Skip to content

Commit 6287a8c

Browse files
mikecotemikecote
committed
Add unit tests for security plugin
1 parent 2674a9d commit 6287a8c

1 file changed

Lines changed: 240 additions & 0 deletions

File tree

x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client_wrapper.test.js

Lines changed: 240 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,6 +310,86 @@ describe(`spaces disabled`, () => {
310310
});
311311
});
312312

313+
describe('#canBulkCreate', () => {
314+
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
315+
const type = 'foo';
316+
const mockErrors = createMockErrors();
317+
const mockCheckPrivileges = jest.fn(async () => {
318+
throw new Error('An actual error would happen here');
319+
});
320+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
321+
const mockRequest = Symbol();
322+
const mockAuditLogger = createMockAuditLogger();
323+
const mockActions = createMockActions();
324+
const client = new SecureSavedObjectsClientWrapper({
325+
actions: mockActions,
326+
auditLogger: mockAuditLogger,
327+
baseClient: null,
328+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
329+
errors: mockErrors,
330+
request: mockRequest,
331+
savedObjectTypes: [],
332+
spaces: null,
333+
});
334+
335+
await expect(client.canBulkCreate([type])).rejects.toThrowError(mockErrors.generalError);
336+
337+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
338+
expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'bulk_create')]);
339+
expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
340+
expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
341+
expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
342+
});
343+
344+
test(`returns types associated with if they can be created in bulk or not`, async () => {
345+
const type1 = 'foo';
346+
const type2 = 'bar';
347+
const username = Symbol();
348+
const mockActions = createMockActions();
349+
const mockErrors = createMockErrors();
350+
const mockCheckPrivileges = jest.fn(async () => ({
351+
hasAllRequested: false,
352+
username,
353+
privileges: {
354+
[mockActions.savedObject.get(type1, 'bulk_create')]: false,
355+
[mockActions.savedObject.get(type2, 'bulk_create')]: true,
356+
}
357+
}));
358+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
359+
const mockRequest = Symbol();
360+
const mockAuditLogger = createMockAuditLogger();
361+
const client = new SecureSavedObjectsClientWrapper({
362+
actions: mockActions,
363+
auditLogger: mockAuditLogger,
364+
baseClient: null,
365+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
366+
errors: mockErrors,
367+
request: mockRequest,
368+
savedObjectTypes: [],
369+
spaces: null,
370+
});
371+
const types = [type1, type2 ];
372+
373+
const result = await client.canBulkCreate(types);
374+
expect(result).toEqual([
375+
{
376+
type: type1,
377+
can: false,
378+
},
379+
{
380+
type: type2,
381+
can: true,
382+
},
383+
]);
384+
385+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
386+
expect(mockCheckPrivileges).toHaveBeenCalledWith([
387+
mockActions.savedObject.get(type1, 'bulk_create'),
388+
mockActions.savedObject.get(type2, 'bulk_create'),
389+
]);
390+
});
391+
});
392+
313393
describe('#delete', () => {
314394
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
315395
const type = 'foo';
@@ -600,6 +680,86 @@ describe(`spaces disabled`, () => {
600680
});
601681
});
602682

683+
describe('#canFind', () => {
684+
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
685+
const type = 'foo';
686+
const mockErrors = createMockErrors();
687+
const mockCheckPrivileges = jest.fn(async () => {
688+
throw new Error('An actual error would happen here');
689+
});
690+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
691+
const mockRequest = Symbol();
692+
const mockAuditLogger = createMockAuditLogger();
693+
const mockActions = createMockActions();
694+
const client = new SecureSavedObjectsClientWrapper({
695+
actions: mockActions,
696+
auditLogger: mockAuditLogger,
697+
baseClient: null,
698+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
699+
errors: mockErrors,
700+
request: mockRequest,
701+
savedObjectTypes: [],
702+
spaces: null,
703+
});
704+
705+
await expect(client.canFind([type])).rejects.toThrowError(mockErrors.generalError);
706+
707+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
708+
expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'find')]);
709+
expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
710+
expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
711+
expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
712+
});
713+
714+
test('returns types associated with if they can be used with find', async () => {
715+
const type1 = 'foo';
716+
const type2 = 'bar';
717+
const username = Symbol();
718+
const mockActions = createMockActions();
719+
const mockErrors = createMockErrors();
720+
const mockCheckPrivileges = jest.fn(async () => ({
721+
hasAllRequested: false,
722+
username,
723+
privileges: {
724+
[mockActions.savedObject.get(type1, 'find')]: false,
725+
[mockActions.savedObject.get(type2, 'find')]: true,
726+
}
727+
}));
728+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
729+
const mockRequest = Symbol();
730+
731+
const mockAuditLogger = createMockAuditLogger();
732+
const client = new SecureSavedObjectsClientWrapper({
733+
actions: mockActions,
734+
auditLogger: mockAuditLogger,
735+
baseClient: null,
736+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
737+
errors: mockErrors,
738+
request: mockRequest,
739+
savedObjectTypes: [],
740+
spaces: null,
741+
});
742+
const types = [type1, type2];
743+
const result = await client.canFind(types);
744+
745+
expect(result).toEqual([
746+
{
747+
type: type1,
748+
can: false,
749+
},
750+
{
751+
type: type2,
752+
can: true,
753+
},
754+
]);
755+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
756+
expect(mockCheckPrivileges).toHaveBeenCalledWith([
757+
mockActions.savedObject.get(type1, 'find'),
758+
mockActions.savedObject.get(type2, 'find')
759+
]);
760+
});
761+
});
762+
603763
describe('#bulkGet', () => {
604764
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
605765
const type = 'foo';
@@ -739,6 +899,86 @@ describe(`spaces disabled`, () => {
739899
});
740900
});
741901

902+
describe('#canBulkGet', () => {
903+
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
904+
const type = 'foo';
905+
const mockErrors = createMockErrors();
906+
const mockCheckPrivileges = jest.fn(async () => {
907+
throw new Error('An actual error would happen here');
908+
});
909+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
910+
const mockRequest = Symbol();
911+
const mockAuditLogger = createMockAuditLogger();
912+
const mockActions = createMockActions();
913+
const client = new SecureSavedObjectsClientWrapper({
914+
actions: mockActions,
915+
auditLogger: mockAuditLogger,
916+
baseClient: null,
917+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
918+
errors: mockErrors,
919+
request: mockRequest,
920+
savedObjectTypes: [],
921+
spaces: null,
922+
});
923+
924+
await expect(client.canBulkGet([type])).rejects.toThrowError(mockErrors.generalError);
925+
926+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
927+
expect(mockCheckPrivileges).toHaveBeenCalledWith([mockActions.savedObject.get(type, 'bulk_get')]);
928+
expect(mockErrors.decorateGeneralError).toHaveBeenCalledTimes(1);
929+
expect(mockAuditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
930+
expect(mockAuditLogger.savedObjectsAuthorizationSuccess).not.toHaveBeenCalled();
931+
});
932+
933+
test('returns types associated with if they can be used with bulkGet', async () => {
934+
const type1 = 'foo';
935+
const type2 = 'bar';
936+
const username = Symbol();
937+
const mockActions = createMockActions();
938+
const mockErrors = createMockErrors();
939+
const mockCheckPrivileges = jest.fn(async () => ({
940+
hasAllRequested: false,
941+
username,
942+
privileges: {
943+
[mockActions.savedObject.get(type1, 'bulk_get')]: false,
944+
[mockActions.savedObject.get(type2, 'bulk_get')]: true,
945+
}
946+
}));
947+
const mockCheckPrivilegesDynamicallyWithRequest = jest.fn().mockReturnValue(mockCheckPrivileges);
948+
const mockRequest = Symbol();
949+
const mockAuditLogger = createMockAuditLogger();
950+
const client = new SecureSavedObjectsClientWrapper({
951+
actions: mockActions,
952+
auditLogger: mockAuditLogger,
953+
baseClient: null,
954+
checkPrivilegesDynamicallyWithRequest: mockCheckPrivilegesDynamicallyWithRequest,
955+
errors: mockErrors,
956+
request: mockRequest,
957+
savedObjectTypes: [],
958+
spaces: null,
959+
});
960+
const types = [type1, type2];
961+
962+
const result = await client.canBulkGet(types);
963+
964+
expect(result).toEqual([
965+
{
966+
type: type1,
967+
can: false,
968+
},
969+
{
970+
type: type2,
971+
can: true,
972+
},
973+
]);
974+
expect(mockCheckPrivilegesDynamicallyWithRequest).toHaveBeenCalledWith(mockRequest);
975+
expect(mockCheckPrivileges).toHaveBeenCalledWith([
976+
mockActions.savedObject.get(type1, 'bulk_get'),
977+
mockActions.savedObject.get(type2, 'bulk_get'),
978+
]);
979+
});
980+
});
981+
742982
describe('#get', () => {
743983
test(`throws decorated GeneralError when hasPrivileges rejects promise`, async () => {
744984
const type = 'foo';

0 commit comments

Comments
 (0)