Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(753)

Unified Diff: milo/appengine/settings/acl_test.go

Issue 2241853002: Milo: ACL support (Closed) Base URL: https://chromium.googlesource.com/external/github.com/luci/luci-go@lucicfg
Patch Set: rebase Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « milo/appengine/settings/acl.go ('k') | milo/common/miloerror/error.go » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: milo/appengine/settings/acl_test.go
diff --git a/milo/appengine/settings/acl_test.go b/milo/appengine/settings/acl_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..e2591ee42a15e8f6415c2fb1a2e4f2c5ab152ef5
--- /dev/null
+++ b/milo/appengine/settings/acl_test.go
@@ -0,0 +1,100 @@
+// Copyright 2016 The LUCI Authors. All rights reserved.
+// Use of this source code is governed under the Apache License, Version 2.0
+// that can be found in the LICENSE file.
+
+package settings
+
+import (
+ "testing"
+
+ "github.com/luci/gae/impl/memory"
+ lucicfg "github.com/luci/luci-go/common/config"
+ memcfg "github.com/luci/luci-go/common/config/impl/memory"
+ "github.com/luci/luci-go/common/logging/gologger"
+ "github.com/luci/luci-go/server/auth"
+ "github.com/luci/luci-go/server/auth/authtest"
+ "github.com/luci/luci-go/server/auth/identity"
+ "golang.org/x/net/context"
+
+ . "github.com/smartystreets/goconvey/convey"
+)
+
+func TestACL(t *testing.T) {
+ t.Parallel()
+
+ Convey("Test Environment", t, func() {
+ c := memory.UseWithAppID(context.Background(), "dev~luci-milo")
+ c = gologger.StdConfig.Use(c)
+
+ Convey("Set up projects", func() {
+ c = lucicfg.SetImplementation(c, memcfg.New(aclConfgs))
+ err := update(c)
+ So(err, ShouldBeNil)
+
+ Convey("Anon wants to...", func() {
+ c = auth.WithState(c, &authtest.FakeState{
+ Identity: identity.AnonymousIdentity,
+ IdentityGroups: []string{"all"},
+ })
+ Convey("Read public project", func() {
+ ok, err := IsAllowed(c, "opensource")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, false)
+ So(err, ShouldBeNil)
+ })
+
+ })
+ Convey("alicebob@google.com wants to...", func() {
+ c = auth.WithState(c, &authtest.FakeState{
+ Identity: "user:alicebob@google.com",
+ IdentityGroups: []string{"google.com", "all"},
+ })
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ })
+
+ Convey("eve@notgoogle.com wants to...", func() {
+ c = auth.WithState(c, &authtest.FakeState{
+ Identity: "user:eve@notgoogle.com",
+ IdentityGroups: []string{"all"},
+ })
+ Convey("Read public project", func() {
+ ok, err := IsAllowed(c, "opensource")
+ So(ok, ShouldEqual, true)
+ So(err, ShouldBeNil)
+ })
+ Convey("Read private project", func() {
+ ok, err := IsAllowed(c, "secret")
+ So(ok, ShouldEqual, false)
+ So(err, ShouldBeNil)
+ })
+ })
+ })
+ })
+}
+
+var secretProjectCfg = `
+ID: "secret"
+Readers: "google.com"
+`
+
+var publicProjectCfg = `
+ID: "opensource"
+Readers: "all"
+`
+
+var aclConfgs = map[string]memcfg.ConfigSet{
+ "projects/secret.git": {
+ "luci-milo.cfg": secretProjectCfg,
+ },
+ "projects/opensource.git": {
+ "luci-milo.cfg": publicProjectCfg,
+ },
+}
« no previous file with comments | « milo/appengine/settings/acl.go ('k') | milo/common/miloerror/error.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698