Skip to content

Commit 1fe93fe

Browse files
charlieparkcharliepark
committed
Simplify tests
1 parent b148207 commit 1fe93fe

File tree

2 files changed

+26
-65
lines changed

2 files changed

+26
-65
lines changed

nexus/tests/integration_tests/instances.rs

Lines changed: 10 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -7624,25 +7624,18 @@ async fn test_instance_create_with_cross_project_subnet(
76247624
};
76257625

76267626
let instances_url_a = format!("/v1/instances?project={}", project_a_name);
7627-
let error: HttpErrorResponseBody = NexusRequest::new(
7627+
7628+
// Should get 404 Not Found because the limited user can't see project B's
7629+
// VPC/subnet
7630+
NexusRequest::new(
76287631
RequestBuilder::new(client, Method::POST, &instances_url_a)
76297632
.body(Some(&instance_params))
76307633
.expect_status(Some(StatusCode::NOT_FOUND)),
76317634
)
76327635
.authn_as(AuthnMode::SiloUser(limited_user.id))
76337636
.execute()
76347637
.await
7635-
.expect("request should complete")
7636-
.parsed_body()
7637-
.unwrap();
7638-
7639-
// Should get 404 Not Found because the limited user can't see project B's
7640-
// VPC/subnet
7641-
assert!(
7642-
error.message.contains("not found") || error.message.contains("vpc"),
7643-
"Expected 'not found' error, got: {}",
7644-
error.message
7645-
);
7638+
.expect("request should fail with 404");
76467639
}
76477640

76487641
/// Test that silo-level limited-collaborators (who have access to all projects
@@ -7824,26 +7817,18 @@ async fn test_silo_limited_collaborator_cross_project_subnet(
78247817
anti_affinity_groups: Vec::new(),
78257818
};
78267819

7827-
let error: HttpErrorResponseBody = NexusRequest::new(
7820+
// Should get 404 Not Found because VPC/subnet lookups are scoped to the
7821+
// project context (project A), and project B's VPC/subnet aren't visible
7822+
// in that context
7823+
NexusRequest::new(
78287824
RequestBuilder::new(client, Method::POST, &instances_url_a)
78297825
.body(Some(&instance_cross_project))
78307826
.expect_status(Some(StatusCode::NOT_FOUND)),
78317827
)
78327828
.authn_as(AuthnMode::SiloUser(limited_user.id))
78337829
.execute()
78347830
.await
7835-
.expect("request should complete")
7836-
.parsed_body()
7837-
.unwrap();
7838-
7839-
// Should get 404 Not Found because VPC/subnet lookups are scoped to the
7840-
// project context (project A), and project B's VPC/subnet aren't visible
7841-
// in that context
7842-
assert!(
7843-
error.message.contains("not found") || error.message.contains("vpc"),
7844-
"Expected 'not found' error, got: {}",
7845-
error.message
7846-
);
7831+
.expect("request should fail with 404");
78477832
}
78487833

78497834
/// Test that appropriate OPTE V2P mappings are created and deleted.

nexus/tests/integration_tests/vpcs.rs

Lines changed: 16 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -369,7 +369,7 @@ async fn test_vpc_limited_collaborator_role(
369369

370370
// Test 4: User with silo.limited-collaborator role CANNOT create a VPC
371371
// (inherits project.limited-collaborator, which cannot modify networking)
372-
let error: HttpErrorResponseBody = NexusRequest::new(
372+
NexusRequest::new(
373373
RequestBuilder::new(client, Method::POST, &vpcs_url)
374374
.body(Some(&params::VpcCreate {
375375
identity: IdentityMetadataCreateParams {
@@ -384,10 +384,7 @@ async fn test_vpc_limited_collaborator_role(
384384
.authn_as(AuthnMode::SiloUser(limited_user.id))
385385
.execute()
386386
.await
387-
.expect("request should complete")
388-
.parsed_body()
389-
.unwrap();
390-
assert_eq!(error.message, "Forbidden");
387+
.expect("silo limited-collaborator should not be able to create VPC");
391388
}
392389

393390
#[nexus_test]
@@ -528,7 +525,7 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
528525

529526
// Test 0: Cannot create VPC
530527
let vpcs_url = format!("/v1/vpcs?project={}", project_name);
531-
let error: HttpErrorResponseBody = NexusRequest::new(
528+
NexusRequest::new(
532529
RequestBuilder::new(client, Method::POST, &vpcs_url)
533530
.body(Some(&params::VpcCreate {
534531
identity: IdentityMetadataCreateParams {
@@ -543,15 +540,12 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
543540
.authn_as(AuthnMode::SiloUser(limited_user.id))
544541
.execute()
545542
.await
546-
.expect("request should complete")
547-
.parsed_body()
548-
.unwrap();
549-
assert_eq!(error.message, "Forbidden");
543+
.expect("limited collaborator should not be able to create VPC");
550544

551545
// Test 1: Cannot create VPC subnet
552546
let subnets_url =
553547
format!("/v1/vpc-subnets?project={}&vpc=default", project_name);
554-
let error: HttpErrorResponseBody = NexusRequest::new(
548+
NexusRequest::new(
555549
RequestBuilder::new(client, Method::POST, &subnets_url)
556550
.body(Some(&params::VpcSubnetCreate {
557551
identity: IdentityMetadataCreateParams {
@@ -567,15 +561,12 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
567561
.authn_as(AuthnMode::SiloUser(limited_user.id))
568562
.execute()
569563
.await
570-
.expect("request should complete")
571-
.parsed_body()
572-
.unwrap();
573-
assert_eq!(error.message, "Forbidden");
564+
.expect("limited collaborator should not be able to create VPC subnet");
574565

575566
// Test 2: Cannot create VPC router
576567
let routers_url =
577568
format!("/v1/vpc-routers?project={}&vpc=default", project_name);
578-
let error: HttpErrorResponseBody = NexusRequest::new(
569+
NexusRequest::new(
579570
RequestBuilder::new(client, Method::POST, &routers_url)
580571
.body(Some(&params::VpcRouterCreate {
581572
identity: IdentityMetadataCreateParams {
@@ -588,15 +579,12 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
588579
.authn_as(AuthnMode::SiloUser(limited_user.id))
589580
.execute()
590581
.await
591-
.expect("request should complete")
592-
.parsed_body()
593-
.unwrap();
594-
assert_eq!(error.message, "Forbidden");
582+
.expect("limited collaborator should not be able to create VPC router");
595583

596584
// Test 3: Cannot create internet gateway
597585
let igw_url =
598586
format!("/v1/internet-gateways?project={}&vpc=default", project_name);
599-
let error: HttpErrorResponseBody = NexusRequest::new(
587+
NexusRequest::new(
600588
RequestBuilder::new(client, Method::POST, &igw_url)
601589
.body(Some(&params::InternetGatewayCreate {
602590
identity: IdentityMetadataCreateParams {
@@ -609,10 +597,7 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
609597
.authn_as(AuthnMode::SiloUser(limited_user.id))
610598
.execute()
611599
.await
612-
.expect("request should complete")
613-
.parsed_body()
614-
.unwrap();
615-
assert_eq!(error.message, "Forbidden");
600+
.expect("limited collaborator should not be able to create internet gateway");
616601

617602
// Setup for remaining tests: Create IGW and router as privileged user
618603
let igw_name = "test-gateway";
@@ -656,7 +641,7 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
656641
"/v1/vpc-router-routes?project={}&vpc=default&router={}",
657642
project_name, router_name
658643
);
659-
let error: HttpErrorResponseBody = NexusRequest::new(
644+
NexusRequest::new(
660645
RequestBuilder::new(client, Method::POST, &routes_url)
661646
.body(Some(&params::RouterRouteCreate {
662647
identity: IdentityMetadataCreateParams {
@@ -671,17 +656,14 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
671656
.authn_as(AuthnMode::SiloUser(limited_user.id))
672657
.execute()
673658
.await
674-
.expect("request should complete")
675-
.parsed_body()
676-
.unwrap();
677-
assert_eq!(error.message, "Forbidden");
659+
.expect("limited collaborator should not be able to create router route");
678660

679661
// Test 5: Cannot attach IP pool to internet gateway
680662
let pool_attach_url = format!(
681663
"/v1/internet-gateway-ip-pools?project={}&vpc=default&gateway={}",
682664
project_name, igw_name
683665
);
684-
let error: HttpErrorResponseBody = NexusRequest::new(
666+
NexusRequest::new(
685667
RequestBuilder::new(client, Method::POST, &pool_attach_url)
686668
.body(Some(&params::InternetGatewayIpPoolCreate {
687669
identity: IdentityMetadataCreateParams {
@@ -695,10 +677,7 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
695677
.authn_as(AuthnMode::SiloUser(limited_user.id))
696678
.execute()
697679
.await
698-
.expect("request should complete")
699-
.parsed_body()
700-
.unwrap();
701-
assert_eq!(error.message, "Forbidden");
680+
.expect("limited collaborator should not be able to attach IP pool to internet gateway");
702681

703682
// Test 6: Cannot modify VPC firewall rules
704683
let firewall_url =
@@ -721,18 +700,15 @@ async fn test_limited_collaborator_blocked_from_networking_resources(
721700
priority: VpcFirewallRulePriority(100),
722701
}],
723702
};
724-
let error: HttpErrorResponseBody = NexusRequest::new(
703+
NexusRequest::new(
725704
RequestBuilder::new(client, Method::PUT, &firewall_url)
726705
.body(Some(&new_rules))
727706
.expect_status(Some(StatusCode::FORBIDDEN)),
728707
)
729708
.authn_as(AuthnMode::SiloUser(limited_user.id))
730709
.execute()
731710
.await
732-
.expect("request should complete")
733-
.parsed_body()
734-
.unwrap();
735-
assert_eq!(error.message, "Forbidden");
711+
.expect("limited collaborator should not be able to modify VPC firewall rules");
736712
}
737713

738714
#[nexus_test]

0 commit comments

Comments
 (0)