Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(521)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: milo/appengine/settings/acl_test.go

Issue 2241853002: Milo: ACL support (Closed) Base URL: https://chromium.googlesource.com/external/github.com/luci/luci-go@lucicfg
Patch Set: Simplified Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « milo/appengine/settings/acl.go ('k') | milo/common/miloerror/error.go » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: milo/appengine/settings/acl_test.go
diff --git a/milo/appengine/settings/acl_test.go b/milo/appengine/settings/acl_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..a0f5d1746d07e7f71caad430672bd00580fa3235
--- /dev/null
+++ b/milo/appengine/settings/acl_test.go
@@ -0,0 +1,155 @@
+// Copyright 2016 The LUCI Authors. All rights reserved.
+// Use of this source code is governed under the Apache License, Version 2.0
+// that can be found in the LICENSE file.
+
+package settings
+
+import (
+ "net"
+ "strings"
+ "testing"
+
+ "github.com/luci/gae/impl/memory"
+ lucicfg "github.com/luci/luci-go/common/config"
+ memcfg "github.com/luci/luci-go/common/config/impl/memory"
+ "github.com/luci/luci-go/common/logging/gologger"
+ "github.com/luci/luci-go/server/auth"
+ "github.com/luci/luci-go/server/auth/authdb"
+ "github.com/luci/luci-go/server/auth/identity"
+ "github.com/luci/luci-go/server/secrets"
+ "golang.org/x/net/context"
+
+ . "github.com/smartystreets/goconvey/convey"
+)
+
+func TestACL(t *testing.T) {
+ t.Parallel()
+
+ Convey("Test Environment", t, func() {
+ c := memory.UseWithAppID(context.Background(), "dev~luci-milo")
+ c = gologger.StdConfig.Use(c)
+
+ Convey("Set up projects", func() {
+ c = lucicfg.SetImplementation(c, memcfg.New(aclConfgs))
+ err := update(c)
+ So(err, ShouldBeNil)
+
+ Convey("Anon wants to...", func() {
+ c = auth.WithState(c, fakeState{})
+ Convey("Read public project", func() {
+ ok, err := IsAllowed(c, "opensource")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, false)
+ So(err, ShouldBeNil)
+ })
+
+ })
+ Convey("alicebob@google.com wants to...", func() {
+ c = auth.WithState(c, fakeState{"alicebob@google.com"})
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ })
+
+ Convey("eve@notgoogle.com wants to...", func() {
+ c = auth.WithState(c, fakeState{"eve@notgoogle.com"})
+ Convey("Read public project", func() {
+ ok, err := IsAllowed(c, "opensource")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, false)
+ So(err, ShouldBeNil)
+ })
+ })
+ })
+ })
+}
+
+type testingAuthDB struct{}
Vadim Sh. 2016/08/16 00:21:22 you can probably avoid most of this mocks if you u
Ryan Tseng 2016/08/16 00:38:06 Done.
+
+func (a testingAuthDB) IsAllowedOAuthClientID(
+ c context.Context, email, clientID string) (bool, error) {
+ panic("Not Implemented")
+}
+
+func (a testingAuthDB) IsMember(
+ c context.Context, id identity.Identity, group string) (bool, error) {
+ if group == "all" {
+ return true, nil
+ }
+ if id.Kind() == identity.User &&
+ strings.HasSuffix(id.Value(), "@google.com") {
+ return true, nil
+ }
+ return false, nil
+}
+func (a testingAuthDB) SharedSecrets(c context.Context) (secrets.Store, error) {
+ panic("Not Implemented")
+}
+
+func (a testingAuthDB) GetWhitelistForIdentity(
+ c context.Context, ident identity.Identity) (string, error) {
+
+ panic("Not Implemented")
+}
+func (a testingAuthDB) IsInWhitelist(
+ c context.Context, ip net.IP, whitelist string) (bool, error) {
+
+ panic("Not Implemented")
+}
+func (a testingAuthDB) GetAuthServiceURL(c context.Context) (string, error) {
+ panic("Not Implemented")
+}
+
+type fakeState struct{ Who string }
+
+func (s fakeState) DB() authdb.DB {
+ return testingAuthDB{}
+}
+func (s fakeState) Method() auth.Method {
+ return nil
+}
+func (s fakeState) User() *auth.User {
+ if s.Who == "" {
+ return &auth.User{Identity: identity.AnonymousIdentity}
+ }
+ id, _ := identity.MakeIdentity("user:" + s.Who)
+ return &auth.User{
+ Identity: id,
+ Email: s.Who,
+ }
+}
+func (s fakeState) PeerIdentity() identity.Identity {
+ return identity.AnonymousIdentity
+}
+func (s fakeState) PeerIP() net.IP {
+ return nil
+}
+
+var secretProjectCfg = `
+ID: "secret"
+Readers: "google.com"
+`
+
+var publicProjectCfg = `
+ID: "opensource"
+Readers: "all"
+`
+
+var aclConfgs = map[string]memcfg.ConfigSet{
+ "projects/secret.git": {
+ "luci-milo.cfg": secretProjectCfg,
+ },
+ "projects/opensource.git": {
+ "luci-milo.cfg": publicProjectCfg,
+ },
+}
« no previous file with comments | « milo/appengine/settings/acl.go ('k') | milo/common/miloerror/error.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698