Skip to content

Commit

Permalink
test 2.8
Browse files Browse the repository at this point in the history
  • Loading branch information
@williamlardier
williamlardier committed May 8, 2024
1 parent 981c4fd commit f9d21fb
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 103 deletions.
10 changes: 8 additions & 2 deletions tests/ctst/steps/bucket-policies/common.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ Given('an {string} IAM Policy that {string} with {string} effect for the current
doesApply: string,
isAllow: string,
) {
const identityType = this.getSaved<string>('identityType') as EntityType;
if (identityType === EntityType.ACCOUNT) {
return;
}
// This step needs full access.
this.setAuthMode('base_account');
const authzConfiguration = getAuthorizationConfiguration(this);
Expand Down Expand Up @@ -129,7 +133,6 @@ Given('an {string} IAM Policy that {string} with {string} effect for the current
});
const policyArn = extractPropertyFromResults(createdPolicy, 'Policy', 'Arn') as string;

const identityType = this.getSaved<string>('identityType') as EntityType;
if (identityType === EntityType.ASSUME_ROLE_USER
|| identityType === EntityType.ASSUME_ROLE_USER_CROSS_ACCOUNT
|| identityType === EntityType.DATA_CONSUMER) {
Expand Down Expand Up @@ -222,6 +225,10 @@ Given('an {string} S3 Bucket Policy that {string} with {string} effect for the c
doesApply: string,
isAllow: string,
) {
const identityType = this.getSaved<string>('identityType') as EntityType;
if (identityType === EntityType.ACCOUNT) {
return;
}
// This step needs full access.
this.setAuthMode('base_account');
const authzConfiguration = getAuthorizationConfiguration(this);
Expand Down Expand Up @@ -269,7 +276,6 @@ Given('an {string} S3 Bucket Policy that {string} with {string} effect for the c
this.addToSaved('authzConfiguration', authzConfiguration);
const currentIdentityArn = this.getSaved<string>('identityArn');
let principal = currentIdentityArn;
const identityType = this.getSaved<string>('identityType') as EntityType;
if (identityType === EntityType.ASSUME_ROLE_USER
|| identityType === EntityType.ASSUME_ROLE_USER_CROSS_ACCOUNT
|| identityType === EntityType.DATA_CONSUMER) {
Expand Down
6 changes: 3 additions & 3 deletions tests/ctst/steps/cloudserverAuth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ interface DeleteObjectsResult {

When('the user tries to perform DeleteObjects', async function (this: Zenko) {
this.resetCommand();
this.resumeRootOrIamUser();
this.resumeIamUser();
this.addCommandParameter({ bucket: this.getSaved<string>('bucketName') });
const objectNames = this.getSaved<string[]>('objectNameArray');
const param: { Objects: { Key: string }[] } = {
Expand All @@ -34,7 +34,7 @@ When('the user tries to perform DeleteObjects', async function (this: Zenko) {

When('the user tries to perform CreateBucket', async function (this: Zenko) {
this.resetCommand();
this.resumeRootOrIamUser();
this.resumeIamUser();
const preName = (this.parameters.AccountName || Constants.ACCOUNT_NAME);
const usedBucketName = `${preName}${Constants.BUCKET_NAME_TEST}${Utils.randomString()}`.toLocaleLowerCase();
this.addToSaved('bucketName', usedBucketName);
Expand All @@ -46,7 +46,7 @@ When('the user tries to perform CreateBucket', async function (this: Zenko) {

When('the user tries to perform PutObjectRetention {string} bypass', async function (this: Zenko, withBypass: string) {
this.resetCommand();
this.resumeRootOrIamUser();
this.resumeIamUser();
this.addCommandParameter({ key: this.getSaved<string>('objectName') });
this.addCommandParameter({ bucket: this.getSaved<string>('bucketName') });
const date = new Date();
Expand Down
5 changes: 4 additions & 1 deletion tests/ctst/steps/quotas/quotas.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,12 @@ Before({tags: '@Quotas'}, async function ({ gherkinDocument, pickle }) {
world.parameters.logger?.debug('Scenario key', { key, from: `${pickle.astNodeIds[1]}`, configuration });
const config = configuration[key];
world.resetGlobalType();
Zenko.saveAccountAccessKeys(config.AccessKey, config.SecretKey);
// Save the bucket name for the scenario
world.addToSaved('bucketName', key);
// Save the account name for the scenario
Zenko.saveAccountAccessKeys(config.AccessKey, config.SecretKey);
world.parameters.AccountName = key;
world.addToSaved('accountName', key);
});

Given('a bucket quota set to {int} B', async function (this: Zenko, quota: number) {
Expand Down
20 changes: 17 additions & 3 deletions tests/ctst/steps/utils/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,26 @@ async function uploadTeardown(context: Zenko, action: string) {

async function runActionAgainstBucket(context: Zenko, action: string) {
let userCredentials: UserCredentials;
if ([EntityType.IAM_USER, EntityType.ACCOUNT].includes(context.getSaved<EntityType>('type'))) {
switch (context.getSaved<EntityType>('type')) {
case EntityType.IAM_USER:
userCredentials = context.parameters.IAMSession;
context.resumeRootOrIamUser();
} else {
context.resumeIamUser();
break;
case EntityType.ASSUME_ROLE_USER:
case EntityType.DATA_CONSUMER:
case EntityType.ASSUME_ROLE_USER_CROSS_ACCOUNT:
case EntityType.STORAGE_ACCOUNT_OWNER:
case EntityType.STORAGE_MANAGER:
userCredentials = context.parameters.AssumedSession!;
context.resumeAssumedRole();
break;
default:
userCredentials = {
AccessKeyId: context.parameters.AccessKey!,
SecretAccessKey: context.parameters.SecretKey!,
};
context.resetGlobalType();
break;
}
if (!userCredentials) {
throw new Error('User credentials not set. '
Expand Down
126 changes: 32 additions & 94 deletions tests/ctst/world/Zenko.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import {
cliModeObject,
Constants,
IAM,
IAMUserPolicy,
STS,
SuperAdmin,
Utils,
Expand Down Expand Up @@ -75,7 +74,6 @@ export interface ZenkoWorldParameters extends ClientOptions {
StorageAccountOwnerUsername: string;
DataConsumerUsername: string;
ServiceUsersCredentials: string;
AccountSessionToken: string;
KeycloakTestPassword: string;
AzureAccountName: string;
AzureAccountKey: string;
Expand Down Expand Up @@ -157,16 +155,8 @@ export default class Zenko extends World<ZenkoWorldParameters> {
CacheHelper.parameters = this.parameters as unknown as Record<string, unknown>;
this.cliMode.parameters = this.parameters;

if (this.parameters.AccountSessionToken) {
(CacheHelper.ARWWI[CacheHelper.AccountName]) = {
AccessKeyId: this.parameters.AccountAccessKey,
SecretAccessKey: this.parameters.AccountSecretKey,
SessionToken: this.parameters.AccountSessionToken,
};
} else {
CacheHelper.AccountName = this.parameters.AccountName;
CacheHelper.isPreloadedAccount = true;
}
CacheHelper.AccountName = this.parameters.AccountName;
CacheHelper.isPreloadedAccount = true;
}

/**
Expand Down Expand Up @@ -284,8 +274,9 @@ export default class Zenko extends World<ZenkoWorldParameters> {
* @returns {undefined}
*/
async prepareARWWI(ARWWIName: string, ARWWIPassword: string, ARWWITargetRole: string) {

if (!(ARWWIName in CacheHelper.ARWWI)) {
const accountName = this.parameters.AccountName || Constants.ACCOUNT_NAME;
const key = `${accountName}_${ARWWIName}`;
if (!(key in CacheHelper.ARWWI)) {
const token = await this.getWebIdentityToken(
ARWWIName,
ARWWIPassword,
Expand All @@ -301,7 +292,7 @@ export default class Zenko extends World<ZenkoWorldParameters> {
}
// Getting account ID
const account = await SuperAdmin.getAccount({
accountName: this.parameters.AccountName || Constants.ACCOUNT_NAME,
accountName,
});
// Getting roles with GetRolesForWebIdentity
// Get the first role with the storage-manager-role name
Expand Down Expand Up @@ -340,18 +331,18 @@ export default class Zenko extends World<ZenkoWorldParameters> {
throw new Error('Error when trying to Assume Role With Web Identity.');
}
// Save the session for future scenarios (increases performance)
CacheHelper.ARWWI[ARWWIName] = this.parameters.AssumedSession;
CacheHelper.ARWWI[key] = this.parameters.AssumedSession;
this.cliMode.parameters.AssumedSession =
CacheHelper.ARWWI[ARWWIName];
CacheHelper.parameters!.AssumedSession = CacheHelper.ARWWI[ARWWIName];
CacheHelper.ARWWI[key];
CacheHelper.parameters!.AssumedSession = CacheHelper.ARWWI[key];
this.cliMode.assumed = true;
this.cliMode.env = false;
} else {
this.parameters.AssumedSession =
CacheHelper.ARWWI[ARWWIName];
CacheHelper.ARWWI[key];
this.cliMode.parameters.AssumedSession =
CacheHelper.ARWWI[ARWWIName];
CacheHelper.parameters!.AssumedSession = CacheHelper.ARWWI[ARWWIName];
CacheHelper.ARWWI[key];
CacheHelper.parameters!.AssumedSession = CacheHelper.ARWWI[key];
this.cliMode.assumed = true;
this.cliMode.env = false;
}
Expand Down Expand Up @@ -407,15 +398,16 @@ export default class Zenko extends World<ZenkoWorldParameters> {

async createAccount(name?: string) {
this.resetGlobalType();
const accountName = name || `${Constants.ACCOUNT_NAME}${Utils.randomString()}`;
this.parameters.AccountName = accountName;

await SuperAdmin.createAccount({ accountName });

const credentials = await SuperAdmin.generateAccountAccessKey({ accountName });

Zenko.saveAccountAccessKeys(credentials.id!, credentials.value!);
CacheHelper.AccountName = accountName;
if (this.getSaved<string>('accountName')) {
Zenko.restoreAccountAccessKeys();
} else {
const accountName = name || `${Constants.ACCOUNT_NAME}${Utils.randomString()}`;
this.parameters.AccountName = accountName;
await SuperAdmin.createAccount({ accountName });
const credentials = await SuperAdmin.generateAccountAccessKey({ accountName });
Zenko.saveAccountAccessKeys(credentials.id!, credentials.value!);
CacheHelper.AccountName = accountName;
}
}

/**
Expand Down Expand Up @@ -495,7 +487,7 @@ export default class Zenko extends World<ZenkoWorldParameters> {
this.parameters.IAMSession =
extractPropertyFromResults(await IAM.createAccessKey(
this.getCommandParameters()), 'AccessKey')!;
this.resumeRootOrIamUser();
this.resumeIamUser();

// Assuming the role
this.resetCommand();
Expand Down Expand Up @@ -551,7 +543,7 @@ export default class Zenko extends World<ZenkoWorldParameters> {
// assign the credentials of the service user to the IAM session
this.parameters.IAMSession =
Zenko.serviceUsersCredentials[serviceUserName];
this.resumeRootOrIamUser();
this.resumeIamUser();

// Assuming the role as the service user
this.resetCommand();
Expand Down Expand Up @@ -650,66 +642,12 @@ export default class Zenko extends World<ZenkoWorldParameters> {
CacheHelper.accountAccessKeys?.value;
}

/**
* Creates an root user with policy and access keys to be used in the tests.
* The IAM user is cached for future tests to reduce the overall test suite
* duration.
* @returns {undefined}
*/
async prepareRootUser() {
Zenko.IAMUserName = Zenko.IAMUserName || `${this.parameters.IAMUserName
|| 'usertest'}${Utils.randomString()}`;
Zenko.IAMUserPolicyName = `IAMUserPolicy-${Zenko.IAMUserName}${Utils.randomString()}`;
if (!this.cliMode.parameters.IAMSession) {
// Create IAM user
this.addCommandParameter({ userName: Zenko.IAMUserName });
await IAM.createUser(this.getCommandParameters());
this.resetCommand();
// Create policy
this.addCommandParameter({ policyName: Zenko.IAMUserPolicyName });
this.addCommandParameter({ policyPath: '/' });
if (process.env.POLICY_DOCUMENT) {
this.addCommandParameter({ policyDocument: JSON.parse(process.env.POLICY_DOCUMENT) as object });
} else {
this.addCommandParameter({ policyDocument: IAMUserPolicy });
}
const policy = await IAM.createPolicy(this.getCommandParameters());
const account = await SuperAdmin.getAccount({
accountName: this.parameters.AccountName || Constants.ACCOUNT_NAME,
});
let policyArn = `arn:aws:iam::${account.id!}:policy/IAMUserPolicy-${Zenko.IAMUserName}}`;
try {
policyArn = (JSON.parse(policy.stdout) as { Policy: { Arn: string } }).Policy.Arn;
} catch (err: unknown) {
const usedErr = err as { message: string };
process.stderr.write('Failed to create the IAM User policy.\n' +
`${JSON.stringify(policy)}\n${usedErr.message}\n`);
}
this.resetCommand();
// Attach user policy
this.addCommandParameter({ userName: Zenko.IAMUserName });
this.addCommandParameter({ policyArn });
// Save the attached policy for cleanup
Zenko.IAMUserAttachedPolicy = policyArn;
await IAM.attachUserPolicy(this.getCommandParameters());
this.resetCommand();
// Create credentials for the user
this.addCommandParameter({ userName: Zenko.IAMUserName });
const accessKey = await IAM.createAccessKey(this.getCommandParameters());
if (accessKey.err) {
throw new Error(`Error creating the IAM User's access key.\n
${accessKey.err}`);
}
this.parameters.IAMSession =
extractPropertyFromResults(accessKey, 'AccessKey')!;
this.cliMode.parameters.IAMSession =
this.parameters.IAMSession;
this.cliMode.env = true;
this.resetCommand();
} else {
this.parameters.IAMSession =
this.cliMode.parameters.IAMSession;
this.cliMode.env = true;
static restoreAccountAccessKeys() {
if (CacheHelper.accountAccessKeys) {
CacheHelper.parameters!.AccessKey =
CacheHelper.accountAccessKeys.id;
CacheHelper.parameters!.SecretKey =
CacheHelper.accountAccessKeys.value;
}
}

Expand Down Expand Up @@ -740,7 +678,7 @@ export default class Zenko extends World<ZenkoWorldParameters> {
this.resetCommand();
}

resumeRootOrIamUser() {
resumeIamUser() {
this.cliMode.env = true;
}

Expand Down Expand Up @@ -793,7 +731,7 @@ export default class Zenko extends World<ZenkoWorldParameters> {

restoreEnvironment() {
if ([EntityType.IAM_USER, EntityType.ACCOUNT].includes(this.getSaved<EntityType>('type'))) {
this.resumeRootOrIamUser();
this.resumeIamUser();
} else {
this.resumeAssumedRole();
}
Expand Down

0 comments on commit f9d21fb

Please sign in to comment.