add role permission manager for robot enhancement

1, add two db tables of role permission and rbac policy
2, add manager of these two tables

Signed-off-by: Wang Yan <wangyan@vmware.com>

make/migrations/postgresql/0050_2.2.0_schema.up.sql

@@ -1,4 +1,5 @@
 ALTER TABLE schedule ADD COLUMN IF NOT EXISTS cron_type varchar(64);
+<<<<<<< HEAD
 
 DO $$
 DECLARE
@@ -11,3 +12,31 @@ BEGIN
       UPDATE artifact SET size=art_size WHERE id = art.id;
     END LOOP;
 END $$;
+=======
+ALTER TABLE robot ADD COLUMN IF NOT EXISTS secret varchar(2048);
+
+CREATE TABLE  IF NOT EXISTS role_permission (
+ id SERIAL PRIMARY KEY NOT NULL,
+ role_type varchar(255) NOT NULL,
+ role_id int NOT NULL,
+ rbac_policy_id int NOT NULL,
+ creation_time timestamp default CURRENT_TIMESTAMP,
+ CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, rbac_policy_id)
+);
+
+CREATE TABLE  IF NOT EXISTS rbac_policy (
+ id SERIAL PRIMARY KEY NOT NULL,
+ /*
+  scope:
+   system level: /system
+   project level: /project/{id}
+   all project: /project/ *
+  */
+ scope varchar(255) NOT NULL,
+ resource varchar(255),
+ action varchar(255),
+ effect varchar(255),
+ creation_time timestamp default CURRENT_TIMESTAMP,
+ CONSTRAINT unique_rbac_policy UNIQUE (scope, resource, action, effect)
+);
+>>>>>>> ae2bcebdd (add role permission manager for robot enhancement)

src/pkg/rbac/dao/dao.go

@@ -0,0 +1,152 @@
+package dao
+
+import (
+	"context"
+	"fmt"
+	"github.com/goharbor/harbor/src/lib/errors"
+	"github.com/goharbor/harbor/src/lib/orm"
+	"github.com/goharbor/harbor/src/lib/q"
+	"github.com/goharbor/harbor/src/pkg/rbac/model"
+	"time"
+)
+
+// DAO is the data access object interface for rbac policy
+type DAO interface {
+	// CreatePermission ...
+	CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
+	// DeletePermission ...
+	DeletePermission(ctx context.Context, id int64) error
+	// ListPermission ...
+	ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
+	// DeletePermissionByRole ...
+	DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error
+
+	// CreateRbacPolicy ...
+	CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error)
+	// DeleteRbacPolicy ...
+	DeleteRbacPolicy(ctx context.Context, id int64) error
+	// ListRbacPolicy list RbacPolicy according to the query.
+	ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error)
+
+	// GetPermissionsByRole ...
+	GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error)
+}
+
+// New returns an instance of the default DAO
+func New() DAO {
+	return &dao{}
+}
+
+type dao struct{}
+
+func (d *dao) CreatePermission(ctx context.Context, rp *model.RolePermission) (id int64, err error) {
+	ormer, err := orm.FromContext(ctx)
+	if err != nil {
+		return 0, err
+	}
+	rp.CreationTime = time.Now()
+	return ormer.InsertOrUpdate(rp, "role_type, role_id, rbac_policy_id")
+}
+
+func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) {
+	ormer, err := orm.FromContext(ctx)
+	if err != nil {
+		return err
+	}
+	n, err := ormer.Delete(&model.RolePermission{
+		ID: id,
+	})
+	if err != nil {
+		return err
+	}
+	if n == 0 {
+		return errors.NotFoundError(nil).WithMessage("role permission %d not found", id)
+	}
+	return nil
+}
+
+func (d *dao) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
+	rps := []*model.RolePermission{}
+	qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, query)
+	if err != nil {
+		return nil, err
+	}
+	if _, err = qs.All(&rps); err != nil {
+		return nil, err
+	}
+	return rps, nil
+}
+
+func (d *dao) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
+	qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, &q.Query{
+		Keywords: map[string]interface{}{
+			"role_type": roleType,
+			"role_id":   roleID,
+		},
+	})
+	if err != nil {
+		return err
+	}
+	n, err := qs.Delete()
+	if err != nil {
+		return err
+	}
+	if n == 0 {
+		return errors.NotFoundError(nil).WithMessage("role permission %s:%d not found", roleType, roleID)
+	}
+	return err
+}
+
+func (d *dao) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (id int64, err error) {
+	ormer, err := orm.FromContext(ctx)
+	if err != nil {
+		return 0, err
+	}
+	rp.CreationTime = time.Now()
+	return ormer.InsertOrUpdate(rp, "scope, resource, action, effect")
+}
+
+func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
+	ormer, err := orm.FromContext(ctx)
+	if err != nil {
+		return err
+	}
+	n, err := ormer.Delete(&model.RbacPolicy{
+		ID: id,
+	})
+	if err != nil {
+		return err
+	}
+	if n == 0 {
+		return errors.NotFoundError(nil).WithMessage("rbac policy %d not found", id)
+	}
+	return nil
+}
+
+func (d *dao) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
+	rps := []*model.RbacPolicy{}
+	qs, err := orm.QuerySetter(ctx, &model.RbacPolicy{}, query)
+	if err != nil {
+		return nil, err
+	}
+	if _, err = qs.All(&rps); err != nil {
+		return nil, err
+	}
+	return rps, nil
+}
+
+func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
+	var rps []*model.RolePermissions
+	ormer, err := orm.FromContext(ctx)
+	if err != nil {
+		return rps, err
+	}
+	sql := fmt.Sprintf(`SELECT rper.role_type, rper.role_id, rpo.scope, rpo.resource, rpo.action, rpo.effect FROM role_permission AS rper LEFT JOIN rbac_policy rpo ON (rper.rbac_policy_id=rpo.id) where rper.role_type='%s' and rper.role_id=%d`, roleType, roleID)
+
+	_, err = ormer.Raw(sql).QueryRows(&rps)
+	if err != nil {
+		return rps, err
+	}
+
+	return rps, nil
+}

src/pkg/rbac/dao/dao_test.go

@@ -0,0 +1,216 @@
+package dao
+
+import (
+	"fmt"
+	"github.com/goharbor/harbor/src/lib/errors"
+	"github.com/goharbor/harbor/src/lib/orm"
+	"github.com/goharbor/harbor/src/lib/q"
+	"github.com/goharbor/harbor/src/pkg/rbac/model"
+	htesting "github.com/goharbor/harbor/src/testing"
+	"github.com/stretchr/testify/suite"
+	"testing"
+)
+
+type DaoTestSuite struct {
+	htesting.Suite
+	dao DAO
+
+	permissionID1 int64
+	permissionID2 int64
+	permissionID3 int64
+	permissionID4 int64
+
+	rbacPolicyID1 int64
+	rbacPolicyID2 int64
+	rbacPolicyID3 int64
+	rbacPolicyID4 int64
+}
+
+func (suite *DaoTestSuite) SetupSuite() {
+	suite.Suite.SetupSuite()
+	suite.dao = New()
+	suite.Suite.ClearTables = []string{"rbac_policy", "role_permission"}
+
+	suite.prepareRolePermission()
+	suite.prepareRbacPolicy()
+}
+
+func (suite *DaoTestSuite) prepareRolePermission() {
+	rp := &model.RolePermission{
+		RoleType:     "robot",
+		RoleID:       1,
+		RBACPolicyID: 2,
+	}
+	id, err := suite.dao.CreatePermission(orm.Context(), rp)
+	suite.permissionID1 = id
+	suite.Nil(err)
+
+	rp2 := &model.RolePermission{
+		RoleType:     "robot",
+		RoleID:       1,
+		RBACPolicyID: 3,
+	}
+	id2, err := suite.dao.CreatePermission(orm.Context(), rp2)
+	suite.permissionID2 = id2
+	suite.Nil(err)
+
+	rp3 := &model.RolePermission{
+		RoleType:     "robot",
+		RoleID:       1,
+		RBACPolicyID: 4,
+	}
+	id3, err := suite.dao.CreatePermission(orm.Context(), rp3)
+	suite.permissionID3 = id3
+	suite.Nil(err)
+
+	rp4 := &model.RolePermission{
+		RoleType:     "serviceaccount",
+		RoleID:       2,
+		RBACPolicyID: 1,
+	}
+	id4, err := suite.dao.CreatePermission(orm.Context(), rp4)
+	suite.permissionID4 = id4
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) prepareRbacPolicy() {
+	rp := &model.RbacPolicy{
+		Scope:    "/system",
+		Resource: "label",
+		Action:   "create",
+	}
+	id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
+	suite.rbacPolicyID1 = id
+	suite.Nil(err)
+
+	rp2 := &model.RbacPolicy{
+		Scope:    "/project/1",
+		Resource: "repository",
+		Action:   "push",
+	}
+	id2, err := suite.dao.CreateRbacPolicy(orm.Context(), rp2)
+	suite.rbacPolicyID2 = id2
+	suite.Nil(err)
+
+	rp3 := &model.RbacPolicy{
+		Scope:    "/project/1",
+		Resource: "repository",
+		Action:   "pull",
+	}
+	id3, err := suite.dao.CreateRbacPolicy(orm.Context(), rp3)
+	suite.rbacPolicyID3 = id3
+	suite.Nil(err)
+
+	rp4 := &model.RbacPolicy{
+		Scope:    "/project/2",
+		Resource: "helm-chart",
+		Action:   "create",
+	}
+	id4, err := suite.dao.CreateRbacPolicy(orm.Context(), rp4)
+	suite.rbacPolicyID4 = id4
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) TestCreatePermission() {
+	rp := &model.RolePermission{
+		RoleType:     "robot",
+		RoleID:       1,
+		RBACPolicyID: 2,
+	}
+	_, err := suite.dao.CreatePermission(orm.Context(), rp)
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) TestDeletePermission() {
+	err := suite.dao.DeletePermission(orm.Context(), 1234)
+	suite.Require().NotNil(err)
+	suite.True(errors.IsErr(err, errors.NotFoundCode))
+
+	err = suite.dao.DeletePermission(orm.Context(), suite.permissionID2)
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) TestListPermission() {
+	rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{
+		Keywords: map[string]interface{}{
+			"role_type":      "robot",
+			"role_id":        1,
+			"rbac_policy_id": 4,
+		},
+	})
+	suite.Require().Nil(err)
+	suite.Equal(int64(4), rps[0].RBACPolicyID)
+}
+
+func (suite *DaoTestSuite) TestDeletePermissionByRole() {
+	err := suite.dao.DeletePermissionByRole(orm.Context(), "serviceaccount", 2)
+	suite.Require().Nil(err)
+
+	rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{
+		Keywords: map[string]interface{}{
+			"role_type": "serviceaccount",
+			"role_id":   2,
+		},
+	})
+	suite.Require().Nil(err)
+	suite.Equal(0, len(rps))
+
+}
+
+func (suite *DaoTestSuite) TestCreateRbacPolicy() {
+	rp := &model.RbacPolicy{
+		Scope:    "/system",
+		Resource: "label",
+		Action:   "create",
+	}
+	_, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) TestDeleteRbacPolicy() {
+	err := suite.dao.DeleteRbacPolicy(orm.Context(), 1234)
+	suite.Require().NotNil(err)
+	suite.True(errors.IsErr(err, errors.NotFoundCode))
+
+	err = suite.dao.DeleteRbacPolicy(orm.Context(), suite.rbacPolicyID2)
+	suite.Nil(err)
+}
+
+func (suite *DaoTestSuite) TestListRbacPolicy() {
+	rps, err := suite.dao.ListRbacPolicy(orm.Context(), &q.Query{
+		Keywords: map[string]interface{}{
+			"scope":    "/project/1",
+			"resource": "repository",
+			"action":   "pull",
+		},
+	})
+	suite.Require().Nil(err)
+	suite.Equal(suite.rbacPolicyID3, rps[0].ID)
+}
+
+func (suite *DaoTestSuite) TestGetPermissionsByRole() {
+	rp := &model.RbacPolicy{
+		Scope:    "/system",
+		Resource: "label",
+		Action:   "delete",
+	}
+	id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp)
+	suite.Nil(err)
+
+	rpe := &model.RolePermission{
+		RoleType:     "TestGetPermissionsByRole",
+		RoleID:       1,
+		RBACPolicyID: id,
+	}
+	_, err = suite.dao.CreatePermission(orm.Context(), rpe)
+	suite.Nil(err)
+
+	rpes, err := suite.dao.GetPermissionsByRole(orm.Context(), "TestGetPermissionsByRole", 1)
+	suite.Nil(err)
+	fmt.Println(rpes[0])
+	suite.Equal("/system", rpes[0].Scope)
+}
+
+func TestDaoTestSuite(t *testing.T) {
+	suite.Run(t, &DaoTestSuite{})
+}

src/pkg/rbac/manager.go

@@ -0,0 +1,79 @@
+package rbac
+
+import (
+	"context"
+	"github.com/goharbor/harbor/src/lib/q"
+	"github.com/goharbor/harbor/src/pkg/rbac/dao"
+	"github.com/goharbor/harbor/src/pkg/rbac/model"
+)
+
+var (
+	// Mgr is a global role permission/rbac policy manager instance
+	Mgr = NewManager()
+)
+
+// Manager is the interface of role permission and rbac policy
+type Manager interface {
+	// CreatePermission ...
+	CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
+	// DeletePermission ...
+	DeletePermission(ctx context.Context, id int64) error
+	// ListPermission list role permissions according to the query.
+	ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
+	// DeletePermissionByRole get permissions by role type and id
+	DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error
+
+	// CreateRbacPolicy ...
+	CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error)
+	// DeleteRbacPolicy ...
+	DeleteRbacPolicy(ctx context.Context, id int64) error
+	// ListRbacPolicy list RbacPolicy according to the query.
+	ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error)
+	// GetPermissionsByRole ...
+	GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error)
+}
+
+// NewManager returns an instance of the default manager
+func NewManager() Manager {
+	return &manager{
+		dao.New(),
+	}
+}
+
+var _ Manager = &manager{}
+
+type manager struct {
+	dao dao.DAO
+}
+
+func (m *manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
+	return m.dao.CreatePermission(ctx, rp)
+}
+
+func (m *manager) DeletePermission(ctx context.Context, id int64) error {
+	return m.dao.DeletePermission(ctx, id)
+}
+
+func (m *manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
+	return m.dao.ListPermission(ctx, query)
+}
+
+func (m *manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
+	return m.dao.DeletePermissionByRole(ctx, roleType, roleID)
+}
+
+func (m *manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
+	return m.dao.CreateRbacPolicy(ctx, rp)
+}
+
+func (m *manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
+	return m.dao.DeleteRbacPolicy(ctx, id)
+}
+
+func (m *manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
+	return m.dao.ListRbacPolicy(ctx, query)
+}
+
+func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
+	return m.dao.GetPermissionsByRole(ctx, roleType, roleID)
+}

src/pkg/rbac/manager_test.go

@@ -0,0 +1,108 @@
+package rbac
+
+import (
+	"context"
+	"github.com/goharbor/harbor/src/pkg/rbac/model"
+	"github.com/goharbor/harbor/src/testing/mock"
+	"github.com/goharbor/harbor/src/testing/pkg/rbac/dao"
+	"github.com/stretchr/testify/suite"
+	"testing"
+)
+
+type managerTestSuite struct {
+	suite.Suite
+	mgr *manager
+	dao *dao.DAO
+}
+
+func (m *managerTestSuite) SetupTest() {
+	m.dao = &dao.DAO{}
+	m.mgr = &manager{
+		dao: m.dao,
+	}
+}
+
+func (m *managerTestSuite) TestCreatePermission() {
+	m.dao.On("CreatePermission", mock.Anything, mock.Anything).Return(int64(1), nil)
+	_, err := m.mgr.CreatePermission(context.Background(), &model.RolePermission{})
+	m.Require().Nil(err)
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestDeletePermission() {
+	m.dao.On("DeletePermission", mock.Anything, mock.Anything).Return(nil)
+	err := m.mgr.DeletePermission(context.Background(), 1)
+	m.Require().Nil(err)
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestListPermission() {
+	m.dao.On("ListPermission", mock.Anything, mock.Anything).Return([]*model.RolePermission{
+		{
+			ID:           1,
+			RoleType:     "robot",
+			RoleID:       2,
+			RBACPolicyID: 3,
+		},
+	}, nil)
+	rpers, err := m.mgr.ListPermission(context.Background(), nil)
+	m.Require().Nil(err)
+	m.Equal(1, len(rpers))
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestDeletePermissionByRole() {
+	m.dao.On("DeletePermissionByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	err := m.mgr.DeletePermissionByRole(context.Background(), "robot", 1)
+	m.Require().Nil(err)
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestCreateRbacPolicy() {
+	m.dao.On("CreateRbacPolicy", mock.Anything, mock.Anything).Return(int64(1), nil)
+	_, err := m.mgr.CreateRbacPolicy(context.Background(), &model.RbacPolicy{})
+	m.Require().Nil(err)
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestDeleteRbacPolicy() {
+	m.dao.On("DeleteRbacPolicy", mock.Anything, mock.Anything).Return(nil)
+	err := m.mgr.DeleteRbacPolicy(context.Background(), 1)
+	m.Require().Nil(err)
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestListRbacPolicy() {
+	m.dao.On("ListRbacPolicy", mock.Anything, mock.Anything).Return([]*model.RbacPolicy{
+		{
+			ID:       1,
+			Scope:    "/system",
+			Resource: "repository",
+			Action:   "create",
+		},
+	}, nil)
+	rpers, err := m.mgr.ListRbacPolicy(context.Background(), nil)
+	m.Require().Nil(err)
+	m.Equal(1, len(rpers))
+	m.dao.AssertExpectations(m.T())
+}
+
+func (m *managerTestSuite) TestGetPermissionsByRole() {
+	m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.RolePermissions{
+		{
+			RoleType: "robot",
+			RoleID:   1,
+			Scope:    "/system",
+			Resource: "repository",
+			Action:   "create",
+		},
+	}, nil)
+	rpers, err := m.mgr.GetPermissionsByRole(context.Background(), "robot", 1)
+	m.Require().Nil(err)
+	m.Equal(1, len(rpers))
+	m.dao.AssertExpectations(m.T())
+}
+
+func TestManager(t *testing.T) {
+	suite.Run(t, &managerTestSuite{})
+}

src/pkg/rbac/model/model.go

@@ -0,0 +1,50 @@
+package model
+
+import (
+	"github.com/astaxie/beego/orm"
+	"time"
+)
+
+func init() {
+	orm.RegisterModel(&RolePermission{})
+	orm.RegisterModel(&RbacPolicy{})
+}
+
+// RolePermission records the relations of role and permission
+type RolePermission struct {
+	ID           int64     `orm:"pk;auto;column(id)"`
+	RoleType     string    `orm:"column(role_type)"`
+	RoleID       int64     `orm:"column(role_id)"`
+	RBACPolicyID int64     `orm:"column(rbac_policy_id)"`
+	CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
+}
+
+// TableName for role permission
+func (rp *RolePermission) TableName() string {
+	return "role_permission"
+}
+
+// RbacPolicy records the policy of rbac
+type RbacPolicy struct {
+	ID           int64     `orm:"pk;auto;column(id)"`
+	Scope        string    `orm:"column(scope)"`
+	Resource     string    `orm:"column(resource)"`
+	Action       string    `orm:"column(action)"`
+	Effect       string    `orm:"column(effect)"`
+	CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
+}
+
+// TableName for rbac policy
+func (rbacPolicy *RbacPolicy) TableName() string {
+	return "rbac_policy"
+}
+
+// RolePermissions ...
+type RolePermissions struct {
+	RoleType string `orm:"column(role_type)"`
+	RoleID   int64  `orm:"column(role_id)"`
+	Scope    string `orm:"column(scope)"`
+	Resource string `orm:"column(resource)"`
+	Action   string `orm:"column(action)"`
+	Effect   string `orm:"column(effect)"`
+}

src/testing/pkg/pkg.go

@@ -29,3 +29,5 @@ package pkg
 //go:generate mockery --case snake --dir ../../pkg/task --name ExecutionManager --output ./task --outpkg task
 //go:generate mockery --case snake --dir ../../pkg/user --name Manager --output ./user --outpkg user
 //go:generate mockery --case snake --dir ../../pkg/robot/dao --name RobotAccountDao --output ./robot/dao --outpkg dao
+//go:generate mockery --case snake --dir ../../pkg/rbac --name Manager --output ./rbac --outpkg rbac
+//go:generate mockery --case snake --dir ../../pkg/rbac/dao --name DAO --output ./rbac/dao --outpkg dao

src/testing/pkg/rbac/dao/dao.go

@@ -0,0 +1,171 @@
+// Code generated by mockery v2.1.0. DO NOT EDIT.
+
+package dao
+
+import (
+	context "context"
+
+	mock "github.com/stretchr/testify/mock"
+
+	model "github.com/goharbor/harbor/src/pkg/rbac/model"
+
+	q "github.com/goharbor/harbor/src/lib/q"
+)
+
+// DAO is an autogenerated mock type for the DAO type
+type DAO struct {
+	mock.Mock
+}
+
+// CreatePermission provides a mock function with given fields: ctx, rp
+func (_m *DAO) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
+	ret := _m.Called(ctx, rp)
+
+	var r0 int64
+	if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
+		r0 = rf(ctx, rp)
+	} else {
+		r0 = ret.Get(0).(int64)
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
+		r1 = rf(ctx, rp)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// CreateRbacPolicy provides a mock function with given fields: ctx, rp
+func (_m *DAO) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
+	ret := _m.Called(ctx, rp)
+
+	var r0 int64
+	if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok {
+		r0 = rf(ctx, rp)
+	} else {
+		r0 = ret.Get(0).(int64)
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok {
+		r1 = rf(ctx, rp)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// DeletePermission provides a mock function with given fields: ctx, id
+func (_m *DAO) DeletePermission(ctx context.Context, id int64) error {
+	ret := _m.Called(ctx, id)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
+		r0 = rf(ctx, id)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID
+func (_m *DAO) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
+	ret := _m.Called(ctx, roleType, roleID)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
+		r0 = rf(ctx, roleType, roleID)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// DeleteRbacPolicy provides a mock function with given fields: ctx, id
+func (_m *DAO) DeleteRbacPolicy(ctx context.Context, id int64) error {
+	ret := _m.Called(ctx, id)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
+		r0 = rf(ctx, id)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
+func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
+	ret := _m.Called(ctx, roleType, roleID)
+
+	var r0 []*model.RolePermissions
+	if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok {
+		r0 = rf(ctx, roleType, roleID)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RolePermissions)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
+		r1 = rf(ctx, roleType, roleID)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// ListPermission provides a mock function with given fields: ctx, query
+func (_m *DAO) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
+	ret := _m.Called(ctx, query)
+
+	var r0 []*model.RolePermission
+	if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
+		r0 = rf(ctx, query)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RolePermission)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
+		r1 = rf(ctx, query)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// ListRbacPolicy provides a mock function with given fields: ctx, query
+func (_m *DAO) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
+	ret := _m.Called(ctx, query)
+
+	var r0 []*model.RbacPolicy
+	if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok {
+		r0 = rf(ctx, query)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RbacPolicy)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
+		r1 = rf(ctx, query)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}

src/testing/pkg/rbac/manager.go

@@ -0,0 +1,170 @@
+// Code generated by mockery v2.1.0. DO NOT EDIT.
+
+package rbac
+
+import (
+	context "context"
+
+	model "github.com/goharbor/harbor/src/pkg/rbac/model"
+	mock "github.com/stretchr/testify/mock"
+
+	q "github.com/goharbor/harbor/src/lib/q"
+)
+
+// Manager is an autogenerated mock type for the Manager type
+type Manager struct {
+	mock.Mock
+}
+
+// CreatePermission provides a mock function with given fields: ctx, rp
+func (_m *Manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) {
+	ret := _m.Called(ctx, rp)
+
+	var r0 int64
+	if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok {
+		r0 = rf(ctx, rp)
+	} else {
+		r0 = ret.Get(0).(int64)
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok {
+		r1 = rf(ctx, rp)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// CreateRbacPolicy provides a mock function with given fields: ctx, rp
+func (_m *Manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
+	ret := _m.Called(ctx, rp)
+
+	var r0 int64
+	if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok {
+		r0 = rf(ctx, rp)
+	} else {
+		r0 = ret.Get(0).(int64)
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok {
+		r1 = rf(ctx, rp)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// DeletePermission provides a mock function with given fields: ctx, id
+func (_m *Manager) DeletePermission(ctx context.Context, id int64) error {
+	ret := _m.Called(ctx, id)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
+		r0 = rf(ctx, id)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID
+func (_m *Manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
+	ret := _m.Called(ctx, roleType, roleID)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok {
+		r0 = rf(ctx, roleType, roleID)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// DeleteRbacPolicy provides a mock function with given fields: ctx, id
+func (_m *Manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
+	ret := _m.Called(ctx, id)
+
+	var r0 error
+	if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok {
+		r0 = rf(ctx, id)
+	} else {
+		r0 = ret.Error(0)
+	}
+
+	return r0
+}
+
+// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
+func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
+	ret := _m.Called(ctx, roleType, roleID)
+
+	var r0 []*model.RolePermissions
+	if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok {
+		r0 = rf(ctx, roleType, roleID)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RolePermissions)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok {
+		r1 = rf(ctx, roleType, roleID)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// ListPermission provides a mock function with given fields: ctx, query
+func (_m *Manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
+	ret := _m.Called(ctx, query)
+
+	var r0 []*model.RolePermission
+	if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok {
+		r0 = rf(ctx, query)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RolePermission)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
+		r1 = rf(ctx, query)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// ListRbacPolicy provides a mock function with given fields: ctx, query
+func (_m *Manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
+	ret := _m.Called(ctx, query)
+
+	var r0 []*model.RbacPolicy
+	if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok {
+		r0 = rf(ctx, query)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*model.RbacPolicy)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok {
+		r1 = rf(ctx, query)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}