From 975ac728225f9eaf0d03af2c434c306a35b11483 Mon Sep 17 00:00:00 2001 From: lemondrank Date: Sun, 30 Oct 2016 15:09:45 -0700 Subject: [PATCH] started acl_test updates --- vault/acl_test.go | 208 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 203 insertions(+), 5 deletions(-) diff --git a/vault/acl_test.go b/vault/acl_test.go index d48370a5c..91176bd30 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -67,7 +67,7 @@ func TestACL_Root(t *testing.T) { t.Fatalf("expected root") } if !allowed { - t.Fatalf("expected permission") + t.Fatalf("expected permissions") } } @@ -146,14 +146,13 @@ func TestACL_Layered(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - - acl, err := NewACL([]*Policy{policy1, policy2}) + + acl, err := NewACL([]*Policy{policy1, policy2}) if err != nil { t.Fatalf("err: %v", err) - } + } testLayeredACL(t, acl) } - func testLayeredACL(t *testing.T, acl *ACL) { // Type of operation is not important here as we only care about checking // sudo/root @@ -214,6 +213,21 @@ func testLayeredACL(t *testing.T, acl *ACL) { } } +//commenting out for compilation +/*func TestNewAclMerge(t *testing.T) { + policy, err := Parse(permissionsPolicy2) + if err != nil { + t.Fatalf("err: %v", err) + } + acl, err := NewACL([]*Policy{policy}) + if err != nil { + t.Fatalf("err: %v", err) + } + + + +}*/ + var tokenCreationPolicy = ` name = "tokenCreation" path "auth/token/create*" { @@ -270,3 +284,187 @@ path "foo/bar" { capabilities = ["deny"] } ` +//allow operation testing +var permissionsPolicy = ` +name = "dev" +path "dev/*" { + policy = "write" + + permissionss = { + allowed_parameters { + "zip": {} + } + } +} +path "foo/bar" { + policy = "write" + permissions = { + denied_parameters { + "zap": {} + } + } +} +path "foo/baz" { + policy = "write" + permissions = { + allowed_parameters { + "hello": {} + } + denied_parameters { + "zap": {} + } + } +} +path "broken/phone" { + policy = "write" + permissions = { + allowed_parameters { + "steve": {} + } + denied_parameters { + "steve": {} + } + } +} +path "hello/world" { + policy = "write" + permissions = { + allowed_parameters { + "*": {} + } + denied_parameters { + "*": {} + } + } +} +path "tree/fort" { + policy = "write" + permissions = { + allowed_parameters { + "*": {} + } + denied_parameters { + "beer": {} + } + } +} +path "fruit/apple" { + policy = "write" + permissions = { + allowed_parameters { + "pear": {} + } + denied_parameters { + "*": {} + } + } +} +path "cold/weather" { + policy = "write" + permissions = { + allowed_parameters{} + denied_parameters{} + } +} +` +//test merging + +var permissionsPolicy2 = ` +name = "ops" +path "foo/bar" { + policy = "write" + permissions = { + denied_parameters { + "baz": {} + } + } +} +path "foo/bar" { + policy = "write" + permissions = { + denied_parameters { + "zip": {} + } + } +} +path "hello/universe" { + policy = "write" + permissions = { + allowed_parameters { + "bob": {} + } + } +} +path "hello/universe" { + policy = "write" + permissions = { + allowed_parameters { + "tom": {} + } + } +} +path "rainy/day" { + policy = "write" + permissions = { + allowed_parameters { + "bob": {} + } + } +} +path "rainy/day" { + policy = "write" + permissions = { + allowed_parameters { + "*": {} + } + } +} +path "cool/bike" { + policy = "write" + permissions = { + denied_parameters { + "frank": {} + } + } +} +path "cool/bike" { + policy = "write" + permissions = { + denied_parameters { + "*": {} + } + } +} +path "clean/bed" { + policy = "write" + permissions = { + denied_parameters { + "*": {} + } + } +} +path "clean/bed" { + policy = "write" + permissions = { + allowed_parameters { + "*": {} + } + } +} +path "coca/cola" { + policy = "write" + permissions = { + denied_parameters { + "john": {} + } + } +} +path "coca/cola" { + policy = "write" + permissions = { + allowed_parameters { + "john": {} + } + } +} +`