Ejemplo n.º 1
0
        public async Task add_response_created_when_success()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var productRequest = new AddProductRequest()
            {
                Name                  = "fooproduct",
                Description           = "some description",
                DefaultDeploymentName = "Tests"
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Product.Add())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(productRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status201Created);
        }
Ejemplo n.º 2
0
        public async Task not_allow_untag_a_feature_when_it_has_not_been_previously_tagged_with_the_tag()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            var feature = Builders.Feature()
                          .WithName("barfeature")
                          .Build();

            var toggle1 = Builders.Toggle()
                          .WithType("toggle")
                          .Build();

            feature.Toggles.Add(toggle1);
            product.Features.Add(feature);

            await _fixture.Given.AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Tags.Untag(product.Name, feature.Name, tag: "performance"))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .DeleteAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
        public async Task get_top5_statistics_response()
        {
            var permission = Builders.Permission()
                             .WithReaderPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            await _fixture.Given.AddMetric(SampleMetrics());

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Statistics.Top())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var topFeatures = await response.Content
                              .ReadAs <TopFeaturesStatisticsResponse>();

            topFeatures.TopFeaturesDetails.Count().Should().Be(5);
            topFeatures.TopFeaturesDetails.First().FeatureName.Should().Be("Feature2");
            topFeatures.TopFeaturesDetails.First().Requests.Should().Be(4);
        }
Ejemplo n.º 4
0
        public async Task list_response_ok_when_success()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Permissions.List())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <PaginatedResult <ListUsersResponseDetail> >();

            content.Should()
            .NotBeNull();

            content.Items
            .Count.Should().Be(1);

            content.Items
            .First()
            .SubjectId.Should().Be(IdentityBuilder.DEFAULT_NAME);

            content.Items
            .First()
            .ActAs.Should().BeEquivalentTo(nameof(ApplicationRole.Management));
        }
Ejemplo n.º 5
0
        public async Task my_response_permissions_when_authorized_user_request()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Permissions.My())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <MyResponse>();

            content.ActAs
            .Should()
            .BeEquivalentTo(nameof(ApplicationRole.Management));
        }
Ejemplo n.º 6
0
        public async Task add_response_forbidden_when_user_is_not_authorized()
        {
            var permission = Builders.Permission()
                .WithAllPrivilegesForDefaultIdentity()
                .WithManagementPermission(false)
                .Build();

            await _fixture.Given
                .AddPermission(permission);

            var addApiKeyRequest = new AddApiKeyRequest()
            {
                Name = "apikey#1",
                ValidTo = DateTime.UtcNow.AddYears(2),
            };

            var response = await _fixture.TestServer
                  .CreateRequest(ApiDefinitions.V1.ApiKeys.Add())
                  .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                  .PostAsJsonAsync(addApiKeyRequest);

            response.StatusCode
                .Should()
                .Be(StatusCodes.Status403Forbidden);
        }
Ejemplo n.º 7
0
        public async Task get_response_apikey_when_exist()
        {
            var permission = Builders.Permission()
              .WithAllPrivilegesForDefaultIdentity()
              .Build();

            await _fixture.Given
                .AddPermission(permission);

            var apiKey = Builders.ApiKey()
               .WithName("apikey#1")
               .Withkey("key-1")
               .Build();

            await _fixture.Given
                .AddApiKey(apiKey);

            var response = await _fixture.TestServer
                .CreateRequest(ApiDefinitions.V1.ApiKeys.Get(apiKey.Id))
                .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                .GetAsync();

            var content = await response.Content
                .ReadAs<DetailsApiKeyResponse>();

            content.Name
                .Should()
                .BeEquivalentTo("apikey#1");

            response.StatusCode
                .Should()
                .Be(StatusCodes.Status200OK);
        }
Ejemplo n.º 8
0
        public async Task add_response_badrequest_if_product_name_already_exist()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var productRequest = new AddProductRequest()
            {
                Name        = product.Name,
                Description = "some description"
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Add())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(productRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 9
0
        public async Task add_response_badrequest_when_ringname_is_not_valid()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var productRequest = new AddProductRequest()
            {
                Name                  = "fooproduct~#4",
                Description           = "some description",
                DefaultDeploymentName = "X"
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Add())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(productRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 10
0
        public async Task adddeployment_response_created_when_success()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.AddDeployment(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(new AddDeploymentRequest()
            {
                Name = "Production"
            });

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status201Created);
        }
Ejemplo n.º 11
0
        public async Task list_response_ok_when_no_data()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.List())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <PaginatedResult <ListProductResponseDetail> >();

            content.Total
            .Should().Be(0);

            content.Count
            .Should().Be(0);

            content.PageIndex
            .Should().Be(0);

            content.Items
            .Count
            .Should().Be(0);
        }
Ejemplo n.º 12
0
        public async Task adddeployment_response_badrequest_if_ring_name_grether_than_200_characters()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.AddDeployment(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(new AddDeploymentRequest()
            {
                Name = new string('c', 201)
            });

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 13
0
        public async Task update_response_no_content_if_product_is_updated()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var request = new UpdateProductRequest()
            {
                Name        = "barproduct",
                Description = "description for product#2"
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Update(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PutAsJsonAsync(request);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status204NoContent);
        }
Ejemplo n.º 14
0
        public async Task update_response_forbidden_if_user_is_not_authorized()
        {
            var permission = Builders.Permission()
                             .WithReaderPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var request = new UpdateProductRequest()
            {
                Name        = "barpdroduct",
                Description = "description for product#2"
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Update(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PutAsJsonAsync(request);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status403Forbidden);
        }
Ejemplo n.º 15
0
        public async Task get_response_forbidden_when_user_is_not_authorized()
        {
            var permission = Builders.Permission()
                .WithAllPrivilegesForDefaultIdentity()
                .WithManagementPermission(false)
                .Build();

            await _fixture.Given
                .AddPermission(permission);

            var apiKey = Builders.ApiKey()
               .WithName("apikey#1")
               .Withkey("key-1")
               .Build();

            await _fixture.Given
                .AddApiKey(apiKey);

            var response = await _fixture.TestServer
                .CreateRequest(ApiDefinitions.V1.ApiKeys.Get(apiKey.Id))
                .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                .GetAsync();

            response.StatusCode
                .Should()
                .Be(StatusCodes.Status403Forbidden);
        }
Ejemplo n.º 16
0
        public async Task get_response_ok_if_product_exist()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Get(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <DetailsProductResponse>();

            content.Name
            .Should().BeEquivalentTo(product.Name);
        }
Ejemplo n.º 17
0
        public async Task list_response_ok_when_no_data()
        {
            var permission = Builders.Permission()
               .WithAllPrivilegesForDefaultIdentity()
               .Build();

            await _fixture.Given
                .AddPermission(permission);

            var response = await _fixture.TestServer
                  .CreateRequest(ApiDefinitions.V1.ApiKeys.List())
                  .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                  .GetAsync();

            response.StatusCode
                .Should()
                .Be(StatusCodes.Status200OK);

            var content = await response.Content
                .ReadAs<ListApiKeyResponse>();

            content.Total
                .Should().Be(0);

            content.Count
                .Should().Be(0);

            content.PageIndex
                .Should().Be(0);

            content.Result
                .Count
                .Should().Be(0);
        }
Ejemplo n.º 18
0
        public async Task deletedeployment_response_badrequest_if_ring_does_not_exist()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.DeleteDeployment(product.Name, "barring"))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .DeleteAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 19
0
        public async Task add_response_ok_and_use_default_validTo_if_is_not_specified()
        {
            var permission = Builders.Permission()
               .WithAllPrivilegesForDefaultIdentity()
               .Build();

            await _fixture.Given
                .AddPermission(permission);

            var addApiKeyRequest = new AddApiKeyRequest()
            {
                Name = "name"
            };

            var response = await _fixture.TestServer
                  .CreateRequest(ApiDefinitions.V1.ApiKeys.Add())
                  .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                  .PostAsJsonAsync(addApiKeyRequest);

            response.StatusCode
                .Should()
                .Be(StatusCodes.Status201Created);

            var content = await response.Content
                .ReadAs<AddApiKeyResponse>();

            content.ApiKeyId
                .Should()
                .NotBe(default);
Ejemplo n.º 20
0
        public async Task delete_response_no_content_when_delete_product_without_features()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Product.Delete(product.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .DeleteAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status204NoContent);
        }
Ejemplo n.º 21
0
        public async Task details_response_ok_when_success()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Permissions.Details(permission.SubjectId))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <DetailsPermissionResponse>();

            content.SubjectId
            .Should().BeEquivalentTo(permission.SubjectId);

            content.ActAs
            .Should().BeEquivalentTo(nameof(ApplicationRole.Management));
        }
Ejemplo n.º 22
0
        public async Task addparameter_response_forbidden_if_user_is_not_authorized()
        {
            var permission = Builders.Permission()
                             .WithReaderPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var parameterToggleRequest = new AddParameterToggleRequest()
            {
                ProductName = "fooproduct",
                FeatureName = "barfeature",
                ToggleType  = "type",
                Name        = "Environments",
                Value       = "Development",
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Toggles.PostParameter())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(parameterToggleRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status403Forbidden);
        }
Ejemplo n.º 23
0
        public async Task update_response_ok_when_success()
        {
            var requesterIdentity = Builders.Identity()
                                    .WithDefaultClaims()
                                    .Build();

            var requesterPermission = Builders.Permission()
                                      .WithNameIdentifier(IdentityBuilder.DEFAULT_NAME)
                                      .WithManagementPermission()
                                      .Build();

            var existingPermissionSubjectId = Guid.NewGuid().ToString();

            var existingPermission = Builders.Permission()
                                     .WithNameIdentifier(existingPermissionSubjectId)
                                     .WithReaderPermission()
                                     .Build();

            await _fixture.Given
            .AddPermission(requesterPermission, existingPermission);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Permissions.Add())
                           .WithIdentity(requesterIdentity)
                           .PutAsJsonAsync(new AddPermissionRequest()
            {
                SubjectId = existingPermissionSubjectId,
                ActAs     = nameof(ApplicationRole.Contributor)
            });

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status204NoContent);
        }
Ejemplo n.º 24
0
        public async Task delete_response_badrequest_if_toggle_not_exist()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            var feature = Builders.Feature()
                          .WithName("barfeature")
                          .Build();

            product.Features
            .Add(feature);

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Toggles.Delete(product.Name, feature.Name, "non-existing"))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .DeleteAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 25
0
        public async Task get_back_the_list_of_tags_of_a_feature()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            var feature = Builders.Feature()
                          .WithName("barfeature")
                          .Build();

            var toggle1 = Builders.Toggle()
                          .WithType("toggle")
                          .Build();

            var tagPerformance = Builders.Tag()
                                 .WithName("performance")
                                 .Build();

            var tagUsability = Builders.Tag()
                               .WithName("usability")
                               .Build();

            var featureTagPerformance = Builders.FeatureTag()
                                        .WithFeature(feature)
                                        .WithTag(tagPerformance)
                                        .Build();

            var featureTagUsability = Builders.FeatureTag()
                                      .WithFeature(feature)
                                      .WithTag(tagUsability)
                                      .Build();

            feature.Toggles.Add(toggle1);
            feature.FeatureTags.Add(featureTagPerformance);
            feature.FeatureTags.Add(featureTagUsability);

            product.Features.Add(feature);
            await _fixture.Given.AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Tags.List(product.Name, feature.Name))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var content = await response.Content
                          .ReadAs <List <TagResponseDetail> >();

            content.Should().HaveCount(2);
        }
Ejemplo n.º 26
0
        public async Task get_response_not_found_if_toggle_not_exist()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var product = Builders.Product()
                          .WithName("fooproduct")
                          .Build();

            var feature = Builders.Feature()
                          .WithName("barfeature")
                          .Build();

            product.Features
            .Add(feature);

            await _fixture.Given
            .AddProduct(product);

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Toggles.Get(productName: product.Name, featureName: feature.Name, toggleType: "non-existing-toggle"))
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status404NotFound);
        }
Ejemplo n.º 27
0
        public async Task get_success_statistics_response_configuration_statistics_when_success_many_items()
        {
            var permission = Builders.Permission()
                             .WithReaderPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            await _fixture.Given.AddMetric(SampleMetrics());

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Statistics.Success())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var statistics = await response.Content
                             .ReadAs <SuccessStatisticResponse>();

            statistics.PercentageSuccess
            .Should().Be(41);
        }
Ejemplo n.º 28
0
        public async Task addparameter_response_bad_request_if_value_is_null()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var parameterToggleRequest = new AddParameterToggleRequest()
            {
                ProductName = "fooproduct",
                FeatureName = "barfeature",
                ToggleType  = "type",
                Name        = "Environment",
                Value       = null
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V3.Toggles.PostParameter())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(parameterToggleRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }
Ejemplo n.º 29
0
        public async Task get_plot_statistics_response()
        {
            var permission = Builders.Permission()
                             .WithReaderPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            await _fixture.Given.AddMetric(SampleMetrics());

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Statistics.Plot())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .GetAsync();

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status200OK);

            var plotResponse = await response.Content
                               .ReadAs <PlotStatisticsResponse>();

            plotResponse.Should().NotBeNull();

            plotResponse.Points.Count().Should().BeInRange(2880, 2885);
        }
Ejemplo n.º 30
0
        public async Task add_response_badrequest_if_default_deployment_name_length_is_lower_than_5()
        {
            var permission = Builders.Permission()
                             .WithManagementPermission()
                             .Build();

            await _fixture.Given
            .AddPermission(permission);

            var productRequest = new AddProductRequest()
            {
                Name                  = "fooproduct",
                Description           = "some description",
                DefaultDeploymentName = new string('d', 4)
            };

            var response = await _fixture.TestServer
                           .CreateRequest(ApiDefinitions.V5.Product.Add())
                           .WithIdentity(Builders.Identity().WithDefaultClaims().Build())
                           .PostAsJsonAsync(productRequest);

            response.StatusCode
            .Should()
            .Be(StatusCodes.Status400BadRequest);
        }