refine tests

mantil-io · Sep 29, 2021 · 4e49323 · 4e49323
1 parent 374eaa8
commit 4e49323
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 44 deletions.
diff --git a/api/data/data_test.go b/api/data/data_test.go
@@ -8,22 +8,12 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestDataApi(t *testing.T) {
+func TestDataResponse(t *testing.T) {
 	d := &Data{
 		stage: &config.Stage{
 			Name: "test-project",
 		},
 	}
-	tests := []func(*Data, *testing.T){
-		testDataResponse,
-	}
-
-	for _, test := range tests {
-		test(d, t)
-	}
-}
-
-func testDataResponse(d *Data, t *testing.T) {
 	resp, err := d.data()
 	require.NoError(t, err)
 	assert.NotNil(t, resp.Stage)

diff --git a/api/security/policy.go b/api/security/policy.go
@@ -30,5 +30,4 @@ const CredentialsTemplate = `{
             "Resource": "arn:aws:s3:::{{.Bucket}}/*"
         }
     ]
-}
-`
+}`
diff --git a/api/security/security_test.go b/api/security/security_test.go
@@ -1,6 +1,7 @@
 package security
 
 import (
+	"io/ioutil"
 	"testing"
 
 	"github.com/mantil-io/mantil/aws"
@@ -27,39 +28,65 @@ func (a *awsMock) RoleCredentials(name, role, policy string) (*aws.Credentials,
 	}, nil
 }
 
-func TestSecurityApi(t *testing.T) {
+func TestCliUserRole(t *testing.T) {
+	s := &Security{
+		awsClient: &awsMock{},
+	}
+	role, err := s.cliUserRole()
+	require.NoError(t, err)
+	assert.NotEmpty(t, role)
+
+}
+
+func TestProjectCredentialsWithoutStage(t *testing.T) {
 	s := &Security{
 		req: &SecurityRequest{
 			ProjectName: "test-project",
 			StageName:   "test-stage",
 		},
-		stage: &config.Stage{
-			Name:        "test-stage",
-			PublicSites: make([]*config.PublicSite, 0),
-		},
 		bucketName: "bucket",
 		awsClient:  &awsMock{},
 	}
-	tests := []func(*Security, *testing.T){
-		testCliUserRole,
-		testProjectCredentials,
-		testSecurityResponse,
-	}
+	pptd, err := s.projectPolicyTemplateData()
+	require.NoError(t, err)
+	assert.NotEmpty(t, pptd.Name)
+	assert.NotEmpty(t, pptd.Bucket)
+	assert.NotEmpty(t, pptd.Region)
+	assert.NotEmpty(t, pptd.AccountID)
+	assert.Nil(t, pptd.PublicSites)
+	assert.Empty(t, pptd.LogGroup)
 
-	for _, test := range tests {
-		test(s, t)
-	}
-}
+	policy, err := s.executeProjectPolicyTemplate(pptd)
+	require.NoError(t, err)
 
-func testCliUserRole(s *Security, t *testing.T) {
-	role, err := s.cliUserRole()
+	policyWithoutStage, err := ioutil.ReadFile("testdata/policy-no-stage")
 	require.NoError(t, err)
-	assert.NotEmpty(t, role)
+	compareStrings(t, string(policyWithoutStage), policy)
 
+	creds, err := s.credentialsForPolicy(policy)
+	require.NoError(t, err)
+	assert.NotEmpty(t, creds.AccessKeyID)
+	assert.NotEmpty(t, creds.SecretAccessKey)
+	assert.NotEmpty(t, creds.SessionToken)
+	assert.NotEmpty(t, creds.Region)
 }
 
-func testProjectCredentials(s *Security, t *testing.T) {
-	// create policy template data
+func TestProjectCredentialsWithStage(t *testing.T) {
+	s := &Security{
+		req: &SecurityRequest{
+			ProjectName: "test-project",
+			StageName:   "test-stage",
+		},
+		stage: &config.Stage{
+			Name: "test-stage",
+			PublicSites: []*config.PublicSite{
+				{Bucket: "publicSite1"},
+				{Bucket: "publicSite2"},
+			},
+		},
+		bucketName: "bucket",
+		awsClient:  &awsMock{},
+	}
 	pptd, err := s.projectPolicyTemplateData()
 	require.NoError(t, err)
 	assert.NotEmpty(t, pptd.Name)
@@ -69,27 +96,26 @@ func testProjectCredentials(s *Security, t *testing.T) {
 	assert.NotNil(t, pptd.PublicSites)
 	assert.NotEmpty(t, pptd.LogGroup)
 
-	// render policy from template
 	policy, err := s.executeProjectPolicyTemplate(pptd)
 	require.NoError(t, err)
-	assert.NotEmpty(t, policy)
 
-	// generate credentials for policy
+	policyWithStage, err := ioutil.ReadFile("testdata/policy-stage")
+	require.NoError(t, err)
+	compareStrings(t, string(policyWithStage), policy)
+
 	creds, err := s.credentialsForPolicy(policy)
 	require.NoError(t, err)
-	assert.NotNil(t, creds)
 	assert.NotEmpty(t, creds.AccessKeyID)
 	assert.NotEmpty(t, creds.SecretAccessKey)
 	assert.NotEmpty(t, creds.SessionToken)
 	assert.NotEmpty(t, creds.Region)
+
 }
 
-func testSecurityResponse(s *Security, t *testing.T) {
-	resp, err := s.credentials()
-	require.NoError(t, err)
-	assert.NotNil(t, resp)
-	assert.NotEmpty(t, resp.AccessKeyID)
-	assert.NotEmpty(t, resp.SecretAccessKey)
-	assert.NotEmpty(t, resp.SessionToken)
-	assert.NotEmpty(t, resp.Region)
+func compareStrings(t *testing.T, expected, actual string) {
+	if expected != actual {
+		t.Logf("diff of strings")
+		t.Logf("expected \n%s, actual \n%s", expected, actual)
+		t.Fatalf("failed")
+	}
 }
diff --git a/api/security/testdata/policy-no-stage b/api/security/testdata/policy-no-stage
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+
+        {
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::bucket/*"
+        }
+    ]
+}
diff --git a/api/security/testdata/policy-stage b/api/security/testdata/policy-stage
@@ -0,0 +1,36 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::publicSite1/*"
+        },
+        {
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::publicSite2/*"
+        },
+
+        {
+            "Action": [
+                "logs:DescribeLogStreams",
+                "logs:FilterLogEvents"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:logs:region:123456789012:log-group:/aws/lambda/mantil-project-test-project-test-stage*"
+        },
+
+        {
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::bucket/*"
+        }
+    ]
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,5 +30,4 @@ const CredentialsTemplate = `{ @@
                 "Resource": "arn:aws:s3:::{{.Bucket}}/*"
             }
         ]
-    }
-    `
+    }`