| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. |
| 4 |
| 5 package delegation |
| 6 |
| 7 import ( |
| 8 "testing" |
| 9 |
| 10 "golang.org/x/net/context" |
| 11 |
| 12 "github.com/luci/gae/service/info" |
| 13 "github.com/luci/luci-go/appengine/gaetesting" |
| 14 "github.com/luci/luci-go/common/clock/testclock" |
| 15 "github.com/luci/luci-go/common/config" |
| 16 "github.com/luci/luci-go/common/config/impl/memory" |
| 17 admin "github.com/luci/luci-go/tokenserver/api/admin/v1" |
| 18 |
| 19 . "github.com/luci/luci-go/common/testing/assertions" |
| 20 . "github.com/smartystreets/goconvey/convey" |
| 21 ) |
| 22 |
| 23 func TestImportDelegationConfigs(t *testing.T) { |
| 24 Convey("Works", t, func() { |
| 25 ctx := gaetesting.TestingContext() |
| 26 ctx, _ = testclock.UseTime(ctx, testclock.TestTimeUTC) |
| 27 |
| 28 ctx = prepareCfg(ctx, `rules { |
| 29 name: "rule 1" |
| 30 requestor: "user:some-user@example.com" |
| 31 target_service: "service:some-service" |
| 32 allowed_to_impersonate: "group:some-group" |
| 33 allowed_audience: "REQUESTOR" |
| 34 max_validity_duration: 86400 |
| 35 }`) |
| 36 |
| 37 rpc := ImportDelegationConfigsRPC{} |
| 38 |
| 39 // No config. |
| 40 cfg, err := FetchDelegationConfig(ctx) |
| 41 So(err, ShouldBeNil) |
| 42 So(cfg.Config, ShouldBeNil) |
| 43 |
| 44 resp, err := rpc.ImportDelegationConfigs(ctx, nil) |
| 45 So(err, ShouldBeNil) |
| 46 So(resp, ShouldResemble, &admin.ImportedConfigs{ |
| 47 ImportedConfigs: []*admin.ImportedConfigs_ConfigFile{ |
| 48 { |
| 49 Name: "delegation.cfg", |
| 50 Revision: "780529c8f5e6b219e27482978d792
d580f7d4f9d", |
| 51 }, |
| 52 }, |
| 53 }) |
| 54 |
| 55 // Have config now. |
| 56 cfg, err = FetchDelegationConfig(ctx) |
| 57 So(err, ShouldBeNil) |
| 58 So(cfg.Config, ShouldNotBeNil) |
| 59 So(cfg.Revision, ShouldEqual, "780529c8f5e6b219e27482978d792d580
f7d4f9d") |
| 60 |
| 61 // Noop import. |
| 62 resp, err = rpc.ImportDelegationConfigs(ctx, nil) |
| 63 So(err, ShouldBeNil) |
| 64 So(resp.ImportedConfigs[0].Revision, ShouldEqual, "780529c8f5e6b
219e27482978d792d580f7d4f9d") |
| 65 |
| 66 // Try to import completely broken config. |
| 67 ctx = prepareCfg(ctx, `I'm broken`) |
| 68 _, err = rpc.ImportDelegationConfigs(ctx, nil) |
| 69 So(err, ShouldErrLike, `can't parse config file - line 1.0: unkn
own field name`) |
| 70 |
| 71 // Old config is not replaced. |
| 72 cfg, _ = FetchDelegationConfig(ctx) |
| 73 So(cfg.Revision, ShouldEqual, "780529c8f5e6b219e27482978d792d580
f7d4f9d") |
| 74 |
| 75 // Try to import a config that doesn't pass validation. |
| 76 ctx = prepareCfg(ctx, `rules { |
| 77 name: "rule 1" |
| 78 }`) |
| 79 _, err = rpc.ImportDelegationConfigs(ctx, nil) |
| 80 So(err, ShouldErrLike, `validation error - rule #1 ("rule 1"): '
requestor' is required (and 4 other errors)`) |
| 81 |
| 82 // Old config is not replaced. |
| 83 cfg, _ = FetchDelegationConfig(ctx) |
| 84 So(cfg.Revision, ShouldEqual, "780529c8f5e6b219e27482978d792d580
f7d4f9d") |
| 85 }) |
| 86 } |
| 87 |
| 88 func prepareCfg(c context.Context, configFile string) context.Context { |
| 89 return config.SetImplementation(c, memory.New(map[string]memory.ConfigSe
t{ |
| 90 "services/" + info.AppID(c): { |
| 91 "delegation.cfg": configFile, |
| 92 }, |
| 93 })) |
| 94 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2413683004:
token-server: Delegation config import, validation and evaluation. (Closed)
