milo/appengine/settings/acl_test.go - Issue 2241853002: Milo: ACL support

Side by Side Diff: milo/appengine/settings/acl_test.go

Issue 2241853002: Milo: ACL support (Closed) Base URL: https://chromium.googlesource.com/external/github.com/luci/luci-go@lucicfg

Patch Set: Simplified Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2016 The LUCI Authors. All rights reserved.

	2 // Use of this source code is governed under the Apache License, Version 2.0

	3 // that can be found in the LICENSE file.

	4

	5 package settings

	6

	7 import (

	8 "net"

	9 "strings"

	10 "testing"

	11

	12 "github.com/luci/gae/impl/memory"

	13 lucicfg "github.com/luci/luci-go/common/config"

	14 memcfg "github.com/luci/luci-go/common/config/impl/memory"

	15 "github.com/luci/luci-go/common/logging/gologger"

	16 "github.com/luci/luci-go/server/auth"

	17 "github.com/luci/luci-go/server/auth/authdb"

	18 "github.com/luci/luci-go/server/auth/identity"

	19 "github.com/luci/luci-go/server/secrets"

	20 "golang.org/x/net/context"

	21

	22 . "github.com/smartystreets/goconvey/convey"

	23 )

	24

	25 func TestACL(t *testing.T) {

	26 t.Parallel()

	27

	28 Convey("Test Environment", t, func() {

	29 c := memory.UseWithAppID(context.Background(), "dev~luci-milo")

	30 c = gologger.StdConfig.Use(c)

	31

	32 Convey("Set up projects", func() {

	33 c = lucicfg.SetImplementation(c, memcfg.New(aclConfgs))

	34 err := update(c)

	35 So(err, ShouldBeNil)

	36

	37 Convey("Anon wants to...", func() {

	38 c = auth.WithState(c, fakeState{})

	39 Convey("Read public project", func() {

	40 ok, err := IsAllowed(c, "opensource")

	41 So(ok, ShouldEqual, true)

	42 So(err, ShouldBeNil)

	43 })

	44 Convey("Read private project", func() {

	45 ok, err := IsAllowed(c, "secret")

	46 So(ok, ShouldEqual, false)

	47 So(err, ShouldBeNil)

	48 })

	49

	50 })

	51 Convey("alicebob@google.com wants to...", func() {

	52 c = auth.WithState(c, fakeState{"alicebob@google .com"})

	53 Convey("Read private project", func() {

	54 ok, err := IsAllowed(c, "secret")

	55 So(ok, ShouldEqual, true)

	56 So(err, ShouldBeNil)

	57 })

	58 })

	59

	60 Convey("eve@notgoogle.com wants to...", func() {

	61 c = auth.WithState(c, fakeState{"eve@notgoogle.c om"})

	62 Convey("Read public project", func() {

	63 ok, err := IsAllowed(c, "opensource")

	64 So(ok, ShouldEqual, true)

	65 So(err, ShouldBeNil)

	66 })

	67 Convey("Read private project", func() {

	68 ok, err := IsAllowed(c, "secret")

	69 So(ok, ShouldEqual, false)

	70 So(err, ShouldBeNil)

	71 })

	72 })

	73 })

	74 })

	75 }

	76

	77 type testingAuthDB struct{}
	Vadim Sh. 2016/08/16 00:21:22 you can probably avoid most of this mocks if you u you can probably avoid most of this mocks if you use stuff from https://godoc.org/github.com/luci/luci-go/server/auth/authtest in particular, https://godoc.org/github.com/luci/luci-go/server/auth/authtest#FakeDB and https://godoc.org/github.com/luci/luci-go/server/auth/authtest#FakeState Ryan Tseng 2016/08/16 00:38:06 Done. Show quoted text On 2016/08/16 00:21:22, Vadim Sh. wrote: > you can probably avoid most of this mocks if you use stuff from > https://godoc.org/github.com/luci/luci-go/server/auth/authtest > > in particular, > https://godoc.org/github.com/luci/luci-go/server/auth/authtest#FakeDB and > https://godoc.org/github.com/luci/luci-go/server/auth/authtest#FakeState Done.
	78

	79 func (a testingAuthDB) IsAllowedOAuthClientID(

	80 c context.Context, email, clientID string) (bool, error) {

	81 panic("Not Implemented")

	82 }

	83

	84 func (a testingAuthDB) IsMember(

	85 c context.Context, id identity.Identity, group string) (bool, error) {

	86 if group == "all" {

	87 return true, nil

	88 }

	89 if id.Kind() == identity.User &&

	90 strings.HasSuffix(id.Value(), "@google.com") {

	91 return true, nil

	92 }

	93 return false, nil

	94 }

	95 func (a testingAuthDB) SharedSecrets(c context.Context) (secrets.Store, error) {

	96 panic("Not Implemented")

	97 }

	98

	99 func (a testingAuthDB) GetWhitelistForIdentity(

	100 c context.Context, ident identity.Identity) (string, error) {

	101

	102 panic("Not Implemented")

	103 }

	104 func (a testingAuthDB) IsInWhitelist(

	105 c context.Context, ip net.IP, whitelist string) (bool, error) {

	106

	107 panic("Not Implemented")

	108 }

	109 func (a testingAuthDB) GetAuthServiceURL(c context.Context) (string, error) {

	110 panic("Not Implemented")

	111 }

	112

	113 type fakeState struct{ Who string }

	114

	115 func (s fakeState) DB() authdb.DB {

	116 return testingAuthDB{}

	117 }

	118 func (s fakeState) Method() auth.Method {

	119 return nil

	120 }

	121 func (s fakeState) User() *auth.User {

	122 if s.Who == "" {

	123 return &auth.User{Identity: identity.AnonymousIdentity}

	124 }

	125 id, _ := identity.MakeIdentity("user:" + s.Who)

	126 return &auth.User{

	127 Identity: id,

	128 Email: s.Who,

	129 }

	130 }

	131 func (s fakeState) PeerIdentity() identity.Identity {

	132 return identity.AnonymousIdentity

	133 }

	134 func (s fakeState) PeerIP() net.IP {

	135 return nil

	136 }

	137

	138 var secretProjectCfg = `

	139 ID: "secret"

	140 Readers: "google.com"

	141 `

	142

	143 var publicProjectCfg = `

	144 ID: "opensource"

	145 Readers: "all"

	146 `

	147

	148 var aclConfgs = map[string]memcfg.ConfigSet{

	149 "projects/secret.git": {

	150 "luci-milo.cfg": secretProjectCfg,

	151 },

	152 "projects/opensource.git": {

	153 "luci-milo.cfg": publicProjectCfg,

	154 },

	155 }

OLD	NEW

« no previous file with comments | « milo/appengine/settings/acl.go ('k') | milo/common/miloerror/error.go » ('j') | no next file with comments »