2021-05-26 17:18:42 +00:00
|
|
|
package acl
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2023-03-07 13:38:26 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
|
|
|
v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
|
|
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
|
|
eaclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
|
|
|
|
usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"
|
2021-05-26 17:18:42 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
2022-02-11 12:25:05 +00:00
|
|
|
type emptyEACLSource struct{}
|
2021-05-26 17:18:42 +00:00
|
|
|
|
2022-06-22 10:55:31 +00:00
|
|
|
func (e emptyEACLSource) GetEACL(_ cid.ID) (*container.EACL, error) {
|
2022-02-11 12:25:05 +00:00
|
|
|
return nil, nil
|
2021-05-26 17:18:42 +00:00
|
|
|
}
|
|
|
|
|
2022-02-11 12:25:05 +00:00
|
|
|
type emptyNetmapState struct{}
|
2021-05-26 17:18:42 +00:00
|
|
|
|
2022-02-11 12:25:05 +00:00
|
|
|
func (e emptyNetmapState) CurrentEpoch() uint64 {
|
|
|
|
return 0
|
2021-05-26 17:18:42 +00:00
|
|
|
}
|
2021-09-10 11:35:29 +00:00
|
|
|
|
|
|
|
func TestStickyCheck(t *testing.T) {
|
2023-07-06 07:05:09 +00:00
|
|
|
checker := NewChecker(
|
|
|
|
emptyNetmapState{},
|
|
|
|
emptyEACLSource{},
|
|
|
|
eaclSDK.NewValidator(),
|
|
|
|
&engine.StorageEngine{})
|
2022-02-11 12:25:05 +00:00
|
|
|
|
2021-09-10 11:35:29 +00:00
|
|
|
t.Run("system role", func(t *testing.T) {
|
2022-02-11 12:25:05 +00:00
|
|
|
var info v2.RequestInfo
|
|
|
|
|
|
|
|
info.SetSenderKey(make([]byte, 33)) // any non-empty key
|
2022-06-17 13:40:51 +00:00
|
|
|
info.SetRequestRole(acl.RoleContainer)
|
2021-09-10 11:35:29 +00:00
|
|
|
|
2022-05-31 17:00:41 +00:00
|
|
|
require.True(t, checker.StickyBitCheck(info, *usertest.ID()))
|
2021-09-10 11:35:29 +00:00
|
|
|
|
2022-06-17 13:40:51 +00:00
|
|
|
var basicACL acl.Basic
|
|
|
|
basicACL.MakeSticky()
|
|
|
|
|
|
|
|
info.SetBasicACL(basicACL)
|
2021-09-10 11:35:29 +00:00
|
|
|
|
2022-05-31 17:00:41 +00:00
|
|
|
require.True(t, checker.StickyBitCheck(info, *usertest.ID()))
|
2021-09-10 11:35:29 +00:00
|
|
|
})
|
2021-11-08 10:49:20 +00:00
|
|
|
|
|
|
|
t.Run("owner ID and/or public key emptiness", func(t *testing.T) {
|
2022-02-11 12:25:05 +00:00
|
|
|
var info v2.RequestInfo
|
2021-11-08 10:49:20 +00:00
|
|
|
|
2022-06-17 13:40:51 +00:00
|
|
|
info.SetRequestRole(acl.RoleOthers) // should be non-system role
|
2021-11-08 10:49:20 +00:00
|
|
|
|
|
|
|
assertFn := func(isSticky, withKey, withOwner, expected bool) {
|
2022-06-17 13:40:51 +00:00
|
|
|
info := info
|
2021-11-08 10:49:20 +00:00
|
|
|
if isSticky {
|
2022-06-17 13:40:51 +00:00
|
|
|
var basicACL acl.Basic
|
|
|
|
basicACL.MakeSticky()
|
|
|
|
|
|
|
|
info.SetBasicACL(basicACL)
|
2021-11-08 10:49:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if withKey {
|
2022-02-11 12:25:05 +00:00
|
|
|
info.SetSenderKey(make([]byte, 33))
|
2021-11-08 10:49:20 +00:00
|
|
|
} else {
|
2022-02-11 12:25:05 +00:00
|
|
|
info.SetSenderKey(nil)
|
2021-11-08 10:49:20 +00:00
|
|
|
}
|
|
|
|
|
2022-05-31 17:00:41 +00:00
|
|
|
var ownerID user.ID
|
2021-11-08 10:49:20 +00:00
|
|
|
|
|
|
|
if withOwner {
|
2022-05-31 17:00:41 +00:00
|
|
|
ownerID = *usertest.ID()
|
2021-11-08 10:49:20 +00:00
|
|
|
}
|
|
|
|
|
2022-02-11 12:25:05 +00:00
|
|
|
require.Equal(t, expected, checker.StickyBitCheck(info, ownerID))
|
2021-11-08 10:49:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
assertFn(true, false, false, false)
|
|
|
|
assertFn(true, true, false, false)
|
|
|
|
assertFn(true, false, true, false)
|
|
|
|
assertFn(false, false, false, true)
|
|
|
|
assertFn(false, true, false, true)
|
|
|
|
assertFn(false, false, true, true)
|
|
|
|
assertFn(false, true, true, true)
|
|
|
|
})
|
2021-09-10 11:35:29 +00:00
|
|
|
}
|