mirror of
https://github.com/VinylDNS/vinyldns
synced 2025-08-22 10:10:12 +00:00
Rebecca Star
GitHub
parent
708b2430ea
commit
cc430ce90c
@ -212,7 +212,9 @@ lazy val api = (project in file("modules/api"))
|
||||
.settings(allApiSettings)
|
||||
.settings(headerSettings(IntegrationTest))
|
||||
.settings(inConfig(IntegrationTest)(scalafmtConfigSettings))
|
||||
.dependsOn(core, dynamodb % "compile->compile;it->it", mysql % "compile->compile;it->it")
|
||||
.dependsOn(core % "compile->compile;test->test",
|
||||
dynamodb % "compile->compile;it->it",
|
||||
mysql % "compile->compile;it->it")
|
||||
.dependsOn(sqs % "compile->compile;it->it")
|
||||
|
||||
val killDocker = TaskKey[Unit]("killDocker", "Kills all vinyldns docker containers")
|
||||
|
||||
@ -22,6 +22,7 @@ import org.joda.time.DateTime
|
||||
import vinyldns.api.domain.record.{ListRecordSetChangesResponse, RecordSetChangeGenerator}
|
||||
import vinyldns.api.domain.zone._
|
||||
import vinyldns.api.repository.TestDataLoader
|
||||
import vinyldns.core.TestRecordSetData
|
||||
import vinyldns.core.domain.auth.AuthPrincipal
|
||||
import vinyldns.core.domain.membership.{Group, User}
|
||||
import vinyldns.core.domain.record._
|
||||
@ -38,8 +39,6 @@ trait VinylDNSTestData {
|
||||
adminUserIds = Set(usr.id),
|
||||
created = DateTime.now.secondOfDay().roundFloorCopy())
|
||||
val okAuth: AuthPrincipal = AuthPrincipal(TestDataLoader.okUser, Seq(grp.id))
|
||||
val notAuth: AuthPrincipal = AuthPrincipal(TestDataLoader.dummyUser, Seq.empty)
|
||||
val lockedAuth: AuthPrincipal = AuthPrincipal(TestDataLoader.lockedUser, Seq.empty)
|
||||
|
||||
val testConnection: Option[ZoneConnection] = Some(
|
||||
ZoneConnection("vinyldns.", "vinyldns.", "nzisn+4G2ldMn0q1CV3vsg==", "10.1.1.1"))
|
||||
@ -58,45 +57,13 @@ trait VinylDNSTestData {
|
||||
val zoneIp4: Zone = okZone.copy(name = "0.162.198.in-addr.arpa.")
|
||||
val zoneIp6: Zone = okZone.copy(name = "1.9.e.f.c.c.7.2.9.6.d.f.ip6.arpa.")
|
||||
|
||||
val rsOk: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"ok",
|
||||
RecordType.A,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AData("10.1.1.1")))
|
||||
val rsOk: RecordSet = TestRecordSetData.rsOk
|
||||
|
||||
val aaaa: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"aaaa",
|
||||
RecordType.AAAA,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
val aaaa: RecordSet = TestRecordSetData.aaaa
|
||||
|
||||
val validAAAAToOrigin: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"@",
|
||||
RecordType.AAAA,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
val validAAAAToOrigin: RecordSet = TestRecordSetData.aaaaOrigin
|
||||
|
||||
val cname: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"cname",
|
||||
RecordType.CNAME,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(CNAMEData("cname")))
|
||||
val cname: RecordSet = TestRecordSetData.cname
|
||||
|
||||
val invalidCnameToOrigin: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
@ -118,25 +85,9 @@ trait VinylDNSTestData {
|
||||
None,
|
||||
List(NSData("nsdata")))
|
||||
|
||||
val ptrIp4: RecordSet = RecordSet(
|
||||
zoneIp4.id,
|
||||
"30",
|
||||
RecordType.PTR,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(PTRData("ptr")))
|
||||
val ptrIp4: RecordSet = TestRecordSetData.ptrIp4
|
||||
|
||||
val ptrIp6: RecordSet = RecordSet(
|
||||
zoneIp6.id,
|
||||
"4.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",
|
||||
RecordType.PTR,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(PTRData("ptr")))
|
||||
val ptrIp6: RecordSet = TestRecordSetData.ptrIp6
|
||||
|
||||
val soa: RecordSet = RecordSet(
|
||||
ptrIp4.name,
|
||||
@ -148,35 +99,11 @@ trait VinylDNSTestData {
|
||||
None,
|
||||
List(SOAData("something", "other", 1, 2, 3, 5, 6)))
|
||||
|
||||
val srv: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"srv",
|
||||
RecordType.SRV,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(SRVData(1, 2, 3, "target")))
|
||||
val srv: RecordSet = TestRecordSetData.srv
|
||||
|
||||
val ns: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
okZone.name,
|
||||
RecordType.NS,
|
||||
300,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
records = List(NSData("ns1.test.com"), NSData("ns2.test.com")))
|
||||
val ns: RecordSet = TestRecordSetData.ns
|
||||
|
||||
val mx: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"mx",
|
||||
RecordType.MX,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(MXData(3, "mx")))
|
||||
val mx: RecordSet = TestRecordSetData.mx
|
||||
|
||||
val txt: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
@ -217,16 +144,6 @@ trait VinylDNSTestData {
|
||||
val notAuthorizedAuth: AuthPrincipal =
|
||||
okAuth.copy(signedInUser = okAuth.signedInUser.copy(userName = "not auth", id = "not auth"))
|
||||
|
||||
val abcRecord: RecordSet = RecordSet(
|
||||
abcZone.id,
|
||||
"aaaa",
|
||||
RecordType.AAAA,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
|
||||
val pendingCreateAAAA: RecordSetChange = RecordSetChangeGenerator.forAdd(aaaa, zoneActive, okAuth)
|
||||
val pendingCreateCNAME: RecordSetChange =
|
||||
RecordSetChangeGenerator.forAdd(cname, zoneActive, okAuth)
|
||||
@ -240,8 +157,6 @@ trait VinylDNSTestData {
|
||||
val completeChangeSet: ChangeSet = ChangeSet(Seq(completeCreateAAAA, completeCreateCNAME))
|
||||
val completeCreateNS: RecordSetChange =
|
||||
pendingCreateNS.copy(status = RecordSetChangeStatus.Complete)
|
||||
val completeRecordSetChanges: List[RecordSetChange] =
|
||||
List(pendingCreateAAAA, pendingCreateCNAME, completeCreateAAAA, completeCreateCNAME)
|
||||
|
||||
val listZoneChangesResponse: ListZoneChangesResponse = ListZoneChangesResponse(
|
||||
zoneActive.id,
|
||||
|
||||
@ -19,10 +19,13 @@ package vinyldns.api.domain
|
||||
import cats.scalatest.EitherMatchers
|
||||
import org.joda.time.DateTime
|
||||
import org.scalatest.mockito.MockitoSugar
|
||||
import org.scalatest.{BeforeAndAfterEach, Matchers, WordSpecLike}
|
||||
import org.scalatest.{Matchers, WordSpecLike}
|
||||
import vinyldns.core.domain.record._
|
||||
import vinyldns.api.domain.zone.{NotAuthorizedError, RecordSetInfo}
|
||||
import vinyldns.api.{GroupTestData, ResultHelpers, VinylDNSTestData}
|
||||
import vinyldns.api.ResultHelpers
|
||||
import vinyldns.core.TestMembershipData._
|
||||
import vinyldns.core.TestZoneData._
|
||||
import vinyldns.core.TestRecordSetData._
|
||||
import vinyldns.core.domain.auth.AuthPrincipal
|
||||
import vinyldns.core.domain.zone.{ACLRule, AccessLevel, Zone, ZoneACL}
|
||||
|
||||
@ -30,16 +33,13 @@ class AccessValidationsSpec
|
||||
extends WordSpecLike
|
||||
with Matchers
|
||||
with MockitoSugar
|
||||
with BeforeAndAfterEach
|
||||
with ResultHelpers
|
||||
with GroupTestData
|
||||
with VinylDNSTestData
|
||||
with EitherMatchers {
|
||||
|
||||
private val userReadAcl =
|
||||
ACLRule(AccessLevel.Read, userId = Some(okUserAuth.userId), groupId = None)
|
||||
ACLRule(AccessLevel.Read, userId = Some(okAuth.userId), groupId = None)
|
||||
private val userWriteAcl =
|
||||
ACLRule(AccessLevel.Write, userId = Some(okUserAuth.userId), groupId = None)
|
||||
ACLRule(AccessLevel.Write, userId = Some(okAuth.userId), groupId = None)
|
||||
private val groupReadAcl = ACLRule(AccessLevel.Read, userId = None, groupId = Some(okGroup.id))
|
||||
private val groupWriteAcl = ACLRule(AccessLevel.Write, userId = None, groupId = Some(okGroup.id))
|
||||
private val allReadACL = ACLRule(AccessLevel.Read, userId = None, groupId = None)
|
||||
@ -55,76 +55,76 @@ class AccessValidationsSpec
|
||||
private val userAuthNone = AuthPrincipal(userAccessNone, groupIds)
|
||||
private val userAclNone =
|
||||
ACLRule(AccessLevel.NoAccess, userId = Some(userAuthNone.userId), groupId = None)
|
||||
private val zoneInNone = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAclNone)))
|
||||
private val zoneInNone = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAclNone)))
|
||||
|
||||
private val userAccessRead = okUser.copy(id = "ReadAccess")
|
||||
private val userAuthRead = AuthPrincipal(userAccessRead, groupIds)
|
||||
private val userAclRead =
|
||||
ACLRule(AccessLevel.Read, userId = Some(userAuthRead.userId), groupId = None)
|
||||
private val zoneInRead = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAclRead)))
|
||||
private val zoneInRead = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAclRead)))
|
||||
|
||||
private val userAccessWrite = okUser.copy(id = "WriteAccess")
|
||||
private val userAuthWrite = AuthPrincipal(userAccessWrite, groupIds)
|
||||
private val userAclWrite =
|
||||
ACLRule(AccessLevel.Write, userId = Some(userAuthWrite.userId), groupId = None)
|
||||
private val zoneInWrite = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAclWrite)))
|
||||
private val zoneInWrite = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAclWrite)))
|
||||
|
||||
private val userAccessDelete = okUser.copy(id = "DeleteAccess")
|
||||
private val userAuthDelete = AuthPrincipal(userAccessDelete, groupIds)
|
||||
private val userAclDelete =
|
||||
ACLRule(AccessLevel.Delete, userId = Some(userAuthDelete.userId), groupId = None)
|
||||
private val zoneInDelete = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAclDelete)))
|
||||
private val zoneInDelete = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAclDelete)))
|
||||
|
||||
"canSeeZone" should {
|
||||
"return a NotAuthorizedError if the user is not admin or super user with no acl rules" in {
|
||||
val error = leftValue(accessValidationTest.canSeeZone(okUserAuth, memberZoneNotAuthorized))
|
||||
val error = leftValue(accessValidationTest.canSeeZone(okAuth, zoneNotAuthorized))
|
||||
error shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
|
||||
"return true if the user is an admin or super user" in {
|
||||
val auth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSuper = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSuper = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
accessValidationTest.canSeeZone(auth, memberOkZoneAuthorized) should be(right)
|
||||
accessValidationTest.canSeeZone(auth, okZone) should be(right)
|
||||
}
|
||||
|
||||
"return true if there is an acl rule for the user in the zone" in {
|
||||
val rule = ACLRule(AccessLevel.Read, userId = Some(okUserAuth.userId))
|
||||
val zoneIn = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(rule)))
|
||||
val rule = ACLRule(AccessLevel.Read, userId = Some(okAuth.userId))
|
||||
val zoneIn = zoneNotAuthorized.copy(acl = ZoneACL(Set(rule)))
|
||||
|
||||
accessValidationTest.canSeeZone(okUserAuth, zoneIn) should be(right)
|
||||
accessValidationTest.canSeeZone(okAuth, zoneIn) should be(right)
|
||||
}
|
||||
|
||||
"return true if the user is a support admin" in {
|
||||
val supportAuth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
accessValidationTest.canSeeZone(supportAuth, memberOkZoneAuthorized) should be(right)
|
||||
accessValidationTest.canSeeZone(supportAuth, okZone) should be(right)
|
||||
}
|
||||
}
|
||||
|
||||
"canChangeZone" should {
|
||||
"return a NotAuthorizedError if the user is not admin or super user" in {
|
||||
val error = leftValue(accessValidationTest.canChangeZone(okUserAuth, memberZoneNotAuthorized))
|
||||
val error = leftValue(accessValidationTest.canChangeZone(okAuth, zoneNotAuthorized))
|
||||
error shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
|
||||
"return true if the user is an admin or super user" in {
|
||||
accessValidationTest.canChangeZone(okUserAuth, memberOkZoneAuthorized) should be(right)
|
||||
accessValidationTest.canChangeZone(okAuth, okZone) should be(right)
|
||||
}
|
||||
|
||||
"return true if the user is an admin and a support user" in {
|
||||
val auth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq(okGroup.id))
|
||||
accessValidationTest.canChangeZone(auth, memberOkZoneAuthorized) should be(right)
|
||||
accessValidationTest.canChangeZone(auth, okZone) should be(right)
|
||||
}
|
||||
|
||||
"return a NotAuthorizedError if the user is a support user only" in {
|
||||
val auth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
val error = leftValue(accessValidationTest.canChangeZone(auth, memberOkZoneAuthorized))
|
||||
val error = leftValue(accessValidationTest.canChangeZone(auth, okZone))
|
||||
error shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
}
|
||||
@ -168,9 +168,9 @@ class AccessValidationsSpec
|
||||
|
||||
"return true if recordset is NS and user is a superuser" in {
|
||||
val auth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSuper = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSuper = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
accessValidationTest.canAddRecordSet(auth, ns.name, ns.typ, memberZoneNotAuthorized) should be(
|
||||
accessValidationTest.canAddRecordSet(auth, ns.name, ns.typ, zoneNotAuthorized) should be(
|
||||
right)
|
||||
}
|
||||
|
||||
@ -221,7 +221,7 @@ class AccessValidationsSpec
|
||||
val userAccess = okUser.copy(id = "Delete")
|
||||
val userAuth = AuthPrincipal(userAccess, groupIds)
|
||||
val userAcl = ACLRule(AccessLevel.Delete, userId = Some(userAuth.userId), groupId = None)
|
||||
val zoneIn = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
val zoneIn = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
accessValidationTest.canUpdateRecordSet(
|
||||
userAuth,
|
||||
mockRecordSet.name,
|
||||
@ -310,36 +310,33 @@ class AccessValidationsSpec
|
||||
"getAccessLevel" should {
|
||||
"return AccessLevel.Delete if the user is admin/super" in {
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessLevel(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
memberOkZoneAuthorized)
|
||||
val result =
|
||||
accessValidationTest.getAccessLevel(okAuth, mockRecordSet.name, mockRecordSet.typ, okZone)
|
||||
result shouldBe AccessLevel.Delete
|
||||
}
|
||||
|
||||
"return AccessLevel.Read if the user is support only" in {
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val supportAuth = okGroupAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
val supportAuth = okAuth.copy(
|
||||
signedInUser = okAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
val result = accessValidationTest.getAccessLevel(
|
||||
supportAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
memberOkZoneAuthorized)
|
||||
okZone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
"return the result of getAccessLevel if the user is support but also an admin" in {
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val supportAuth =
|
||||
okGroupAuth.copy(signedInUser = okGroupAuth.signedInUser.copy(isSupport = true))
|
||||
okAuth.copy(signedInUser = okAuth.signedInUser.copy(isSupport = true))
|
||||
val result = accessValidationTest.getAccessLevel(
|
||||
supportAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
memberOkZoneAuthorized)
|
||||
okZone)
|
||||
result shouldBe AccessLevel.Delete
|
||||
}
|
||||
|
||||
@ -348,7 +345,7 @@ class AccessValidationsSpec
|
||||
val userAccess = okUser.copy(id = "Write", isSupport = true)
|
||||
val userAuth = AuthPrincipal(userAccess, groupIds)
|
||||
val userAcl = ACLRule(AccessLevel.Write, userId = Some(userAuth.userId), groupId = None)
|
||||
val zoneIn = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
val zoneIn = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
|
||||
val result =
|
||||
accessValidationTest.getAccessLevel(userAuth, mockRecordSet.name, mockRecordSet.typ, zoneIn)
|
||||
@ -360,7 +357,7 @@ class AccessValidationsSpec
|
||||
val userAccess = okUser.copy(id = "Read")
|
||||
val userAuth = AuthPrincipal(userAccess, groupIds)
|
||||
val userAcl = ACLRule(AccessLevel.Read, userId = Some(userAuth.userId), groupId = None)
|
||||
val zoneIn = memberZoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
val zoneIn = zoneNotAuthorized.copy(acl = ZoneACL(Set(userAcl)))
|
||||
|
||||
val result =
|
||||
accessValidationTest.getAccessLevel(userAuth, mockRecordSet.name, mockRecordSet.typ, zoneIn)
|
||||
@ -375,11 +372,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Write
|
||||
}
|
||||
|
||||
@ -388,11 +382,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
@ -401,11 +392,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
@ -414,11 +402,8 @@ class AccessValidationsSpec
|
||||
val zoneAcl = ZoneACL()
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.NoAccess
|
||||
}
|
||||
|
||||
@ -427,11 +412,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.NoAccess
|
||||
}
|
||||
|
||||
@ -440,11 +422,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Write
|
||||
}
|
||||
|
||||
@ -453,11 +432,8 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Write
|
||||
}
|
||||
|
||||
@ -466,101 +442,92 @@ class AccessValidationsSpec
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val mockRecordSet = mock[RecordSet]
|
||||
val result = accessValidationTest.getAccessFromAcl(
|
||||
okUserAuth,
|
||||
mockRecordSet.name,
|
||||
mockRecordSet.typ,
|
||||
zone)
|
||||
val result =
|
||||
accessValidationTest.getAccessFromAcl(okAuth, mockRecordSet.name, mockRecordSet.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
"apply to specific record type" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"ok",
|
||||
RecordType.A,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now)
|
||||
val aclRuleA =
|
||||
ACLRule(AccessLevel.Read, userId = Some(okUserAuth.userId), recordTypes = Set(RecordType.A))
|
||||
ACLRule(AccessLevel.Read, userId = Some(okAuth.userId), recordTypes = Set(RecordType.A))
|
||||
|
||||
val zoneAcl = ZoneACL(Set(aclRuleA))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
"not apply to all if record type specified" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"ok",
|
||||
RecordType.A,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now)
|
||||
val aclRuleA = ACLRule(
|
||||
AccessLevel.Read,
|
||||
userId = Some(okUserAuth.userId),
|
||||
recordTypes = Set(RecordType.AAAA))
|
||||
val aclRuleA =
|
||||
ACLRule(AccessLevel.Read, userId = Some(okAuth.userId), recordTypes = Set(RecordType.AAAA))
|
||||
|
||||
val zoneAcl = ZoneACL(Set(aclRuleA))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.NoAccess
|
||||
}
|
||||
|
||||
"prioritize more specific record type lists" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"ok",
|
||||
RecordType.A,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now)
|
||||
val aclRuleA = ACLRule(
|
||||
AccessLevel.Write,
|
||||
userId = Some(okUserAuth.userId),
|
||||
recordTypes = Set(RecordType.A))
|
||||
val aclRuleA =
|
||||
ACLRule(AccessLevel.Write, userId = Some(okAuth.userId), recordTypes = Set(RecordType.A))
|
||||
val aclRuleMany = ACLRule(
|
||||
AccessLevel.Read,
|
||||
userId = Some(okUserAuth.userId),
|
||||
userId = Some(okAuth.userId),
|
||||
recordTypes = Set(RecordType.A, RecordType.AAAA))
|
||||
|
||||
val zoneAcl = ZoneACL(Set(aclRuleA, aclRuleMany))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.Write
|
||||
}
|
||||
|
||||
"prioritize record type lists over all" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"ok",
|
||||
RecordType.A,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now)
|
||||
val aclRuleA = ACLRule(
|
||||
AccessLevel.Write,
|
||||
userId = Some(okUserAuth.userId),
|
||||
recordTypes = Set(RecordType.A))
|
||||
val aclRuleA =
|
||||
ACLRule(AccessLevel.Write, userId = Some(okAuth.userId), recordTypes = Set(RecordType.A))
|
||||
val aclRuleAll =
|
||||
ACLRule(AccessLevel.Read, userId = Some(okUserAuth.userId), recordTypes = Set())
|
||||
ACLRule(AccessLevel.Read, userId = Some(okAuth.userId), recordTypes = Set())
|
||||
|
||||
val zoneAcl = ZoneACL(Set(aclRuleA, aclRuleAll))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.Write
|
||||
}
|
||||
|
||||
"filter in based on record mask" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"rsname",
|
||||
RecordType.A,
|
||||
200,
|
||||
@ -571,13 +538,13 @@ class AccessValidationsSpec
|
||||
val zoneAcl = ZoneACL(Set(aclRule))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
|
||||
"exclude records based on record mask" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"rsname",
|
||||
RecordType.A,
|
||||
200,
|
||||
@ -588,13 +555,13 @@ class AccessValidationsSpec
|
||||
val zoneAcl = ZoneACL(Set(aclRule))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.NoAccess
|
||||
}
|
||||
|
||||
"prioritize a record mask over apply to all" in {
|
||||
val rs = RecordSet(
|
||||
memberZoneNotAuthorized.id,
|
||||
zoneNotAuthorized.id,
|
||||
"rsname",
|
||||
RecordType.A,
|
||||
200,
|
||||
@ -606,7 +573,7 @@ class AccessValidationsSpec
|
||||
val zoneAcl = ZoneACL(Set(aclRuleAll, aclRuleRM))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.Read
|
||||
}
|
||||
}
|
||||
@ -671,7 +638,7 @@ class AccessValidationsSpec
|
||||
val zoneAcl = ZoneACL(Set(aclRule))
|
||||
val zone = Zone("name", "email", acl = zoneAcl)
|
||||
|
||||
val result = accessValidationTest.getAccessFromAcl(okUserAuth, rs.name, rs.typ, zone)
|
||||
val result = accessValidationTest.getAccessFromAcl(okAuth, rs.name, rs.typ, zone)
|
||||
result shouldBe AccessLevel.NoAccess
|
||||
}
|
||||
}
|
||||
@ -769,7 +736,7 @@ class AccessValidationsSpec
|
||||
val zone = Zone("test", "test", adminGroupId = okGroup.id)
|
||||
val recordList = List(rsOk.copy(zoneId = zone.id))
|
||||
|
||||
val result = accessValidationTest.getListAccessLevels(okUserAuth, recordList, zone)
|
||||
val result = accessValidationTest.getListAccessLevels(okAuth, recordList, zone)
|
||||
|
||||
val expected = recordList.map(RecordSetInfo(_, AccessLevel.Delete))
|
||||
result shouldBe expected
|
||||
@ -781,7 +748,7 @@ class AccessValidationsSpec
|
||||
}
|
||||
val zone = Zone("test", "test")
|
||||
|
||||
val result = accessValidationTest.getListAccessLevels(okUserAuth, recordList, zone)
|
||||
val result = accessValidationTest.getListAccessLevels(okAuth, recordList, zone)
|
||||
|
||||
val expected = recordList.map(RecordSetInfo(_, AccessLevel.NoAccess))
|
||||
result shouldBe expected
|
||||
@ -789,7 +756,7 @@ class AccessValidationsSpec
|
||||
|
||||
"return access level Read if there is no ACL rule for the user and user is a support admin" in {
|
||||
val supportAuth = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
signedInUser = okAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
|
||||
val recordList = List("rs1", "rs2", "rs3").map {
|
||||
@ -811,13 +778,13 @@ class AccessValidationsSpec
|
||||
val recordList = List(rs1, rs2, rs3)
|
||||
|
||||
val rs1Rule =
|
||||
ACLRule(AccessLevel.Write, userId = Some(okUserAuth.userId), recordMask = Some("rs1"))
|
||||
ACLRule(AccessLevel.Write, userId = Some(okAuth.userId), recordMask = Some("rs1"))
|
||||
val rs2Rule =
|
||||
ACLRule(AccessLevel.NoAccess, groupId = Some(okGroup.id), recordMask = Some("rs2"))
|
||||
val aclRules = ZoneACL(Set(groupReadAcl, rs1Rule, rs2Rule))
|
||||
val zone = Zone("test", "test", acl = aclRules)
|
||||
|
||||
val result = accessValidationTest.getListAccessLevels(okUserAuth, recordList, zone)
|
||||
val result = accessValidationTest.getListAccessLevels(okAuth, recordList, zone)
|
||||
|
||||
val expected = List(
|
||||
RecordSetInfo(rs1, AccessLevel.Write),
|
||||
|
||||
@ -20,8 +20,6 @@ import cats.data.Validated.Valid
|
||||
import cats.implicits._
|
||||
import cats.scalatest.ValidatedMatchers
|
||||
import org.joda.time.DateTime
|
||||
import org.scalatest.concurrent.Eventually
|
||||
import org.scalatest.mockito.MockitoSugar
|
||||
import org.scalatest.{BeforeAndAfterEach, EitherValues, Matchers, WordSpec}
|
||||
import vinyldns.api.ValidatedBatchMatcherImprovements._
|
||||
import vinyldns.api._
|
||||
@ -33,19 +31,14 @@ import vinyldns.core.domain.zone.Zone
|
||||
import vinyldns.api.domain.{AccessValidations, _}
|
||||
import vinyldns.api.repository.{EmptyRecordSetRepo, EmptyZoneRepo, InMemoryBatchChangeRepository}
|
||||
import cats.effect._
|
||||
import vinyldns.core.domain.auth.AuthPrincipal
|
||||
import vinyldns.core.TestMembershipData._
|
||||
import vinyldns.core.domain.batch.{BatchChange, SingleAddChange, SingleChangeStatus}
|
||||
import vinyldns.core.domain.membership.Group
|
||||
|
||||
class BatchChangeServiceSpec
|
||||
extends WordSpec
|
||||
with Matchers
|
||||
with MockitoSugar
|
||||
with VinylDNSTestData
|
||||
with Eventually
|
||||
with CatsHelpers
|
||||
with BeforeAndAfterEach
|
||||
with GroupTestData
|
||||
with EitherValues
|
||||
with ValidatedMatchers {
|
||||
|
||||
@ -71,13 +64,9 @@ class BatchChangeServiceSpec
|
||||
private val ptrAdd = AddChangeInput("10.144.55.11", RecordType.PTR, 100, PTRData("ptr"))
|
||||
private val ptrAdd2 = AddChangeInput("10.144.55.255", RecordType.PTR, 100, PTRData("ptr"))
|
||||
|
||||
private val authGrp = Group(
|
||||
"ok",
|
||||
"test@test.com",
|
||||
Some("a test group"),
|
||||
memberIds = Set(usr.id),
|
||||
adminUserIds = Set(usr.id))
|
||||
private val auth = AuthPrincipal(usr, Seq(authGrp.id))
|
||||
private val authGrp = okGroup
|
||||
private val auth = okAuth
|
||||
private val notAuth = dummyAuth
|
||||
|
||||
private val apexZone = Zone("apex.test.com.", "email", id = "apex", adminGroupId = authGrp.id)
|
||||
private val baseZone = Zone("test.com.", "email", id = "base", adminGroupId = authGrp.id)
|
||||
|
||||
@ -21,10 +21,12 @@ import cats.scalatest.ValidatedMatchers
|
||||
import org.scalacheck.Gen
|
||||
import org.scalatest.prop.GeneratorDrivenPropertyChecks
|
||||
import org.scalatest.{EitherValues, Matchers, PropSpec}
|
||||
import vinyldns.api.{VinylDNSTestData}
|
||||
import vinyldns.api.domain.batch.BatchTransformations._
|
||||
import vinyldns.api.domain.{AccessValidations, _}
|
||||
import vinyldns.api.repository.TestDataLoader
|
||||
import vinyldns.core.TestZoneData._
|
||||
import vinyldns.core.TestRecordSetData._
|
||||
import vinyldns.core.TestMembershipData._
|
||||
import vinyldns.core.domain.auth.AuthPrincipal
|
||||
import vinyldns.core.domain.record._
|
||||
import vinyldns.core.domain.zone.{ACLRule, AccessLevel, Zone, ZoneStatus}
|
||||
|
||||
@ -35,8 +37,7 @@ class BatchChangeValidationsSpec
|
||||
with Matchers
|
||||
with GeneratorDrivenPropertyChecks
|
||||
with EitherValues
|
||||
with ValidatedMatchers
|
||||
with VinylDNSTestData {
|
||||
with ValidatedMatchers {
|
||||
|
||||
import Gen._
|
||||
import vinyldns.api.DomainGenerator._
|
||||
@ -52,13 +53,13 @@ class BatchChangeValidationsSpec
|
||||
"test@test.com",
|
||||
status = ZoneStatus.Active,
|
||||
connection = testConnection,
|
||||
adminGroupId = grp.id)
|
||||
adminGroupId = okGroup.id)
|
||||
private val validIp4ReverseZone = Zone(
|
||||
"2.0.192.in-addr.arpa",
|
||||
"test@test.com",
|
||||
status = ZoneStatus.Active,
|
||||
connection = testConnection,
|
||||
adminGroupId = grp.id)
|
||||
adminGroupId = okGroup.id)
|
||||
|
||||
private val validAChangeGen: Gen[AddChangeInput] = for {
|
||||
fqdn <- domainGenerator
|
||||
@ -81,7 +82,7 @@ class BatchChangeValidationsSpec
|
||||
addChangeInput <- AddChangeInput(recordName, rs.typ, rs.ttl, rs.records.head)
|
||||
} yield AddChangeForValidation(validZone, recordName, addChangeInput)
|
||||
|
||||
private val recordSetList = List(rsOk, aaaa, validAAAAToOrigin, abcRecord)
|
||||
private val recordSetList = List(rsOk, aaaa, aaaaOrigin, abcRecord)
|
||||
|
||||
private def validBatchChangeInput(min: Int, max: Int): Gen[BatchChangeInput] =
|
||||
for {
|
||||
@ -130,7 +131,7 @@ class BatchChangeValidationsSpec
|
||||
}
|
||||
|
||||
property("""validateInputName: should fail with a HighValueDomainError
|
||||
|if inputName is a High Value Domain""".stripMargin) {
|
||||
|if inputName is a High Value Domain""".stripMargin) {
|
||||
val changeA = AddChangeInput("high-value-domain.foo.", RecordType.A, 300, AData("1.1.1.1"))
|
||||
val changeIpV4 = AddChangeInput("192.0.2.252", RecordType.PTR, 300, PTRData("test."))
|
||||
val changeIpV6 =
|
||||
@ -284,7 +285,7 @@ class BatchChangeValidationsSpec
|
||||
|
||||
property(
|
||||
"validateChangesWithContext: should properly validate with mix of success and failure inputs") {
|
||||
val authZone = okZone.copy(adminGroupId = grp.id)
|
||||
val authZone = okZone
|
||||
val reverseZone = okZone.copy(name = "2.0.192.in-addr.arpa.")
|
||||
val addA1 = AddChangeForValidation(
|
||||
authZone,
|
||||
@ -710,7 +711,7 @@ class BatchChangeValidationsSpec
|
||||
val result = validateChangesWithContext(
|
||||
List(addA.validNel),
|
||||
ExistingRecordSets(recordSetList),
|
||||
notAuth.copy(TestDataLoader.dummyUser.copy(isSuper = true)))
|
||||
AuthPrincipal(superUser, Seq.empty))
|
||||
|
||||
result(0) shouldBe valid
|
||||
}
|
||||
@ -827,7 +828,7 @@ class BatchChangeValidationsSpec
|
||||
val result = validateChangesWithContext(
|
||||
List(deleteA.validNel),
|
||||
ExistingRecordSets(List(existingDeleteRecord)),
|
||||
notAuth.copy(TestDataLoader.dummyUser.copy(isSuper = true)))
|
||||
AuthPrincipal(superUser, Seq.empty))
|
||||
result(0) shouldBe valid
|
||||
}
|
||||
|
||||
|
||||
@ -25,8 +25,12 @@ import vinyldns.api.domain.{AccessValidations, HighValueDomainError}
|
||||
import vinyldns.api.domain.record.RecordSetHelpers._
|
||||
import vinyldns.api.domain.zone._
|
||||
import vinyldns.api.route.ListRecordSetsResponse
|
||||
import vinyldns.api.{GroupTestData, ResultHelpers, VinylDNSTestData}
|
||||
import vinyldns.api.ResultHelpers
|
||||
import cats.effect._
|
||||
import vinyldns.core.TestMembershipData._
|
||||
import vinyldns.core.TestZoneData._
|
||||
import vinyldns.core.TestRecordSetData._
|
||||
import vinyldns.core.domain.auth.AuthPrincipal
|
||||
import vinyldns.core.domain.membership.{ListUsersResults, UserRepository}
|
||||
import vinyldns.core.domain.record._
|
||||
import vinyldns.core.domain.zone.{AccessLevel, ZoneRepository}
|
||||
@ -36,11 +40,9 @@ class RecordSetServiceSpec
|
||||
extends WordSpec
|
||||
with Matchers
|
||||
with MockitoSugar
|
||||
with VinylDNSTestData
|
||||
with Eventually
|
||||
with ResultHelpers
|
||||
with BeforeAndAfterEach
|
||||
with GroupTestData {
|
||||
with BeforeAndAfterEach {
|
||||
|
||||
private val mockZoneRepo = mock[ZoneRepository]
|
||||
private val mockRecordRepo = mock[RecordSetRepository]
|
||||
@ -48,7 +50,7 @@ class RecordSetServiceSpec
|
||||
private val mockUserRepo = mock[UserRepository]
|
||||
private val mockMessageQueue = mock[MessageQueue]
|
||||
|
||||
doReturn(IO.pure(Some(zoneAuthorized))).when(mockZoneRepo).getZone(zoneAuthorized.id)
|
||||
doReturn(IO.pure(Some(okZone))).when(mockZoneRepo).getZone(okZone.id)
|
||||
doReturn(IO.pure(Some(zoneNotAuthorized)))
|
||||
.when(mockZoneRepo)
|
||||
.getZone(zoneNotAuthorized.id)
|
||||
@ -64,19 +66,20 @@ class RecordSetServiceSpec
|
||||
|
||||
"addRecordSet" should {
|
||||
"return the recordSet change as the result" in {
|
||||
val record = aaaa.copy(zoneId = zoneAuthorized.id)
|
||||
val record = aaaa.copy(zoneId = okZone.id)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.addRecordSet(record, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
val result: RecordSetChange =
|
||||
rightResultOf(
|
||||
underTest.addRecordSet(record, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
matches(result.recordSet, record, zoneAuthorized.name) shouldBe true
|
||||
matches(result.recordSet, record, okZone.name) shouldBe true
|
||||
result.changeType shouldBe RecordSetChangeType.Create
|
||||
result.status shouldBe RecordSetChangeStatus.Pending
|
||||
}
|
||||
@ -89,112 +92,110 @@ class RecordSetServiceSpec
|
||||
}
|
||||
"fail if the record is dotted" in {
|
||||
val record =
|
||||
aaaa.copy(name = "new.name", zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
aaaa.copy(name = "new.name", zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result = leftResultOf(underTest.addRecordSet(record, okAuth).value)
|
||||
result shouldBe a[InvalidRequest]
|
||||
}
|
||||
"fail if the record is relative with trailing dot" in {
|
||||
val record =
|
||||
aaaa.copy(name = "new.", zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
aaaa.copy(name = "new.", zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result = leftResultOf(underTest.addRecordSet(record, okAuth).value)
|
||||
result shouldBe a[InvalidRequest]
|
||||
}
|
||||
"fail if the record is a high value domain" in {
|
||||
val record = aaaa.copy(
|
||||
name = "high-value-domain",
|
||||
zoneId = zoneAuthorized.id,
|
||||
status = RecordSetStatus.Active)
|
||||
val record =
|
||||
aaaa.copy(name = "high-value-domain", zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
val result = leftResultOf(underTest.addRecordSet(record, okAuth).value)
|
||||
result shouldBe InvalidRequest(
|
||||
HighValueDomainError(s"high-value-domain.${zoneAuthorized.name}").message)
|
||||
HighValueDomainError(s"high-value-domain.${okZone.name}").message)
|
||||
}
|
||||
"succeed if record is apex with dot" in {
|
||||
val name = zoneAuthorized.name
|
||||
val name = okZone.name
|
||||
val record =
|
||||
aaaa.copy(name = name, zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
aaaa.copy(name = name, zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.addRecordSet(record, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
"succeed if record is apex as '@'" in {
|
||||
val name = "@"
|
||||
val record =
|
||||
aaaa.copy(name = name, zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
aaaa.copy(name = name, zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.addRecordSet(record, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
"succeed if record is apex without dot" in {
|
||||
val name = zoneAuthorized.name.substring(0, zoneAuthorized.name.length - 1)
|
||||
val name = okZone.name.substring(0, okZone.name.length - 1)
|
||||
val record =
|
||||
aaaa.copy(name = name, zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
aaaa.copy(name = name, zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSets(zoneAuthorized.id, record.name, record.typ)
|
||||
.getRecordSets(okZone.id, record.name, record.typ)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, record.name)
|
||||
.getRecordSetsByName(okZone.id, record.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.addRecordSet(record, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
}
|
||||
|
||||
"updateRecordSet" should {
|
||||
"return the recordSet change as the result" in {
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = "newName")
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.updateRecordSet(newRecord, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
matches(result.recordSet, newRecord, zoneAuthorized.name) shouldBe true
|
||||
matches(result.updates.get, oldRecord, zoneAuthorized.name) shouldBe true
|
||||
matches(result.recordSet, newRecord, okZone.name) shouldBe true
|
||||
matches(result.updates.get, oldRecord, okZone.name) shouldBe true
|
||||
result.changeType shouldBe RecordSetChangeType.Update
|
||||
result.status shouldBe RecordSetChangeStatus.Pending
|
||||
}
|
||||
@ -207,95 +208,93 @@ class RecordSetServiceSpec
|
||||
result shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
"fail if the record is dotted" in {
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = "new.name")
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result = leftResultOf(underTest.updateRecordSet(newRecord, okAuth).value)
|
||||
result shouldBe a[InvalidRequest]
|
||||
}
|
||||
"fail if the record is relative with trailing dot" in {
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = "new.")
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result = leftResultOf(underTest.updateRecordSet(newRecord, okAuth).value)
|
||||
result shouldBe a[InvalidRequest]
|
||||
}
|
||||
"succeed if record is apex with dot" in {
|
||||
val name = zoneAuthorized.name
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val name = okZone.name
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = name)
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.updateRecordSet(newRecord, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
"succeed if record is apex as '@'" in {
|
||||
val name = "@"
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = name)
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.updateRecordSet(newRecord, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
"succeed if record is apex without dot" in {
|
||||
val name = zoneAuthorized.name.substring(0, zoneAuthorized.name.length - 1)
|
||||
val oldRecord = aaaa.copy(zoneId = zoneAuthorized.id, status = RecordSetStatus.Active)
|
||||
val name = okZone.name.substring(0, okZone.name.length - 1)
|
||||
val oldRecord = aaaa.copy(zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
val newRecord = oldRecord.copy(name = name)
|
||||
|
||||
doReturn(IO.pure(Some(oldRecord)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, newRecord.id)
|
||||
.getRecordSet(okZone.id, newRecord.id)
|
||||
doReturn(IO.pure(List()))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSetsByName(zoneAuthorized.id, newRecord.name)
|
||||
.getRecordSetsByName(okZone.id, newRecord.name)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest.updateRecordSet(newRecord, okAuth).map(_.asInstanceOf[RecordSetChange]).value)
|
||||
|
||||
result.recordSet.name shouldBe zoneAuthorized.name
|
||||
result.recordSet.name shouldBe okZone.name
|
||||
}
|
||||
"fail if the record is a high value domain" in {
|
||||
val oldRecord = aaaa.copy(
|
||||
name = "high-value-domain",
|
||||
zoneId = zoneAuthorized.id,
|
||||
status = RecordSetStatus.Active)
|
||||
val oldRecord =
|
||||
aaaa.copy(name = "high-value-domain", zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
val newRecord = oldRecord.copy(ttl = oldRecord.ttl + 1000)
|
||||
|
||||
val result = leftResultOf(underTest.updateRecordSet(newRecord, okAuth).value)
|
||||
result shouldBe InvalidRequest(
|
||||
HighValueDomainError(s"high-value-domain.${zoneAuthorized.name}").message)
|
||||
HighValueDomainError(s"high-value-domain.${okZone.name}").message)
|
||||
}
|
||||
}
|
||||
|
||||
@ -304,15 +303,15 @@ class RecordSetServiceSpec
|
||||
val record = aaaa.copy(status = RecordSetStatus.Active)
|
||||
doReturn(IO.pure(Some(record)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, record.id)
|
||||
.getRecordSet(okZone.id, record.id)
|
||||
|
||||
val result: RecordSetChange = rightResultOf(
|
||||
underTest
|
||||
.deleteRecordSet(record.id, zoneAuthorized.id, okAuth)
|
||||
.deleteRecordSet(record.id, okZone.id, okAuth)
|
||||
.map(_.asInstanceOf[RecordSetChange])
|
||||
.value)
|
||||
|
||||
matches(result.recordSet, record, zoneAuthorized.name) shouldBe true
|
||||
matches(result.recordSet, record, okZone.name) shouldBe true
|
||||
result.changeType shouldBe RecordSetChangeType.Delete
|
||||
result.status shouldBe RecordSetChangeStatus.Pending
|
||||
}
|
||||
@ -325,19 +324,17 @@ class RecordSetServiceSpec
|
||||
result shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
"fail if the record is a high value domain" in {
|
||||
val record = aaaa.copy(
|
||||
name = "high-value-domain",
|
||||
zoneId = zoneAuthorized.id,
|
||||
status = RecordSetStatus.Active)
|
||||
val record =
|
||||
aaaa.copy(name = "high-value-domain", zoneId = okZone.id, status = RecordSetStatus.Active)
|
||||
|
||||
doReturn(IO.pure(Some(record)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, record.id)
|
||||
.getRecordSet(okZone.id, record.id)
|
||||
|
||||
val result =
|
||||
leftResultOf(underTest.deleteRecordSet(record.id, zoneAuthorized.id, okAuth).value)
|
||||
leftResultOf(underTest.deleteRecordSet(record.id, okZone.id, okAuth).value)
|
||||
result shouldBe InvalidRequest(
|
||||
HighValueDomainError(s"high-value-domain.${zoneAuthorized.name}").message)
|
||||
HighValueDomainError(s"high-value-domain.${okZone.name}").message)
|
||||
}
|
||||
}
|
||||
|
||||
@ -345,9 +342,9 @@ class RecordSetServiceSpec
|
||||
"return the recordSet" in {
|
||||
doReturn(IO.pure(Some(aaaa)))
|
||||
.when(mockRecordRepo)
|
||||
.getRecordSet(zoneAuthorized.id, aaaa.id)
|
||||
.getRecordSet(okZone.id, aaaa.id)
|
||||
val result: RecordSet =
|
||||
rightResultOf(underTest.getRecordSet(aaaa.id, zoneAuthorized.id, okAuth).value)
|
||||
rightResultOf(underTest.getRecordSet(aaaa.id, okZone.id, okAuth).value)
|
||||
result shouldBe aaaa
|
||||
}
|
||||
"fail when the account is not authorized" in {
|
||||
@ -364,7 +361,7 @@ class RecordSetServiceSpec
|
||||
doReturn(IO.pure(ListRecordSetResults(List(aaaa))))
|
||||
.when(mockRecordRepo)
|
||||
.listRecordSets(
|
||||
zoneId = zoneAuthorized.id,
|
||||
zoneId = okZone.id,
|
||||
startFrom = None,
|
||||
maxItems = None,
|
||||
recordNameFilter = None)
|
||||
@ -372,7 +369,7 @@ class RecordSetServiceSpec
|
||||
val result: ListRecordSetsResponse = rightResultOf(
|
||||
underTest
|
||||
.listRecordSets(
|
||||
zoneAuthorized.id,
|
||||
okZone.id,
|
||||
startFrom = None,
|
||||
maxItems = None,
|
||||
recordNameFilter = None,
|
||||
@ -384,7 +381,7 @@ class RecordSetServiceSpec
|
||||
doReturn(IO.pure(ListRecordSetResults(List(aaaa))))
|
||||
.when(mockRecordRepo)
|
||||
.listRecordSets(
|
||||
zoneId = zoneAuthorized.id,
|
||||
zoneId = okZone.id,
|
||||
startFrom = None,
|
||||
maxItems = None,
|
||||
recordNameFilter = None)
|
||||
@ -392,13 +389,11 @@ class RecordSetServiceSpec
|
||||
val result: ListRecordSetsResponse = rightResultOf(
|
||||
underTest
|
||||
.listRecordSets(
|
||||
zoneAuthorized.id,
|
||||
okZone.id,
|
||||
startFrom = None,
|
||||
maxItems = None,
|
||||
recordNameFilter = None,
|
||||
authPrincipal = okAuth.copy(
|
||||
signedInUser = okGroupAuth.signedInUser.copy(isSupport = true),
|
||||
memberGroupIds = Seq.empty)
|
||||
authPrincipal = AuthPrincipal(okAuth.signedInUser.copy(isSupport = true), Seq.empty)
|
||||
)
|
||||
.value)
|
||||
result.recordSets shouldBe List(RecordSetInfo(aaaa, AccessLevel.Read))
|
||||
@ -419,20 +414,22 @@ class RecordSetServiceSpec
|
||||
|
||||
"listRecordSetChanges" should {
|
||||
"retrieve the recordset changes" in {
|
||||
val completeRecordSetChanges: List[RecordSetChange] =
|
||||
List(pendingCreateAAAA, pendingCreateCNAME, completeCreateAAAA, completeCreateCNAME)
|
||||
|
||||
doReturn(IO.pure(ListRecordSetChangesResults(completeRecordSetChanges)))
|
||||
.when(mockRecordChangeRepo)
|
||||
.listRecordSetChanges(zoneId = zoneAuthorized.id, startFrom = None, maxItems = 100)
|
||||
.listRecordSetChanges(zoneId = okZone.id, startFrom = None, maxItems = 100)
|
||||
doReturn(IO.pure(ListUsersResults(Seq(okUser), None)))
|
||||
.when(mockUserRepo)
|
||||
.getUsers(any[Set[String]], any[Option[String]], any[Option[Int]])
|
||||
|
||||
val result: ListRecordSetChangesResponse =
|
||||
rightResultOf(
|
||||
underTest.listRecordSetChanges(zoneAuthorized.id, authPrincipal = okAuth).value)
|
||||
rightResultOf(underTest.listRecordSetChanges(okZone.id, authPrincipal = okAuth).value)
|
||||
val changesWithName =
|
||||
completeRecordSetChanges.map(change => RecordSetChangeInfo(change, Some("ok")))
|
||||
val expectedResults = ListRecordSetChangesResponse(
|
||||
zoneId = zoneAuthorized.id,
|
||||
zoneId = okZone.id,
|
||||
recordSetChanges = changesWithName,
|
||||
nextId = None,
|
||||
startFrom = None,
|
||||
@ -443,13 +440,12 @@ class RecordSetServiceSpec
|
||||
"return a zone with no changes if no changes exist" in {
|
||||
doReturn(IO.pure(ListRecordSetChangesResults(items = Nil)))
|
||||
.when(mockRecordChangeRepo)
|
||||
.listRecordSetChanges(zoneId = zoneAuthorized.id, startFrom = None, maxItems = 100)
|
||||
.listRecordSetChanges(zoneId = okZone.id, startFrom = None, maxItems = 100)
|
||||
|
||||
val result: ListRecordSetChangesResponse =
|
||||
rightResultOf(
|
||||
underTest.listRecordSetChanges(zoneAuthorized.id, authPrincipal = okAuth).value)
|
||||
rightResultOf(underTest.listRecordSetChanges(okZone.id, authPrincipal = okAuth).value)
|
||||
val expectedResults = ListRecordSetChangesResponse(
|
||||
zoneId = zoneAuthorized.id,
|
||||
zoneId = okZone.id,
|
||||
recordSetChanges = List(),
|
||||
nextId = None,
|
||||
startFrom = None,
|
||||
@ -469,15 +465,14 @@ class RecordSetServiceSpec
|
||||
|
||||
doReturn(IO.pure(ListRecordSetChangesResults(List(rsChange2, rsChange1))))
|
||||
.when(mockRecordChangeRepo)
|
||||
.listRecordSetChanges(zoneId = zoneAuthorized.id, startFrom = None, maxItems = 100)
|
||||
.listRecordSetChanges(zoneId = okZone.id, startFrom = None, maxItems = 100)
|
||||
|
||||
val result: ListRecordSetChangesResponse =
|
||||
rightResultOf(
|
||||
underTest.listRecordSetChanges(zoneAuthorized.id, authPrincipal = okAuth).value)
|
||||
rightResultOf(underTest.listRecordSetChanges(okZone.id, authPrincipal = okAuth).value)
|
||||
val changesWithName =
|
||||
List(RecordSetChangeInfo(rsChange2, Some("ok")), RecordSetChangeInfo(rsChange1, Some("ok")))
|
||||
val expectedResults = ListRecordSetChangesResponse(
|
||||
zoneId = zoneAuthorized.id,
|
||||
zoneId = okZone.id,
|
||||
recordSetChanges = changesWithName,
|
||||
nextId = None,
|
||||
startFrom = None,
|
||||
@ -490,24 +485,25 @@ class RecordSetServiceSpec
|
||||
"return the record set change if it is found" in {
|
||||
doReturn(IO.pure(Some(pendingCreateAAAA)))
|
||||
.when(mockRecordChangeRepo)
|
||||
.getRecordSetChange(pendingCreateAAAA.zoneId, pendingCreateAAAA.id)
|
||||
val actual: RecordSetChange = rightResultOf(
|
||||
underTest.getRecordSetChange(zoneAuthorized.id, pendingCreateAAAA.id, okAuth).value)
|
||||
.getRecordSetChange(okZone.id, pendingCreateAAAA.id)
|
||||
|
||||
val actual: RecordSetChange =
|
||||
rightResultOf(underTest.getRecordSetChange(okZone.id, pendingCreateAAAA.id, okAuth).value)
|
||||
actual shouldBe pendingCreateAAAA
|
||||
}
|
||||
|
||||
"return a RecordSetChangeNotFoundError if it is not found" in {
|
||||
doReturn(IO.pure(None))
|
||||
.when(mockRecordChangeRepo)
|
||||
.getRecordSetChange(pendingCreateAAAA.zoneId, pendingCreateAAAA.id)
|
||||
val error = leftResultOf(
|
||||
underTest.getRecordSetChange(zoneAuthorized.id, pendingCreateAAAA.id, okAuth).value)
|
||||
.getRecordSetChange(okZone.id, pendingCreateAAAA.id)
|
||||
val error =
|
||||
leftResultOf(underTest.getRecordSetChange(okZone.id, pendingCreateAAAA.id, okAuth).value)
|
||||
error shouldBe a[RecordSetChangeNotFoundError]
|
||||
}
|
||||
|
||||
"return a NotAuthorizedError if the user is not authorized to access the zone" in {
|
||||
val error = leftResultOf(
|
||||
underTest.getRecordSetChange(zoneNotAuthorized.id, pendingCreateAAAA.id, notAuth).value)
|
||||
underTest.getRecordSetChange(zoneNotAuthorized.id, pendingCreateAAAA.id, dummyAuth).value)
|
||||
|
||||
error shouldBe a[NotAuthorizedError]
|
||||
}
|
||||
|
||||
@ -52,13 +52,15 @@ case class RecordSet(
|
||||
|| status == RecordSetStatus.PendingDelete)
|
||||
|
||||
override def toString: String = {
|
||||
|
||||
val sb = new StringBuilder
|
||||
sb.append("RecordSet: [")
|
||||
sb.append("id=\"").append(id).append("\"; ")
|
||||
sb.append("zoneId=\"").append(zoneId).append("\"; ")
|
||||
sb.append("name=\"").append(name).append("\"; ")
|
||||
sb.append("type=\"").append(typ.toString).append("\"; ")
|
||||
sb.append("ttl=\"").append(ttl.toString).append("\"; ")
|
||||
sb.append("created=\"").append(created.toString).append("\"; ")
|
||||
sb.append("updated=\"").append(updated.toString).append("\"; ")
|
||||
sb.append("account=\"").append(account).append("\"; ")
|
||||
sb.append("status=\"").append(status.toString).append("\"; ")
|
||||
sb.append("records=\"").append(records.toString).append("\"; ")
|
||||
|
||||
@ -35,6 +35,7 @@ object TestMembershipData {
|
||||
)
|
||||
|
||||
val dummyUser = User("dummyName", "dummyAccess", "dummySecret")
|
||||
val superUser = User("super", "superAccess", "superSecret", isSuper = true)
|
||||
|
||||
val listOfDummyUsers: List[User] = List.range(0, 200).map { runner =>
|
||||
User(
|
||||
@ -55,6 +56,15 @@ object TestMembershipData {
|
||||
adminUserIds = Set(okUser.id),
|
||||
created = DateTime.now.secondOfDay().roundFloorCopy())
|
||||
|
||||
val twoUserGroup: Group = Group(
|
||||
"twoUsers",
|
||||
"test@test.com",
|
||||
Some("has two users"),
|
||||
memberIds = Set(okUser.id),
|
||||
adminUserIds = Set(okUser.id, dummyUser.id),
|
||||
created = DateTime.now.secondOfDay().roundFloorCopy()
|
||||
)
|
||||
|
||||
val abcGroup: Group = Group("abc", "abc", id = "abc", memberIds = Set("abc"))
|
||||
|
||||
val emptyGroup = Group("grpName", "grpEmail")
|
||||
@ -86,6 +96,8 @@ object TestMembershipData {
|
||||
|
||||
val dummyAuth: AuthPrincipal = AuthPrincipal(dummyUser, Seq(oneUserDummyGroup.id))
|
||||
|
||||
val notAuth: AuthPrincipal = AuthPrincipal(User("not", "auth", "secret"), Seq.empty)
|
||||
|
||||
/* GROUP CHANGES */
|
||||
val okGroupChange: GroupChange = GroupChange(
|
||||
okGroup,
|
||||
|
||||
@ -37,6 +37,16 @@ object TestRecordSetData {
|
||||
None,
|
||||
List(AData("10.1.1.1")))
|
||||
|
||||
val abcRecord: RecordSet = RecordSet(
|
||||
abcZone.id,
|
||||
"aaaa",
|
||||
RecordType.AAAA,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
|
||||
val aaaa: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"aaaa",
|
||||
@ -47,6 +57,16 @@ object TestRecordSetData {
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
|
||||
val aaaaOrigin: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"@",
|
||||
RecordType.AAAA,
|
||||
200,
|
||||
RecordSetStatus.Pending,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(AAAAData("1:2:3:4:5:6:7:8")))
|
||||
|
||||
val cname: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"cname",
|
||||
@ -58,7 +78,7 @@ object TestRecordSetData {
|
||||
List(CNAMEData("cname")))
|
||||
|
||||
val ptrIp4: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
zoneIp4.id,
|
||||
"30",
|
||||
RecordType.PTR,
|
||||
200,
|
||||
@ -67,6 +87,16 @@ object TestRecordSetData {
|
||||
None,
|
||||
List(PTRData("ptr")))
|
||||
|
||||
val ptrIp6: RecordSet = RecordSet(
|
||||
zoneIp6.id,
|
||||
"4.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",
|
||||
RecordType.PTR,
|
||||
200,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
List(PTRData("ptr")))
|
||||
|
||||
val srv: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
"srv",
|
||||
@ -87,6 +117,16 @@ object TestRecordSetData {
|
||||
None,
|
||||
List(MXData(3, "mx")))
|
||||
|
||||
val ns: RecordSet = RecordSet(
|
||||
okZone.id,
|
||||
okZone.name,
|
||||
RecordType.NS,
|
||||
300,
|
||||
RecordSetStatus.Active,
|
||||
DateTime.now,
|
||||
None,
|
||||
records = List(NSData("ns1.test.com"), NSData("ns2.test.com")))
|
||||
|
||||
/* RECORDSET CHANGES */
|
||||
|
||||
def makeTestAddChange(
|
||||
@ -139,8 +179,12 @@ object TestRecordSetData {
|
||||
)
|
||||
|
||||
val pendingCreateAAAA: RecordSetChange = makeTestAddChange(aaaa, zoneActive)
|
||||
val completeCreateAAAA: RecordSetChange =
|
||||
pendingCreateAAAA.copy(status = RecordSetChangeStatus.Complete)
|
||||
|
||||
val pendingCreateCNAME: RecordSetChange = makeTestAddChange(cname, zoneActive)
|
||||
val completeCreateCNAME: RecordSetChange =
|
||||
pendingCreateCNAME.copy(status = RecordSetChangeStatus.Complete)
|
||||
|
||||
val pendingUpdateAAAA: RecordSetChange =
|
||||
makeTestUpdateChange(aaaa, aaaa.copy(ttl = aaaa.ttl + 100), zoneActive)
|
||||
|
||||
@ -23,6 +23,10 @@ object TestZoneData {
|
||||
|
||||
/* ZONES */
|
||||
val okZone: Zone = Zone("ok.zone.recordsets.", "test@test.com", adminGroupId = okGroup.id)
|
||||
val abcZone: Zone = Zone("abc.zone.recordsets.", "test@test.com", adminGroupId = abcGroup.id)
|
||||
val zoneIp4: Zone = Zone("0.162.198.in-addr.arpa.", "test@test.com", adminGroupId = abcGroup.id)
|
||||
val zoneIp6: Zone =
|
||||
Zone("1.9.e.f.c.c.7.2.9.6.d.f.ip6.arpa.", "test@test.com", adminGroupId = abcGroup.id)
|
||||
|
||||
val validConnection =
|
||||
ZoneConnection("connectionName", "connectionKeyName", "connectionKey", "127.0.0.1")
|
||||
@ -36,6 +40,8 @@ object TestZoneData {
|
||||
status = ZoneStatus.Active,
|
||||
connection = Some(validConnection))
|
||||
|
||||
val zoneNotAuthorized: Zone = Zone("not.auth.zone.", "test@test.com", adminGroupId = "no-id")
|
||||
|
||||
val userAclRule: ACLRule = ACLRule(AccessLevel.Read, userId = Some("someUser"))
|
||||
|
||||
val groupAclRule: ACLRule = ACLRule(AccessLevel.Read, groupId = Some("someGroup"))
|
||||
|
||||
@ -26,13 +26,17 @@ class RecordSetSpec extends WordSpec with Matchers {
|
||||
"output a record set properly" in {
|
||||
val result = aaaa.toString
|
||||
|
||||
result should include("id=\"" + aaaa.id + "\"")
|
||||
result should include("zoneId=\"" + aaaa.zoneId + "\"")
|
||||
result should include("name=\"" + aaaa.name + "\"")
|
||||
result should include("type=\"" + aaaa.typ + "\"")
|
||||
result should include("ttl=\"" + aaaa.ttl + "\"")
|
||||
result should include("account=\"" + aaaa.account + "\"")
|
||||
result should include("status=\"" + aaaa.status + "\"")
|
||||
result should include("created=\"" + aaaa.created + "\"")
|
||||
result should include("updated=\"" + aaaa.updated + "\"")
|
||||
result should include("records=\"" + aaaa.records + "\"")
|
||||
result should include("id=\"" + aaaa.id + "\"")
|
||||
result should include("account=\"" + aaaa.account + "\"")
|
||||
result should include("ownerGroupId=\"" + aaaa.ownerGroupId + "\"")
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user