diff --git a/make/migrations/postgresql/0050_2.2.0_schema.up.sql b/make/migrations/postgresql/0050_2.2.0_schema.up.sql index e5d562d86..b5721770a 100644 --- a/make/migrations/postgresql/0050_2.2.0_schema.up.sql +++ b/make/migrations/postgresql/0050_2.2.0_schema.up.sql @@ -1,4 +1,5 @@ ALTER TABLE schedule ADD COLUMN IF NOT EXISTS cron_type varchar(64); +<<<<<<< HEAD DO $$ DECLARE @@ -11,3 +12,31 @@ BEGIN UPDATE artifact SET size=art_size WHERE id = art.id; END LOOP; END $$; +======= +ALTER TABLE robot ADD COLUMN IF NOT EXISTS secret varchar(2048); + +CREATE TABLE IF NOT EXISTS role_permission ( + id SERIAL PRIMARY KEY NOT NULL, + role_type varchar(255) NOT NULL, + role_id int NOT NULL, + rbac_policy_id int NOT NULL, + creation_time timestamp default CURRENT_TIMESTAMP, + CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, rbac_policy_id) +); + +CREATE TABLE IF NOT EXISTS rbac_policy ( + id SERIAL PRIMARY KEY NOT NULL, + /* + scope: + system level: /system + project level: /project/{id} + all project: /project/ * + */ + scope varchar(255) NOT NULL, + resource varchar(255), + action varchar(255), + effect varchar(255), + creation_time timestamp default CURRENT_TIMESTAMP, + CONSTRAINT unique_rbac_policy UNIQUE (scope, resource, action, effect) +); +>>>>>>> ae2bcebdd (add role permission manager for robot enhancement) diff --git a/src/pkg/rbac/dao/dao.go b/src/pkg/rbac/dao/dao.go new file mode 100644 index 000000000..261853033 --- /dev/null +++ b/src/pkg/rbac/dao/dao.go @@ -0,0 +1,152 @@ +package dao + +import ( + "context" + "fmt" + "github.com/goharbor/harbor/src/lib/errors" + "github.com/goharbor/harbor/src/lib/orm" + "github.com/goharbor/harbor/src/lib/q" + "github.com/goharbor/harbor/src/pkg/rbac/model" + "time" +) + +// DAO is the data access object interface for rbac policy +type DAO interface { + // CreatePermission ... + CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) + // DeletePermission ... + DeletePermission(ctx context.Context, id int64) error + // ListPermission ... + ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) + // DeletePermissionByRole ... + DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error + + // CreateRbacPolicy ... + CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) + // DeleteRbacPolicy ... + DeleteRbacPolicy(ctx context.Context, id int64) error + // ListRbacPolicy list RbacPolicy according to the query. + ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) + + // GetPermissionsByRole ... + GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) +} + +// New returns an instance of the default DAO +func New() DAO { + return &dao{} +} + +type dao struct{} + +func (d *dao) CreatePermission(ctx context.Context, rp *model.RolePermission) (id int64, err error) { + ormer, err := orm.FromContext(ctx) + if err != nil { + return 0, err + } + rp.CreationTime = time.Now() + return ormer.InsertOrUpdate(rp, "role_type, role_id, rbac_policy_id") +} + +func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) { + ormer, err := orm.FromContext(ctx) + if err != nil { + return err + } + n, err := ormer.Delete(&model.RolePermission{ + ID: id, + }) + if err != nil { + return err + } + if n == 0 { + return errors.NotFoundError(nil).WithMessage("role permission %d not found", id) + } + return nil +} + +func (d *dao) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) { + rps := []*model.RolePermission{} + qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, query) + if err != nil { + return nil, err + } + if _, err = qs.All(&rps); err != nil { + return nil, err + } + return rps, nil +} + +func (d *dao) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error { + qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, &q.Query{ + Keywords: map[string]interface{}{ + "role_type": roleType, + "role_id": roleID, + }, + }) + if err != nil { + return err + } + n, err := qs.Delete() + if err != nil { + return err + } + if n == 0 { + return errors.NotFoundError(nil).WithMessage("role permission %s:%d not found", roleType, roleID) + } + return err +} + +func (d *dao) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (id int64, err error) { + ormer, err := orm.FromContext(ctx) + if err != nil { + return 0, err + } + rp.CreationTime = time.Now() + return ormer.InsertOrUpdate(rp, "scope, resource, action, effect") +} + +func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) { + ormer, err := orm.FromContext(ctx) + if err != nil { + return err + } + n, err := ormer.Delete(&model.RbacPolicy{ + ID: id, + }) + if err != nil { + return err + } + if n == 0 { + return errors.NotFoundError(nil).WithMessage("rbac policy %d not found", id) + } + return nil +} + +func (d *dao) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) { + rps := []*model.RbacPolicy{} + qs, err := orm.QuerySetter(ctx, &model.RbacPolicy{}, query) + if err != nil { + return nil, err + } + if _, err = qs.All(&rps); err != nil { + return nil, err + } + return rps, nil +} + +func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) { + var rps []*model.RolePermissions + ormer, err := orm.FromContext(ctx) + if err != nil { + return rps, err + } + sql := fmt.Sprintf(`SELECT rper.role_type, rper.role_id, rpo.scope, rpo.resource, rpo.action, rpo.effect FROM role_permission AS rper LEFT JOIN rbac_policy rpo ON (rper.rbac_policy_id=rpo.id) where rper.role_type='%s' and rper.role_id=%d`, roleType, roleID) + + _, err = ormer.Raw(sql).QueryRows(&rps) + if err != nil { + return rps, err + } + + return rps, nil +} diff --git a/src/pkg/rbac/dao/dao_test.go b/src/pkg/rbac/dao/dao_test.go new file mode 100644 index 000000000..283cd6dad --- /dev/null +++ b/src/pkg/rbac/dao/dao_test.go @@ -0,0 +1,216 @@ +package dao + +import ( + "fmt" + "github.com/goharbor/harbor/src/lib/errors" + "github.com/goharbor/harbor/src/lib/orm" + "github.com/goharbor/harbor/src/lib/q" + "github.com/goharbor/harbor/src/pkg/rbac/model" + htesting "github.com/goharbor/harbor/src/testing" + "github.com/stretchr/testify/suite" + "testing" +) + +type DaoTestSuite struct { + htesting.Suite + dao DAO + + permissionID1 int64 + permissionID2 int64 + permissionID3 int64 + permissionID4 int64 + + rbacPolicyID1 int64 + rbacPolicyID2 int64 + rbacPolicyID3 int64 + rbacPolicyID4 int64 +} + +func (suite *DaoTestSuite) SetupSuite() { + suite.Suite.SetupSuite() + suite.dao = New() + suite.Suite.ClearTables = []string{"rbac_policy", "role_permission"} + + suite.prepareRolePermission() + suite.prepareRbacPolicy() +} + +func (suite *DaoTestSuite) prepareRolePermission() { + rp := &model.RolePermission{ + RoleType: "robot", + RoleID: 1, + RBACPolicyID: 2, + } + id, err := suite.dao.CreatePermission(orm.Context(), rp) + suite.permissionID1 = id + suite.Nil(err) + + rp2 := &model.RolePermission{ + RoleType: "robot", + RoleID: 1, + RBACPolicyID: 3, + } + id2, err := suite.dao.CreatePermission(orm.Context(), rp2) + suite.permissionID2 = id2 + suite.Nil(err) + + rp3 := &model.RolePermission{ + RoleType: "robot", + RoleID: 1, + RBACPolicyID: 4, + } + id3, err := suite.dao.CreatePermission(orm.Context(), rp3) + suite.permissionID3 = id3 + suite.Nil(err) + + rp4 := &model.RolePermission{ + RoleType: "serviceaccount", + RoleID: 2, + RBACPolicyID: 1, + } + id4, err := suite.dao.CreatePermission(orm.Context(), rp4) + suite.permissionID4 = id4 + suite.Nil(err) +} + +func (suite *DaoTestSuite) prepareRbacPolicy() { + rp := &model.RbacPolicy{ + Scope: "/system", + Resource: "label", + Action: "create", + } + id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp) + suite.rbacPolicyID1 = id + suite.Nil(err) + + rp2 := &model.RbacPolicy{ + Scope: "/project/1", + Resource: "repository", + Action: "push", + } + id2, err := suite.dao.CreateRbacPolicy(orm.Context(), rp2) + suite.rbacPolicyID2 = id2 + suite.Nil(err) + + rp3 := &model.RbacPolicy{ + Scope: "/project/1", + Resource: "repository", + Action: "pull", + } + id3, err := suite.dao.CreateRbacPolicy(orm.Context(), rp3) + suite.rbacPolicyID3 = id3 + suite.Nil(err) + + rp4 := &model.RbacPolicy{ + Scope: "/project/2", + Resource: "helm-chart", + Action: "create", + } + id4, err := suite.dao.CreateRbacPolicy(orm.Context(), rp4) + suite.rbacPolicyID4 = id4 + suite.Nil(err) +} + +func (suite *DaoTestSuite) TestCreatePermission() { + rp := &model.RolePermission{ + RoleType: "robot", + RoleID: 1, + RBACPolicyID: 2, + } + _, err := suite.dao.CreatePermission(orm.Context(), rp) + suite.Nil(err) +} + +func (suite *DaoTestSuite) TestDeletePermission() { + err := suite.dao.DeletePermission(orm.Context(), 1234) + suite.Require().NotNil(err) + suite.True(errors.IsErr(err, errors.NotFoundCode)) + + err = suite.dao.DeletePermission(orm.Context(), suite.permissionID2) + suite.Nil(err) +} + +func (suite *DaoTestSuite) TestListPermission() { + rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{ + Keywords: map[string]interface{}{ + "role_type": "robot", + "role_id": 1, + "rbac_policy_id": 4, + }, + }) + suite.Require().Nil(err) + suite.Equal(int64(4), rps[0].RBACPolicyID) +} + +func (suite *DaoTestSuite) TestDeletePermissionByRole() { + err := suite.dao.DeletePermissionByRole(orm.Context(), "serviceaccount", 2) + suite.Require().Nil(err) + + rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{ + Keywords: map[string]interface{}{ + "role_type": "serviceaccount", + "role_id": 2, + }, + }) + suite.Require().Nil(err) + suite.Equal(0, len(rps)) + +} + +func (suite *DaoTestSuite) TestCreateRbacPolicy() { + rp := &model.RbacPolicy{ + Scope: "/system", + Resource: "label", + Action: "create", + } + _, err := suite.dao.CreateRbacPolicy(orm.Context(), rp) + suite.Nil(err) +} + +func (suite *DaoTestSuite) TestDeleteRbacPolicy() { + err := suite.dao.DeleteRbacPolicy(orm.Context(), 1234) + suite.Require().NotNil(err) + suite.True(errors.IsErr(err, errors.NotFoundCode)) + + err = suite.dao.DeleteRbacPolicy(orm.Context(), suite.rbacPolicyID2) + suite.Nil(err) +} + +func (suite *DaoTestSuite) TestListRbacPolicy() { + rps, err := suite.dao.ListRbacPolicy(orm.Context(), &q.Query{ + Keywords: map[string]interface{}{ + "scope": "/project/1", + "resource": "repository", + "action": "pull", + }, + }) + suite.Require().Nil(err) + suite.Equal(suite.rbacPolicyID3, rps[0].ID) +} + +func (suite *DaoTestSuite) TestGetPermissionsByRole() { + rp := &model.RbacPolicy{ + Scope: "/system", + Resource: "label", + Action: "delete", + } + id, err := suite.dao.CreateRbacPolicy(orm.Context(), rp) + suite.Nil(err) + + rpe := &model.RolePermission{ + RoleType: "TestGetPermissionsByRole", + RoleID: 1, + RBACPolicyID: id, + } + _, err = suite.dao.CreatePermission(orm.Context(), rpe) + suite.Nil(err) + + rpes, err := suite.dao.GetPermissionsByRole(orm.Context(), "TestGetPermissionsByRole", 1) + suite.Nil(err) + fmt.Println(rpes[0]) + suite.Equal("/system", rpes[0].Scope) +} + +func TestDaoTestSuite(t *testing.T) { + suite.Run(t, &DaoTestSuite{}) +} diff --git a/src/pkg/rbac/manager.go b/src/pkg/rbac/manager.go new file mode 100644 index 000000000..9a7b635a0 --- /dev/null +++ b/src/pkg/rbac/manager.go @@ -0,0 +1,79 @@ +package rbac + +import ( + "context" + "github.com/goharbor/harbor/src/lib/q" + "github.com/goharbor/harbor/src/pkg/rbac/dao" + "github.com/goharbor/harbor/src/pkg/rbac/model" +) + +var ( + // Mgr is a global role permission/rbac policy manager instance + Mgr = NewManager() +) + +// Manager is the interface of role permission and rbac policy +type Manager interface { + // CreatePermission ... + CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) + // DeletePermission ... + DeletePermission(ctx context.Context, id int64) error + // ListPermission list role permissions according to the query. + ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) + // DeletePermissionByRole get permissions by role type and id + DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error + + // CreateRbacPolicy ... + CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) + // DeleteRbacPolicy ... + DeleteRbacPolicy(ctx context.Context, id int64) error + // ListRbacPolicy list RbacPolicy according to the query. + ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) + // GetPermissionsByRole ... + GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) +} + +// NewManager returns an instance of the default manager +func NewManager() Manager { + return &manager{ + dao.New(), + } +} + +var _ Manager = &manager{} + +type manager struct { + dao dao.DAO +} + +func (m *manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) { + return m.dao.CreatePermission(ctx, rp) +} + +func (m *manager) DeletePermission(ctx context.Context, id int64) error { + return m.dao.DeletePermission(ctx, id) +} + +func (m *manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) { + return m.dao.ListPermission(ctx, query) +} + +func (m *manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error { + return m.dao.DeletePermissionByRole(ctx, roleType, roleID) +} + +func (m *manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) { + return m.dao.CreateRbacPolicy(ctx, rp) +} + +func (m *manager) DeleteRbacPolicy(ctx context.Context, id int64) error { + return m.dao.DeleteRbacPolicy(ctx, id) +} + +func (m *manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) { + return m.dao.ListRbacPolicy(ctx, query) +} + +func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) { + return m.dao.GetPermissionsByRole(ctx, roleType, roleID) +} diff --git a/src/pkg/rbac/manager_test.go b/src/pkg/rbac/manager_test.go new file mode 100644 index 000000000..0ecfc5c4b --- /dev/null +++ b/src/pkg/rbac/manager_test.go @@ -0,0 +1,108 @@ +package rbac + +import ( + "context" + "github.com/goharbor/harbor/src/pkg/rbac/model" + "github.com/goharbor/harbor/src/testing/mock" + "github.com/goharbor/harbor/src/testing/pkg/rbac/dao" + "github.com/stretchr/testify/suite" + "testing" +) + +type managerTestSuite struct { + suite.Suite + mgr *manager + dao *dao.DAO +} + +func (m *managerTestSuite) SetupTest() { + m.dao = &dao.DAO{} + m.mgr = &manager{ + dao: m.dao, + } +} + +func (m *managerTestSuite) TestCreatePermission() { + m.dao.On("CreatePermission", mock.Anything, mock.Anything).Return(int64(1), nil) + _, err := m.mgr.CreatePermission(context.Background(), &model.RolePermission{}) + m.Require().Nil(err) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestDeletePermission() { + m.dao.On("DeletePermission", mock.Anything, mock.Anything).Return(nil) + err := m.mgr.DeletePermission(context.Background(), 1) + m.Require().Nil(err) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestListPermission() { + m.dao.On("ListPermission", mock.Anything, mock.Anything).Return([]*model.RolePermission{ + { + ID: 1, + RoleType: "robot", + RoleID: 2, + RBACPolicyID: 3, + }, + }, nil) + rpers, err := m.mgr.ListPermission(context.Background(), nil) + m.Require().Nil(err) + m.Equal(1, len(rpers)) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestDeletePermissionByRole() { + m.dao.On("DeletePermissionByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil) + err := m.mgr.DeletePermissionByRole(context.Background(), "robot", 1) + m.Require().Nil(err) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestCreateRbacPolicy() { + m.dao.On("CreateRbacPolicy", mock.Anything, mock.Anything).Return(int64(1), nil) + _, err := m.mgr.CreateRbacPolicy(context.Background(), &model.RbacPolicy{}) + m.Require().Nil(err) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestDeleteRbacPolicy() { + m.dao.On("DeleteRbacPolicy", mock.Anything, mock.Anything).Return(nil) + err := m.mgr.DeleteRbacPolicy(context.Background(), 1) + m.Require().Nil(err) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestListRbacPolicy() { + m.dao.On("ListRbacPolicy", mock.Anything, mock.Anything).Return([]*model.RbacPolicy{ + { + ID: 1, + Scope: "/system", + Resource: "repository", + Action: "create", + }, + }, nil) + rpers, err := m.mgr.ListRbacPolicy(context.Background(), nil) + m.Require().Nil(err) + m.Equal(1, len(rpers)) + m.dao.AssertExpectations(m.T()) +} + +func (m *managerTestSuite) TestGetPermissionsByRole() { + m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.RolePermissions{ + { + RoleType: "robot", + RoleID: 1, + Scope: "/system", + Resource: "repository", + Action: "create", + }, + }, nil) + rpers, err := m.mgr.GetPermissionsByRole(context.Background(), "robot", 1) + m.Require().Nil(err) + m.Equal(1, len(rpers)) + m.dao.AssertExpectations(m.T()) +} + +func TestManager(t *testing.T) { + suite.Run(t, &managerTestSuite{}) +} diff --git a/src/pkg/rbac/model/model.go b/src/pkg/rbac/model/model.go new file mode 100644 index 000000000..c37f99dfc --- /dev/null +++ b/src/pkg/rbac/model/model.go @@ -0,0 +1,50 @@ +package model + +import ( + "github.com/astaxie/beego/orm" + "time" +) + +func init() { + orm.RegisterModel(&RolePermission{}) + orm.RegisterModel(&RbacPolicy{}) +} + +// RolePermission records the relations of role and permission +type RolePermission struct { + ID int64 `orm:"pk;auto;column(id)"` + RoleType string `orm:"column(role_type)"` + RoleID int64 `orm:"column(role_id)"` + RBACPolicyID int64 `orm:"column(rbac_policy_id)"` + CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"` +} + +// TableName for role permission +func (rp *RolePermission) TableName() string { + return "role_permission" +} + +// RbacPolicy records the policy of rbac +type RbacPolicy struct { + ID int64 `orm:"pk;auto;column(id)"` + Scope string `orm:"column(scope)"` + Resource string `orm:"column(resource)"` + Action string `orm:"column(action)"` + Effect string `orm:"column(effect)"` + CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"` +} + +// TableName for rbac policy +func (rbacPolicy *RbacPolicy) TableName() string { + return "rbac_policy" +} + +// RolePermissions ... +type RolePermissions struct { + RoleType string `orm:"column(role_type)"` + RoleID int64 `orm:"column(role_id)"` + Scope string `orm:"column(scope)"` + Resource string `orm:"column(resource)"` + Action string `orm:"column(action)"` + Effect string `orm:"column(effect)"` +} diff --git a/src/testing/pkg/pkg.go b/src/testing/pkg/pkg.go index ac77baa81..c6d78c590 100644 --- a/src/testing/pkg/pkg.go +++ b/src/testing/pkg/pkg.go @@ -29,3 +29,5 @@ package pkg //go:generate mockery --case snake --dir ../../pkg/task --name ExecutionManager --output ./task --outpkg task //go:generate mockery --case snake --dir ../../pkg/user --name Manager --output ./user --outpkg user //go:generate mockery --case snake --dir ../../pkg/robot/dao --name RobotAccountDao --output ./robot/dao --outpkg dao +//go:generate mockery --case snake --dir ../../pkg/rbac --name Manager --output ./rbac --outpkg rbac +//go:generate mockery --case snake --dir ../../pkg/rbac/dao --name DAO --output ./rbac/dao --outpkg dao diff --git a/src/testing/pkg/rbac/dao/dao.go b/src/testing/pkg/rbac/dao/dao.go new file mode 100644 index 000000000..ed5af80dc --- /dev/null +++ b/src/testing/pkg/rbac/dao/dao.go @@ -0,0 +1,171 @@ +// Code generated by mockery v2.1.0. DO NOT EDIT. + +package dao + +import ( + context "context" + + mock "github.com/stretchr/testify/mock" + + model "github.com/goharbor/harbor/src/pkg/rbac/model" + + q "github.com/goharbor/harbor/src/lib/q" +) + +// DAO is an autogenerated mock type for the DAO type +type DAO struct { + mock.Mock +} + +// CreatePermission provides a mock function with given fields: ctx, rp +func (_m *DAO) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) { + ret := _m.Called(ctx, rp) + + var r0 int64 + if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok { + r0 = rf(ctx, rp) + } else { + r0 = ret.Get(0).(int64) + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok { + r1 = rf(ctx, rp) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRbacPolicy provides a mock function with given fields: ctx, rp +func (_m *DAO) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) { + ret := _m.Called(ctx, rp) + + var r0 int64 + if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok { + r0 = rf(ctx, rp) + } else { + r0 = ret.Get(0).(int64) + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok { + r1 = rf(ctx, rp) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeletePermission provides a mock function with given fields: ctx, id +func (_m *DAO) DeletePermission(ctx context.Context, id int64) error { + ret := _m.Called(ctx, id) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok { + r0 = rf(ctx, id) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID +func (_m *DAO) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error { + ret := _m.Called(ctx, roleType, roleID) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok { + r0 = rf(ctx, roleType, roleID) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRbacPolicy provides a mock function with given fields: ctx, id +func (_m *DAO) DeleteRbacPolicy(ctx context.Context, id int64) error { + ret := _m.Called(ctx, id) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok { + r0 = rf(ctx, id) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID +func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) { + ret := _m.Called(ctx, roleType, roleID) + + var r0 []*model.RolePermissions + if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok { + r0 = rf(ctx, roleType, roleID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RolePermissions) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok { + r1 = rf(ctx, roleType, roleID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListPermission provides a mock function with given fields: ctx, query +func (_m *DAO) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) { + ret := _m.Called(ctx, query) + + var r0 []*model.RolePermission + if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok { + r0 = rf(ctx, query) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RolePermission) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok { + r1 = rf(ctx, query) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRbacPolicy provides a mock function with given fields: ctx, query +func (_m *DAO) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) { + ret := _m.Called(ctx, query) + + var r0 []*model.RbacPolicy + if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok { + r0 = rf(ctx, query) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RbacPolicy) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok { + r1 = rf(ctx, query) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} diff --git a/src/testing/pkg/rbac/manager.go b/src/testing/pkg/rbac/manager.go new file mode 100644 index 000000000..cc291db0c --- /dev/null +++ b/src/testing/pkg/rbac/manager.go @@ -0,0 +1,170 @@ +// Code generated by mockery v2.1.0. DO NOT EDIT. + +package rbac + +import ( + context "context" + + model "github.com/goharbor/harbor/src/pkg/rbac/model" + mock "github.com/stretchr/testify/mock" + + q "github.com/goharbor/harbor/src/lib/q" +) + +// Manager is an autogenerated mock type for the Manager type +type Manager struct { + mock.Mock +} + +// CreatePermission provides a mock function with given fields: ctx, rp +func (_m *Manager) CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error) { + ret := _m.Called(ctx, rp) + + var r0 int64 + if rf, ok := ret.Get(0).(func(context.Context, *model.RolePermission) int64); ok { + r0 = rf(ctx, rp) + } else { + r0 = ret.Get(0).(int64) + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *model.RolePermission) error); ok { + r1 = rf(ctx, rp) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRbacPolicy provides a mock function with given fields: ctx, rp +func (_m *Manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) { + ret := _m.Called(ctx, rp) + + var r0 int64 + if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok { + r0 = rf(ctx, rp) + } else { + r0 = ret.Get(0).(int64) + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok { + r1 = rf(ctx, rp) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeletePermission provides a mock function with given fields: ctx, id +func (_m *Manager) DeletePermission(ctx context.Context, id int64) error { + ret := _m.Called(ctx, id) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok { + r0 = rf(ctx, id) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID +func (_m *Manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error { + ret := _m.Called(ctx, roleType, roleID) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string, int64) error); ok { + r0 = rf(ctx, roleType, roleID) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRbacPolicy provides a mock function with given fields: ctx, id +func (_m *Manager) DeleteRbacPolicy(ctx context.Context, id int64) error { + ret := _m.Called(ctx, id) + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, int64) error); ok { + r0 = rf(ctx, id) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID +func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) { + ret := _m.Called(ctx, roleType, roleID) + + var r0 []*model.RolePermissions + if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok { + r0 = rf(ctx, roleType, roleID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RolePermissions) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, string, int64) error); ok { + r1 = rf(ctx, roleType, roleID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListPermission provides a mock function with given fields: ctx, query +func (_m *Manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) { + ret := _m.Called(ctx, query) + + var r0 []*model.RolePermission + if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RolePermission); ok { + r0 = rf(ctx, query) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RolePermission) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok { + r1 = rf(ctx, query) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRbacPolicy provides a mock function with given fields: ctx, query +func (_m *Manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) { + ret := _m.Called(ctx, query) + + var r0 []*model.RbacPolicy + if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok { + r0 = rf(ctx, query) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*model.RbacPolicy) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(context.Context, *q.Query) error); ok { + r1 = rf(ctx, query) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +}