open-consul/acl/acl_test.go

package acl

import (
	"testing"
)

func TestRootACL(t *testing.T) {
	if RootACL("allow") != AllowAll() {
		t.Fatalf("Bad root")
	}
	if RootACL("deny") != DenyAll() {
		t.Fatalf("Bad root")
	}
	if RootACL("manage") != ManageAll() {
		t.Fatalf("Bad root")
	}
	if RootACL("foo") != nil {
		t.Fatalf("bad root")
	}
}

func TestStaticACL(t *testing.T) {
	all := AllowAll()
	if _, ok := all.(*StaticACL); !ok {
		t.Fatalf("expected static")
	}

	none := DenyAll()
	if _, ok := none.(*StaticACL); !ok {
		t.Fatalf("expected static")
	}

	manage := ManageAll()
	if _, ok := none.(*StaticACL); !ok {
		t.Fatalf("expected static")
	}

	if !all.KeyRead("foobar") {
		t.Fatalf("should allow")
	}
	if !all.KeyWrite("foobar") {
		t.Fatalf("should allow")
	}
	if all.ACLList() {
		t.Fatalf("should not allow")
	}
	if all.ACLModify() {
		t.Fatalf("should not allow")
	}

	if none.KeyRead("foobar") {
		t.Fatalf("should not allow")
	}
	if none.KeyWrite("foobar") {
		t.Fatalf("should not allow")
	}
	if none.ACLList() {
		t.Fatalf("should not noneow")
	}
	if none.ACLModify() {
		t.Fatalf("should not noneow")
	}

	if !manage.KeyRead("foobar") {
		t.Fatalf("should allow")
	}
	if !manage.KeyWrite("foobar") {
		t.Fatalf("should allow")
	}
	if !manage.ACLList() {
		t.Fatalf("should allow")
	}
	if !manage.ACLModify() {
		t.Fatalf("should allow")
	}
}

func TestPolicyACL(t *testing.T) {
	all := AllowAll()
	policy := &Policy{
		Keys: []*KeyPolicy{
			&KeyPolicy{
				Prefix: "foo/",
				Policy: KeyPolicyWrite,
			},
			&KeyPolicy{
				Prefix: "foo/priv/",
				Policy: KeyPolicyDeny,
			},
			&KeyPolicy{
				Prefix: "bar/",
				Policy: KeyPolicyDeny,
			},
			&KeyPolicy{
				Prefix: "zip/",
				Policy: KeyPolicyRead,
			},
		},
	}
	acl, err := New(all, policy)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	type tcase struct {
		inp   string
		read  bool
		write bool
	}
	cases := []tcase{
		{"other", true, true},
		{"foo/test", true, true},
		{"foo/priv/test", false, false},
		{"bar/any", false, false},
		{"zip/test", true, false},
	}
	for _, c := range cases {
		if c.read != acl.KeyRead(c.inp) {
			t.Fatalf("Read fail: %#v", c)
		}
		if c.write != acl.KeyWrite(c.inp) {
			t.Fatalf("Write fail: %#v", c)
		}
	}
}

func TestPolicyACL_Parent(t *testing.T) {
	deny := DenyAll()
	policyRoot := &Policy{
		Keys: []*KeyPolicy{
			&KeyPolicy{
				Prefix: "foo/",
				Policy: KeyPolicyWrite,
			},
			&KeyPolicy{
				Prefix: "bar/",
				Policy: KeyPolicyRead,
			},
		},
	}
	root, err := New(deny, policyRoot)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	policy := &Policy{
		Keys: []*KeyPolicy{
			&KeyPolicy{
				Prefix: "foo/priv/",
				Policy: KeyPolicyRead,
			},
			&KeyPolicy{
				Prefix: "bar/",
				Policy: KeyPolicyDeny,
			},
			&KeyPolicy{
				Prefix: "zip/",
				Policy: KeyPolicyRead,
			},
		},
	}
	acl, err := New(root, policy)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	type tcase struct {
		inp   string
		read  bool
		write bool
	}
	cases := []tcase{
		{"other", false, false},
		{"foo/test", true, true},
		{"foo/priv/test", true, false},
		{"bar/any", false, false},
		{"zip/test", true, false},
	}
	for _, c := range cases {
		if c.read != acl.KeyRead(c.inp) {
			t.Fatalf("Read fail: %#v", c)
		}
		if c.write != acl.KeyWrite(c.inp) {
			t.Fatalf("Write fail: %#v", c)
		}
	}
}
acl: First pass 2014-08-06 22:08:17 +00:00			`package acl`

			`import (`
			`"testing"`
			`)`

acl: Simplify parent ACL, adding root policies 2014-08-12 17:35:27 +00:00			`func TestRootACL(t *testing.T) {`
			`if RootACL("allow") != AllowAll() {`
			`t.Fatalf("Bad root")`
			`}`
			`if RootACL("deny") != DenyAll() {`
			`t.Fatalf("Bad root")`
			`}`
acl: Support ACL checks, adding new root policy 2014-08-12 22:09:01 +00:00			`if RootACL("manage") != ManageAll() {`
			`t.Fatalf("Bad root")`
			`}`
acl: Simplify parent ACL, adding root policies 2014-08-12 17:35:27 +00:00			`if RootACL("foo") != nil {`
			`t.Fatalf("bad root")`
			`}`
			`}`

acl: First pass 2014-08-06 22:08:17 +00:00			`func TestStaticACL(t *testing.T) {`
			`all := AllowAll()`
			`if _, ok := all.(*StaticACL); !ok {`
			`t.Fatalf("expected static")`
			`}`

			`none := DenyAll()`
			`if _, ok := none.(*StaticACL); !ok {`
			`t.Fatalf("expected static")`
			`}`

acl: Support ACL checks, adding new root policy 2014-08-12 22:09:01 +00:00			`manage := ManageAll()`
			`if _, ok := none.(*StaticACL); !ok {`
			`t.Fatalf("expected static")`
			`}`

acl: First pass 2014-08-06 22:08:17 +00:00			`if !all.KeyRead("foobar") {`
			`t.Fatalf("should allow")`
			`}`
			`if !all.KeyWrite("foobar") {`
			`t.Fatalf("should allow")`
			`}`
acl: Support ACL checks, adding new root policy 2014-08-12 22:09:01 +00:00			`if all.ACLList() {`
			`t.Fatalf("should not allow")`
			`}`
			`if all.ACLModify() {`
			`t.Fatalf("should not allow")`
			`}`
acl: First pass 2014-08-06 22:08:17 +00:00
			`if none.KeyRead("foobar") {`
			`t.Fatalf("should not allow")`
			`}`
			`if none.KeyWrite("foobar") {`
			`t.Fatalf("should not allow")`
			`}`
acl: Support ACL checks, adding new root policy 2014-08-12 22:09:01 +00:00			`if none.ACLList() {`
			`t.Fatalf("should not noneow")`
			`}`
			`if none.ACLModify() {`
			`t.Fatalf("should not noneow")`
			`}`

			`if !manage.KeyRead("foobar") {`
			`t.Fatalf("should allow")`
			`}`
			`if !manage.KeyWrite("foobar") {`
			`t.Fatalf("should allow")`
			`}`
			`if !manage.ACLList() {`
			`t.Fatalf("should allow")`
			`}`
			`if !manage.ACLModify() {`
			`t.Fatalf("should allow")`
			`}`
acl: First pass 2014-08-06 22:08:17 +00:00			`}`

			`func TestPolicyACL(t *testing.T) {`
			`all := AllowAll()`
			`policy := &Policy{`
			`Keys: []*KeyPolicy{`
			`&KeyPolicy{`
			`Prefix: "foo/",`
			`Policy: KeyPolicyWrite,`
			`},`
			`&KeyPolicy{`
			`Prefix: "foo/priv/",`
			`Policy: KeyPolicyDeny,`
			`},`
			`&KeyPolicy{`
			`Prefix: "bar/",`
			`Policy: KeyPolicyDeny,`
			`},`
			`&KeyPolicy{`
			`Prefix: "zip/",`
			`Policy: KeyPolicyRead,`
			`},`
			`},`
			`}`
			`acl, err := New(all, policy)`
			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`type tcase struct {`
			`inp string`
			`read bool`
			`write bool`
			`}`
			`cases := []tcase{`
			`{"other", true, true},`
			`{"foo/test", true, true},`
			`{"foo/priv/test", false, false},`
			`{"bar/any", false, false},`
			`{"zip/test", true, false},`
			`}`
			`for _, c := range cases {`
			`if c.read != acl.KeyRead(c.inp) {`
			`t.Fatalf("Read fail: %#v", c)`
			`}`
			`if c.write != acl.KeyWrite(c.inp) {`
			`t.Fatalf("Write fail: %#v", c)`
			`}`
			`}`
			`}`

			`func TestPolicyACL_Parent(t *testing.T) {`
			`deny := DenyAll()`
			`policyRoot := &Policy{`
			`Keys: []*KeyPolicy{`
			`&KeyPolicy{`
			`Prefix: "foo/",`
			`Policy: KeyPolicyWrite,`
			`},`
			`&KeyPolicy{`
			`Prefix: "bar/",`
			`Policy: KeyPolicyRead,`
			`},`
			`},`
			`}`
			`root, err := New(deny, policyRoot)`
			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`policy := &Policy{`
			`Keys: []*KeyPolicy{`
			`&KeyPolicy{`
			`Prefix: "foo/priv/",`
			`Policy: KeyPolicyRead,`
			`},`
			`&KeyPolicy{`
			`Prefix: "bar/",`
			`Policy: KeyPolicyDeny,`
			`},`
			`&KeyPolicy{`
			`Prefix: "zip/",`
			`Policy: KeyPolicyRead,`
			`},`
			`},`
			`}`
			`acl, err := New(root, policy)`
			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`type tcase struct {`
			`inp string`
			`read bool`
			`write bool`
			`}`
			`cases := []tcase{`
			`{"other", false, false},`
			`{"foo/test", true, true},`
			`{"foo/priv/test", true, false},`
			`{"bar/any", false, false},`
			`{"zip/test", true, false},`
			`}`
			`for _, c := range cases {`
			`if c.read != acl.KeyRead(c.inp) {`
			`t.Fatalf("Read fail: %#v", c)`
			`}`
			`if c.write != acl.KeyWrite(c.inp) {`
			`t.Fatalf("Write fail: %#v", c)`
			`}`
			`}`
			`}`