//go:build integration package admin_test import ( "testing" "github.com/ultisuite/ulti-backend/internal/integrationtest" ) func TestAdminOrgSettings(t *testing.T) { h := integrationtest.RequireHarness(t) adminClient, _ := integrationtest.RequireAdminClient(t, h) getResp, err := adminClient.Get("/api/v1/admin/org/settings") integrationtest.FailIf(err, t, "get org settings") integrationtest.FailUnlessStatus(t, getResp, 200) var initial map[string]any integrationtest.DecodeJSON(t, getResp, &initial) policy, ok := initial["policy"].(map[string]any) if !ok { t.Fatalf("missing policy: %#v", initial) } storage, ok := policy["storage_quotas"].(map[string]any) if !ok { t.Fatalf("missing storage_quotas: %#v", policy) } if storage["default_mail_gib"] == nil { t.Fatalf("expected default_mail_gib in policy") } putResp, err := adminClient.Put("/api/v1/admin/org/settings", map[string]any{ "policy": map[string]any{ "storage_quotas": map[string]any{ "default_mail_gib": 10, }, "usage_quotas": map[string]any{ "llm_requests_per_day": 200, }, }, }) integrationtest.FailIf(err, t, "put org settings") integrationtest.FailUnlessStatus(t, putResp, 200) var updated map[string]any integrationtest.DecodeJSON(t, putResp, &updated) updatedPolicy, ok := updated["policy"].(map[string]any) if !ok { t.Fatalf("missing policy after update: %#v", updated) } updatedStorage, ok := updatedPolicy["storage_quotas"].(map[string]any) if !ok { t.Fatalf("missing storage_quotas after update") } if updatedStorage["default_mail_gib"] != float64(10) { t.Fatalf("default_mail_gib = %v, want 10", updatedStorage["default_mail_gib"]) } } func TestAdminOrgSettingsVirusTotalSecret(t *testing.T) { h := integrationtest.RequireHarness(t) adminClient, _ := integrationtest.RequireAdminClient(t, h) putResp, err := adminClient.Put("/api/v1/admin/org/settings", map[string]any{ "policy": map[string]any{ "file_policies": map[string]any{ "virus_scan_enabled": true, "virustotal_api_key": "vt-test-secret-key", }, }, }) integrationtest.FailIf(err, t, "put org settings with virustotal key") integrationtest.FailUnlessStatus(t, putResp, 200) var afterPut map[string]any integrationtest.DecodeJSON(t, putResp, &afterPut) secrets, ok := afterPut["secrets"].(map[string]any) if !ok { t.Fatalf("missing secrets: %#v", afterPut) } vtSecret, ok := secrets["virustotal_api_key"].(map[string]any) if !ok || vtSecret["configured"] != true { t.Fatalf("virustotal_api_key not configured: %#v", secrets) } filePolicies, ok := afterPut["policy"].(map[string]any)["file_policies"].(map[string]any) if !ok { t.Fatalf("missing file_policies") } if filePolicies["virustotal_api_key"] != "" { t.Fatalf("virustotal_api_key should be masked on GET, got %q", filePolicies["virustotal_api_key"]) } // Empty patch must preserve stored secret. preserveResp, err := adminClient.Put("/api/v1/admin/org/settings", map[string]any{ "policy": map[string]any{ "file_policies": map[string]any{ "virus_scan_enabled": false, "virustotal_api_key": "", }, }, }) integrationtest.FailIf(err, t, "preserve virustotal key") integrationtest.FailUnlessStatus(t, preserveResp, 200) var preserved map[string]any integrationtest.DecodeJSON(t, preserveResp, &preserved) preservedSecrets, ok := preserved["secrets"].(map[string]any) if !ok { t.Fatalf("missing secrets after preserve") } vtPreserved, ok := preservedSecrets["virustotal_api_key"].(map[string]any) if !ok || vtPreserved["configured"] != true { t.Fatalf("virustotal key not preserved: %#v", preservedSecrets) } }