frostfs-api-go-pogpp/pkg/acl/eacl/record_test.go
Leonard Lyubich c01024b553 [#217] pkg/eacl: Change interface for working with keys on Target and Record
In previous implementation Target provided Keys/SetKeys methods which
allowed working with ECDSA keys. There was also a bug in the NewTargetFromV2
function when the binary key differed in format from the ECDSA key. New
BinaryKeys/SetBinaryKeys methods work with binary keys. To work with ECDSA
keys added functions TargetECDSAKeys/SetTargetECDSAKeys. Old methods are
left and marked deprecated.

Type Record provided an interface for adding a Target by Role and a list of
ECDSA keys. New SetTargets method allows to set the list of Target's,
AddTarget function allows to add a single Target. AddFormedTarget works like
old AddTarget method, which is now deprecated.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-12-01 10:11:32 +03:00

121 lines
2.8 KiB
Go

package eacl
import (
"crypto/ecdsa"
"testing"
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
"github.com/nspcc-dev/neofs-crypto/test"
"github.com/stretchr/testify/require"
)
func TestRecord(t *testing.T) {
record := NewRecord()
record.SetOperation(OperationRange)
record.SetAction(ActionAllow)
record.AddFilter(HeaderFromRequest, MatchStringEqual, "A", "B")
record.AddFilter(HeaderFromRequest, MatchStringNotEqual, "C", "D")
target := NewTarget()
target.SetRole(RoleSystem)
AddRecordTarget(record, target)
v2 := record.ToV2()
require.NotNil(t, v2)
require.Equal(t, v2acl.OperationRange, v2.GetOperation())
require.Equal(t, v2acl.ActionAllow, v2.GetAction())
require.Len(t, v2.GetFilters(), len(record.Filters()))
require.Len(t, v2.GetTargets(), len(record.Targets()))
newRecord := NewRecordFromV2(v2)
require.Equal(t, record, newRecord)
t.Run("create record", func(t *testing.T) {
record := CreateRecord(ActionAllow, OperationGet)
require.Equal(t, ActionAllow, record.Action())
require.Equal(t, OperationGet, record.Operation())
})
t.Run("new from nil v2 record", func(t *testing.T) {
require.Equal(t, new(Record), NewRecordFromV2(nil))
})
}
func TestAddFormedTarget(t *testing.T) {
items := []struct {
role Role
keys []ecdsa.PublicKey
}{
{
role: RoleUnknown,
keys: []ecdsa.PublicKey{test.DecodeKey(1).PublicKey},
},
{
role: RoleSystem,
keys: []ecdsa.PublicKey{},
},
}
targets := make([]*Target, 0, len(items))
r := NewRecord()
for _, item := range items {
tgt := NewTarget()
tgt.SetRole(item.role)
SetTargetECDSAKeys(tgt, ecdsaKeysToPtrs(item.keys)...)
targets = append(targets, tgt)
AddFormedTarget(r, item.role, item.keys...)
}
tgts := r.Targets()
require.Len(t, tgts, len(targets))
for _, tgt := range targets {
require.Contains(t, tgts, tgt)
}
}
func TestRecord_AddFilter(t *testing.T) {
filters := []*Filter{
newObjectFilter(MatchStringEqual, "some name", "ContainerID"),
newObjectFilter(MatchStringNotEqual, "X-Header-Name", "X-Header-Value"),
}
r := NewRecord()
for _, filter := range filters {
r.AddFilter(filter.From(), filter.Matcher(), filter.Key(), filter.Value())
}
require.Equal(t, filters, r.Filters())
}
func TestRecordEncoding(t *testing.T) {
r := NewRecord()
r.SetOperation(OperationHead)
r.SetAction(ActionDeny)
r.AddObjectAttributeFilter(MatchStringEqual, "key", "value")
AddFormedTarget(r, RoleSystem, test.DecodeKey(-1).PublicKey)
t.Run("binary", func(t *testing.T) {
data, err := r.Marshal()
require.NoError(t, err)
r2 := NewRecord()
require.NoError(t, r2.Unmarshal(data))
require.Equal(t, r, r2)
})
t.Run("json", func(t *testing.T) {
data, err := r.MarshalJSON()
require.NoError(t, err)
r2 := NewRecord()
require.NoError(t, r2.UnmarshalJSON(data))
require.Equal(t, r, r2)
})
}