2022-01-20 15:34:53 +00:00
|
|
|
package extended
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
2023-03-07 13:38:26 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
|
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
|
2022-01-20 15:34:53 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestParseTable(t *testing.T) {
|
|
|
|
|
tests := [...]struct {
|
|
|
|
|
name string // test name
|
|
|
|
|
rule string // input extended ACL rule
|
|
|
|
|
jsonRecord string // produced record after successfull parsing
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "valid rule with multiple filters",
|
|
|
|
|
rule: "deny get obj:a=b req:c=d others",
|
|
|
|
|
jsonRecord: `{"operation":"GET","action":"DENY","filters":[{"headerType":"OBJECT","matchType":"STRING_EQUAL","key":"a","value":"b"},{"headerType":"REQUEST","matchType":"STRING_EQUAL","key":"c","value":"d"}],"targets":[{"role":"OTHERS","keys":[]}]}`,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "valid rule without filters",
|
|
|
|
|
rule: "allow put user",
|
|
|
|
|
jsonRecord: `{"operation":"PUT","action":"ALLOW","filters":[],"targets":[{"role":"USER","keys":[]}]}`,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "valid rule with public key",
|
|
|
|
|
rule: "deny getrange pubkey:036410abb260bbbda89f61c0cad65a4fa15ac5cb83b3c3abf8aee403856fcf65ed",
|
|
|
|
|
jsonRecord: `{"operation":"GETRANGE","action":"DENY","filters":[],"targets":[{"role":"ROLE_UNSPECIFIED","keys":["A2QQq7Jgu72on2HAytZaT6FaxcuDs8Or+K7kA4Vvz2Xt"]}]}`,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "missing action",
|
|
|
|
|
rule: "get obj:a=b others",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "invalid action",
|
|
|
|
|
rule: "permit get obj:a=b others",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "missing op",
|
|
|
|
|
rule: "deny obj:a=b others",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "invalid op action",
|
|
|
|
|
rule: "deny look obj:a=b others",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "invalid filter type",
|
|
|
|
|
rule: "deny get invalid:a=b others",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "invalid target group",
|
|
|
|
|
rule: "deny get obj:a=b helpers",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "invalid public key",
|
|
|
|
|
rule: "deny get obj:a=b pubkey:0123",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
eaclTable := eacl.NewTable()
|
|
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
|
t.Run(test.name, func(t *testing.T) {
|
2022-11-11 07:32:17 +00:00
|
|
|
err := util.ParseEACLRule(eaclTable, test.rule)
|
2022-01-20 15:34:53 +00:00
|
|
|
ok := len(test.jsonRecord) > 0
|
|
|
|
|
require.Equal(t, ok, err == nil, err)
|
|
|
|
|
if ok {
|
|
|
|
|
expectedRecord := eacl.NewRecord()
|
|
|
|
|
err = expectedRecord.UnmarshalJSON([]byte(test.jsonRecord))
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
actualRecord := eaclTable.Records()[len(eaclTable.Records())-1]
|
|
|
|
|
|
2022-03-15 11:16:46 +00:00
|
|
|
equalRecords(t, expectedRecord, &actualRecord)
|
2022-01-20 15:34:53 +00:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func equalRecords(t *testing.T, r1, r2 *eacl.Record) {
|
|
|
|
|
d1, err := r1.Marshal()
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
d2, err := r2.Marshal()
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
require.Equal(t, d1, d2)
|
|
|
|
|
}
|
