Skip to content

Commit

Permalink
Merge pull request #1588 from chirino/vpc-fixes
Browse files Browse the repository at this point in the history 
apiserver: add tests and fix bugs related to the new vpc resource
  • Loading branch information
@mergify
mergify[bot] authored Nov 6, 2023
2 parents dae3961 + 7c18769 commit 189ee51
Show file tree
Hide file tree
Showing 12 changed files with 651 additions and 66 deletions.
9 changes: 6 additions & 3 deletions integration-tests/features/organization-api.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Feature: Organization API
When I GET path "/api/organizations"
Then the response code should be 200
Given I store the ${response[0].id} as ${oliver_organization_id}
Given I store the ${response[0].security_group_id} as ${security_group_id}

Given I am logged in as "Oscar"
When I GET path "/api/users/me"
Expand All @@ -28,10 +29,12 @@ Feature: Organization API
When I GET path "/api/organizations"
Then the response code should be 200
Given I store the ${response[0].id} as ${oscar_organization_id}

When I GET path "/api/organizations"
Then the response code should be 200
# validate the default org id is the same as the user id
Then "${oscar_organization_id}" should match "${oscar_user_id}"
Given I store the ${response[0].security_group_id} as ${oscar_security_group_id}
# validate the default sg id is the same as the user id
Then "${oscar_security_group_id}" should match "${oscar_user_id}"

#
# Oscar should only be able to see the orgs that he is a part of.
When I GET path "/api/organizations"
Expand Down
167 changes: 125 additions & 42 deletions integration-tests/features/vpc-api.feature
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
Feature: Organization API
Background:
Given a user named "Oliver" with password "testpass"
Given a user named "Oscar" with password "testpass"
Given a user named "EvilBob" with password "testpass"

Expand All @@ -9,68 +8,152 @@ Feature: Organization API
#
# Get the user and default org ids for two users...
#
Given I am logged in as "Oliver"
When I GET path "/api/users/me"
Then the response code should be 200
Given I store the ".id" selection from the response as ${oliver_user_id}

When I GET path "/api/organizations"
Then the response code should be 200
Given I store the ${response[0].id} as ${oliver_organization_id}

When I GET path "/api/vpcs"
Then the response code should be 200
Given I store the ${response[0].id} as ${oliver_vpc_id}

Given I am logged in as "Oscar"
When I GET path "/api/users/me"
Then the response code should be 200
Given I store the ".id" selection from the response as ${oscar_user_id}
Given I store the ".username" selection from the response as ${oscar_username}

When I GET path "/api/organizations"
Then the response code should be 200
Given I store the ${response[0].id} as ${oscar_organization_id}

When I GET path "/api/vpcs"
Then the response code should be 200
Given I store the ${response[0].id} as ${oscar_vpc_id}

When I GET path "/api/organizations"
#
# Oscar's default vpc should have the same id as the user id.
When I GET path "/api/vpcs/${oscar_user_id}"
Then the response code should be 200
Given I store the ${response[0].security_group_id} as ${oscar_security_group_id}
And the response should match json:
"""
{
"ipv4_cidr": "100.64.0.0/10",
"ipv6_cidr": "200::/64",
"description": "default vpc",
"id": "${oscar_user_id}",
"organization_id": "${oscar_user_id}",
"private_cidr": false
}
"""
Given I store the ${response} as ${default_vpc}

#
# Oscar should only be able to see the orgs that he is a part of.
When I GET path "/api/organizations"
# The default vpc should be the only listed vpc
When I GET path "/api/vpcs"
Then the response code should be 200
And the response should match json:
"""
[
{
"description": "${oscar_username}'s organization",
"id": "${oscar_organization_id}",
"name": "${oscar_username}",
"owner_id": "${oscar_user_id}",
"security_group_id": "${oscar_security_group_id}"
}
${default_vpc}
]
"""

#
# Oscar should only be able to see the vpcs that he is a part of.
# Oscar should not be able to delete his default VPC
When I DELETE path "/api/vpcs/${oscar_user_id}"
Then the response code should be 400
And the response should match json:
"""
{
"error": "operation not allowed",
"reason": "default vpc cannot be deleted"
}
"""

# But we can create additional VPCs
When I POST path "/api/vpcs" with json body:
"""
{
"organization_id": "${oscar_user_id}",
"description": "extra vpc"
}
"""
Then the response code should be 201
Given I store the ".id" selection from the response as ${extra_vpc_id}
And the response should match json:
"""
{
"ipv4_cidr": "100.64.0.0/10",
"ipv6_cidr": "200::/64",
"description": "extra vpc",
"id": "${extra_vpc_id}",
"organization_id": "${oscar_user_id}",
"private_cidr": false
}
"""
Given I store the ${response} as ${extra_vpc}

# It should be added to the list of the vpc the user can see...
When I GET path "/api/vpcs"
Then the response code should be 200
And the response should match json:
"""
[
{
"ipv4_cidr": "100.64.0.0/10",
"ipv6_cidr": "200::/64",
"description": "default vpc",
"id": "${oscar_organization_id}",
"organization_id": "${oscar_organization_id}",
"private_cidr": false
}
${default_vpc},
${extra_vpc}
]
"""

# We can modify the description of the extra vpc
When I PATCH path "/api/vpcs/${extra_vpc_id}" with json body:
"""
{
"description": "extra vpc modified"
}
"""
Then the response code should be 200
And the response should match json:
"""
{
"ipv4_cidr": "100.64.0.0/10",
"ipv6_cidr": "200::/64",
"description": "extra vpc modified",
"id": "${extra_vpc_id}",
"organization_id": "${oscar_user_id}",
"private_cidr": false
}
"""
Then I store the ${response} as ${extra_vpc}

# let's verify another user cannot access any of Oscar's resources
Given I am logged in as "EvilBob"
When I GET path "/api/vpcs/${oscar_user_id}"
Then the response code should be 404
When I GET path "/api/vpcs/${extra_vpc_id}"
Then the response code should be 404
When I DELETE path "/api/vpcs/${oscar_user_id}"
Then the response code should be 404
When I DELETE path "/api/vpcs/${extra_vpc_id}"
Then the response code should be 404

# Switch back to Oscar
Given I am logged in as "Oscar"

# Verify VPCs cannot be deleted when they have a device attached
Given I generate a new public key as ${public_key}
When I POST path "/api/devices" with json body:
"""
{
"user_id": "${oscar_user_id}",
"vpc_id": "${extra_vpc_id}",
"public_key": "${public_key}",
"hostname": "device1"
}
"""
Then the response code should be 201
Given I store the ${response.id} as ${device_id}

When I DELETE path "/api/vpcs/${extra_vpc_id}"
Then the response code should be 400
And the response should match json:
"""
{
"error": "operation not allowed",
"reason": "vpc cannot be delete while devices are still attached"
}
"""

# Now lets delete the device and try again
When I DELETE path "/api/devices/${device_id}"
Then the response code should be 200

When I DELETE path "/api/vpcs/${extra_vpc_id}"
Then the response code should be 200
And the response should match json:
"""
${extra_vpc}
"""
1 change: 1 addition & 0 deletions internal/api/public/.openapi-generator/FILES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ model_models_security_rule.go
model_models_tunnel_ip.go
model_models_update_device.go
model_models_update_security_group.go
model_models_update_vpc.go
model_models_user.go
model_models_user_info_response.go
model_models_validation_error.go
Expand Down
Loading

0 comments on commit 189ee51

Please sign in to comment.