started acl_test updates

2016-10-30 15:09:45 -07:00 · 2016-10-30 15:09:45 -07:00 · 975ac72822
parent 7ae9f38883
commit 975ac72822
1 changed files with 203 additions and 5 deletions
--- a/vault/acl_test.go
+++ b/vault/acl_test.go
@ -67,7 +67,7 @@ func TestACL_Root(t *testing.T) {
 		t.Fatalf("expected root")
 	}
 	if !allowed {
-		t.Fatalf("expected permission")
+		t.Fatalf("expected permissions")
 	}
 }

@ -146,14 +146,13 @@ func TestACL_Layered(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-
-	acl, err := NewACL([]*Policy{policy1, policy2})
+	
+  acl, err := NewACL([]*Policy{policy1, policy2})
 	if err != nil {
 		t.Fatalf("err: %v", err)
-	}
+  }
 	testLayeredACL(t, acl)
 }
-
 func testLayeredACL(t *testing.T, acl *ACL) {
 	// Type of operation is not important here as we only care about checking
 	// sudo/root
@ -214,6 +213,21 @@ func testLayeredACL(t *testing.T, acl *ACL) {
 	}
 }

+//commenting out for compilation
+/*func TestNewAclMerge(t *testing.T) {
+  policy, err := Parse(permissionsPolicy2)
+  if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	acl, err := NewACL([]*Policy{policy})
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	
+  
+  
+}*/
+
 var tokenCreationPolicy = `
 name = "tokenCreation"
 path "auth/token/create*" {
@ -270,3 +284,187 @@ path "foo/bar" {
 	capabilities = ["deny"]
 }
 `
+//allow operation testing
+var permissionsPolicy = `
+name = "dev"
+path "dev/*" {
+	policy = "write"
+	
+  permissionss = {
+  	allowed_parameters {
+  		"zip": {}
+  	}
+  }
+}
+path "foo/bar" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"zap": {}
+		}
+  }
+}
+path "foo/baz" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"hello": {}
+		}
+		denied_parameters {
+			"zap": {}
+		}
+  }
+}
+path "broken/phone" {
+  policy = "write"
+  permissions = {
+    allowed_parameters {
+      "steve": {}
+    }
+    denied_parameters {
+      "steve": {}
+    }
+  }
+}
+path "hello/world" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"*": {}
+		}
+		denied_parameters {
+			"*": {}
+		}
+  }
+}
+path "tree/fort" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"*": {}
+		}
+		denied_parameters {
+			"beer": {}
+		}
+  }
+}
+path "fruit/apple" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"pear": {}
+		}
+		denied_parameters {
+			"*": {}
+		}
+  }
+}
+path "cold/weather" {
+	policy = "write"
+	permissions = {
+		allowed_parameters{}
+		denied_parameters{}
+	}
+}
+`
+//test merging
+
+var permissionsPolicy2 = `
+name = "ops"
+path "foo/bar" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"baz": {}
+		}
+	}
+}
+path "foo/bar" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"zip": {}
+		}
+  }
+}
+path "hello/universe" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"bob": {}
+		}
+	}
+}
+path "hello/universe" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"tom": {}
+		}
+  }
+}
+path "rainy/day" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"bob": {}
+		}
+	}
+}
+path "rainy/day" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"*": {}
+		}
+  }
+}
+path "cool/bike" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"frank": {}
+		}
+	}
+}
+path "cool/bike" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"*": {}
+		}
+  }
+}
+path "clean/bed" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"*": {}
+		}
+	}
+}
+path "clean/bed" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"*": {}
+		}
+  }
+}
+path "coca/cola" {
+	policy = "write"
+	permissions = {
+		denied_parameters {
+			"john": {}
+		}
+	}
+}
+path "coca/cola" {
+	policy = "write"
+	permissions = {
+		allowed_parameters {
+			"john": {}
+		}
+  }
+}
+`