forked from TrueCloudLab/frostfs-s3-gw
Denis Kirillov
9241954496
Allow only impersonate flag. Don't allow SetEACL container session token. Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
31 lines
710 B
Go
31 lines
710 B
Go
package authmate
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestContainerSessionRules(t *testing.T) {
|
|
jsonRules := []byte(`
|
|
[
|
|
{
|
|
"verb": "PUT",
|
|
"containerID": null
|
|
},
|
|
{
|
|
"verb": "DELETE",
|
|
"containerID": "6CcWg8LkcbfMUC8pt7wiy5zM1fyS3psNoxgfppcCgig1"
|
|
}
|
|
]`)
|
|
|
|
sessionContext, err := buildContext(jsonRules)
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, sessionContext, 2)
|
|
require.Equal(t, sessionContext[0].verb, session.VerbContainerPut)
|
|
require.Zero(t, sessionContext[0].containerID)
|
|
require.Equal(t, sessionContext[1].verb, session.VerbContainerDelete)
|
|
require.NotNil(t, sessionContext[1].containerID)
|
|
}
|