frostfs-node/pkg/services/object/acl/eacl/validator_test.go
Evgenii Stratonikov 5f86d54721 [#816] object/acl: fix eACL target processing
Ignore role if public keys are present.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-09-10 15:15:36 +03:00

52 lines
1.1 KiB
Go

package eacl
import (
"math/rand"
"testing"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/stretchr/testify/require"
)
func TestTargetMatches(t *testing.T) {
pubs := make([][]byte, 3)
for i := range pubs {
pubs[i] = make([]byte, 33)
pubs[i][0] = 0x02
_, err := rand.Read(pubs[i][1:])
require.NoError(t, err)
}
tgt1 := eacl.NewTarget()
tgt1.SetBinaryKeys(pubs[0:2])
tgt1.SetRole(eacl.RoleUser)
tgt2 := eacl.NewTarget()
tgt2.SetRole(eacl.RoleOthers)
r := eacl.NewRecord()
r.SetTargets(tgt1, tgt2)
u := newValidationUnit(eacl.RoleUser, pubs[0])
require.True(t, targetMatches(u, r))
u = newValidationUnit(eacl.RoleUser, pubs[2])
require.False(t, targetMatches(u, r))
u = newValidationUnit(eacl.RoleUnknown, pubs[1])
require.True(t, targetMatches(u, r))
u = newValidationUnit(eacl.RoleOthers, pubs[2])
require.True(t, targetMatches(u, r))
u = newValidationUnit(eacl.RoleSystem, pubs[2])
require.False(t, targetMatches(u, r))
}
func newValidationUnit(role eacl.Role, key []byte) *ValidationUnit {
return &ValidationUnit{
role: role,
key: key,
}
}