forked from TrueCloudLab/distribution
Merge pull request #2121 from nwt/delete-action
Change DELETE action from "*" to "delete"
This commit is contained in:
commit
2bc4a9459c
3 changed files with 25 additions and 6 deletions
|
@ -454,6 +454,27 @@ func TestAccessController(t *testing.T) {
|
||||||
if userInfo.Name != "foo" {
|
if userInfo.Name != "foo" {
|
||||||
t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
|
t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 5. Supply a token with full admin rights, which is represented as "*".
|
||||||
|
token, err = makeTestToken(
|
||||||
|
issuer, service,
|
||||||
|
[]*ResourceActions{{
|
||||||
|
Type: testAccess.Type,
|
||||||
|
Name: testAccess.Name,
|
||||||
|
Actions: []string{"*"},
|
||||||
|
}},
|
||||||
|
rootKeys[0], 1, time.Now(), time.Now().Add(5*time.Minute),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.compactRaw()))
|
||||||
|
|
||||||
|
_, err = accessController.Authorized(ctx, testAccess)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("accessController returned unexpected error: %s", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// This tests that newAccessController can handle PEM blocks in the certificate
|
// This tests that newAccessController can handle PEM blocks in the certificate
|
||||||
|
|
|
@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au
|
||||||
Action: "push",
|
Action: "push",
|
||||||
})
|
})
|
||||||
case "DELETE":
|
case "DELETE":
|
||||||
// DELETE access requires full admin rights, which is represented
|
|
||||||
// as "*". This may not be ideal.
|
|
||||||
records = append(records,
|
records = append(records,
|
||||||
auth.Access{
|
auth.Access{
|
||||||
Resource: resource,
|
Resource: resource,
|
||||||
Action: "*",
|
Action: "delete",
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
return records
|
return records
|
||||||
|
|
|
@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) {
|
||||||
Resource: expectedResource,
|
Resource: expectedResource,
|
||||||
Action: "push",
|
Action: "push",
|
||||||
}
|
}
|
||||||
expectedAllRecord := auth.Access{
|
expectedDeleteRecord := auth.Access{
|
||||||
Resource: expectedResource,
|
Resource: expectedResource,
|
||||||
Action: "*",
|
Action: "delete",
|
||||||
}
|
}
|
||||||
|
|
||||||
records := []auth.Access{}
|
records := []auth.Access{}
|
||||||
|
@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) {
|
||||||
|
|
||||||
records = []auth.Access{}
|
records = []auth.Access{}
|
||||||
result = appendAccessRecords(records, "DELETE", repo)
|
result = appendAccessRecords(records, "DELETE", repo)
|
||||||
expectedResult = []auth.Access{expectedAllRecord}
|
expectedResult = []auth.Access{expectedDeleteRecord}
|
||||||
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||||
t.Fatalf("Actual access record differs from expected")
|
t.Fatalf("Actual access record differs from expected")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue