decouple and add unit test

Author: blva

src/tools/atlas/connect/connectCluster.ts

@@ -7,7 +7,7 @@ import { LogId } from "../../../common/logger.js";
 import { inspectCluster } from "../../../common/atlas/cluster.js";
 import { ensureCurrentIpInAccessList } from "../../../common/atlas/accessListUtils.js";
 import { AtlasClusterConnectionInfo } from "../../../common/connectionManager.js";
-import { DatabaseUserRole } from "../../../common/atlas/openapi.js";
+import { getDefaultRoleFromConfig } from "../../../common/atlas/roles.js";
 
 const EXPIRY_MS = 1000 * 60 * 60 * 12; // 12 hours
 
@@ -73,7 +73,7 @@ export class ConnectClusterTool extends AtlasToolBase {
         const password = await generateSecurePassword();
 
         const expiryDate = new Date(Date.now() + EXPIRY_MS);
-        const role = this.getRoleFromConfig();
+        const role = getDefaultRoleFromConfig(this.config);
 
         await this.session.apiClient.createDatabaseUser({
             params: {
@@ -245,35 +245,4 @@ export class ConnectClusterTool extends AtlasToolBase {
             ],
         };
     }
-
-    /**
-     * @description Get the role name for the database user based on the Atlas Admin API https://www.mongodb.com/docs/atlas/mongodb-users-roles-and-privileges/
-     * @returns The role name for the database user
-     */
-    private getRoleFromConfig(): DatabaseUserRole {
-        if (this.config.readOnly) {
-            return {
-                roleName: "readAnyDatabase",
-                databaseName: "admin",
-            };
-        }
-
-        // If all write tools are enabled, use readWriteAnyDatabase
-        if (
-            !this.config.disabledTools?.includes("create") &&
-            !this.config.disabledTools?.includes("update") &&
-            !this.config.disabledTools?.includes("delete") &&
-            !this.config.disabledTools?.includes("metadata")
-        ) {
-            return {
-                roleName: "readWriteAnyDatabase",
-                databaseName: "admin",
-            };
-        }
-
-        return {
-            roleName: "readAnyDatabase",
-            databaseName: "admin",
-        };
-    }
 }

tests/unit/common/roles.test.ts

@@ -0,0 +1,56 @@
+import { describe, it, expect } from "vitest";
+import { getDefaultRoleFromConfig } from "../../../src/common/atlas/roles.js";
+import { defaultUserConfig, UserConfig } from "../../../src/common/config.js";
+
+describe("getDefaultRoleFromConfig", () => {
+    const defaultConfig: UserConfig = {
+        ...defaultUserConfig,
+    };
+
+    const readOnlyConfig: UserConfig = {
+        ...defaultConfig,
+        readOnly: true,
+    };
+
+    const readWriteConfig: UserConfig = {
+        ...defaultConfig,
+        readOnly: false,
+        disabledTools: [],
+    };
+
+    it("should return the correct role for a read-only config", () => {
+        const role = getDefaultRoleFromConfig(readOnlyConfig);
+        expect(role).toEqual({
+            roleName: "readAnyDatabase",
+            databaseName: "admin",
+        });
+    });
+
+    it("should return the correct role for a read-write config", () => {
+        const role = getDefaultRoleFromConfig(readWriteConfig);
+        expect(role).toEqual({
+            roleName: "readWriteAnyDatabase",
+            databaseName: "admin",
+        });
+    });
+
+    it("should return the correct role for a read-write config with all tools enabled", () => {
+        const role = getDefaultRoleFromConfig(readWriteConfig);
+        expect(role).toEqual({
+            roleName: "readWriteAnyDatabase",
+            databaseName: "admin",
+        });
+    });
+
+    // loop with each disabled tool
+    for (const tool of ["create", "update", "delete", "metadata"]) {
+        it(`should return the correct role for a read-write config with ${tool} disabled`, () => {
+            const config = { ...readWriteConfig, disabledTools: [tool] };
+            const role = getDefaultRoleFromConfig(config);
+            expect(role).toEqual({
+                roleName: "readAnyDatabase",
+                databaseName: "admin",
+            });
+        });
+    }
+});