generated from TrueCloudLab/basic
[#25] engine: Refactor ChainRouter interface
* Pass RequestTarget instead only namespace * Refactor unit-tests and dependencies Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
This commit is contained in:
aarifullin
parent
4d8242584a
commit
2d4a9fc6dc
6 changed files with 101 additions and 53 deletions
|
|
@ -29,7 +29,7 @@ func TestInmemory(t *testing.T) {
|
|||
"Actor": actor1,
|
||||
})
|
||||
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, namespace, reqGood)
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTargetWithNamespace(namespace), reqGood)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
|
||||
|
|
@ -103,7 +103,7 @@ func TestInmemory(t *testing.T) {
|
|||
"SourceIP": "10.122.1.20",
|
||||
"Actor": actor1,
|
||||
})
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, namespace, reqBadIP)
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadIP)
|
||||
require.Equal(t, chain.AccessDenied, status)
|
||||
require.True(t, ok)
|
||||
})
|
||||
|
|
@ -113,7 +113,7 @@ func TestInmemory(t *testing.T) {
|
|||
"SourceIP": "10.1.1.13",
|
||||
"Actor": actor2,
|
||||
})
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, namespace, reqBadActor)
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadActor)
|
||||
require.Equal(t, chain.AccessDenied, status)
|
||||
require.True(t, ok)
|
||||
})
|
||||
|
|
@ -121,14 +121,14 @@ func TestInmemory(t *testing.T) {
|
|||
objGood := resourcetest.NewResource("native::object::abc/id1", map[string]string{"Department": "HR"})
|
||||
objBadAttr := resourcetest.NewResource("native::object::abc/id2", map[string]string{"Department": "Support"})
|
||||
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, namespace, resourcetest.NewRequest("native::object::get", objGood, map[string]string{
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), resourcetest.NewRequest("native::object::get", objGood, map[string]string{
|
||||
"SourceIP": "10.1.1.14",
|
||||
"Actor": actor2,
|
||||
}))
|
||||
require.Equal(t, chain.Allow, status)
|
||||
require.True(t, ok)
|
||||
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace, resourcetest.NewRequest("native::object::get", objBadAttr, map[string]string{
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), resourcetest.NewRequest("native::object::get", objBadAttr, map[string]string{
|
||||
"SourceIP": "10.1.1.14",
|
||||
"Actor": actor2,
|
||||
}))
|
||||
|
|
@ -141,28 +141,28 @@ func TestInmemory(t *testing.T) {
|
|||
"SourceIP": "10.1.1.12",
|
||||
"Actor": actor1,
|
||||
})
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, namespace, reqBadOperation)
|
||||
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadOperation)
|
||||
require.Equal(t, chain.AccessDenied, status)
|
||||
require.True(t, ok)
|
||||
})
|
||||
t.Run("inverted rules", func(t *testing.T) {
|
||||
req := resourcetest.NewRequest("native::object::put", resourcetest.NewResource(object, nil), nil)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace2, req)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace2, container), req)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
|
||||
req = resourcetest.NewRequest("native::object::put", resourcetest.NewResource("native::object::cba/def", nil), nil)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace2, req)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace2, container), req)
|
||||
require.Equal(t, chain.AccessDenied, status)
|
||||
require.True(t, ok)
|
||||
|
||||
req = resourcetest.NewRequest("native::object::get", resourcetest.NewResource("native::object::cba/def", nil), nil)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace2, req)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace2, container), req)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
})
|
||||
t.Run("good", func(t *testing.T) {
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace, reqGood)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqGood)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
|
||||
|
|
@ -175,7 +175,7 @@ func TestInmemory(t *testing.T) {
|
|||
}},
|
||||
})
|
||||
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace, reqGood)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqGood)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
})
|
||||
|
|
@ -190,7 +190,7 @@ func TestInmemory(t *testing.T) {
|
|||
}},
|
||||
})
|
||||
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace, reqGood)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqGood)
|
||||
require.Equal(t, chain.QuotaLimitReached, status)
|
||||
require.True(t, ok)
|
||||
})
|
||||
|
|
@ -198,7 +198,7 @@ func TestInmemory(t *testing.T) {
|
|||
err := s.LocalStorage().RemoveOverride(chain.Ingress, engine.ContainerTarget(container), quotaRuleChainID)
|
||||
require.NoError(t, err)
|
||||
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, namespace, reqGood)
|
||||
status, ok, _ = s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqGood)
|
||||
require.Equal(t, chain.NoRuleFound, status)
|
||||
require.False(t, ok)
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue