MAJOR: add support for userlists, users and groups

Author: gorangalinec

configure_data_plane.go

@@ -366,6 +366,26 @@ func configureAPI(api *operations.DataPlaneAPI) http.Handler {
 	api.FrontendGetFrontendsHandler = &handlers.GetFrontendsHandlerImpl{Client: client}
 	api.FrontendReplaceFrontendHandler = &handlers.ReplaceFrontendHandlerImpl{Client: client, ReloadAgent: ra}
 
+	// setup userlist handlers
+	api.UserlistCreateUserlistHandler = &handlers.CreateUserListHandlerImpl{Client: client, ReloadAgent: ra}
+	api.UserlistDeleteUserlistHandler = &handlers.DeleteUserListHandlerImpl{Client: client, ReloadAgent: ra}
+	api.UserlistGetUserlistHandler = &handlers.GetUserListHandlerImpl{Client: client}
+	api.UserlistGetUserlistsHandler = &handlers.GetUserListsHandlerImpl{Client: client}
+
+	// setup user handlers
+	api.UserCreateUserHandler = &handlers.CreateUserHandlerImpl{Client: client, ReloadAgent: ra}
+	api.UserDeleteUserHandler = &handlers.DeleteUserHandlerImpl{Client: client, ReloadAgent: ra}
+	api.UserGetUserHandler = &handlers.GetUserHandlerImpl{Client: client}
+	api.UserGetUsersHandler = &handlers.GetUsersHandlerImpl{Client: client}
+	api.UserReplaceUserHandler = &handlers.ReplaceUserHandlerImpl{Client: client, ReloadAgent: ra}
+
+	// setup group handlers
+	api.GroupCreateGroupHandler = &handlers.CreateGroupHandlerImpl{Client: client, ReloadAgent: ra}
+	api.GroupDeleteGroupHandler = &handlers.DeleteGroupHandlerImpl{Client: client, ReloadAgent: ra}
+	api.GroupGetGroupHandler = &handlers.GetGroupHandlerImpl{Client: client}
+	api.GroupGetGroupsHandler = &handlers.GetGroupsHandlerImpl{Client: client}
+	api.GroupReplaceGroupHandler = &handlers.ReplaceGroupHandlerImpl{Client: client, ReloadAgent: ra}
+
 	// setup server handlers
 	api.ServerCreateServerHandler = &handlers.CreateServerHandlerImpl{Client: client, ReloadAgent: ra}
 	api.ServerDeleteServerHandler = &handlers.DeleteServerHandlerImpl{Client: client, ReloadAgent: ra}

e2e/tests/groups/add.bats

@@ -0,0 +1,39 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/get_json_path'
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "groups: Add a group" {
+  resource_post "$_GROUPS_BASE_PATH" "data/post.json" "userlist=first&=force_reload=true"
+  assert_equal "$SC" 202
+}
+
+@test "groups: Add a group to a non existing user list" {
+  resource_post "$_GROUPS_BASE_PATH" "data/post.json" "userlist=fake&=force_reload=true"
+  assert_equal "$SC" 400
+}
+
+@test "groups: Add a malformed group" {
+  resource_post "$_GROUPS_BASE_PATH" "data/empty.json" "userlist=first&force_reload=true"
+  assert_equal "$SC" 422
+}

e2e/tests/groups/data/empty.json

@@ -0,0 +1 @@
+{}

e2e/tests/groups/data/haproxy.cfg

@@ -0,0 +1,38 @@
+global
+  chroot /var/lib/haproxy
+  user haproxy
+  group haproxy
+  maxconn 4000
+  pidfile /var/run/haproxy.pid
+  stats socket /var/lib/haproxy/stats level admin
+  log 127.0.0.1 local2
+
+userlist first
+	group G1 users tiger,scott
+	group G2 users scott
+	user tiger password $6$k6y3o.eP$JlKBx9za9667qe4xHSwRv6J.C0/D7cV91
+	user scott insecure-password elgato
+
+userlist second
+	group one
+	group two
+	group three
+	user neo password JlKBxxHSwRv6J.C0/D7cV91 groups one
+	user thomas insecure-password white-rabbit groups one,two
+	user anderson insecure-password hello groups two
+
+userlist empty
+
+userlist add_test
+	group G3
+	group G4
+
+userlist replace_test
+	group zion
+	group io
+	user trinity insecure-password the-one groups zion
+
+userlist delete_test
+	group antivirus
+	group virus
+	user smith insecure-password cloning groups virus

e2e/tests/groups/data/post.json

@@ -0,0 +1,5 @@
+{
+    "index": 0,
+    "name": "new",
+    "users": null
+}

e2e/tests/groups/data/replace.json

@@ -0,0 +1,5 @@
+{
+    "index": 0,
+    "name": "enigma",
+    "users": "trinity"
+}

e2e/tests/groups/delete.bats

@@ -0,0 +1,49 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/get_json_path'
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "groups: Delete a group" {
+  resource_delete "$_GROUPS_BASE_PATH/antivirus" "userlist=delete_test"
+  assert_equal "$SC" 202
+}
+
+@test "groups: Delete a group and reload" {
+  resource_delete "$_GROUPS_BASE_PATH/antivirus" "userlist=delete_test&force_reload=true"
+  assert_equal "$SC" 204
+}
+
+@test "groups: Delete a group that is assigned to an existing user" {
+  # resource_delete "$_GROUPS_BASE_PATH/virus" "userlist=delete_test&force_reload=true"
+  # assert_equal "$SC" 400
+}
+
+@test "groups: Delete a non existing group" {
+  resource_delete "$_GROUPS_BASE_PATH/fake" "userlist=delete_test&force_reload=true"
+  assert_equal "$SC" 404
+}
+
+@test "groups: Delete a non existing group in a non existing userlist" {
+  resource_delete "$_GROUPS_BASE_PATH/fake" "userlist=fake&force_reload=true"
+  assert_equal "$SC" 404
+}

e2e/tests/groups/get.bats

@@ -0,0 +1,69 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/get_json_path'
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "groups: Return group G1 from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/G1" "userlist=first"
+	assert_equal "$SC" 200
+	assert_equal "$(get_json_path "$BODY" ".data.name")" "G1"
+    assert_equal "$(get_json_path "$BODY" ".data.users")" "tiger,scott"
+}
+
+@test "groups: Return group G2 from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/G2" "userlist=first"
+	assert_equal "$SC" 200
+	assert_equal "$(get_json_path "$BODY" ".data.name")" "G2"
+    assert_equal "$(get_json_path "$BODY" ".data.users")" "scott"
+}
+
+@test "groups: Return a non existing group from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/fake" "userlist=first"
+	assert_equal "$SC" 404
+}
+
+@test "groups: Return a non existing group from a non existing userlist" {
+	resource_get "$_GROUPS_BASE_PATH/fake" "userlist=fake"
+	assert_equal "$SC" 404
+}
+
+@test "groups: Return group one from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/one" "userlist=second"
+	assert_equal "$SC" 200
+	assert_equal "$(get_json_path "$BODY" ".data.name")" "one"
+    assert_equal "$(get_json_path "$BODY" ".data.users")" null
+}
+
+@test "groups: Return group two from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/two" "userlist=second"
+	assert_equal "$SC" 200
+	assert_equal "$(get_json_path "$BODY" ".data.name")" "two"
+    assert_equal "$(get_json_path "$BODY" ".data.users")" null
+}
+
+@test "groups: Return group three from a userlist" {
+	resource_get "$_GROUPS_BASE_PATH/three" "userlist=second"
+	assert_equal "$SC" 200
+	assert_equal "$(get_json_path "$BODY" ".data.name")" "three"
+    assert_equal "$(get_json_path "$BODY" ".data.users")" null
+}

e2e/tests/groups/list.bats

@@ -0,0 +1,62 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/get_json_path'
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "groups: Return an array of groups from userlist first" {
+  resource_get "$_GROUPS_BASE_PATH" "userlist=first"
+	assert_equal "$SC" 200
+    assert_equal "$(get_json_path "${BODY}" ".data | length")" 2
+
+    assert_equal "$(get_json_path "${BODY}" ".data[0].name" )" "G1"
+    assert_equal "$(get_json_path "${BODY}" ".data[0].users" )" "tiger,scott"
+
+    assert_equal "$(get_json_path "${BODY}" ".data[1].name" )" "G2"
+    assert_equal "$(get_json_path "${BODY}" ".data[1].users" )" "scott"
+}
+
+@test "groups: Return an array of groups from userlist second" {
+  resource_get "$_GROUPS_BASE_PATH" "userlist=second"
+	assert_equal "$SC" 200
+    assert_equal "$(get_json_path "${BODY}" ".data | length")" 3
+
+    assert_equal "$(get_json_path "${BODY}" ".data[0].name" )" "one"
+    assert_equal "$(get_json_path "${BODY}" ".data[0].users" )" null
+
+    assert_equal "$(get_json_path "${BODY}" ".data[1].name" )" "two"
+    assert_equal "$(get_json_path "${BODY}" ".data[1].users" )" null
+
+    assert_equal "$(get_json_path "${BODY}" ".data[2].name" )" "three"
+    assert_equal "$(get_json_path "${BODY}" ".data[2].users" )" null
+}
+
+@test "groups: Return an array of groups from userlist empty" {
+  resource_get "$_GROUPS_BASE_PATH" "userlist=empty"
+	assert_equal "$SC" 200
+    assert_equal "$(get_json_path "${BODY}" ".data | length")" 0
+}
+
+@test "groups: Return an array of groups from non existing userlist" {
+  resource_get "$_GROUPS_BASE_PATH" "userlist=fake"
+	assert_equal "$SC" 404
+}

e2e/tests/groups/replace.bats

@@ -0,0 +1,45 @@
+#!/usr/bin/env bats
+#
+# Copyright 2021 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/get_json_path'
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "groups: Replace a group" {
+    resource_put "$_GROUPS_BASE_PATH/zion" "data/replace.json" "userlist=replace_test&force_reload=true"
+    assert_equal "$SC" 200
+}
+
+@test "groups: Replace a group with malformed data" {
+    resource_put "$_GROUPS_BASE_PATH/io" "data/empty.json" "userlist=replace_test&force_reload=true"
+    assert_equal "$SC" 422
+}
+
+@test "groups: Replace a non existing group" {
+    resource_put "$_GROUPS_BASE_PATH/fake" "data/replace.json" "userlist=replace_test&force_reload=true"
+    assert_equal "$SC" 404
+}
+
+@test "groups: Replace a non existing group in a non existing user list" {
+    resource_put "$_GROUPS_BASE_PATH/1000" "data/replace.json" "userlist=fake&force_reload=true"
+    assert_equal "$SC" 404
+}
+