Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(800)

Side by Side Diff: scheduler/appengine/acl/acl_test.go

Issue 2993793003: [scheduler]: ACLs phase 3 - require ACLs specs for each Job/Trigger. (Closed)
Patch Set: Updated patchset dependency Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « scheduler/appengine/acl/acl.go ('k') | scheduler/appengine/engine/engine_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The LUCI Authors. 1 // Copyright 2017 The LUCI Authors.
2 // 2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License. 4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at 5 // You may obtain a copy of the License at
6 // 6 //
7 // http://www.apache.org/licenses/LICENSE-2.0 7 // http://www.apache.org/licenses/LICENSE-2.0
8 // 8 //
9 // Unless required by applicable law or agreed to in writing, software 9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, 10 // distributed under the License is distributed on an "AS IS" BASIS,
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 _, err := ValidateAclSets(sets) 61 _, err := ValidateAclSets(sets)
62 So(err, ShouldNotBeNil) 62 So(err, ShouldNotBeNil)
63 } 63 }
64 64
65 shouldError(&messages.AclSet{Name: "one"}) 65 shouldError(&messages.AclSet{Name: "one"})
66 shouldError(&messages.AclSet{Name: "?bad i'd", Acls: validGrants }) 66 shouldError(&messages.AclSet{Name: "?bad i'd", Acls: validGrants })
67 shouldError(validAclSet, validAclSet) 67 shouldError(validAclSet, validAclSet)
68 }) 68 })
69 69
70 Convey("Task Acls", t, func() { 70 Convey("Task Acls", t, func() {
71 » » Convey("Without AclSets", func() { 71 » » Convey("READER and OWNER ACLs are required", func() {
72 » » » jobAcls, err := ValidateTaskAcls(nil, []string{}, validG rants) 72 » » » _, err := ValidateTaskAcls(nil, []string{},
73 » » » So(err, ShouldBeNil) 73 » » » » []*messages.Acl{{Role: messages.Acl_READER, Gran tedTo: "group:readers"}})
74 » » » So(jobAcls.Owners, ShouldResemble, []string{}) 74 » » » So(err.Error(), ShouldResemble, "Job or Trigger must hav e OWNER acl set")
75 » » » So(jobAcls.Readers, ShouldResemble, []string{"group:all" }) 75
76 » » » _, err = ValidateTaskAcls(nil, []string{},
77 » » » » []*messages.Acl{{Role: messages.Acl_OWNER, Grant edTo: "group:owners"}})
78 » » » So(err.Error(), ShouldResemble, "Job or Trigger must hav e READER acl set")
76 }) 79 })
77 80
78 Convey("Without AclSets but with bad ACLs", func() { 81 Convey("Without AclSets but with bad ACLs", func() {
79 _, err := ValidateTaskAcls(nil, []string{}, []*messages. Acl{ 82 _, err := ValidateTaskAcls(nil, []string{}, []*messages. Acl{
80 {Role: messages.Acl_OWNER, GrantedTo: ""}}) 83 {Role: messages.Acl_OWNER, GrantedTo: ""}})
81 So(err, ShouldNotBeNil) 84 So(err, ShouldNotBeNil)
82 }) 85 })
83 86
84 Convey("Many ACLs", func() { 87 Convey("Many ACLs", func() {
85 taskGrants := make([]*messages.Acl, maxGrantsPerJob) 88 taskGrants := make([]*messages.Acl, maxGrantsPerJob)
86 » » » for i := 0; i < maxGrantsPerJob; i++ { 89 » » » taskGrants[0] = &messages.Acl{Role: messages.Acl_READER, GrantedTo: "group:readers"}
90 » » » for i := 1; i < maxGrantsPerJob; i++ {
87 taskGrants[i] = &messages.Acl{Role: messages.Acl _OWNER, GrantedTo: fmt.Sprintf("group:%d", i)} 91 taskGrants[i] = &messages.Acl{Role: messages.Acl _OWNER, GrantedTo: fmt.Sprintf("group:%d", i)}
88 } 92 }
93 So(len(taskGrants), ShouldEqual, maxGrantsPerJob)
89 Convey("Hitting max is OK", func() { 94 Convey("Hitting max is OK", func() {
90 r, err := ValidateTaskAcls(nil, []string{}, task Grants) 95 r, err := ValidateTaskAcls(nil, []string{}, task Grants)
91 So(err, ShouldBeNil) 96 So(err, ShouldBeNil)
92 » » » » So(len(r.Owners), ShouldEqual, maxGrantsPerJob) 97 » » » » So(len(r.Readers), ShouldEqual, 1)
98 » » » » So(len(r.Owners), ShouldEqual, maxGrantsPerJob-1 )
93 }) 99 })
94 Convey("1 too many", func() { 100 Convey("1 too many", func() {
95 aclSets := map[string][]*messages.Acl{ 101 aclSets := map[string][]*messages.Acl{
96 "public": {{Role: messages.Acl_READER, G rantedTo: "group:all"}}, 102 "public": {{Role: messages.Acl_READER, G rantedTo: "group:all"}},
97 } 103 }
98 _, err := ValidateTaskAcls(aclSets, []string{"pu blic"}, taskGrants) 104 _, err := ValidateTaskAcls(aclSets, []string{"pu blic"}, taskGrants)
99 So(err.Error(), ShouldResemble, "Job or Trigger can have at most 32 acls, but 33 given") 105 So(err.Error(), ShouldResemble, "Job or Trigger can have at most 32 acls, but 33 given")
100 }) 106 })
101 }) 107 })
102 108
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
209 Convey("GrantsByRole.Equal", t, func() { 215 Convey("GrantsByRole.Equal", t, func() {
210 x1 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b", "c"}} 216 x1 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b", "c"}}
211 x2 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b", "c"}} 217 x2 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b", "c"}}
212 So(x1.Equal(&x2), ShouldBeTrue) 218 So(x1.Equal(&x2), ShouldBeTrue)
213 y := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{ "b", "d"}} 219 y := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{ "b", "d"}}
214 z := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{ "b", "c", "d"}} 220 z := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{ "b", "c", "d"}}
215 So(x1.Equal(&y), ShouldBeFalse) 221 So(x1.Equal(&y), ShouldBeFalse)
216 So(y.Equal(&z), ShouldBeFalse) 222 So(y.Equal(&z), ShouldBeFalse)
217 }) 223 })
218 } 224 }
OLDNEW
« no previous file with comments | « scheduler/appengine/acl/acl.go ('k') | scheduler/appengine/engine/engine_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698