frostfs-sdk-go/eacl/record_test.go

package eacl

import (
	"crypto/ecdsa"
	"fmt"
	"testing"

	v2acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
	checksumtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum/test"
	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
	usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"
	versiontest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version/test"
	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/stretchr/testify/require"
)

func TestRecord(t *testing.T) {
	record := NewRecord()
	record.SetOperation(OperationRange)
	record.SetAction(ActionAllow)
	record.AddFilter(HeaderFromRequest, MatchStringEqual, "A", "B")
	record.AddFilter(HeaderFromRequest, MatchStringNotEqual, "C", "D")

	target := NewTarget()
	target.SetRole(RoleSystem)
	AddRecordTarget(record, target)

	v2 := record.ToV2()
	require.NotNil(t, v2)
	require.Equal(t, v2acl.OperationRange, v2.GetOperation())
	require.Equal(t, v2acl.ActionAllow, v2.GetAction())
	require.Len(t, v2.GetFilters(), len(record.Filters()))
	require.Len(t, v2.GetTargets(), len(record.Targets()))

	newRecord := NewRecordFromV2(v2)
	require.Equal(t, record, newRecord)

	t.Run("create record", func(t *testing.T) {
		record := CreateRecord(ActionAllow, OperationGet)
		require.Equal(t, ActionAllow, record.Action())
		require.Equal(t, OperationGet, record.Operation())
	})

	t.Run("new from nil v2 record", func(t *testing.T) {
		require.Equal(t, new(Record), NewRecordFromV2(nil))
	})
}

func TestAddFormedTarget(t *testing.T) {
	items := []struct {
		role Role
		keys []ecdsa.PublicKey
	}{
		{
			role: RoleUnknown,
			keys: []ecdsa.PublicKey{*randomPublicKey(t)},
		},
		{
			role: RoleSystem,
			keys: []ecdsa.PublicKey{},
		},
	}

	targets := make([]Target, len(items))

	r := NewRecord()

	for i := range items {
		targets[i].SetRole(items[i].role)
		SetTargetECDSAKeys(&targets[i], ecdsaKeysToPtrs(items[i].keys)...)
		AddFormedTarget(r, items[i].role, items[i].keys...)
	}

	tgts := r.Targets()
	require.Len(t, tgts, len(targets))

	for _, tgt := range targets {
		require.Contains(t, tgts, tgt)
	}
}

func TestRecord_AddFilter(t *testing.T) {
	filters := []Filter{
		*newObjectFilter(MatchStringEqual, "some name", "ContainerID"),
		*newObjectFilter(MatchStringNotEqual, "X-Header-Name", "X-Header-Value"),
	}

	r := NewRecord()
	for _, filter := range filters {
		r.AddFilter(filter.From(), filter.Matcher(), filter.Key(), filter.Value())
	}

	require.Equal(t, filters, r.Filters())
}

func TestRecordEncoding(t *testing.T) {
	r := NewRecord()
	r.SetOperation(OperationHead)
	r.SetAction(ActionDeny)
	r.AddObjectAttributeFilter(MatchStringEqual, "key", "value")
	AddFormedTarget(r, RoleSystem, *randomPublicKey(t))

	t.Run("binary", func(t *testing.T) {
		data, err := r.Marshal()
		require.NoError(t, err)

		r2 := NewRecord()
		require.NoError(t, r2.Unmarshal(data))

		require.Equal(t, r, r2)
	})

	t.Run("json", func(t *testing.T) {
		data, err := r.MarshalJSON()
		require.NoError(t, err)

		r2 := NewRecord()
		require.NoError(t, r2.UnmarshalJSON(data))

		require.Equal(t, r, r2)
	})
}

func TestRecord_ToV2(t *testing.T) {
	t.Run("nil", func(t *testing.T) {
		var x *Record

		require.Nil(t, x.ToV2())
	})

	t.Run("default values", func(t *testing.T) {
		record := NewRecord()

		// check initial values
		require.Equal(t, OperationUnknown, record.Operation())
		require.Equal(t, ActionUnknown, record.Action())
		require.Nil(t, record.Targets())
		require.Nil(t, record.Filters())

		// convert to v2 message
		recordV2 := record.ToV2()

		require.Equal(t, v2acl.OperationUnknown, recordV2.GetOperation())
		require.Equal(t, v2acl.ActionUnknown, recordV2.GetAction())
		require.Nil(t, recordV2.GetTargets())
		require.Nil(t, recordV2.GetFilters())
	})
}

func TestReservedRecords(t *testing.T) {
	var (
		v       = versiontest.Version()
		oid     = oidtest.ID()
		cid     = cidtest.ID()
		ownerid = usertest.ID()
		h       = checksumtest.Checksum()
		typ     = new(object.Type)
	)

	testSuit := []struct {
		f     func(r *Record)
		key   string
		value string
	}{
		{
			f:     func(r *Record) { r.AddObjectAttributeFilter(MatchStringEqual, "foo", "bar") },
			key:   "foo",
			value: "bar",
		},
		{
			f:     func(r *Record) { r.AddObjectVersionFilter(MatchStringEqual, &v) },
			key:   v2acl.FilterObjectVersion,
			value: v.String(),
		},
		{
			f:     func(r *Record) { r.AddObjectIDFilter(MatchStringEqual, oid) },
			key:   v2acl.FilterObjectID,
			value: oid.EncodeToString(),
		},
		{
			f:     func(r *Record) { r.AddObjectContainerIDFilter(MatchStringEqual, cid) },
			key:   v2acl.FilterObjectContainerID,
			value: cid.EncodeToString(),
		},
		{
			f:     func(r *Record) { r.AddObjectOwnerIDFilter(MatchStringEqual, ownerid) },
			key:   v2acl.FilterObjectOwnerID,
			value: ownerid.EncodeToString(),
		},
		{
			f:     func(r *Record) { r.AddObjectCreationEpoch(MatchStringEqual, 100) },
			key:   v2acl.FilterObjectCreationEpoch,
			value: "100",
		},
		{
			f:     func(r *Record) { r.AddObjectPayloadLengthFilter(MatchStringEqual, 5000) },
			key:   v2acl.FilterObjectPayloadLength,
			value: "5000",
		},
		{
			f:     func(r *Record) { r.AddObjectPayloadHashFilter(MatchStringEqual, h) },
			key:   v2acl.FilterObjectPayloadHash,
			value: h.String(),
		},
		{
			f:     func(r *Record) { r.AddObjectHomomorphicHashFilter(MatchStringEqual, h) },
			key:   v2acl.FilterObjectHomomorphicHash,
			value: h.String(),
		},
		{
			f: func(r *Record) {
				require.True(t, typ.FromString("REGULAR"))
				r.AddObjectTypeFilter(MatchStringEqual, *typ)
			},
			key:   v2acl.FilterObjectType,
			value: "REGULAR",
		},
		{
			f: func(r *Record) {
				require.True(t, typ.FromString("TOMBSTONE"))
				r.AddObjectTypeFilter(MatchStringEqual, *typ)
			},
			key:   v2acl.FilterObjectType,
			value: "TOMBSTONE",
		},
	}

	for n, testCase := range testSuit {
		desc := fmt.Sprintf("case #%d", n)
		record := NewRecord()
		testCase.f(record)
		require.Len(t, record.Filters(), 1, desc)
		f := record.Filters()[0]
		require.Equal(t, f.Key(), testCase.key, desc)
		require.Equal(t, f.Value(), testCase.value, desc)
	}
}

func randomPublicKey(t *testing.T) *ecdsa.PublicKey {
	p, err := keys.NewPrivateKey()
	require.NoError(t, err)
	return &p.PrivateKey.PublicKey
}
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`package eacl`

			`import (`
			`"crypto/ecdsa"`
			`"fmt"`
			`"testing"`

Rename package name Due to source code relocation from GitHub. Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-03-07 11:20:03 +00:00			`v2acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"`
			`checksumtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum/test"`
			`cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"`
			`"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"`
			`oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"`
			`usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"`
			`versiontest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version/test"`
[#93] Remove golang.org/x/crypto dependency Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-12-10 13:56:04 +00:00			`"github.com/nspcc-dev/neo-go/pkg/crypto/keys"`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`"github.com/stretchr/testify/require"`
			`)`

			`func TestRecord(t *testing.T) {`
			`record := NewRecord()`
			`record.SetOperation(OperationRange)`
			`record.SetAction(ActionAllow)`
			`record.AddFilter(HeaderFromRequest, MatchStringEqual, "A", "B")`
			`record.AddFilter(HeaderFromRequest, MatchStringNotEqual, "C", "D")`

			`target := NewTarget()`
			`target.SetRole(RoleSystem)`
			`AddRecordTarget(record, target)`

			`v2 := record.ToV2()`
			`require.NotNil(t, v2)`
			`require.Equal(t, v2acl.OperationRange, v2.GetOperation())`
			`require.Equal(t, v2acl.ActionAllow, v2.GetAction())`
			`require.Len(t, v2.GetFilters(), len(record.Filters()))`
			`require.Len(t, v2.GetTargets(), len(record.Targets()))`

			`newRecord := NewRecordFromV2(v2)`
			`require.Equal(t, record, newRecord)`

			`t.Run("create record", func(t *testing.T) {`
			`record := CreateRecord(ActionAllow, OperationGet)`
			`require.Equal(t, ActionAllow, record.Action())`
			`require.Equal(t, OperationGet, record.Operation())`
			`})`

			`t.Run("new from nil v2 record", func(t *testing.T) {`
			`require.Equal(t, new(Record), NewRecordFromV2(nil))`
			`})`
			`}`

			`func TestAddFormedTarget(t *testing.T) {`
			`items := []struct {`
			`role Role`
			`keys []ecdsa.PublicKey`
			`}{`
			`{`
			`role: RoleUnknown,`
			`keys: []ecdsa.PublicKey{*randomPublicKey(t)},`
			`},`
			`{`
			`role: RoleSystem,`
			`keys: []ecdsa.PublicKey{},`
			`},`
			`}`

[#168] eacl: Replace pointer slices with non-pointer slices - []Record => []Record - []Filter => []Filter - []*Target => []Target Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2022-03-11 09:02:53 +00:00			`targets := make([]Target, len(items))`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00
			`r := NewRecord()`

[#168] eacl: Replace pointer slices with non-pointer slices - []Record => []Record - []Filter => []Filter - []*Target => []Target Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2022-03-11 09:02:53 +00:00			`for i := range items {`
			`targets[i].SetRole(items[i].role)`
			`SetTargetECDSAKeys(&targets[i], ecdsaKeysToPtrs(items[i].keys)...)`
			`AddFormedTarget(r, items[i].role, items[i].keys...)`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`}`

			`tgts := r.Targets()`
			`require.Len(t, tgts, len(targets))`

			`for _, tgt := range targets {`
			`require.Contains(t, tgts, tgt)`
			`}`
			`}`

			`func TestRecord_AddFilter(t *testing.T) {`
[#168] eacl: Replace pointer slices with non-pointer slices - []Record => []Record - []Filter => []Filter - []*Target => []Target Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2022-03-11 09:02:53 +00:00			`filters := []Filter{`
			`*newObjectFilter(MatchStringEqual, "some name", "ContainerID"),`
			`*newObjectFilter(MatchStringNotEqual, "X-Header-Name", "X-Header-Value"),`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`}`

			`r := NewRecord()`
			`for _, filter := range filters {`
			`r.AddFilter(filter.From(), filter.Matcher(), filter.Key(), filter.Value())`
			`}`

			`require.Equal(t, filters, r.Filters())`
			`}`

			`func TestRecordEncoding(t *testing.T) {`
			`r := NewRecord()`
			`r.SetOperation(OperationHead)`
			`r.SetAction(ActionDeny)`
			`r.AddObjectAttributeFilter(MatchStringEqual, "key", "value")`
			`AddFormedTarget(r, RoleSystem, *randomPublicKey(t))`

			`t.Run("binary", func(t *testing.T) {`
			`data, err := r.Marshal()`
			`require.NoError(t, err)`

			`r2 := NewRecord()`
			`require.NoError(t, r2.Unmarshal(data))`

			`require.Equal(t, r, r2)`
			`})`

			`t.Run("json", func(t *testing.T) {`
			`data, err := r.MarshalJSON()`
			`require.NoError(t, err)`

			`r2 := NewRecord()`
			`require.NoError(t, r2.UnmarshalJSON(data))`

			`require.Equal(t, r, r2)`
			`})`
			`}`

			`func TestRecord_ToV2(t *testing.T) {`
			`t.Run("nil", func(t *testing.T) {`
			`var x *Record`

			`require.Nil(t, x.ToV2())`
			`})`

			`t.Run("default values", func(t *testing.T) {`
			`record := NewRecord()`

			`// check initial values`
			`require.Equal(t, OperationUnknown, record.Operation())`
			`require.Equal(t, ActionUnknown, record.Action())`
			`require.Nil(t, record.Targets())`
			`require.Nil(t, record.Filters())`

			`// convert to v2 message`
			`recordV2 := record.ToV2()`

			`require.Equal(t, v2acl.OperationUnknown, recordV2.GetOperation())`
			`require.Equal(t, v2acl.ActionUnknown, recordV2.GetAction())`
			`require.Nil(t, recordV2.GetTargets())`
			`require.Nil(t, recordV2.GetFilters())`
			`})`
			`}`

			`func TestReservedRecords(t *testing.T) {`
			`var (`
			`v = versiontest.Version()`
[#128] *: Use correct aliases for object testing Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-02-01 10:15:12 +00:00			`oid = oidtest.ID()`
[#54] tests: unify test generator names Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-12 11:19:16 +00:00			`cid = cidtest.ID()`
[#199] owner: Rename to `user`, refactor and doc Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-04-11 06:30:22 +00:00			`ownerid = usertest.ID()`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`h = checksumtest.Checksum()`
			`typ = new(object.Type)`
			`)`

			`testSuit := []struct {`
			`f func(r *Record)`
			`key string`
			`value string`
			`}{`
			`{`
			`f: func(r *Record) { r.AddObjectAttributeFilter(MatchStringEqual, "foo", "bar") },`
			`key: "foo",`
			`value: "bar",`
			`},`
			`{`
[#170] version: Add docs, refactor Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2022-03-23 15:35:44 +00:00			`f: func(r *Record) { r.AddObjectVersionFilter(MatchStringEqual, &v) },`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`key: v2acl.FilterObjectVersion,`
			`value: v.String(),`
			`},`
			`{`
			`f: func(r *Record) { r.AddObjectIDFilter(MatchStringEqual, oid) },`
			`key: v2acl.FilterObjectID,`
[#258] Fix string encoding of identifiers Use `EncodeToString` method to get protocol string according to type docs. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-31 06:55:08 +00:00			`value: oid.EncodeToString(),`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`},`
			`{`
			`f: func(r *Record) { r.AddObjectContainerIDFilter(MatchStringEqual, cid) },`
			`key: v2acl.FilterObjectContainerID,`
[#258] Fix string encoding of identifiers Use `EncodeToString` method to get protocol string according to type docs. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-31 06:55:08 +00:00			`value: cid.EncodeToString(),`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`},`
			`{`
			`f: func(r *Record) { r.AddObjectOwnerIDFilter(MatchStringEqual, ownerid) },`
			`key: v2acl.FilterObjectOwnerID,`
[#258] Fix string encoding of identifiers Use `EncodeToString` method to get protocol string according to type docs. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-31 06:55:08 +00:00			`value: ownerid.EncodeToString(),`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`},`
			`{`
			`f: func(r *Record) { r.AddObjectCreationEpoch(MatchStringEqual, 100) },`
			`key: v2acl.FilterObjectCreationEpoch,`
			`value: "100",`
			`},`
			`{`
			`f: func(r *Record) { r.AddObjectPayloadLengthFilter(MatchStringEqual, 5000) },`
			`key: v2acl.FilterObjectPayloadLength,`
			`value: "5000",`
			`},`
			`{`
			`f: func(r *Record) { r.AddObjectPayloadHashFilter(MatchStringEqual, h) },`
			`key: v2acl.FilterObjectPayloadHash,`
			`value: h.String(),`
			`},`
			`{`
			`f: func(r *Record) { r.AddObjectHomomorphicHashFilter(MatchStringEqual, h) },`
			`key: v2acl.FilterObjectHomomorphicHash,`
			`value: h.String(),`
			`},`
			`{`
			`f: func(r *Record) {`
			`require.True(t, typ.FromString("REGULAR"))`
			`r.AddObjectTypeFilter(MatchStringEqual, *typ)`
			`},`
			`key: v2acl.FilterObjectType,`
			`value: "REGULAR",`
			`},`
			`{`
			`f: func(r *Record) {`
			`require.True(t, typ.FromString("TOMBSTONE"))`
			`r.AddObjectTypeFilter(MatchStringEqual, *typ)`
			`},`
			`key: v2acl.FilterObjectType,`
			`value: "TOMBSTONE",`
			`},`
			`}`

			`for n, testCase := range testSuit {`
			`desc := fmt.Sprintf("case #%d", n)`
			`record := NewRecord()`
			`testCase.f(record)`
			`require.Len(t, record.Filters(), 1, desc)`
			`f := record.Filters()[0]`
			`require.Equal(t, f.Key(), testCase.key, desc)`
			`require.Equal(t, f.Value(), testCase.value, desc)`
			`}`
			`}`

			`func randomPublicKey(t testing.T) ecdsa.PublicKey {`
[#93] Remove golang.org/x/crypto dependency Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-12-10 13:56:04 +00:00			`p, err := keys.NewPrivateKey()`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`require.NoError(t, err)`
[#93] Remove golang.org/x/crypto dependency Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-12-10 13:56:04 +00:00			`return &p.PrivateKey.PublicKey`
[#58] eacl: move package from neofs-api-go Also, remove deprecated methods. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-08 14:29:54 +00:00			`}`