minio · dvaldivia · Jan 15, 2022 · Dec 8, 2021 · Jan 12, 2022 · Jan 12, 2022
diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml
@@ -0,0 +1,47 @@
+name: "Front-End Permission Tests"
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  permissions:
+    name: Front-End Permission Tests
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.17.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server && sleep 180) & (cd portal-ui && yarn && yarn start && sleep 180) & (make initialize-permissions && sleep 180)
+
+      - name: Run TestCafe Tests
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions/ --skip-js-errors'
+
+      - name: Clean up users & policies
+        run: |
+          make cleanup-permissions
diff --git a/Makefile b/Makefile
@@ -68,6 +68,19 @@ test-integration:
 	@(GO111MODULE=on go test -race -v github.com/minio/console/integration/...)
 	@(docker stop minio)
 
+test-permissions:
+	@(docker run -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh)
+	@(docker stop minio)
+
+initialize-permissions:
+	@(docker run -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/initialize-env.sh)
+
+cleanup-permissions:
+	@(env bash $(PWD)/portal-ui/tests/scripts/cleanup-env.sh)
+	@(docker stop minio)
+
 test:
 	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
 

diff --git a/portal-ui/package.json b/portal-ui/package.json
@@ -58,6 +58,7 @@
     "redux-thunk": "^2.3.0",
     "styled-components": "^5.3.1",
     "superagent": "^6.1.0",
+    "testcafe": "^1.17.1",
     "typeface-roboto": "^0.0.75",
     "use-debounce": "^5.0.1",
     "websocket": "^1.0.31"

diff --git a/portal-ui/tests/constants/timestamp.txt b/portal-ui/tests/constants/timestamp.txt
@@ -0,0 +1 @@
+1642030641
diff --git a/portal-ui/tests/permissions/admin.ts b/portal-ui/tests/permissions/admin.ts
@@ -0,0 +1,62 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+
+fixture("For user with Admin permissions")
+  .page("http://localhost:5005")
+  .beforeEach(async (t) => {
+    await t.useRole(roles.admin);
+  });
+
+test("All sidebar items exist", async (t) => {
+  const dashboardExists = elements.dashboardElement.exists;
+  const bucketsExist = elements.bucketsElement.exists;
+  const usersExist = elements.usersElement.exists;
+  const groupsExist = elements.groupsElement.exists;
+  const serviceAcctsExist = elements.serviceAcctsElement.exists;
+  const iamPoliciesExist = elements.iamPoliciesElement.exists;
+  const settingsExist = elements.settingsElement.exists;
+  const notificationEndpointsExist =
+    elements.notificationEndpointsElement.exists;
+  const tiersExist = elements.tiersElement.exists;
+  const toolsExist = elements.toolsElement.exists;
+  const licenseExists = elements.licenseElement.exists;
+  await t
+    .expect(dashboardExists)
+    .ok()
+    .expect(bucketsExist)
+    .ok()
+    .expect(usersExist)
+    .ok()
+    .expect(groupsExist)
+    .ok()
+    .expect(serviceAcctsExist)
+    .ok()
+    .expect(iamPoliciesExist)
+    .ok()
+    .expect(settingsExist)
+    .ok()
+    .expect(notificationEndpointsExist)
+    .ok()
+    .expect(tiersExist)
+    .ok()
+    .expect(toolsExist)
+    .ok()
+    .expect(licenseExists)
+    .ok();
+});
diff --git a/portal-ui/tests/permissions/bucketAssignPolicy.ts b/portal-ui/tests/permissions/bucketAssignPolicy.ts
@@ -0,0 +1,86 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+import * as functions from "../utils/functions";
+
+fixture("For user with Bucket Assign Policy permissions")
+  .page("http://localhost:5005")
+  .beforeEach(async (t) => {
+    await t.useRole(roles.bucketAssignPolicy);
+  });
+
+// Bucket assign policy permissions
+test("Buckets sidebar item exists", async (t) => {
+  const bucketsExist = elements.bucketsElement.exists;
+  await t.expect(bucketsExist).ok();
+});
+
+test.before(async (t) => {
+  // Create a bucket
+  await functions.setUpBucket(t);
+})("A readonly policy can be assigned to a bucket", async (t) => {
+  await t
+  // We need to log back in after we use the admin account to create bucket,
+  // using the specific role we use in this module
+    .useRole(roles.bucketAssignPolicy)
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.manageButton)
+    .click(elements.bucketAccessRulesTab)
+    .click(elements.addAccessRuleButton)
+    .typeText(elements.bucketsPrefixInput, "readonlytest")
+    .click(elements.bucketsAccessInput)
+    .click(elements.bucketsAccessReadOnlyInput)
+    .click(elements.saveButton);
+});
+
+test("A writeonly policy can be assigned to a bucket", async (t) => {
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.manageButton)
+    .click(elements.bucketAccessRulesTab)
+    .click(elements.addAccessRuleButton)
+    .typeText(elements.bucketsPrefixInput, "writeonlytest")
+    .click(elements.bucketsAccessInput)
+    .click(elements.bucketsAccessWriteOnlyInput)
+    .click(elements.saveButton);
+});
+
+test("A readwrite policy can be assigned to a bucket", async (t) => {
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.manageButton)
+    .click(elements.bucketAccessRulesTab)
+    .click(elements.addAccessRuleButton)
+    .typeText(elements.bucketsPrefixInput, "readwritetest")
+    .click(elements.bucketsAccessInput)
+    .click(elements.bucketsAccessReadWriteInput)
+    .click(elements.saveButton);
+});
+
+test("Previously assigned policy to a bucket can be deleted", async (t) => {
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.manageButton)
+    .click(elements.bucketAccessRulesTab)
+    .click(elements.deleteIconButtonAlt)
+    .click(elements.deleteButton)
+    .click(elements.logoutItem);
+}).after(async (t) => {
+  // Cleanup created bucket
+  await functions.cleanUpBucket(t);
+});
diff --git a/portal-ui/tests/permissions/bucketRead.ts b/portal-ui/tests/permissions/bucketRead.ts
@@ -0,0 +1,66 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+import * as functions from "../utils/functions";
+
+fixture("For user with Bucket Read permissions")
+  .page("http://localhost:5005")
+  .beforeEach(async (t) => {
+    await t.useRole(roles.bucketRead);
+  });
+
+test("Buckets sidebar item exists", async (t) => {
+  const bucketsExist = elements.bucketsElement.exists;
+  await t.expect(bucketsExist).ok();
+});
+
+test.before(async (t) => {
+  // Create a bucket
+  await functions.setUpBucket(t);
+})("Browse button exists", async (t) => {
+  const browseExists = elements.browseButton.exists;
+  // We need to log back in after we use the admin account to create bucket,
+  // using the specific role we use in this module
+  await t.useRole(roles.bucketRead).expect(browseExists).ok();
+});
+
+test("Bucket access is set to R", async (t) => {
+  await t.expect(elements.bucketAccessText.innerText).eql("Access: R");
+});
+
+test
+  .before(async (t) => {
+    await t
+      .useRole(roles.admin)
+      .navigateTo("http://localhost:5005/buckets")
+      .click(elements.browseButton)
+      // Upload object to bucket
+      .setFilesToUpload(elements.uploadInput, "../uploads/test.txt")
+      .click(elements.logoutItem);
+  })("Object list table is enabled", async (t) => {
+    const bucketsTableExists = elements.table.exists;
+    await t
+      .useRole(roles.bucketRead)
+      .click(elements.browseButton)
+      .expect(bucketsTableExists)
+      .ok();
+  })
+  .after(async (t) => {
+    // Cleanup created bucket and corresponding uploads
+    await functions.cleanUpBucketAndUploads(t);
+  });
diff --git a/portal-ui/tests/permissions/bucketWrite.ts b/portal-ui/tests/permissions/bucketWrite.ts
@@ -0,0 +1,80 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+import * as functions from "../utils/functions";
+
+fixture("For user with Bucket Write permissions")
+  .page("http://localhost:5005")
+  .beforeEach(async (t) => {
+    await t.useRole(roles.bucketWrite);
+  });
+
+test("Buckets sidebar item exists", async (t) => {
+  const bucketsExist = elements.bucketsElement.with({ boundTestRun: t }).exists;
+  await t.expect(bucketsExist).ok();
+});
+
+test.before(async (t) => {
+  // Create a bucket
+  await functions.setUpBucket(t);
+})("Browse button exists", async (t) => {
+  const browseExists = elements.browseButton.exists;
+  await t
+    // We need to log back in after we use the admin account to create bucket,
+    // using the specific role we use in this module
+    .useRole(roles.bucketWrite)
+    .navigateTo("http://localhost:5005/buckets")
+    .expect(browseExists)
+    .ok();
+});
+
+test("Bucket access is set to W", async (t) => {
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .expect(elements.bucketAccessText.innerText)
+    .eql("Access: W");
+});
+
+test("Upload button exists", async (t) => {
+  const uploadExists = elements.uploadButton.exists;
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.browseButton)
+    .expect(uploadExists)
+    .ok();
+});
+
+test("Object can be uploaded to a bucket", async (t) => {
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.browseButton)
+    // Upload object to bucket
+    .setFilesToUpload(elements.uploadInput, "../uploads/test.txt");
+});
+
+test("Object list table is disabled", async (t) => {
+  const disabledBucketsTableExists = elements.bucketsTableDisabled.exists;
+  await t
+    .navigateTo("http://localhost:5005/buckets")
+    .click(elements.browseButton)
+    .expect(disabledBucketsTableExists)
+    .ok();
+}).after(async (t) => {
+  // Cleanup created bucket and corresponding uploads
+  await functions.cleanUpBucketAndUploads(t);
+});