[#36] eacl: add tests for operation match

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov 2021-09-13 11:27:33 +03:00 committed by Alex Vanin
parent 3a0c9e4542
commit be9bc5d612

View file

@ -4,9 +4,47 @@ import (
"math/rand" "math/rand"
"testing" "testing"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/zap/zaptest"
) )
func TestOperationMatch(t *testing.T) {
tgt := NewTarget()
tgt.SetRole(RoleOthers)
t.Run("single operation", func(t *testing.T) {
tb := NewTable()
tb.AddRecord(newRecord(ActionDeny, OperationPut, tgt))
tb.AddRecord(newRecord(ActionAllow, OperationGet, tgt))
v := newValidator(t, tb)
vu := newValidationUnit(RoleOthers, nil)
vu.op = OperationPut
require.Equal(t, ActionDeny, v.CalculateAction(vu))
vu.op = OperationGet
require.Equal(t, ActionAllow, v.CalculateAction(vu))
})
t.Run("unknown operation", func(t *testing.T) {
tb := NewTable()
tb.AddRecord(newRecord(ActionDeny, OperationUnknown, tgt))
tb.AddRecord(newRecord(ActionAllow, OperationGet, tgt))
v := newValidator(t, tb)
vu := newValidationUnit(RoleOthers, nil)
// TODO discuss if both next tests should result in DENY
vu.op = OperationPut
require.Equal(t, ActionAllow, v.CalculateAction(vu))
vu.op = OperationGet
require.Equal(t, ActionAllow, v.CalculateAction(vu))
})
}
func TestTargetMatches(t *testing.T) { func TestTargetMatches(t *testing.T) {
pubs := makeKeys(t, 3) pubs := makeKeys(t, 3)
@ -48,6 +86,28 @@ func makeKeys(t *testing.T, n int) [][]byte {
return pubs return pubs
} }
func newRecord(a Action, op Operation, tgt ...*Target) *Record {
r := NewRecord()
r.SetAction(a)
r.SetOperation(op)
r.SetTargets(tgt...)
return r
}
type dummySource struct {
tb *Table
}
func (d dummySource) GetEACL(*cid.ID) (*Table, error) {
return d.tb, nil
}
func newValidator(t *testing.T, tb *Table) *Validator {
return NewValidator(
WithLogger(zaptest.NewLogger(t)),
WithEACLSource(dummySource{tb}))
}
func newValidationUnit(role Role, key []byte) *ValidationUnit { func newValidationUnit(role Role, key []byte) *ValidationUnit {
return &ValidationUnit{ return &ValidationUnit{
role: role, role: role,