|
|
|
@ -4,6 +4,7 @@ import ( |
|
|
|
"errors" |
|
|
|
"errors" |
|
|
|
"strconv" |
|
|
|
"strconv" |
|
|
|
"strings" |
|
|
|
"strings" |
|
|
|
|
|
|
|
"sync" |
|
|
|
"sync/atomic" |
|
|
|
"sync/atomic" |
|
|
|
"testing" |
|
|
|
"testing" |
|
|
|
"time" |
|
|
|
"time" |
|
|
|
@ -1058,6 +1059,15 @@ func TestServer_DeltaAggregatedResources_v3_ACLEnforcement(t *testing.T) { |
|
|
|
|
|
|
|
|
|
|
|
for _, tt := range tests { |
|
|
|
for _, tt := range tests { |
|
|
|
t.Run(tt.name, func(t *testing.T) { |
|
|
|
t.Run(tt.name, func(t *testing.T) { |
|
|
|
|
|
|
|
var stopped bool |
|
|
|
|
|
|
|
lock := &sync.RWMutex{} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer func() { |
|
|
|
|
|
|
|
lock.Lock() |
|
|
|
|
|
|
|
stopped = true |
|
|
|
|
|
|
|
lock.Unlock() |
|
|
|
|
|
|
|
}() |
|
|
|
|
|
|
|
|
|
|
|
// aclResolve may be called in a goroutine even after a
|
|
|
|
// aclResolve may be called in a goroutine even after a
|
|
|
|
// testcase tt returns. Capture the variable as tc so the
|
|
|
|
// testcase tt returns. Capture the variable as tc so the
|
|
|
|
// values don't swap in the next iteration.
|
|
|
|
// values don't swap in the next iteration.
|
|
|
|
@ -1071,6 +1081,14 @@ func TestServer_DeltaAggregatedResources_v3_ACLEnforcement(t *testing.T) { |
|
|
|
// No token and defaultDeny is denied
|
|
|
|
// No token and defaultDeny is denied
|
|
|
|
return acl.RootAuthorizer("deny"), nil |
|
|
|
return acl.RootAuthorizer("deny"), nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
lock.RLock() |
|
|
|
|
|
|
|
defer lock.RUnlock() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if stopped { |
|
|
|
|
|
|
|
return acl.DenyAll().ToAllowAuthorizer(), nil |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Ensure the correct token was passed
|
|
|
|
// Ensure the correct token was passed
|
|
|
|
require.Equal(t, tc.token, id) |
|
|
|
require.Equal(t, tc.token, id) |
|
|
|
// Parse the ACL and enforce it
|
|
|
|
// Parse the ACL and enforce it
|
|
|
|
|
Andrew Stucki
2 years ago
committed by