chore: add tests for permissions

Signed-off-by: Mason Hu <[email protected]>

.github/workflows/coverage.yaml

@@ -61,6 +61,7 @@ jobs:
           sudo lxc config trust add keys/lxd-ui.crt
           sudo lxc config set cluster.https_address "127.0.0.1"
           sudo lxc cluster enable local
+          sudo lxc config set user.show_permissions=true
 
       - name: Create a custom image
         shell: bash
@@ -77,6 +78,10 @@ jobs:
       - name: Install Playwright Browser
         run: npx playwright install --with-deps chromium
 
+      - name: Create OIDC users
+        shell: bash
+        run: ./tests/scripts/create_oidc_identities
+
       - name: Run tests with coverage
         shell: bash
         run: |

.github/workflows/pr.yaml

@@ -125,6 +125,7 @@ jobs:
           sudo lxc config trust add keys/lxd-ui.crt
           sudo lxc config set cluster.https_address "127.0.0.1"
           sudo lxc cluster enable local
+          sudo lxc config set user.show_permissions=true
 
       - name: Create a custom image
         shell: bash
@@ -148,6 +149,11 @@ jobs:
           LXD_CHANNEL=$(echo '${{ matrix.lxd_channel }}' | sed 's#/#-#g')
           echo "LXD_CHANNEL=$LXD_CHANNEL" >> $GITHUB_OUTPUT
 
+      - name: Create OIDC users
+        if: ${{ matrix.lxd_channel != '5.0/edge' }}
+        shell: bash
+        run: ./tests/scripts/create_oidc_identities
+
       - name: Run Playwright tests
         run: npx playwright test --project ${{ matrix.browser }}:lxd-${{ steps.lxd-env.outputs.LXD_CHANNEL }}
 

HACKING.md

@@ -5,7 +5,8 @@
   <br/>
   <pre><code>snap install lxd
 lxd init # can accept all defaults
-lxc config set core.https_address "[::]:8443"</code></pre>
+lxc config set core.https_address "[::]:8443"
+lxc config set user.show_permissions=true</code></pre>
 </details>
 
 <details>

package.json

@@ -21,8 +21,8 @@
     "start": "concurrently --kill-others --raw 'vite --host | grep -v 3000' 'yarn serve'",
     "serve": "./entrypoint",
     "test-js": "vitest --run",
-    "test-e2e-edge": "npx playwright test --project chromium:lxd-latest-edge firefox:lxd-latest-edge",
-    "test-e2e-5.21-edge": "npx playwright test --project chromium:lxd-5.21-edge firefox:lxd-5.21-edge",
+    "test-e2e-edge": "tests/scripts/create_oidc_identities && npx playwright test --project chromium:lxd-latest-edge firefox:lxd-latest-edge && tests/scripts/delete_oidc_identities",
+    "test-e2e-5.21-edge": "tests/scripts/create_oidc_identities && npx playwright test --project chromium:lxd-5.21-edge firefox:lxd-5.21-edge && tests/scripts/delete_oidc_identities",
     "test-e2e-5.0-edge": "npx playwright test --project chromium:lxd-5.0-edge firefox:lxd-5.0-edge",
     "test-coverage": "yarn test-js-coverage && yarn test-e2e-coverage && yarn test-report-coverage",
     "test-js-coverage": "vitest --run --coverage",

src/util/permissions.spec.ts

@@ -0,0 +1,246 @@
+import {
+  generateEntitlementOptions,
+  generatePermissionSort,
+  generateResourceOptions,
+} from "./permissions";
+
+describe("General util functions for permissions feature", () => {
+  it("generateResourceOptions", () => {
+    const resourceType = "instance";
+    const permissions = [
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-1?project=default",
+        entitlement: "entitlement-1",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-1?project=default",
+        entitlement: "entitlement-2",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-1?project=default",
+        entitlement: "entitlement-3",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-2?project=default",
+        entitlement: "entitlement-1",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-2?project=default",
+        entitlement: "entitlement-2",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-2?project=default",
+        entitlement: "entitlement-3",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-3?project=default",
+        entitlement: "entitlement-1",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-3?project=default",
+        entitlement: "entitlement-2",
+      },
+      {
+        entity_type: "instance",
+        url: "/1.0/instances/instance-3?project=default",
+        entitlement: "entitlement-3",
+      },
+    ];
+
+    const imagesNamesLookup = {};
+    const identityNamesLookup = {};
+
+    const resourceOptions = generateResourceOptions(
+      resourceType,
+      permissions,
+      imagesNamesLookup,
+      identityNamesLookup,
+    );
+    expect(resourceOptions).toEqual([
+      {
+        disabled: true,
+        label: "Select an option",
+        value: "",
+      },
+      {
+        value: "/1.0/instances/instance-1?project=default",
+        label: "instance-1 (project: default) ",
+      },
+      {
+        value: "/1.0/instances/instance-2?project=default",
+        label: "instance-2 (project: default) ",
+      },
+      {
+        value: "/1.0/instances/instance-3?project=default",
+        label: "instance-3 (project: default) ",
+      },
+    ]);
+  });
+
+  it("generateEntitlementOptions", () => {
+    const resourceType = "server";
+    const permissions = [
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "admin",
+      },
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "viewer",
+      },
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "can_edit",
+      },
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "can_view",
+      },
+    ];
+
+    const entitlementOptions = generateEntitlementOptions(
+      resourceType,
+      permissions,
+    );
+
+    expect(entitlementOptions).toEqual([
+      {
+        disabled: true,
+        label: "Select an option",
+        value: "",
+      },
+      {
+        disabled: true,
+        label: "Built-in roles",
+        value: "",
+      },
+      {
+        label: "admin",
+        value: "admin",
+      },
+      {
+        label: "viewer",
+        value: "viewer",
+      },
+      {
+        disabled: true,
+        label: "Granular entitlements",
+        value: "",
+      },
+      {
+        label: "can_edit",
+        value: "can_edit",
+      },
+      {
+        label: "can_view",
+        value: "can_view",
+      },
+    ]);
+  });
+
+  it("generatePermissionSort", () => {
+    const permissions = [
+      {
+        entity_type: "identity",
+        url: "/1.0/auth/identities/oidc/[email protected]",
+        entitlement: "can_delete",
+        id: "identity/1.0/auth/identities/oidc/[email protected]_delete",
+      },
+      {
+        id: "group/1.0/auth/groups/g-1can_delete",
+        entity_type: "group",
+        url: "/1.0/auth/groups/g-1",
+        entitlement: "can_delete",
+      },
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "admin",
+        id: "server/1.0admin",
+      },
+      {
+        entity_type: "project",
+        url: "/1.0/projects/default",
+        entitlement: "image_alias_manager",
+        id: "project/1.0/projects/defaultimage_alias_manager",
+      },
+
+      {
+        entity_type: "group",
+        url: "/1.0/auth/groups/g-1",
+        entitlement: "can_view",
+        id: "group/1.0/auth/groups/g-1can_view",
+      },
+      {
+        id: "image/1.0/images/a56eb59962b706e727703aaa415ae4c584c8fc6a661fcd3aba83bc9eff237ac0?project=defaultcan_edit",
+        entity_type: "image",
+        url: "/1.0/images/a56eb59962b706e727703aaa415ae4c584c8fc6a661fcd3aba83bc9eff237ac0?project=default",
+        entitlement: "can_edit",
+      },
+    ];
+
+    const identityNamesLookup = {
+      "[email protected]": "bar",
+    };
+
+    const imagesNamesLookup = {
+      a56eb59962b706e727703aaa415ae4c584c8fc6a661fcd3aba83bc9eff237ac0:
+        "Alpinelinux 3.16 x86_64 (cloud) (20240415_0234) (project: default)",
+    };
+
+    permissions.sort(
+      generatePermissionSort(imagesNamesLookup, identityNamesLookup),
+    );
+
+    expect(permissions).toEqual([
+      {
+        entity_type: "server",
+        url: "/1.0",
+        entitlement: "admin",
+        id: "server/1.0admin",
+      },
+      {
+        entity_type: "identity",
+        url: "/1.0/auth/identities/oidc/[email protected]",
+        entitlement: "can_delete",
+        id: "identity/1.0/auth/identities/oidc/[email protected]_delete",
+      },
+      {
+        id: "group/1.0/auth/groups/g-1can_delete",
+        entity_type: "group",
+        url: "/1.0/auth/groups/g-1",
+        entitlement: "can_delete",
+      },
+      {
+        entity_type: "group",
+        url: "/1.0/auth/groups/g-1",
+        entitlement: "can_view",
+        id: "group/1.0/auth/groups/g-1can_view",
+      },
+      {
+        entity_type: "project",
+        url: "/1.0/projects/default",
+        entitlement: "image_alias_manager",
+        id: "project/1.0/projects/defaultimage_alias_manager",
+      },
+      {
+        id: "image/1.0/images/a56eb59962b706e727703aaa415ae4c584c8fc6a661fcd3aba83bc9eff237ac0?project=defaultcan_edit",
+        entity_type: "image",
+        url: "/1.0/images/a56eb59962b706e727703aaa415ae4c584c8fc6a661fcd3aba83bc9eff237ac0?project=default",
+        entitlement: "can_edit",
+      },
+    ]);
+  });
+});