Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/authdb/snapshot_test.go

Issue 2873113002: auth: Remove "shared" aka "global" secrets. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « server/auth/authdb/snapshot.go ('k') | server/auth/authtest/db.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package authdb 5 package authdb
6 6
7 import ( 7 import (
8 "encoding/json" 8 "encoding/json"
9 "net" 9 "net"
10 "net/http" 10 "net/http"
11 "testing" 11 "testing"
12 12
13 "golang.org/x/net/context" 13 "golang.org/x/net/context"
14 14
15 "github.com/luci/luci-go/server/auth/identity" 15 "github.com/luci/luci-go/server/auth/identity"
16 "github.com/luci/luci-go/server/auth/internal" 16 "github.com/luci/luci-go/server/auth/internal"
17 "github.com/luci/luci-go/server/auth/service/protocol" 17 "github.com/luci/luci-go/server/auth/service/protocol"
18 "github.com/luci/luci-go/server/auth/signing" 18 "github.com/luci/luci-go/server/auth/signing"
19 "github.com/luci/luci-go/server/auth/signing/signingtest" 19 "github.com/luci/luci-go/server/auth/signing/signingtest"
20 "github.com/luci/luci-go/server/secrets"
21 20
22 . "github.com/smartystreets/goconvey/convey" 21 . "github.com/smartystreets/goconvey/convey"
23 ) 22 )
24 23
25 func TestSnapshotDB(t *testing.T) { 24 func TestSnapshotDB(t *testing.T) {
26 Convey("IsAllowedOAuthClientID works", t, func() { 25 Convey("IsAllowedOAuthClientID works", t, func() {
27 c := context.Background() 26 c := context.Background()
28 db, err := NewSnapshotDB(&protocol.AuthDB{ 27 db, err := NewSnapshotDB(&protocol.AuthDB{
29 OauthClientId: strPtr("primary-client-id"), 28 OauthClientId: strPtr("primary-client-id"),
30 OauthAdditionalClientIds: []string{ 29 OauthAdditionalClientIds: []string{
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
93 92
94 So(call("user:abc@example.com", "cycle"), ShouldBeFalse) 93 So(call("user:abc@example.com", "cycle"), ShouldBeFalse)
95 So(call("user:abc@example.com", "unknown"), ShouldBeFalse) 94 So(call("user:abc@example.com", "unknown"), ShouldBeFalse)
96 So(call("user:abc@example.com", "unknown nested"), ShouldBeFalse ) 95 So(call("user:abc@example.com", "unknown nested"), ShouldBeFalse )
97 96
98 So(call("user:abc@example.com"), ShouldBeFalse) 97 So(call("user:abc@example.com"), ShouldBeFalse)
99 So(call("user:abc@example.com", "unknown", "direct"), ShouldBeTr ue) 98 So(call("user:abc@example.com", "unknown", "direct"), ShouldBeTr ue)
100 So(call("user:abc@example.com", "via glob", "direct"), ShouldBeT rue) 99 So(call("user:abc@example.com", "via glob", "direct"), ShouldBeT rue)
101 }) 100 })
102 101
103 Convey("SharedSecrets works", t, func() {
104 c := context.Background()
105 db, err := NewSnapshotDB(&protocol.AuthDB{
106 Secrets: []*protocol.AuthSecret{
107 {
108 Name: strPtr("secret-1"),
109 Values: [][]byte{
110 []byte("current"),
111 },
112 },
113 {
114 Name: strPtr("secret-2"),
115 Values: [][]byte{
116 []byte("current"),
117 []byte("prev1"),
118 []byte("prev2"),
119 },
120 },
121 {
122 Name: strPtr("empty"),
123 },
124 },
125 }, "http://auth-service", 1234)
126 So(err, ShouldBeNil)
127
128 s, err := db.SharedSecrets(c)
129 So(err, ShouldBeNil)
130 So(s, ShouldResemble, secrets.StaticStore{
131 "secret-1": {
132 Current: secrets.NamedBlob{Blob: []byte("current ")},
133 },
134 "secret-2": {
135 Current: secrets.NamedBlob{Blob: []byte("current ")},
136 Previous: []secrets.NamedBlob{
137 {Blob: []byte("prev1")},
138 {Blob: []byte("prev2")},
139 },
140 },
141 })
142 })
143
144 Convey("GetCertificates works", t, func(c C) { 102 Convey("GetCertificates works", t, func(c C) {
145 db, err := NewSnapshotDB(&protocol.AuthDB{ 103 db, err := NewSnapshotDB(&protocol.AuthDB{
146 OauthClientId: strPtr("primary-client-id"), 104 OauthClientId: strPtr("primary-client-id"),
147 OauthAdditionalClientIds: []string{ 105 OauthAdditionalClientIds: []string{
148 "additional-client-id-1", 106 "additional-client-id-1",
149 "additional-client-id-2", 107 "additional-client-id-2",
150 }, 108 },
151 TokenServerUrl: strPtr("http://token-server"), 109 TokenServerUrl: strPtr("http://token-server"),
152 }, "http://auth-service", 1234) 110 }, "http://auth-service", 1234)
153 So(err, ShouldBeNil) 111 So(err, ShouldBeNil)
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after
276 }, 234 },
277 }, 235 },
278 }, "http://auth-service", 1234) 236 }, "http://auth-service", 1234)
279 237
280 b.ResetTimer() 238 b.ResetTimer()
281 239
282 for i := 0; i < b.N; i++ { 240 for i := 0; i < b.N; i++ {
283 db.IsMember(c, "user:somedude@example.com", "outer") 241 db.IsMember(c, "user:somedude@example.com", "outer")
284 } 242 }
285 } 243 }
OLDNEW
« no previous file with comments | « server/auth/authdb/snapshot.go ('k') | server/auth/authtest/db.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698