TrueCloudLab/frostfs-node
20
1
Fork 28
Code Issues 107 Pull requests 4 Projects Releases 2 Packages 4 Activity Actions

[#800] node: eACL -> APE converter
All checks were successful
DCO action / DCO (pull_request) Successful in 3m43s
Details
Vulncheck / Vulncheck (pull_request) Successful in 6m9s
Details
Build / Build Components (1.21) (pull_request) Successful in 6m53s
Details
Build / Build Components (1.20) (pull_request) Successful in 7m18s
Details
Tests and linters / Staticcheck (pull_request) Successful in 7m36s
Details
Tests and linters / Tests (1.21) (pull_request) Successful in 8m1s
Details
Tests and linters / Lint (pull_request) Successful in 8m15s
Details
Tests and linters / Tests (1.20) (pull_request) Successful in 9m59s
Details
Tests and linters / Tests with -race (pull_request) Successful in 10m3s
Details

Browse source 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
Dmitrii Stepanov 2023-11-10 11:40:06 +03:00
parent 364f835b7e
commit fd9128d051
6 changed files with 749 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

25
cmd/frostfs-cli/modules/util/ape_test.go
View file

@ -4,6 +4,7 @@ import (
"testing"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/stretchr/testify/require"
)
@ -19,8 +20,8 @@ func TestParseAPERule(t *testing.T) {
rule: "allow Object.Put *",
expectRule: policyengine.Rule{
Status: policyengine.Allow,
Action: []string{"native:PutObject"},
Resource: []string{"native:::object/*"},
Actions: policyengine.Actions{Names: []string{nativeschema.MethodPutObject}},
Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
Condition: []policyengine.Condition{},
},
},
@ -29,8 +30,8 @@ func TestParseAPERule(t *testing.T) {
rule: "deny Object.Put *",
expectRule: policyengine.Rule{
Status: policyengine.AccessDenied,
Action: []string{"native:PutObject"},
Resource: []string{"native:::object/*"},
Actions: policyengine.Actions{Names: []string{nativeschema.MethodPutObject}},
Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
Condition: []policyengine.Condition{},
},
},
@ -39,8 +40,8 @@ func TestParseAPERule(t *testing.T) {
rule: "deny:QuotaLimitReached Object.Put *",
expectRule: policyengine.Rule{
Status: policyengine.QuotaLimitReached,
Action: []string{"native:PutObject"},
Resource: []string{"native:::object/*"},
Actions: policyengine.Actions{Names: []string{nativeschema.MethodPutObject}},
Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
Condition: []policyengine.Condition{},
},
},
@ -48,9 +49,9 @@ func TestParseAPERule(t *testing.T) {
name: "Valid allow rule with conditions",
rule: "allow Object.Get Object.Resource:Department=HR Object.Request:Actor!=ownerA *",
expectRule: policyengine.Rule{
Status: policyengine.Allow,
Action: []string{"native:GetObject"},
Resource: []string{"native:::object/*"},
Status: policyengine.Allow,
Actions: policyengine.Actions{Names: []string{nativeschema.MethodGetObject}},
Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
Condition: []policyengine.Condition{
{
Op: policyengine.CondStringEquals,
@ -71,9 +72,9 @@ func TestParseAPERule(t *testing.T) {
name: "Valid rule with conditions with action detail",
rule: "deny:QuotaLimitReached Object.Get Object.Resource:Department=HR Object.Request:Actor!=ownerA *",
expectRule: policyengine.Rule{
Status: policyengine.QuotaLimitReached,
Action: []string{"native:GetObject"},
Resource: []string{"native:::object/*"},
Status: policyengine.QuotaLimitReached,
Actions: policyengine.Actions{Names: []string{nativeschema.MethodGetObject}},
Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
Condition: []policyengine.Condition{
{
Op: policyengine.CondStringEquals,