LogDog: Project READ access for user endpoints.

appengine/logdog/coordinator/coordinatorTest/context.go

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package coordinatorTest
 
 import (
         "fmt"
+        "strings"
+        "time"
 
         "github.com/golang/protobuf/proto"
         ds "github.com/luci/gae/service/datastore"
+        "github.com/luci/gae/service/info"
         "github.com/luci/luci-go/appengine/logdog/coordinator"
         "github.com/luci/luci-go/appengine/logdog/coordinator/config"
         "github.com/luci/luci-go/appengine/tumble"
         "github.com/luci/luci-go/common/clock"
         "github.com/luci/luci-go/common/clock/testclock"
         luciConfig "github.com/luci/luci-go/common/config"
         "github.com/luci/luci-go/common/config/impl/memory"
         "github.com/luci/luci-go/common/gcloud/gs"
         "github.com/luci/luci-go/common/logging"
         "github.com/luci/luci-go/common/logging/gologger"
-        configProto "github.com/luci/luci-go/common/proto/config"
+        "github.com/luci/luci-go/common/proto/google"
         "github.com/luci/luci-go/common/proto/logdog/svcconfig"
         "github.com/luci/luci-go/server/auth"
         "github.com/luci/luci-go/server/auth/authtest"
         "github.com/luci/luci-go/server/logdog/storage"
         memoryStorage "github.com/luci/luci-go/server/logdog/storage/memory"
         "github.com/luci/luci-go/server/settings"
         "golang.org/x/net/context"
 )
 
 // Environment contains all of the testing facilities that are installed into
@@ skipping 27 matching lines @@
         // default) into Services.
         ArchivalPublisher ArchivalPublisher
 }
 
 // JoinGroup adds the named group the to the list of groups for the current
 // identity.
 func (e *Environment) JoinGroup(g string) {
         e.AuthState.IdentityGroups = append(e.AuthState.IdentityGroups, g)
 }
 
+// LeaveAllGroups clears all auth groups that the user is currently a member of.
+func (e *Environment) LeaveAllGroups() {
+        e.AuthState.IdentityGroups = nil
+        e.JoinGroup("all")
+}
+
 // ClearCoordinatorConfig removes the Coordinator configuration entry,
 // simulating a missing config.
 func (e *Environment) ClearCoordinatorConfig(c context.Context) {
         configSet, _ := config.ServiceConfigPath(c)
         delete(e.Config, configSet)
 }
 
 // ModServiceConfig loads the current service configuration, invokes the
 // callback with its contents, and writes the result back to config.
-func (e *Environment) ModServiceConfig(c context.Context, fn func(*svcconfig.Coordinator)) {
+func (e *Environment) ModServiceConfig(c context.Context, fn func(*svcconfig.Config)) {
         configSet, configPath := config.ServiceConfigPath(c)
 
         var cfg svcconfig.Config
         e.modTextProtobuf(configSet, configPath, &cfg, func() {
-                if cfg.Coordinator == nil {
-                        cfg.Coordinator = &svcconfig.Coordinator{}
-                }
-                fn(cfg.Coordinator)
+                fn(&cfg)
         })
 }
 
+// ModProjectConfig loads the current configuration for the named project,
+// invokes the callback with its contents, and writes the result back to config.
+func (e *Environment) ModProjectConfig(c context.Context, proj luciConfig.ProjectName, fn func(*svcconfig.ProjectConfig)) {
+        configSet, configPath := config.ProjectConfigPath(c, proj)
+
+        var pcfg svcconfig.ProjectConfig
+        e.modTextProtobuf(configSet, configPath, &pcfg, func() {
+                fn(&pcfg)
+        })
+}
+
 // DrainTumbleAll drains all Tumble instances across all namespaces.
 func (e *Environment) DrainTumbleAll(c context.Context) {
         projects, err := luciConfig.Get(c).GetProjects()
         if err != nil {
                 panic(err)
         }
 
         for _, proj := range projects {
                 WithProjectNamespace(c, luciConfig.ProjectName(proj.ID), func(c context.Context) {
                         e.Tumble.Drain(c)
@@ skipping 11 matching lines @@
                 }
 
         case luciConfig.ErrNoConfig:
                 break
 
         default:
                 panic(err)
         }
 
         fn()
+        e.addConfigEntry(configSet, path, proto.MarshalTextString(msg))
+}
 
+func (e *Environment) addConfigEntry(configSet, path, content string) {
         cset := e.Config[configSet]
         if cset == nil {
                 cset = make(map[string]string)
                 e.Config[configSet] = cset
         }
-        cset[path] = proto.MarshalTextString(msg)
+        cset[path] = content
 }
 
 // Install creates a testing Context and installs common test facilities into
 // it, returning the Environment to which they're bound.
 func Install() (context.Context, *Environment) {
         e := Environment{
                 Config: make(map[string]memory.ConfigSet),
         }
 
         // Get our starting context. This installs, among other things, in-memory
@@ skipping 37 matching lines @@
         e.Clock = clock.Get(c).(testclock.TestClock)
 
         // Install GAE config service settings.
         c = settings.Use(c, settings.New(&settings.MemoryStorage{}))
 
         // Setup luci-config configuration.
         c = memory.Use(c, e.Config)
         e.ConfigIface = luciConfig.Get(c)
 
         // luci-config: Projects.
-        addProjectConfig := func(proj luciConfig.ProjectName, localName string, access ...string) {
-                configSet, configPath := config.ProjectConfigPath(c, proj)
-
-                var cfg configProto.ProjectCfg
-                e.modTextProtobuf(configSet, configPath, &cfg, func() {
-                        cfg.Name = &localName
-                        cfg.Access = access
+        projectName := info.Get(c).AppID()
+        addProjectConfig := func(proj luciConfig.ProjectName, access ...string) {
+                e.ModProjectConfig(c, proj, func(pcfg *svcconfig.ProjectConfig) {
+                        for _, a := range access {
+                                parts := strings.SplitN(a, ":", 2)
+                                group, field := parts[0], &pcfg.ReaderAuthGroups
+                                if len(parts) == 2 {
+                                        switch parts[1] {
+                                        case "R":
+                                                break
+                                        case "W":
+                                                field = &pcfg.WriterAuthGroups
+                                        default:
+                                                panic(a)
+                                        }
+                                }
+                                *field = append(*field, group)
+                        }
                 })
         }
-        addProjectConfig("proj-foo", "Foo Project", "group:all")
-        addProjectConfig("proj-bar", "Bar Project", "group:all")
-        addProjectConfig("proj-baz", "Baz Project", "group:all")
-        addProjectConfig("proj-qux", "Qux Project", "group:all")
-        addProjectConfig("proj-exclusive", "Exclusive Project", "group:auth")
+        addProjectConfig("proj-foo", "all:R", "all:W")
+        addProjectConfig("proj-bar", "all:R", "auth:W")
+        addProjectConfig("proj-exclusive", "auth:R", "auth:W")
+
+        // Add a project without a LogDog project config.
+        e.addConfigEntry("projects/proj-unconfigured", "not-logdog.cfg", "junk")
+
+        configSet, configName := config.ProjectConfigPath(c, "proj-malformed")
+        e.addConfigEntry(configSet, configName, "!!! not a text protobuf !!!")
 
         // luci-config: Coordinator Defaults
-        e.ModServiceConfig(c, func(cfg *svcconfig.Coordinator) {
-                *cfg = svcconfig.Coordinator{
+        e.ModServiceConfig(c, func(cfg *svcconfig.Config) {
+                cfg.Transport = &svcconfig.Transport{
+                        Type: &svcconfig.Transport_Pubsub{
+                                Pubsub: &svcconfig.Transport_PubSub{
+                                        Project: projectName,
+                                        Topic:   "test-topic",
+                                },
+                        },
+                }
+                cfg.Coordinator = &svcconfig.Coordinator{
                         AdminAuthGroup:   "admin",
                         ServiceAuthGroup: "services",
+                        PrefixExpiration: google.NewDuration(24 * time.Hour),
                 }
         })
 
         // Setup Tumble. This also adds the two Tumble indexes to datastore.
         e.Tumble.EnableDelayedMutations(c)
 
         tcfg := e.Tumble.GetConfig(c)
         tcfg.Namespaced = true
         e.Tumble.UpdateSettings(c, tcfg)
 
         // Install authentication state.
         c = auth.WithState(c, &e.AuthState)
 
         // Setup authentication state.
-        e.JoinGroup("all")
+        e.LeaveAllGroups()
 
         // Setup our default Coordinator services.
         e.Services = Services{
                 IS: func() (storage.Storage, error) {
                         return &e.IntermediateStorage, nil
                 },
                 GS: func() (gs.Client, error) {
                         return &e.GSClient, nil
                 },
                 AP: func() (coordinator.ArchivalPublisher, error) {
                         return &e.ArchivalPublisher, nil
                 },
         }
         c = coordinator.WithServices(c, &e.Services)
 
         return c, &e
 }
 
 // WithProjectNamespace runs f in proj's namespace, bypassing authentication
 // checks.
 func WithProjectNamespace(c context.Context, proj luciConfig.ProjectName, f func(context.Context)) {
         if err := coordinator.WithProjectNamespaceNoAuth(&c, proj); err != nil {
                 panic(err)
         }
         f(c)
 }