dcs: Improve test coverage

TheThingsNetwork · Jun 13, 2023 · 6b07c17 · 6b07c17
1 parent 65e763e
commit 6b07c17
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 39 deletions.
diff --git a/pkg/deviceclaimingserver/grpc_end_devices.go b/pkg/deviceclaimingserver/grpc_end_devices.go
@@ -156,35 +156,18 @@ func (edcs *endDeviceClaimingServer) GetClaimStatus(
 	ctx context.Context,
 	in *ttnpb.EndDeviceIdentifiers,
 ) (*ttnpb.GetClaimStatusResponse, error) {
+	if in.DevEui == nil || in.JoinEui == nil {
+		return nil, errNoEUI.New()
+	}
 	if err := rights.RequireApplication(ctx, in.GetApplicationIds(),
-		ttnpb.Right_RIGHT_APPLICATION_DEVICES_WRITE,
+		ttnpb.Right_RIGHT_APPLICATION_DEVICES_READ,
 	); err != nil {
 		return nil, err
 	}
-	if err := in.ValidateContext(ctx); err != nil {
-		return nil, err
-	}
-
-	// Get the device from the Entity Registry.
-	conn, err := edcs.DCS.GetPeerConn(ctx, ttnpb.ClusterRole_ENTITY_REGISTRY, nil)
-	if err != nil {
-		return nil, err
-	}
-	reg := ttnpb.NewEndDeviceRegistryClient(conn)
-
-	dev, err := reg.Get(ctx, &ttnpb.GetEndDeviceRequest{
-		EndDeviceIds: in,
-	})
-	if err != nil {
-		return nil, err
-	}
-	if dev.GetIds().DevEui == nil || dev.GetIds().JoinEui == nil {
-		return nil, errNoEUI.New()
-	}
-	joinEUI := types.MustEUI64(dev.GetIds().JoinEui).OrZero()
+	joinEUI := types.MustEUI64(in.JoinEui).OrZero()
 	claimer := edcs.DCS.endDeviceClaimingUpstream.JoinEUIClaimer(ctx, joinEUI)
 	if claimer == nil {
 		return nil, errClaimingNotSupported.WithAttributes("eui", joinEUI)
 	}
-	return claimer.GetClaimStatus(ctx, dev.GetIds())
+	return claimer.GetClaimStatus(ctx, in)
 }
diff --git a/pkg/deviceclaimingserver/grpc_end_devices_test.go b/pkg/deviceclaimingserver/grpc_end_devices_test.go
@@ -37,19 +37,9 @@ import (
 	"google.golang.org/grpc"
 )
 
-var timeout = (1 << 5) * test.Delay
-
-func mustHavePeer(ctx context.Context, c *component.Component, role ttnpb.ClusterRole) {
-	for i := 0; i < 20; i++ {
-		time.Sleep(20 * time.Millisecond)
-		if _, err := c.GetPeer(ctx, role, nil); err == nil {
-			return
-		}
-	}
-	panic("could not connect to peer")
-}
-
 var (
+	timeout = (1 << 5) * test.Delay
+
 	registeredApplicationIDs = &ttnpb.ApplicationIdentifiers{
 		ApplicationId: "test-application",
 	}
@@ -60,6 +50,16 @@ var (
 	registeredDevEUI         = types.EUI64{0x00, 0x04, 0xA3, 0x0B, 0x00, 0x1C, 0x05, 0x30}
 )
 
+func mustHavePeer(ctx context.Context, c *component.Component, role ttnpb.ClusterRole) {
+	for i := 0; i < 20; i++ {
+		time.Sleep(20 * time.Millisecond)
+		if _, err := c.GetPeer(ctx, role, nil); err == nil {
+			return
+		}
+	}
+	panic("could not connect to peer")
+}
+
 func TestEndDeviceClaimingServer(t *testing.T) {
 	t.Parallel()
 	a := assertions.New(t)
@@ -95,9 +95,7 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 	test.Must(dcs, err)
 
 	componenttest.StartComponent(t, c)
-	t.Cleanup(func() {
-		c.Close()
-	})
+	t.Cleanup(c.Close)
 
 	// Wait for server to be ready.
 	time.Sleep(timeout)
@@ -110,12 +108,18 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 		AuthValue: registeredApplicationKey,
 	})
 
+	unAuthorizedCallOpt := grpc.PerRPCCredentials(rpcmetadata.MD{
+		AuthType:  "Bearer",
+		AuthValue: "invalid-key",
+	})
+
 	// Register entities.
 	is.ApplicationRegistry().Add(
 		ctx,
 		registeredApplicationIDs,
 		registeredApplicationKey,
 		ttnpb.Right_RIGHT_APPLICATION_DEVICES_WRITE,
+		ttnpb.Right_RIGHT_APPLICATION_DEVICES_READ,
 	)
 	is.EndDeviceRegistry().Add(
 		ctx,
@@ -150,11 +154,13 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 	for _, tc := range []struct {
 		Name           string
 		Req            *ttnpb.ClaimEndDeviceRequest
+		CallOpts       grpc.CallOption
 		ErrorAssertion func(err error) bool
 	}{
 		{
 			Name:           "EmptyRequest",
 			Req:            &ttnpb.ClaimEndDeviceRequest{},
+			CallOpts:       authorizedCallOpt,
 			ErrorAssertion: errors.IsInvalidArgument,
 		},
 		{
@@ -165,6 +171,7 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 				},
 				TargetApplicationIds: nil,
 			},
+			CallOpts:       authorizedCallOpt,
 			ErrorAssertion: errors.IsInvalidArgument,
 		},
 		{
@@ -175,6 +182,7 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 					ApplicationId: "target-app",
 				},
 			},
+			CallOpts:       authorizedCallOpt,
 			ErrorAssertion: errors.IsInvalidArgument,
 		},
 		{
@@ -187,8 +195,27 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 					ApplicationId: "target-app",
 				},
 			},
+			CallOpts:       authorizedCallOpt,
 			ErrorAssertion: errors.IsInvalidArgument,
 		},
+		{
+			Name: "PermissionDenied",
+			Req: &ttnpb.ClaimEndDeviceRequest{
+				SourceDevice: &ttnpb.ClaimEndDeviceRequest_AuthenticatedIdentifiers_{
+					AuthenticatedIdentifiers: &ttnpb.ClaimEndDeviceRequest_AuthenticatedIdentifiers{
+						JoinEui:            registeredJoinEUI.Bytes(),
+						DevEui:             registeredDevEUI.Bytes(),
+						AuthenticationCode: "TEST1234",
+					},
+				},
+				TargetApplicationIds: registeredApplicationIDs,
+				TargetDeviceId:       "target-device",
+			},
+			CallOpts: unAuthorizedCallOpt,
+			ErrorAssertion: func(err error) bool {
+				return errors.IsPermissionDenied(err)
+			},
+		},
 		{
 			Name: "ValidDevice",
 			Req: &ttnpb.ClaimEndDeviceRequest{
@@ -202,12 +229,13 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 				TargetApplicationIds: registeredApplicationIDs,
 				TargetDeviceId:       "target-device",
 			},
+			CallOpts: authorizedCallOpt,
 		},
 	} {
 		tc := tc
 		t.Run(tc.Name, func(t *testing.T) {
 			t.Parallel()
-			_, err := edcsClient.Claim(ctx, tc.Req, authorizedCallOpt)
+			_, err := edcsClient.Claim(ctx, tc.Req, tc.CallOpts)
 			if err != nil {
 				if tc.ErrorAssertion == nil || !a.So(tc.ErrorAssertion(err), should.BeTrue) {
 					t.Fatalf("Unexpected error: %v", err)
@@ -223,10 +251,42 @@ func TestEndDeviceClaimingServer(t *testing.T) {
 		ApplicationIds: registeredApplicationIDs,
 		DeviceId:       registeredEndDeviceID,
 	}, authorizedCallOpt)
+	a.So(errors.IsInvalidArgument(err), should.BeTrue)
+	a.So(status, should.BeNil)
+
+	status, err = edcsClient.GetClaimStatus(ctx, &ttnpb.EndDeviceIdentifiers{
+		ApplicationIds: registeredApplicationIDs,
+		DeviceId:       registeredEndDeviceID,
+		JoinEui:        registeredJoinEUI.Bytes(),
+		DevEui:         registeredDevEUI.Bytes(),
+	}, unAuthorizedCallOpt)
+	a.So(errors.IsPermissionDenied(err), should.BeTrue)
+	a.So(status, should.BeNil)
+
+	status, err = edcsClient.GetClaimStatus(ctx, &ttnpb.EndDeviceIdentifiers{
+		ApplicationIds: registeredApplicationIDs,
+		DeviceId:       registeredEndDeviceID,
+		JoinEui:        registeredJoinEUI.Bytes(),
+		DevEui:         registeredDevEUI.Bytes(),
+	}, authorizedCallOpt)
 	a.So(err, should.BeNil)
 	a.So(status, should.NotBeNil)
 
 	// Unclaim.
+	_, err = edcsClient.Unclaim(ctx, &ttnpb.EndDeviceIdentifiers{
+		ApplicationIds: registeredApplicationIDs,
+		DeviceId:       registeredEndDeviceID,
+	}, authorizedCallOpt)
+	a.So(errors.IsInvalidArgument(err), should.BeTrue)
+
+	_, err = edcsClient.Unclaim(ctx, &ttnpb.EndDeviceIdentifiers{
+		ApplicationIds: registeredApplicationIDs,
+		DeviceId:       registeredEndDeviceID,
+		JoinEui:        registeredJoinEUI.Bytes(),
+		DevEui:         registeredDevEUI.Bytes(),
+	}, unAuthorizedCallOpt)
+	a.So(errors.IsPermissionDenied(err), should.BeTrue)
+
 	_, err = edcsClient.Unclaim(ctx, &ttnpb.EndDeviceIdentifiers{
 		ApplicationIds: registeredApplicationIDs,
 		DeviceId:       registeredEndDeviceID,