api_justification_test.go 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. package api
  2. import (
  3. "context"
  4. "testing"
  5. "time"
  6. "connectrpc.com/connect"
  7. "github.com/google/uuid"
  8. "github.com/stretchr/testify/assert"
  9. "github.com/stretchr/testify/require"
  10. apiv1 "github.com/OliveTin/OliveTin/gen/olivetin/api/v1"
  11. "github.com/OliveTin/OliveTin/internal/auth"
  12. config "github.com/OliveTin/OliveTin/internal/config"
  13. "github.com/OliveTin/OliveTin/internal/executor"
  14. )
  15. func TestStartActionRequiresJustificationForGuest(t *testing.T) {
  16. cfg := config.DefaultConfig()
  17. action := &config.Action{
  18. Title: "Send email",
  19. ID: "send_email",
  20. Justification: true,
  21. Shell: "echo done",
  22. }
  23. cfg.Actions = append(cfg.Actions, action)
  24. ex := executor.DefaultExecutor(cfg)
  25. ex.RebuildActionMap()
  26. binding := ex.FindBindingWithNoEntity(action)
  27. require.NotNil(t, binding)
  28. ts, client := getNewTestServerAndClientWithExecutor(cfg, ex)
  29. defer ts.Close()
  30. _, err := client.StartAction(context.Background(), connect.NewRequest(&apiv1.StartActionRequest{
  31. BindingId: binding.ID,
  32. UniqueTrackingId: uuid.NewString(),
  33. }))
  34. require.Error(t, err)
  35. assert.Equal(t, connect.CodeInvalidArgument, connect.CodeOf(err))
  36. resp, err := client.StartAction(context.Background(), connect.NewRequest(&apiv1.StartActionRequest{
  37. BindingId: binding.ID,
  38. UniqueTrackingId: uuid.NewString(),
  39. Justification: "New user registration foo@example.com",
  40. }))
  41. require.NoError(t, err)
  42. require.NotEmpty(t, resp.Msg.ExecutionTrackingId)
  43. time.Sleep(200 * time.Millisecond)
  44. entry, ok := ex.GetLog(resp.Msg.ExecutionTrackingId)
  45. require.True(t, ok)
  46. assert.Equal(t, "New user registration foo@example.com", entry.Justification)
  47. }
  48. func TestBuildActionExposesJustificationFlag(t *testing.T) {
  49. cfg := config.DefaultConfig()
  50. action := &config.Action{
  51. Title: "Audited action",
  52. ID: "audited",
  53. Justification: true,
  54. Shell: "echo hi",
  55. }
  56. cfg.Actions = append(cfg.Actions, action)
  57. ex := executor.DefaultExecutor(cfg)
  58. ex.RebuildActionMap()
  59. binding := ex.FindBindingWithNoEntity(action)
  60. require.NotNil(t, binding)
  61. pb := buildAction(binding, &DashboardRenderRequest{
  62. cfg: cfg,
  63. ex: ex,
  64. })
  65. require.NotNil(t, pb)
  66. assert.True(t, pb.Justification)
  67. }
  68. func TestValidateJustificationRequiredAllowsSystemUser(t *testing.T) {
  69. cfg := config.DefaultConfig()
  70. action := &config.Action{Title: "Cron job", Justification: true}
  71. err := validateJustificationRequired(action, "", auth.UserFromSystem(cfg, "cron"))
  72. require.NoError(t, err)
  73. }