nolint:paralleltest, tparallel
(t *testing.T)
| 24 | |
| 25 | //nolint:paralleltest, tparallel |
| 26 | func TestRoleSyncTable(t *testing.T) { |
| 27 | t.Parallel() |
| 28 | |
| 29 | userClaims := jwt.MapClaims{ |
| 30 | "roles": []string{ |
| 31 | "foo", "bar", "baz", |
| 32 | "create-bar", "create-baz", |
| 33 | "legacy-bar", rbac.RoleOrgAuditor(), |
| 34 | }, |
| 35 | // bad-claim is a number, and will fail any role sync |
| 36 | "bad-claim": 100, |
| 37 | "empty": []string{}, |
| 38 | } |
| 39 | |
| 40 | testCases := []orgSetupDefinition{ |
| 41 | { |
| 42 | Name: "NoSync", |
| 43 | OrganizationRoles: []string{}, |
| 44 | assertRoles: &orgRoleAssert{ |
| 45 | ExpectedOrgRoles: []string{}, |
| 46 | }, |
| 47 | }, |
| 48 | { |
| 49 | Name: "SyncDisabled", |
| 50 | OrganizationRoles: []string{ |
| 51 | rbac.RoleOrgAdmin(), |
| 52 | }, |
| 53 | RoleSettings: &idpsync.RoleSyncSettings{}, |
| 54 | assertRoles: &orgRoleAssert{ |
| 55 | ExpectedOrgRoles: []string{ |
| 56 | rbac.RoleOrgAdmin(), |
| 57 | }, |
| 58 | }, |
| 59 | }, |
| 60 | { |
| 61 | // Audit role from claim |
| 62 | Name: "RawAudit", |
| 63 | OrganizationRoles: []string{ |
| 64 | rbac.RoleOrgAdmin(), |
| 65 | }, |
| 66 | RoleSettings: &idpsync.RoleSyncSettings{ |
| 67 | Field: "roles", |
| 68 | Mapping: map[string][]string{}, |
| 69 | }, |
| 70 | assertRoles: &orgRoleAssert{ |
| 71 | ExpectedOrgRoles: []string{ |
| 72 | rbac.RoleOrgAuditor(), |
| 73 | }, |
| 74 | }, |
| 75 | }, |
| 76 | { |
| 77 | Name: "CustomRole", |
| 78 | OrganizationRoles: []string{ |
| 79 | rbac.RoleOrgAdmin(), |
| 80 | }, |
| 81 | CustomRoles: []string{"foo"}, |
| 82 | RoleSettings: &idpsync.RoleSyncSettings{ |
| 83 | Field: "roles", |
nothing calls this directly
no test coverage detected