n8n/packages/cli/test/integration/commands/credentials.cmd.test.ts
Csaba Tuncsik 596c472ecc
feat: RBAC (#8922)
Signed-off-by: Oleg Ivaniv <me@olegivaniv.com>
Co-authored-by: Val <68596159+valya@users.noreply.github.com>
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
Co-authored-by: Valya Bullions <valya@n8n.io>
Co-authored-by: Danny Martini <danny@n8n.io>
Co-authored-by: Danny Martini <despair.blue@gmail.com>
Co-authored-by: Iván Ovejero <ivov.src@gmail.com>
Co-authored-by: Omar Ajoue <krynble@gmail.com>
Co-authored-by: oleg <me@olegivaniv.com>
Co-authored-by: Michael Kret <michael.k@radency.com>
Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com>
Co-authored-by: Elias Meire <elias@meire.dev>
Co-authored-by: Giulio Andreini <andreini@netseven.it>
Co-authored-by: Giulio Andreini <g.andreini@gmail.com>
Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2024-05-17 10:53:15 +02:00

328 lines
8 KiB
TypeScript

import { Config } from '@oclif/core';
import { InternalHooks } from '@/InternalHooks';
import { ImportCredentialsCommand } from '@/commands/import/credentials';
import { LoadNodesAndCredentials } from '@/LoadNodesAndCredentials';
import { mockInstance } from '../../shared/mocking';
import * as testDb from '../shared/testDb';
import { getAllCredentials, getAllSharedCredentials } from '../shared/db/credentials';
import { createMember, createOwner } from '../shared/db/users';
import { getPersonalProject } from '../shared/db/projects';
import { nanoid } from 'nanoid';
const oclifConfig = new Config({ root: __dirname });
async function importCredential(argv: string[]) {
const importer = new ImportCredentialsCommand(argv, oclifConfig);
await importer.init();
await importer.run();
}
beforeAll(async () => {
mockInstance(InternalHooks);
mockInstance(LoadNodesAndCredentials);
await testDb.init();
});
beforeEach(async () => {
await testDb.truncate(['Credentials', 'SharedCredentials', 'User']);
});
afterAll(async () => {
await testDb.terminate();
});
test('import:credentials should import a credential', async () => {
//
// ARRANGE
//
const owner = await createOwner();
const ownerProject = await getPersonalProject(owner);
//
// ACT
//
await importCredential([
'--input=./test/integration/commands/importCredentials/credentials.json',
]);
//
// ASSERT
//
const after = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(after).toMatchObject({
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
});
test('import:credentials should import a credential from separated files', async () => {
//
// ARRANGE
//
const owner = await createOwner();
const ownerProject = await getPersonalProject(owner);
//
// ACT
//
// import credential the first time, assigning it to the owner
await importCredential([
'--separate',
'--input=./test/integration/commands/importCredentials/separate',
]);
//
// ASSERT
//
const after = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(after).toMatchObject({
credentials: [
expect.objectContaining({
id: '123',
name: 'cred-aws-test',
}),
],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
});
test('`import:credentials --userId ...` should fail if the credential exists already and is owned by somebody else', async () => {
//
// ARRANGE
//
const owner = await createOwner();
const ownerProject = await getPersonalProject(owner);
const member = await createMember();
// import credential the first time, assigning it to the owner
await importCredential([
'--input=./test/integration/commands/importCredentials/credentials.json',
`--userId=${owner.id}`,
]);
// making sure the import worked
const before = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(before).toMatchObject({
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
//
// ACT
//
// Import again while updating the name we try to assign the
// credential to another user.
await expect(
importCredential([
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
`--userId=${member.id}`,
]),
).rejects.toThrowError(
`The credential with ID "123" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the user with the ID "${member.id}"`,
);
//
// ASSERT
//
const after = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(after).toMatchObject({
credentials: [
expect.objectContaining({
id: '123',
// only the name was updated
name: 'cred-aws-test',
}),
],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
});
test("only update credential, don't create or update owner if neither `--userId` nor `--projectId` is passed", async () => {
//
// ARRANGE
//
await createOwner();
const member = await createMember();
const memberProject = await getPersonalProject(member);
// import credential the first time, assigning it to a member
await importCredential([
'--input=./test/integration/commands/importCredentials/credentials.json',
`--userId=${member.id}`,
]);
// making sure the import worked
const before = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(before).toMatchObject({
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: memberProject.id,
role: 'credential:owner',
}),
],
});
//
// ACT
//
// Import again only updating the name and omitting `--userId`
await importCredential([
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
]);
//
// ASSERT
//
const after = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(after).toMatchObject({
credentials: [
expect.objectContaining({
id: '123',
// only the name was updated
name: 'cred-aws-prod',
}),
],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: memberProject.id,
role: 'credential:owner',
}),
],
});
});
test('`import:credential --projectId ...` should fail if the credential already exists and is owned by another project', async () => {
//
// ARRANGE
//
const owner = await createOwner();
const ownerProject = await getPersonalProject(owner);
const member = await createMember();
const memberProject = await getPersonalProject(member);
// import credential the first time, assigning it to the owner
await importCredential([
'--input=./test/integration/commands/importCredentials/credentials.json',
`--userId=${owner.id}`,
]);
// making sure the import worked
const before = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(before).toMatchObject({
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
//
// ACT
//
// Import again while updating the name we try to assign the
// credential to another user.
await expect(
importCredential([
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
`--projectId=${memberProject.id}`,
]),
).rejects.toThrowError(
`The credential with ID "123" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the project with the ID "${memberProject.id}".`,
);
//
// ASSERT
//
const after = {
credentials: await getAllCredentials(),
sharings: await getAllSharedCredentials(),
};
expect(after).toMatchObject({
credentials: [
expect.objectContaining({
id: '123',
// only the name was updated
name: 'cred-aws-test',
}),
],
sharings: [
expect.objectContaining({
credentialsId: '123',
projectId: ownerProject.id,
role: 'credential:owner',
}),
],
});
});
test('`import:credential --projectId ... --userId ...` fails explaining that only one of the options can be used at a time', async () => {
await expect(
importCredential([
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
`--projectId=${nanoid()}`,
`--userId=${nanoid()}`,
]),
).rejects.toThrowError(
'You cannot use `--userId` and `--projectId` together. Use one or the other.',
);
});