You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
consul/acl/policy_test.go

270 lines
4.0 KiB

package acl
import (
"reflect"
"strings"
"testing"
)
func TestACLPolicy_Parse_HCL(t *testing.T) {
inp := `
key "" {
policy = "read"
}
key "foo/" {
policy = "write"
}
key "foo/bar/" {
policy = "read"
}
key "foo/bar/baz" {
policy = "deny"
}
service "" {
policy = "write"
}
service "foo" {
policy = "read"
}
event "" {
policy = "read"
}
event "foo" {
policy = "write"
}
event "bar" {
policy = "deny"
}
query "" {
policy = "read"
}
query "foo" {
policy = "write"
}
query "bar" {
policy = "deny"
}
keyring = "deny"
`
exp := &Policy{
Keys: []*KeyPolicy{
&KeyPolicy{
Prefix: "",
Policy: PolicyRead,
},
&KeyPolicy{
Prefix: "foo/",
Policy: PolicyWrite,
},
&KeyPolicy{
Prefix: "foo/bar/",
Policy: PolicyRead,
},
&KeyPolicy{
Prefix: "foo/bar/baz",
Policy: PolicyDeny,
},
},
Services: []*ServicePolicy{
&ServicePolicy{
Name: "",
Policy: PolicyWrite,
},
&ServicePolicy{
Name: "foo",
Policy: PolicyRead,
},
},
Events: []*EventPolicy{
&EventPolicy{
Event: "",
Policy: PolicyRead,
},
&EventPolicy{
Event: "foo",
Policy: PolicyWrite,
},
&EventPolicy{
Event: "bar",
Policy: PolicyDeny,
},
},
PreparedQueries: []*PreparedQueryPolicy{
&PreparedQueryPolicy{
Prefix: "",
Policy: PolicyRead,
},
&PreparedQueryPolicy{
Prefix: "foo",
Policy: PolicyWrite,
},
&PreparedQueryPolicy{
Prefix: "bar",
Policy: PolicyDeny,
},
},
Keyring: PolicyDeny,
}
out, err := Parse(inp)
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(out, exp) {
t.Fatalf("bad: %#v %#v", out, exp)
}
}
func TestACLPolicy_Parse_JSON(t *testing.T) {
inp := `{
"key": {
"": {
"policy": "read"
},
"foo/": {
"policy": "write"
},
"foo/bar/": {
"policy": "read"
},
"foo/bar/baz": {
"policy": "deny"
}
},
"service": {
"": {
"policy": "write"
},
"foo": {
"policy": "read"
}
},
"event": {
"": {
"policy": "read"
},
"foo": {
"policy": "write"
},
"bar": {
"policy": "deny"
}
},
"query": {
"": {
"policy": "read"
},
"foo": {
"policy": "write"
},
"bar": {
"policy": "deny"
}
},
"keyring": "deny"
}`
exp := &Policy{
Keys: []*KeyPolicy{
&KeyPolicy{
Prefix: "",
Policy: PolicyRead,
},
&KeyPolicy{
Prefix: "foo/",
Policy: PolicyWrite,
},
&KeyPolicy{
Prefix: "foo/bar/",
Policy: PolicyRead,
},
&KeyPolicy{
Prefix: "foo/bar/baz",
Policy: PolicyDeny,
},
},
Services: []*ServicePolicy{
&ServicePolicy{
Name: "",
Policy: PolicyWrite,
},
&ServicePolicy{
Name: "foo",
Policy: PolicyRead,
},
},
Events: []*EventPolicy{
&EventPolicy{
Event: "",
Policy: PolicyRead,
},
&EventPolicy{
Event: "foo",
Policy: PolicyWrite,
},
&EventPolicy{
Event: "bar",
Policy: PolicyDeny,
},
},
PreparedQueries: []*PreparedQueryPolicy{
&PreparedQueryPolicy{
Prefix: "",
Policy: PolicyRead,
},
&PreparedQueryPolicy{
Prefix: "foo",
Policy: PolicyWrite,
},
&PreparedQueryPolicy{
Prefix: "bar",
Policy: PolicyDeny,
},
},
Keyring: PolicyDeny,
}
out, err := Parse(inp)
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(out, exp) {
t.Fatalf("bad: %#v %#v", out, exp)
}
}
func TestACLPolicy_Keyring_Empty(t *testing.T) {
inp := `
keyring = ""
`
exp := &Policy{
Keyring: "",
}
out, err := Parse(inp)
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(out, exp) {
t.Fatalf("bad: %#v %#v", out, exp)
}
}
func TestACLPolicy_Bad_Policy(t *testing.T) {
cases := []string{
`key "" { policy = "nope" }`,
`service "" { policy = "nope" }`,
`event "" { policy = "nope" }`,
`query "" { policy = "nope" }`,
`keyring = "nope"`,
}
for _, c := range cases {
_, err := Parse(c)
if err == nil || !strings.Contains(err.Error(), "Invalid") {
t.Fatalf("expected policy error, got: %#v", err)
}
}
}