-
Sub-task
-
Resolution: Done
-
Normal
-
None
-
Quality / Stability / Reliability
-
2
-
False
-
-
False
-
None
-
Unset
-
-
-
A&M Tech Debt Sprint Q1 2025, Access & Management Sprint 106, Access & Management Sprint 107, Access & Management Sprint 108, Access & Management Sprint 109, Access & Management Sprint 110, Access & Management Sprint 111, A&M Tech Debt Sprint Q2 2025, Access & Management Sprint 112
File
rbac/management/principal/view.py
Tests
For these tests, make sure to set the following environment variables:
- IT_BYPASS_IT_CALLS = true
- IT_BYPASS_TOKEN_VALIDATION = true
- IT_BYPASS_PERMISSIONS_MODIFY_SERVICE_ACCOUNTS = true
No service accounts in the database
Description
When there are no service accounts in the database, the principals view should return an empty array.
Request
GET /principals/?type=service-accounts
Expected response
{
"meta": {
"count": 0
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": []
}
Service accounts are returned
Description
Whenever there are service accounts related to the tenant, they are returned.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts
Expected output
Probably enough checking the following:
- count is 2.
- type is service-account for the service accounts.
- clientID matches the one you set when you created the service accounts.
{
"meta": {
"count": 2
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"clientID": "8af69804-83b4-11ee-959d-5fbf2a8f8f06",
"name": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-name",
"description": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-description",
"owner": "bar",
"time_created": 1700053304,
"type": "service-account",
"username": "bar"
},
{
"clientID": "3554b4d0-83b4-11ee-bffd-8fea9832a03f",
"name": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-name",
"description": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-description",
"owner": "foo",
"time_created": 1700053304,
"type": "service-account",
"username": "foo"
}
]
}
Service accounts are ordered in ascending order
Description
When the sort_order query parameter with the asc value is specified, the returning results should be ordered by their username in ascending order.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts&sort_order=asc
Expected output
- count is 2.
- type is service-account for the service accounts.
- clientID matches the one you set when you created the service accounts.
- The first account of the returned collection is "bar", and the second one "foo".
{
"meta": {
"count": 2
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"clientID": "8af69804-83b4-11ee-959d-5fbf2a8f8f06",
"name": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-name",
"description": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-description",
"owner": "bar",
"time_created": 1700053657,
"type": "service-account",
"username": "bar"
},
{
"clientID": "3554b4d0-83b4-11ee-bffd-8fea9832a03f",
"name": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-name",
"description": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-description",
"owner": "foo",
"time_created": 1700053657,
"type": "service-account",
"username": "foo"
}
]
}
Service accounts are ordered in descending order
Description
When the sort_order query parameter with the desc value is specified, the returning results should be ordered by their username in descending order.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts&sort_order=asc
Expected output
- count is 2.
- type is service-account for the service accounts.
- clientID matches the one you set when you created the service accounts.
- The first account of the returned collection is "foo", and the second one "bar".
{
"meta": {
"count": 2
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"clientID": "3554b4d0-83b4-11ee-bffd-8fea9832a03f",
"name": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-name",
"description": "3554b4d0-83b4-11ee-bffd-8fea9832a03f-description",
"owner": "foo",
"time_created": 1700053833,
"type": "service-account",
"username": "foo"
},
{
"clientID": "8af69804-83b4-11ee-959d-5fbf2a8f8f06",
"name": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-name",
"description": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-description",
"owner": "bar",
"time_created": 1700053833,
"type": "service-account",
"username": "bar"
}
]
}
Only service accounts' usernames are returned
Description
When the username_only query parameter with the true value is specified, the returning results should only contain the service accounts' usernames.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts&usernames_only=true
Expected output
- count is 2.
- Only the "username" field is returned for the service accounts.
- The "username" field contains "bar" for the first service account, and "bar" for the second one.
{
"meta": {
"count": 2
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"username": "bar"
},
{
"username": "foo"
}
]
}
Service accounts are filtered by the given username
Description
When the usernames query parameter with a username or multiple usernames are specified, the collection is filtered by the given usernames.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts&usernames=foo
Expected output
- count is 1.
- type is service-account for the service account.
- clientID matches the one you set when you created the service account.
- The returned service account has username "foo".
{
"meta": {
"count": 1
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"username": "foo"
}
]
}
Service accounts are filtered by the given partial username
Description
When the usernames query parameter with a username is specified, along with the match_criteria query parameter set to partial, then the given username text is used as a "starts with" filter.
Preconditions
- A "foo" service account exists in the principals table.
- A "bar" service account exists in the principals table.
Request
GET /principals/?type=service-accounts&usernames=b&match_criteria=partial
Expected output
- count is 1.
- type is service-account for the service account.
- clientID matches the one you set when you created the service account.
- The returned service account has username "bar".
{
"meta": {
"count": 1
},
"links": {
"first": "/api/rbac/v1/principals/?limit=10&offset=0",
"next": "/api/rbac/v1/principals/?limit=10&offset=10",
"previous": "/api/rbac/v1/principals/?limit=10&offset=0",
"last": null
},
"data": [
{
"clientID": "8af69804-83b4-11ee-959d-5fbf2a8f8f06",
"name": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-name",
"description": "8af69804-83b4-11ee-959d-5fbf2a8f8f06-description",
"owner": "bar",
"time_created": 1700064074,
"type": "service-account",
"username": "bar"
}
]
}