mirror of
https://github.com/Unleash/unleash.git
synced 2025-08-13 13:48:59 +02:00
chore: clean up tests, fix admin type validation, projects* tests
This commit is contained in:
parent
e93810bc34
commit
46d3c3cab4
@ -1,17 +1,5 @@
|
|||||||
import type { FromSchema } from 'json-schema-to-ts';
|
import type { FromSchema } from 'json-schema-to-ts';
|
||||||
import { mergeAllOfs } from '../util/all-of';
|
import { mergeAllOfs } from '../util/all-of';
|
||||||
const adminSchema = {
|
|
||||||
required: ['type'],
|
|
||||||
type: 'object',
|
|
||||||
properties: {
|
|
||||||
type: {
|
|
||||||
type: 'string',
|
|
||||||
pattern: '^[Aa][Dd][Mm][Ii][Nn]$',
|
|
||||||
description: `An admin token. Must be the string "admin" (not case sensitive).`,
|
|
||||||
example: 'admin',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
} as const;
|
|
||||||
|
|
||||||
const tokenNameSchema = {
|
const tokenNameSchema = {
|
||||||
type: 'object',
|
type: 'object',
|
||||||
@ -86,10 +74,7 @@ export const createApiTokenSchema = {
|
|||||||
type: 'object',
|
type: 'object',
|
||||||
description:
|
description:
|
||||||
'The data required to create an [Unleash API token](https://docs.getunleash.io/reference/api-tokens-and-client-keys).',
|
'The data required to create an [Unleash API token](https://docs.getunleash.io/reference/api-tokens-and-client-keys).',
|
||||||
oneOf: [
|
oneOf: [mergeAllOfs([expireSchema, clientFrontendSchema, tokenNameSchema])],
|
||||||
mergeAllOfs([expireSchema, adminSchema, tokenNameSchema]),
|
|
||||||
mergeAllOfs([expireSchema, clientFrontendSchema, tokenNameSchema]),
|
|
||||||
],
|
|
||||||
components: {},
|
components: {},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
|
@ -307,11 +307,6 @@ export class ApiTokenController extends Controller {
|
|||||||
const permissionRequired = tokenTypeToCreatePermission(
|
const permissionRequired = tokenTypeToCreatePermission(
|
||||||
createToken.type,
|
createToken.type,
|
||||||
);
|
);
|
||||||
if (createToken.type.toUpperCase() === 'ADMIN') {
|
|
||||||
throw new OperationDeniedError(
|
|
||||||
`Admin tokens are disabled in this instance. Use a Service account or a PAT to access admin operations instead`,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
const hasPermission = await this.accessService.hasPermission(
|
const hasPermission = await this.accessService.hasPermission(
|
||||||
req.user,
|
req.user,
|
||||||
permissionRequired,
|
permissionRequired,
|
||||||
|
@ -24,7 +24,7 @@ test('should not have default project set if projects is present', async () => {
|
|||||||
expect(token.project).not.toBeDefined();
|
expect(token.project).not.toBeDefined();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should have project set to default if projects is missing', async () => {
|
test('should have a projects entry consisting of ALL if projects is missing', async () => {
|
||||||
const token = await createApiToken.validateAsync({
|
const token = await createApiToken.validateAsync({
|
||||||
tokenName: 'test',
|
tokenName: 'test',
|
||||||
type: 'client',
|
type: 'client',
|
||||||
@ -32,7 +32,7 @@ test('should have project set to default if projects is missing', async () => {
|
|||||||
expect(token.projects).toMatchObject([ALL]);
|
expect(token.projects).toMatchObject([ALL]);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('should not have project set if project is present', async () => {
|
test('should not have project set after validation if project is present', async () => {
|
||||||
const token = await createApiToken.validateAsync({
|
const token = await createApiToken.validateAsync({
|
||||||
tokenName: 'test',
|
tokenName: 'test',
|
||||||
type: 'client',
|
type: 'client',
|
||||||
|
@ -12,16 +12,11 @@ export const createApiToken = joi
|
|||||||
.required()
|
.required()
|
||||||
.valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
|
.valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
|
||||||
expiresAt: joi.date().optional(),
|
expiresAt: joi.date().optional(),
|
||||||
project: joi.when('projects', {
|
projects: joi.array().min(0).optional().default([ALL]),
|
||||||
not: joi.required(),
|
|
||||||
then: joi.string().optional().default(ALL),
|
|
||||||
}),
|
|
||||||
projects: joi.array().min(0).optional(),
|
|
||||||
environment: joi.when('type', {
|
environment: joi.when('type', {
|
||||||
is: joi.string().valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
|
is: joi.string().valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
|
||||||
then: joi.string().optional().default(DEFAULT_ENV),
|
then: joi.string().optional().default(DEFAULT_ENV),
|
||||||
otherwise: joi.string().optional().default(ALL),
|
otherwise: joi.string().optional().default(ALL),
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
.nand('project', 'projects')
|
|
||||||
.options({ stripUnknown: true, allowUnknown: false, abortEarly: false });
|
.options({ stripUnknown: true, allowUnknown: false, abortEarly: false });
|
||||||
|
@ -241,9 +241,6 @@ test('A role with only CREATE_PROJECT_API_TOKEN can create project tokens', asyn
|
|||||||
type: 'client',
|
type: 'client',
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
.expect((res) => {
|
|
||||||
console.log(res.body);
|
|
||||||
})
|
|
||||||
.expect(201);
|
.expect(201);
|
||||||
await destroy();
|
await destroy();
|
||||||
});
|
});
|
||||||
|
@ -176,7 +176,7 @@ test('creates new client token with project & environment set', async () => {
|
|||||||
.send({
|
.send({
|
||||||
tokenName: 'default-client',
|
tokenName: 'default-client',
|
||||||
type: 'client',
|
type: 'client',
|
||||||
project: 'default',
|
projects: ['default'],
|
||||||
environment: DEFAULT_ENV,
|
environment: DEFAULT_ENV,
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
@ -209,7 +209,7 @@ test('should prefix token with "project:environment."', async () => {
|
|||||||
.send({
|
.send({
|
||||||
tokenName: 'default-client',
|
tokenName: 'default-client',
|
||||||
type: 'client',
|
type: 'client',
|
||||||
project: 'default',
|
projects: ['default'],
|
||||||
environment: DEFAULT_ENV,
|
environment: DEFAULT_ENV,
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
@ -225,7 +225,7 @@ test('should not create token for invalid projectId', async () => {
|
|||||||
.send({
|
.send({
|
||||||
tokenName: 'default-client',
|
tokenName: 'default-client',
|
||||||
type: 'client',
|
type: 'client',
|
||||||
project: 'bogus-project-something',
|
projects: ['bogus-project-something'],
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
.expect(400)
|
.expect(400)
|
||||||
@ -264,19 +264,15 @@ test('needs tokenName property set', async () => {
|
|||||||
.expect(400);
|
.expect(400);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('username can not be set', async () => {
|
test('can not create token with admin type', async () => {
|
||||||
return app.request
|
return app.request
|
||||||
.post('/api/admin/api-tokens')
|
.post('/api/admin/api-tokens')
|
||||||
.send({
|
.send({
|
||||||
username: 'default-client-name',
|
tokenName: 'default-client',
|
||||||
tokenName: 'default-token-name',
|
type: 'admin',
|
||||||
type: 'client',
|
|
||||||
environment: '*',
|
environment: '*',
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
.expect((res) => {
|
|
||||||
console.log(res.body);
|
|
||||||
})
|
|
||||||
.expect(400);
|
.expect(400);
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -307,9 +303,6 @@ test('should create token for disabled environment', async () => {
|
|||||||
environment: 'disabledEnvironment',
|
environment: 'disabledEnvironment',
|
||||||
})
|
})
|
||||||
.set('Content-Type', 'application/json')
|
.set('Content-Type', 'application/json')
|
||||||
.expect((res) => {
|
|
||||||
console.log(res.body);
|
|
||||||
})
|
|
||||||
.expect(201);
|
.expect(201);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user