Test

Signed-off-by: Blake Johnson <[email protected]>
chef · Jul 17, 2019 · bc211ce · bc211ce
1 parent 31ee464
commit bc211ce
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/components/automate-deployment/pkg/server/api_token_test.go b/components/automate-deployment/pkg/server/api_token_test.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/chef/automate/api/interservice/authn"
 	"github.com/chef/automate/api/interservice/authz"
+	authz_v2 "github.com/chef/automate/api/interservice/authz/v2"
 	api "github.com/chef/automate/api/interservice/deployment"
 	"github.com/chef/automate/lib/grpc/grpctest"
 	"github.com/chef/automate/lib/grpc/secureconn"
@@ -31,6 +32,7 @@ func TestGenerateAdminToken(t *testing.T) {
 
 	serviceCerts = helpers.LoadDevCerts(t, "authz-service")
 	mockAuthZ := authz.NewAuthorizationServerMock()
+	mockV2PolicyServer := authz_v2.NewPoliciesServerMock()
 	connFactory = secureconn.NewFactory(*serviceCerts)
 	g = connFactory.NewServer()
 	authz.RegisterAuthorizationServer(g, mockAuthZ)
@@ -147,6 +149,53 @@ func TestGenerateAdminToken(t *testing.T) {
 		require.Error(t, err)
 	})
 
+	t.Run("when API token succeeds but policy creation fails due to precondition, v2 policy creation succeeds", func(t *testing.T) {
+		mockAuthN.CreateTokenFunc = func(
+			_ context.Context, req *authn.CreateTokenReq) (*authn.Token, error) {
+
+			assert.True(t, req.Active)
+			assert.Equal(t, testDescription, req.Description)
+
+			return &authn.Token{
+				Value: testTokenString,
+				Id:    testID,
+			}, nil
+		}
+
+		mockAuthZ.CreatePolicyFunc = func(
+			_ context.Context, req *authz.CreatePolicyReq) (*authz.CreatePolicyResp, error) {
+
+			assert.Equal(t, []string{testSubjectString}, req.Subjects)
+			assert.Equal(t, "*", req.Action)
+			assert.Equal(t, "*", req.Resource)
+
+			return nil, status.Error(codes.FailedPrecondition, "v2 error")
+		}
+
+		mockV2PolicyServer.CreatePolicyFunc = func(
+			_ context.Context, req *authz_v2.CreatePolicyReq) (*authz_v2.Policy, error) {
+
+			assert.Equal(t, "*", req.Id)
+			assert.Equal(t, "*", req.Name)
+			assert.Equal(t, authz_v2.Statement_ALLOW, req.Statements[0])
+
+			return &authz_v2.Policy{}, nil
+		}
+
+		mockAuthN.DeleteTokenFunc = func(
+			_ context.Context, req *authn.DeleteTokenReq) (*authn.DeleteTokenResp, error) {
+
+			assert.Equal(t, testID, req.Id)
+
+			return &authn.DeleteTokenResp{}, nil
+		}
+
+		req := &api.GenerateAdminTokenRequest{Description: testDescription}
+		resp, err := generateAdminToken(ctx, req, connFactory, authnServer.URL, authzServer.URL)
+		require.NotNil(t, resp)
+		require.NoError(t, err)
+	})
+
 	t.Run("when API token succeeds but policy creation fails and rollback fails", func(t *testing.T) {
 		mockAuthN.CreateTokenFunc = func(
 			_ context.Context, req *authn.CreateTokenReq) (*authn.Token, error) {