fix(rbac): make working rbac-backend with newer APIs (#2359)

* fix(rbac): make working rbac-backend with newer APIs Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * fit(rbac): fix unit tests Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * fix(rbac): fix lint Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * fix(orchestrator): fix lint Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * fix(rbac): update error type, when httpAuth is not availiable Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> --------- Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
janus-idp · Oct 16, 2024 · 25166f6 · 25166f6
1 parent 8e36c42
commit 25166f6
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 66 deletions.
diff --git a/plugins/orchestrator/src/api/OrchestratorClient.test.ts b/plugins/orchestrator/src/api/OrchestratorClient.test.ts
@@ -1,5 +1,5 @@
 import { DiscoveryApi, IdentityApi } from '@backstage/core-plugin-api';
-import { JsonObject } from '@backstage/types';
+import type { JsonObject } from '@backstage/types';
 
 import axios, {
   AxiosRequestConfig,

diff --git a/plugins/orchestrator/src/components/WorkflowEditor/WorkflowEditor.tsx b/plugins/orchestrator/src/components/WorkflowEditor/WorkflowEditor.tsx
@@ -34,7 +34,10 @@ import { useCancelableEffect } from '@kie-tools-core/react-hooks/dist/useCancela
 import { editorDisplayOptions } from '@kie-tools/serverless-workflow-combined-editor/dist/api';
 import { SwfCombinedEditorChannelApiImpl } from '@kie-tools/serverless-workflow-combined-editor/dist/channel/SwfCombinedEditorChannelApiImpl';
 import { SwfPreviewOptionsChannelApiImpl } from '@kie-tools/serverless-workflow-combined-editor/dist/channel/SwfPreviewOptionsChannelApiImpl';
-import { Diagnostic, DiagnosticSeverity } from 'vscode-languageserver-types';
+import {
+  DiagnosticSeverity,
+  type Diagnostic,
+} from 'vscode-languageserver-types';
 
 import {
   extractWorkflowFormat,

diff --git a/plugins/orchestrator/src/components/WorkflowEditor/channel/WorkflowEditorLanguageService.ts b/plugins/orchestrator/src/components/WorkflowEditor/channel/WorkflowEditorLanguageService.ts
@@ -4,8 +4,8 @@ import {
 } from '@kie-tools/serverless-workflow-language-service/dist/api';
 import {
   SwfJsonLanguageService,
-  SwfLanguageServiceArgs,
   SwfYamlLanguageService,
+  type SwfLanguageServiceArgs,
 } from '@kie-tools/serverless-workflow-language-service/dist/channel';
 import { SwfServiceCatalogService } from '@kie-tools/serverless-workflow-service-catalog/dist/api';
 

diff --git a/...ator/src/components/WorkflowEditor/channel/WorkflowEditorLanguageServiceChannelApiImpl.ts b/...ator/src/components/WorkflowEditor/channel/WorkflowEditorLanguageServiceChannelApiImpl.ts
@@ -1,9 +1,9 @@
 import { SwfLanguageServiceChannelApi } from '@kie-tools/serverless-workflow-language-service/dist/api';
-import {
+import type {
   SwfJsonLanguageService,
   SwfYamlLanguageService,
 } from '@kie-tools/serverless-workflow-language-service/dist/channel';
-import {
+import type {
   CodeLens,
   CompletionItem,
   Position,

diff --git a/plugins/rbac-backend/src/service/policies-rest-api.test.ts b/plugins/rbac-backend/src/service/policies-rest-api.test.ts
@@ -120,9 +120,12 @@ const auditLoggerMock = {
   auditLog: jest.fn().mockImplementation(() => Promise.resolve()),
 };
 
-const mockHttpAuth = mockServices.httpAuth();
+const mockHttpAuth = mockServices.httpAuth({
+  pluginId: 'permission',
+  defaultCredentials: mockCredentials.user('user:default/guest'),
+});
 const mockAuth = mockServices.auth();
-const credentials = mockCredentials.user();
+const credentials = mockCredentials.user('user:default/guest');
 
 const conditions: RoleConditionalPolicyDecision<PermissionInfo>[] = [
   {
@@ -184,16 +187,6 @@ describe('REST policies api', () => {
     authorizeConditional: mockedAuthorizeConditional,
   };
 
-  const mockIdentityClient = {
-    getIdentity: jest.fn().mockImplementation(async () => ({
-      identity: {
-        type: 'User',
-        userEntityRef: 'user:default/guest',
-        ownershipEntityRefs: ['guest'],
-      },
-    })),
-  };
-
   const logger = mockServices.logger.mock();
   const mockDiscovery = mockServices.discovery.mock();
 
@@ -272,11 +265,14 @@ describe('REST policies api', () => {
         },
       );
 
+    mockHttpAuth.credentials = jest.fn().mockImplementation(() => credentials);
+
     const options: RouterOptions = {
       config: config,
       logger,
       discovery: mockDiscovery,
-      identity: mockIdentityClient,
+      httpAuth: mockHttpAuth,
+      auth: mockAuth,
       policy: await RBACPermissionPolicy.build(
         logger,
         auditLoggerMock,
@@ -373,14 +369,16 @@ describe('REST policies api', () => {
       });
     });
 
-    it('should return a status of Unauthorized - no user', async () => {
-      mockIdentityClient.getIdentity.mockImplementationOnce(() => undefined);
+    it('should return a status of Unauthorized - non user request', async () => {
+      mockHttpAuth.credentials = jest
+        .fn()
+        .mockImplementationOnce(() => mockCredentials.service());
       const result = await request(app).post('/policies').send();
 
       expect(result.statusCode).toBe(403);
       expect(result.body.error).toEqual({
         name: 'NotAllowedError',
-        message: 'User identity not found',
+        message: `Only creadential principal with type 'user' permitted to modify permissions`,
       });
     });
 
@@ -3095,7 +3093,7 @@ describe('REST policies api', () => {
       const result = await request(app).get('/roles/conditions').send();
       expect(result.statusCode).toBe(200);
       expect(result.body).toEqual(expectedConditions);
-      expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
+      expect(mockHttpAuth.credentials).toHaveBeenCalledTimes(1);
     });
 
     it('should be returned condition decision by pluginId', async () => {
@@ -3204,7 +3202,7 @@ describe('REST policies api', () => {
       const result = await request(app).delete('/roles/conditions/1').send();
 
       expect(result.statusCode).toEqual(204);
-      expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
+      expect(mockHttpAuth.credentials).toHaveBeenCalledTimes(1);
       expect(conditionalStorage.deleteCondition).toHaveBeenCalled();
     });
 
@@ -3274,7 +3272,7 @@ describe('REST policies api', () => {
       const result = await request(app).get('/roles/conditions/1').send();
       expect(result.statusCode).toBe(200);
       expect(result.body).toEqual(expectedConditions[0]);
-      expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(0);
+      expect(mockHttpAuth.credentials).toHaveBeenCalledTimes(1);
     });
 
     it('should return return 404', async () => {
@@ -3369,7 +3367,7 @@ describe('REST policies api', () => {
       expect(result.statusCode).toBe(201);
       expect(validateRoleConditionMock).toHaveBeenCalledWith(roleCondition);
       expect(result.body).toEqual({ id: 1 });
-      expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
+      expect(mockHttpAuth.credentials).toHaveBeenCalledTimes(1);
     });
   });
 
@@ -3466,7 +3464,7 @@ describe('REST policies api', () => {
           params: { claims: ['group:default/team-a'] },
         },
       });
-      expect(mockIdentityClient.getIdentity).toHaveBeenCalledTimes(1);
+      expect(mockHttpAuth.credentials).toHaveBeenCalledTimes(1);
     });
   });
 
@@ -3482,7 +3480,8 @@ describe('REST policies api', () => {
         config: config,
         logger,
         discovery: mockDiscovery,
-        identity: mockIdentityClient,
+        httpAuth: mockHttpAuth,
+        auth: mockAuth,
         policy: await RBACPermissionPolicy.build(
           logger,
           auditLoggerMock,