mirror of https://github.com/databricks/cli.git
153 lines
4.8 KiB
Go
153 lines
4.8 KiB
Go
package validate
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/databricks/cli/bundle"
|
|
"github.com/databricks/cli/bundle/config"
|
|
"github.com/databricks/cli/bundle/config/resources"
|
|
"github.com/databricks/cli/bundle/permissions"
|
|
"github.com/databricks/databricks-sdk-go/experimental/mocks"
|
|
"github.com/databricks/databricks-sdk-go/service/workspace"
|
|
"github.com/stretchr/testify/mock"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestValidateFolderPermissions(t *testing.T) {
|
|
b := &bundle.Bundle{
|
|
Config: config.Root{
|
|
Workspace: config.Workspace{
|
|
RootPath: "/Workspace/Users/foo@bar.com",
|
|
ArtifactPath: "/Workspace/Users/foo@bar.com/artifacts",
|
|
FilePath: "/Workspace/Users/foo@bar.com/files",
|
|
StatePath: "/Workspace/Users/foo@bar.com/state",
|
|
ResourcePath: "/Workspace/Users/foo@bar.com/resources",
|
|
},
|
|
Permissions: []resources.Permission{
|
|
{Level: permissions.CAN_MANAGE, UserName: "foo@bar.com"},
|
|
},
|
|
},
|
|
}
|
|
m := mocks.NewMockWorkspaceClient(t)
|
|
api := m.GetMockWorkspaceAPI()
|
|
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/foo@bar.com").Return(&workspace.ObjectInfo{
|
|
ObjectId: 1234,
|
|
}, nil)
|
|
|
|
api.EXPECT().GetPermissions(mock.Anything, workspace.GetWorkspaceObjectPermissionsRequest{
|
|
WorkspaceObjectId: "1234",
|
|
WorkspaceObjectType: "directories",
|
|
}).Return(&workspace.WorkspaceObjectPermissions{
|
|
ObjectId: "1234",
|
|
AccessControlList: []workspace.WorkspaceObjectAccessControlResponse{
|
|
{
|
|
UserName: "foo@bar.com",
|
|
AllPermissions: []workspace.WorkspaceObjectPermission{
|
|
{PermissionLevel: "CAN_MANAGE"},
|
|
},
|
|
},
|
|
},
|
|
}, nil)
|
|
|
|
b.SetWorkpaceClient(m.WorkspaceClient)
|
|
rb := bundle.ReadOnly(b)
|
|
|
|
diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions())
|
|
require.Empty(t, diags)
|
|
}
|
|
|
|
func TestValidateFolderPermissionsDifferentCount(t *testing.T) {
|
|
b := &bundle.Bundle{
|
|
Config: config.Root{
|
|
Workspace: config.Workspace{
|
|
RootPath: "/Workspace/Users/foo@bar.com",
|
|
ArtifactPath: "/Workspace/Users/foo@bar.com/artifacts",
|
|
FilePath: "/Workspace/Users/foo@bar.com/files",
|
|
StatePath: "/Workspace/Users/foo@bar.com/state",
|
|
ResourcePath: "/Workspace/Users/foo@bar.com/resources",
|
|
},
|
|
Permissions: []resources.Permission{
|
|
{Level: permissions.CAN_MANAGE, UserName: "foo@bar.com"},
|
|
},
|
|
},
|
|
}
|
|
m := mocks.NewMockWorkspaceClient(t)
|
|
api := m.GetMockWorkspaceAPI()
|
|
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/foo@bar.com").Return(&workspace.ObjectInfo{
|
|
ObjectId: 1234,
|
|
}, nil)
|
|
|
|
api.EXPECT().GetPermissions(mock.Anything, workspace.GetWorkspaceObjectPermissionsRequest{
|
|
WorkspaceObjectId: "1234",
|
|
WorkspaceObjectType: "directories",
|
|
}).Return(&workspace.WorkspaceObjectPermissions{
|
|
ObjectId: "1234",
|
|
AccessControlList: []workspace.WorkspaceObjectAccessControlResponse{
|
|
{
|
|
UserName: "foo@bar.com",
|
|
AllPermissions: []workspace.WorkspaceObjectPermission{
|
|
{PermissionLevel: "CAN_MANAGE"},
|
|
},
|
|
},
|
|
{
|
|
UserName: "foo2@bar.com",
|
|
AllPermissions: []workspace.WorkspaceObjectPermission{
|
|
{PermissionLevel: "CAN_MANAGE"},
|
|
},
|
|
},
|
|
},
|
|
}, nil)
|
|
|
|
b.SetWorkpaceClient(m.WorkspaceClient)
|
|
rb := bundle.ReadOnly(b)
|
|
|
|
diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions())
|
|
require.Len(t, diags, 1)
|
|
require.Equal(t, "permissions count mismatch", diags[0].Summary)
|
|
}
|
|
|
|
func TestValidateFolderPermissionsDifferentPermission(t *testing.T) {
|
|
b := &bundle.Bundle{
|
|
Config: config.Root{
|
|
Workspace: config.Workspace{
|
|
RootPath: "/Workspace/Users/foo@bar.com",
|
|
ArtifactPath: "/Workspace/Users/foo@bar.com/artifacts",
|
|
FilePath: "/Workspace/Users/foo@bar.com/files",
|
|
StatePath: "/Workspace/Users/foo@bar.com/state",
|
|
ResourcePath: "/Workspace/Users/foo@bar.com/resources",
|
|
},
|
|
Permissions: []resources.Permission{
|
|
{Level: permissions.CAN_MANAGE, UserName: "foo@bar.com"},
|
|
},
|
|
},
|
|
}
|
|
m := mocks.NewMockWorkspaceClient(t)
|
|
api := m.GetMockWorkspaceAPI()
|
|
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/foo@bar.com").Return(&workspace.ObjectInfo{
|
|
ObjectId: 1234,
|
|
}, nil)
|
|
|
|
api.EXPECT().GetPermissions(mock.Anything, workspace.GetWorkspaceObjectPermissionsRequest{
|
|
WorkspaceObjectId: "1234",
|
|
WorkspaceObjectType: "directories",
|
|
}).Return(&workspace.WorkspaceObjectPermissions{
|
|
ObjectId: "1234",
|
|
AccessControlList: []workspace.WorkspaceObjectAccessControlResponse{
|
|
{
|
|
UserName: "foo2@bar.com",
|
|
AllPermissions: []workspace.WorkspaceObjectPermission{
|
|
{PermissionLevel: "CAN_MANAGE"},
|
|
},
|
|
},
|
|
},
|
|
}, nil)
|
|
|
|
b.SetWorkpaceClient(m.WorkspaceClient)
|
|
rb := bundle.ReadOnly(b)
|
|
|
|
diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions())
|
|
require.Len(t, diags, 1)
|
|
require.Equal(t, "permission not found", diags[0].Summary)
|
|
}
|