From a33af0587b7e7e0cfd94f7f60d4823a0084564ca Mon Sep 17 00:00:00 2001
From: Noah Treuhaft <noah.treuhaft@docker.com>
Date: Fri, 6 Jan 2017 16:08:32 -0800
Subject: [PATCH] Add test for auth token with "*" action

Test that an auth token with the "*" action is allowed any action on its
resource.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
---
 registry/auth/token/token_test.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/registry/auth/token/token_test.go b/registry/auth/token/token_test.go
index cbfe2a6b4..03dce6fa6 100644
--- a/registry/auth/token/token_test.go
+++ b/registry/auth/token/token_test.go
@@ -454,6 +454,27 @@ func TestAccessController(t *testing.T) {
 	if userInfo.Name != "foo" {
 		t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
 	}
+
+	// 5. Supply a token with full admin rights, which is represented as "*".
+	token, err = makeTestToken(
+		issuer, service,
+		[]*ResourceActions{{
+			Type:    testAccess.Type,
+			Name:    testAccess.Name,
+			Actions: []string{"*"},
+		}},
+		rootKeys[0], 1, time.Now(), time.Now().Add(5*time.Minute),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.compactRaw()))
+
+	_, err = accessController.Authorized(ctx, testAccess)
+	if err != nil {
+		t.Fatalf("accessController returned unexpected error: %s", err)
+	}
 }
 
 // This tests that newAccessController can handle PEM blocks in the certificate