is a global role permission/rbac policy manager instance
|
||||
Mgr = NewManager()
|
||||
)
|
||||
|
||||
// Manager is the interface of role permission and rbac policy
|
||||
type Manager interface {
|
||||
// CreatePermission ...
|
||||
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
|
||||
// DeletePermission ...
|
||||
DeletePermission(ctx context.Context, id int64) error
|
||||
// ListPermissions list role permissions according to the query.
|
||||
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionsByRole get permissions by role type and id
|
||||
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
|
||||
// CreateRbacPolicy ...
|
||||
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
|
||||
// DeleteRbacPolicy ...
|
||||
DeleteRbacPolicy(ctx context.Context, id int64) error
|
||||
// ListRbacPolicies list PermissionPolicy according to the query.
|
||||
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
|
||||
// GetPermissionsByRole ...
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
|
||||
}
|
||||
|
||||
// NewManager returns an instance of the default manager
|
||||
func NewManager() Manager {
|
||||
return &manager{
|
||||
dao.New(),
|
||||
}
|
||||
}
|
||||
|
||||
var _ Manager = &manager{}
|
||||
|
||||
type manager struct {
|
||||
dao dao.DAO
|
||||
}
|
||||
|
||||
func (m *manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
|
||||
return m.dao.CreatePermission(ctx, rp)
|
||||
}
|
||||
|
||||
func (m *manager) DeletePermission(ctx context.Context, id int64) error {
|
||||
return m.dao.DeletePermission(ctx, id)
|
||||
}
|
||||
|
||||
func (m *manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
return m.dao.ListPermissions(ctx, query)
|
||||
}
|
||||
|
||||
func (m *manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
return m.dao.DeletePermissionsByRole(ctx, roleType, roleID)
|
||||
}
|
||||
|
||||
func (m *manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
return m.dao.CreateRbacPolicy(ctx, pp)
|
||||
}
|
||||
|
||||
func (m *manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
return m.dao.DeleteRbacPolicy(ctx, id)
|
||||
}
|
||||
|
||||
func (m *manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
return m.dao.ListRbacPolicies(ctx, query)
|
||||
}
|
||||
|
||||
func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
return m.dao.GetPermissionsByRole(ctx, roleType, roleID)
|
||||
}
|
108
src/pkg/rbac/manager_test.go
Normal file
108
src/pkg/rbac/manager_test.go
Normal file
@ -0,0 +1,108 @@
|
||||
package rbac
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
"github.com/goharbor/harbor/src/testing/mock"
|
||||
"github.com/goharbor/harbor/src/testing/pkg/rbac/dao"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"testing"
|
||||
)
|
||||
|
||||
type managerTestSuite struct {
|
||||
suite.Suite
|
||||
mgr *manager
|
||||
dao *dao.DAO
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) SetupTest() {
|
||||
m.dao = &dao.DAO{}
|
||||
m.mgr = &manager{
|
||||
dao: m.dao,
|
||||
}
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestCreatePermission() {
|
||||
m.dao.On("CreatePermission", mock.Anything, mock.Anything).Return(int64(1), nil)
|
||||
_, err := m.mgr.CreatePermission(context.Background(), &model.RolePermission{})
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestDeletePermission() {
|
||||
m.dao.On("DeletePermission", mock.Anything, mock.Anything).Return(nil)
|
||||
err := m.mgr.DeletePermission(context.Background(), 1)
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestListPermissions() {
|
||||
m.dao.On("ListPermissions", mock.Anything, mock.Anything).Return([]*model.RolePermission{
|
||||
{
|
||||
ID: 1,
|
||||
RoleType: "robot",
|
||||
RoleID: 2,
|
||||
PermissionPolicyID: 3,
|
||||
},
|
||||
}, nil)
|
||||
rpers, err := m.mgr.ListPermissions(context.Background(), nil)
|
||||
m.Require().Nil(err)
|
||||
m.Equal(1, len(rpers))
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestDeletePermissionsByRole() {
|
||||
m.dao.On("DeletePermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil)
|
||||
err := m.mgr.DeletePermissionsByRole(context.Background(), "robot", 1)
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestCreateRbacPolicy() {
|
||||
m.dao.On("CreateRbacPolicy", mock.Anything, mock.Anything).Return(int64(1), nil)
|
||||
_, err := m.mgr.CreateRbacPolicy(context.Background(), &model.PermissionPolicy{})
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestDeleteRbacPolicy() {
|
||||
m.dao.On("DeleteRbacPolicy", mock.Anything, mock.Anything).Return(nil)
|
||||
err := m.mgr.DeleteRbacPolicy(context.Background(), 1)
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestListRbacPolicies() {
|
||||
m.dao.On("ListRbacPolicies", mock.Anything, mock.Anything).Return([]*model.PermissionPolicy{
|
||||
{
|
||||
ID: 1,
|
||||
Scope: "/system",
|
||||
Resource: "repository",
|
||||
Action: "create",
|
||||
},
|
||||
}, nil)
|
||||
rpers, err := m.mgr.ListRbacPolicies(context.Background(), nil)
|
||||
m.Require().Nil(err)
|
||||
m.Equal(1, len(rpers))
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestGetPermissionsByRole() {
|
||||
m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.UniversalRolePermission{
|
||||
{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
Scope: "/system",
|
||||
Resource: "repository",
|
||||
Action: "create",
|
||||
},
|
||||
}, nil)
|
||||
rpers, err := m.mgr.GetPermissionsByRole(context.Background(), "robot", 1)
|
||||
m.Require().Nil(err)
|
||||
m.Equal(1, len(rpers))
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func TestManager(t *testing.T) {
|
||||
suite.Run(t, &managerTestSuite{})
|
||||
}
|
50
src/pkg/rbac/model/model.go
Normal file
50
src/pkg/rbac/model/model.go
Normal file
@ -0,0 +1,50 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/astaxie/beego/orm"
|
||||
"time"
|
||||
)
|
||||
|
||||
func init() {
|
||||
orm.RegisterModel(&RolePermission{})
|
||||
orm.RegisterModel(&PermissionPolicy{})
|
||||
}
|
||||
|
||||
// RolePermission records the relations of role and permission
|
||||
type RolePermission struct {
|
||||
ID int64 `orm:"pk;auto;column(id)"`
|
||||
RoleType string `orm:"column(role_type)"`
|
||||
RoleID int64 `orm:"column(role_id)"`
|
||||
PermissionPolicyID int64 `orm:"column(permission_policy_id)"`
|
||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||
}
|
||||
|
||||
// TableName for role permission
|
||||
func (rp *RolePermission) TableName() string {
|
||||
return "role_permission"
|
||||
}
|
||||
|
||||
// PermissionPolicy records the policy of rbac
|
||||
type PermissionPolicy struct {
|
||||
ID int64 `orm:"pk;auto;column(id)"`
|
||||
Scope string `orm:"column(scope)"`
|
||||
Resource string `orm:"column(resource)"`
|
||||
Action string `orm:"column(action)"`
|
||||
Effect string `orm:"column(effect)"`
|
||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||
}
|
||||
|
||||
// TableName for permission policy
|
||||
func (permissionPolicy *PermissionPolicy) TableName() string {
|
||||
return "permission_policy"
|
||||
}
|
||||
|
||||
// UniversalRolePermission ...
|
||||
type UniversalRolePermission struct {
|
||||
RoleType string `orm:"column(role_type)"`
|
||||
RoleID int64 `orm:"column(role_id)"`
|
||||
Scope string `orm:"column(scope)"`
|
||||
Resource string `orm:"column(resource)"`
|
||||
Action string `orm:"column(action)"`
|
||||
Effect string `orm:"column(effect)"`
|
||||
}
|
@ -29,3 +29,5 @@ package pkg
|
||||
//go:generate mockery --case snake --dir ../../pkg/task --name ExecutionManager --output ./task --outpkg task
|
||||
//go:generate mockery --case snake --dir ../../pkg/user --name Manager --output ./user --outpkg user
|
||||
//go:generate mockery --case snake --dir ../../pkg/robot/dao --name RobotAccountDao --output ./robot/dao --outpkg dao
|
||||
//go:generate mockery --case snake --dir ../../pkg/rbac --name Manager --output ./rbac --outpkg rbac
|
||||
//go:generate mockery --case snake --dir ../../pkg/rbac/dao --name DAO --output ./rbac/dao --outpkg dao
|
||||
|
171
src/testing/pkg/rbac/dao/dao.go
Normal file
171
src/testing/pkg/rbac/dao/dao.go
Normal file
@ -0,0 +1,171 @@
|
||||
// Code generated by mockery v2.1.0. DO NOT EDIT.
|
||||
|
||||
package dao
|
||||
|
||||
import (
|
||||
context "context"
|
||||
|
||||
mock "github.com/stretchr/testify/mock"
|
||||
|
||||
model "github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
|
||||
q "github.com/goharbor/harbor/src/lib/q"
|
||||
)
|
||||
|
||||
// DAO is an autogenerated mock type for the DAO type
|
||||
type DAO struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
// CreatePermission provides a mock function with given fields: ctx, rp
|
||||
func (_m *DAO) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
|
||||
ret := _m.Called(ctx, rp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
|
||||
r0 = rf(ctx, rp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
|
||||
r1 = rf(ctx, rp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
|
||||
func (_m *DAO) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, pp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
|
||||
r0 = rf(ctx, pp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
|
||||
r1 = rf(ctx, pp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// DeletePermission provides a mock function with given fields: ctx, id
|
||||
func (_m *DAO) DeletePermission(ctx context.Context, id int64) error {
|
||||
ret := _m.Called(ctx, id)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
|
||||
r0 = rf(ctx, id)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *DAO) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeleteRbacPolicy provides a mock function with given fields: ctx, id
|
||||
func (_m *DAO) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
ret := _m.Called(ctx, id)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
|
||||
r0 = rf(ctx, id)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 []*model.UniversalRolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.UniversalRolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
|
||||
r1 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListPermissions provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
|
||||
r1 = rf(ctx, query)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListRbacPolicies provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.PermissionPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.PermissionPolicy)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
|
||||
r1 = rf(ctx, query)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
170
src/testing/pkg/rbac/manager.go
Normal file
170
src/testing/pkg/rbac/manager.go
Normal file
@ -0,0 +1,170 @@
|
||||
// Code generated by mockery v2.1.0. DO NOT EDIT.
|
||||
|
||||
package rbac
|
||||
|
||||
import (
|
||||
context "context"
|
||||
|
||||
model "github.com/goharbor/harbor/src/pkg/rbac/model"
|
||||
mock "github.com/stretchr/testify/mock"
|
||||
|
||||
q "github.com/goharbor/harbor/src/lib/q"
|
||||
)
|
||||
|
||||
// Manager is an autogenerated mock type for the Manager type
|
||||
type Manager struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
// CreatePermission provides a mock function with given fields: ctx, rp
|
||||
func (_m *Manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
|
||||
ret := _m.Called(ctx, rp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
|
||||
r0 = rf(ctx, rp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
|
||||
r1 = rf(ctx, rp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
|
||||
func (_m *Manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, pp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
|
||||
r0 = rf(ctx, pp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
|
||||
r1 = rf(ctx, pp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// DeletePermission provides a mock function with given fields: ctx, id
|
||||
func (_m *Manager) DeletePermission(ctx context.Context, id int64) error {
|
||||
ret := _m.Called(ctx, id)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
|
||||
r0 = rf(ctx, id)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *Manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeleteRbacPolicy provides a mock function with given fields: ctx, id
|
||||
func (_m *Manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
ret := _m.Called(ctx, id)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
|
||||
r0 = rf(ctx, id)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
return r0
|
||||
}
|
||||
|
||||
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 []*model.UniversalRolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.UniversalRolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
|
||||
r1 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListPermissions provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
|
||||
r1 = rf(ctx, query)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListRbacPolicies provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.PermissionPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.PermissionPolicy)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
|
||||
r1 = rf(ctx, query)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
Loading…
Reference in New Issue
Block a user