Add unit tests for security plugin

2019-05-01 09:18:27 -04:00 · 2019-05-01 09:18:27 -04:00 · 6287a8cecf
parent 2674a9d78f
commit 6287a8cecf
1 changed files with 240 additions and 0 deletions
--- a/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client_wrapper.test.js
+++ b/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client_wrapper.test.js
@ -310,6 +310,86 @@ describe(`spaces disabled`, () => {
    });
  });

+  describe('#canBulkCreate', () => {
+    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
+      const type = 'foo';
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => {
+        throw new Error('An actual error would happen here');
+      });
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+      const mockAuditLogger = createMockAuditLogger();
+      const mockActions = createMockActions();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+
+      await expect(client.canBulkCreate([type])).rejects.toThrowError(mockErrors.generalError);
+
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'bulk_create')]);
+      expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
+      expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
+      expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
+    });
+
+    test(`returns types associated with if they can be created in bulk or not`, async () => {
+      const type1 = 'foo';
+      const type2 = 'bar';
+      const username = Symbol();
+      const mockActions = createMockActions();
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => ({
+        hasAllRequested: false,
+        username,
+        privileges: {
+          [mockActions.savedObject.get(type1, 'bulk_create')]: false,
+          [mockActions.savedObject.get(type2, 'bulk_create')]: true,
+        }
+      }));
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+      const mockAuditLogger = createMockAuditLogger();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+      const types = [type1, type2 ];
+
+      const result = await client.canBulkCreate(types);
+      expect(result).toEqual([
+        {
+          type: type1,
+          can: false,
+        },
+        {
+          type: type2,
+          can: true,
+        },
+      ]);
+
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([
+        mockActions.savedObject.get(type1, 'bulk_create'),
+        mockActions.savedObject.get(type2, 'bulk_create'),
+      ]);
+    });
+  });
+
  describe('#delete', () => {
    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
      const type = 'foo';
@ -600,6 +680,86 @@ describe(`spaces disabled`, () => {
    });
  });

+  describe('#canFind', () => {
+    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
+      const type = 'foo';
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => {
+        throw new Error('An actual error would happen here');
+      });
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+      const mockAuditLogger = createMockAuditLogger();
+      const mockActions = createMockActions();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+
+      await expect(client.canFind([type])).rejects.toThrowError(mockErrors.generalError);
+
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'find')]);
+      expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
+      expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
+      expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
+    });
+
+    test('returns types associated with if they can be used with find', async () => {
+      const type1 = 'foo';
+      const type2 = 'bar';
+      const username = Symbol();
+      const mockActions = createMockActions();
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => ({
+        hasAllRequested: false,
+        username,
+        privileges: {
+          [mockActions.savedObject.get(type1, 'find')]: false,
+          [mockActions.savedObject.get(type2, 'find')]: true,
+        }
+      }));
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+
+      const mockAuditLogger = createMockAuditLogger();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+      const types = [type1, type2];
+      const result = await client.canFind(types);
+
+      expect(result).toEqual([
+        {
+          type: type1,
+          can: false,
+        },
+        {
+          type: type2,
+          can: true,
+        },
+      ]);
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([
+        mockActions.savedObject.get(type1, 'find'),
+        mockActions.savedObject.get(type2, 'find')
+      ]);
+    });
+  });
+
  describe('#bulkGet', () => {
    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
      const type = 'foo';
@ -739,6 +899,86 @@ describe(`spaces disabled`, () => {
    });
  });

+  describe('#canBulkGet', () => {
+    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
+      const type = 'foo';
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => {
+        throw new Error('An actual error would happen here');
+      });
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+      const mockAuditLogger = createMockAuditLogger();
+      const mockActions = createMockActions();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+
+      await expect(client.canBulkGet([type])).rejects.toThrowError(mockErrors.generalError);
+
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'bulk_get')]);
+      expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
+      expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
+      expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
+    });
+
+    test('returns types associated with if they can be used with bulkGet', async () => {
+      const type1 = 'foo';
+      const type2 = 'bar';
+      const username = Symbol();
+      const mockActions = createMockActions();
+      const mockErrors = createMockErrors();
+      const mockCheckPrivileges = jest.fn(async () => ({
+        hasAllRequested: false,
+        username,
+        privileges: {
+          [mockActions.savedObject.get(type1, 'bulk_get')]: false,
+          [mockActions.savedObject.get(type2, 'bulk_get')]: true,
+        }
+      }));
+      const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
+      const mockRequest = Symbol();
+      const mockAuditLogger = createMockAuditLogger();
+      const client = new SecureSavedObjectsClientWrapper({
+        actions: mockActions,
+        auditLogger: mockAuditLogger,
+        baseClient: null,
+        checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
+        errors: mockErrors,
+        request: mockRequest,
+        savedObjectTypes: [],
+        spaces: null,
+      });
+      const types = [type1, type2];
+
+      const result = await client.canBulkGet(types);
+
+      expect(result).toEqual([
+        {
+          type: type1,
+          can: false,
+        },
+        {
+          type: type2,
+          can: true,
+        },
+      ]);
+      expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
+      expect(mockCheckPrivileges).toHaveBeenCalledWith([
+        mockActions.savedObject.get(type1, 'bulk_get'),
+        mockActions.savedObject.get(type2, 'bulk_get'),
+      ]);
+    });
+  });
+
  describe('#get', () => {
    test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
      const type = 'foo';