2022-03-27 10:59:30 +00:00
|
|
|
package testutils
|
2022-04-05 14:26:14 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2022-03-27 10:59:30 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2022-04-05 21:10:06 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
2022-06-17 09:24:43 +00:00
|
|
|
"github.com/hashicorp/consul/acl/resolver"
|
2022-04-05 14:26:14 +00:00
|
|
|
)
|
|
|
|
|
2022-06-17 09:24:43 +00:00
|
|
|
func TestAuthorizerAllowAll(t *testing.T) resolver.Result {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
return resolver.Result{Authorizer: acl.AllowAll()}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizerDenyAll(t *testing.T) resolver.Result {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
return resolver.Result{Authorizer: acl.DenyAll()}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthorizerServiceWriteAny(t *testing.T) resolver.Result {
|
2022-04-05 14:26:14 +00:00
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
policy, err := acl.NewPolicyFromSource(`
|
|
|
|
service "foo" {
|
|
|
|
policy = "write"
|
|
|
|
}
|
|
|
|
`, acl.SyntaxCurrent, nil, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-06-17 09:24:43 +00:00
|
|
|
return resolver.Result{Authorizer: authz}
|
2022-04-05 14:26:14 +00:00
|
|
|
}
|
2022-04-20 00:24:21 +00:00
|
|
|
|
2022-06-17 09:24:43 +00:00
|
|
|
func TestAuthorizerServiceRead(t *testing.T, serviceName string) resolver.Result {
|
2022-04-20 00:24:21 +00:00
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
aclRule := &acl.Policy{
|
|
|
|
PolicyRules: acl.PolicyRules{
|
|
|
|
Services: []*acl.ServiceRule{
|
|
|
|
{
|
|
|
|
Name: serviceName,
|
|
|
|
Policy: acl.PolicyRead,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{aclRule}, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-06-17 09:24:43 +00:00
|
|
|
return resolver.Result{Authorizer: authz}
|
2022-04-20 00:24:21 +00:00
|
|
|
}
|