From 1580296ae55803f95a0742882d767fda46ed11c7 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Thu, 19 Jan 2017 18:13:39 -0800 Subject: [PATCH] Update tests to check parsing of types --- vault/acl_test.go | 4 +-- vault/policy_test.go | 81 +++++++++++++++++++++++++++++++++++++------- 2 files changed, 70 insertions(+), 15 deletions(-) diff --git a/vault/acl_test.go b/vault/acl_test.go index 4caf64790..842a54a8c 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -682,9 +682,7 @@ path "test/types" { policy = "write" permissions = { allowed_parameters = { - "map" = { - "good" = "one" - } + "map" = [{"good" = "one"}] "int" = [1, 2] } denied_parameters = { diff --git a/vault/policy_test.go b/vault/policy_test.go index dd60c2c09..8d07fb364 100644 --- a/vault/policy_test.go +++ b/vault/policy_test.go @@ -73,6 +73,19 @@ path "biz/bar" { } } } +path "test/types" { + capabilities = ["create", "sudo"] + permissions = { + allowed_parameters = { + "map" = [{"good" = "one"}] + "int" = [1, 2] + } + denied_parameters = { + "string" = ["test"] + "bool" = [false] + } + } +} `) func TestPolicy_Parse(t *testing.T) { @@ -89,7 +102,10 @@ func TestPolicy_Parse(t *testing.T) { &PathCapabilities{"", "deny", []string{ "deny", - }, &Permissions{CapabilitiesBitmap: DenyCapabilityInt}, true}, + }, + &Permissions{CapabilitiesBitmap: DenyCapabilityInt}, + true, + }, &PathCapabilities{"stage/", "sudo", []string{ "create", @@ -98,41 +114,82 @@ func TestPolicy_Parse(t *testing.T) { "delete", "list", "sudo", - }, &Permissions{CapabilitiesBitmap: (CreateCapabilityInt | ReadCapabilityInt | UpdateCapabilityInt | - DeleteCapabilityInt | ListCapabilityInt | SudoCapabilityInt)}, true}, + }, + &Permissions{ + CapabilitiesBitmap: (CreateCapabilityInt | ReadCapabilityInt | UpdateCapabilityInt | DeleteCapabilityInt | ListCapabilityInt | SudoCapabilityInt), + }, + true, + }, &PathCapabilities{"prod/version", "read", []string{ "read", "list", - }, &Permissions{CapabilitiesBitmap: (ReadCapabilityInt | ListCapabilityInt)}, false}, + }, + &Permissions{CapabilitiesBitmap: (ReadCapabilityInt | ListCapabilityInt)}, + false, + }, &PathCapabilities{"foo/bar", "read", []string{ "read", "list", - }, &Permissions{CapabilitiesBitmap: (ReadCapabilityInt | ListCapabilityInt)}, false}, + }, + &Permissions{CapabilitiesBitmap: (ReadCapabilityInt | ListCapabilityInt)}, + false, + }, &PathCapabilities{"foo/bar", "", []string{ "create", "sudo", - }, &Permissions{CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt)}, false}, + }, + &Permissions{CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt)}, + false, + }, &PathCapabilities{"foo/bar", "", []string{ "create", "sudo", - }, &Permissions{(CreateCapabilityInt | SudoCapabilityInt), - map[string][]interface{}{"zip": {}, "zap": {}}, nil}, false}, + }, + &Permissions{ + CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt), + AllowedParameters: map[string][]interface{}{"zip": {}, "zap": {}}, + }, + false, + }, &PathCapabilities{"baz/bar", "", []string{ "create", "sudo", - }, &Permissions{(CreateCapabilityInt | SudoCapabilityInt), - nil, map[string][]interface{}{"zip": {}, "zap": {}}}, false}, + }, + &Permissions{ + CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt), + DeniedParameters: map[string][]interface{}{"zip": []interface{}{}, "zap": []interface{}{}}, + }, + false, + }, &PathCapabilities{"biz/bar", "", []string{ "create", "sudo", - }, &Permissions{(CreateCapabilityInt | SudoCapabilityInt), - map[string][]interface{}{"zim": {}, "zam": {}}, map[string][]interface{}{"zip": {}, "zap": {}}}, false}, + }, + &Permissions{ + CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt), + AllowedParameters: map[string][]interface{}{"zim": {}, "zam": {}}, + DeniedParameters: map[string][]interface{}{"zip": {}, "zap": {}}, + }, + false, + }, + &PathCapabilities{"test/types", "", + []string{ + "create", + "sudo", + }, + &Permissions{ + CapabilitiesBitmap: (CreateCapabilityInt | SudoCapabilityInt), + AllowedParameters: map[string][]interface{}{"map": []interface{}{map[string]interface{}{"good": "one"}}, "int": []interface{}{1, 2}}, + DeniedParameters: map[string][]interface{}{"string": []interface{}{"test"}, "bool": []interface{}{false}}, + }, + false, + }, } if !reflect.DeepEqual(p.Paths, expect) { t.Errorf("expected \n\n%#v\n\n to be \n\n%#v\n\n", p.Paths, expect)