OLD | NEW |
1 // Copyright 2017 The LUCI Authors. | 1 // Copyright 2017 The LUCI Authors. |
2 // | 2 // |
3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
6 // | 6 // |
7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
8 // | 8 // |
9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 _, err := ValidateAclSets(sets) | 61 _, err := ValidateAclSets(sets) |
62 So(err, ShouldNotBeNil) | 62 So(err, ShouldNotBeNil) |
63 } | 63 } |
64 | 64 |
65 shouldError(&messages.AclSet{Name: "one"}) | 65 shouldError(&messages.AclSet{Name: "one"}) |
66 shouldError(&messages.AclSet{Name: "?bad i'd", Acls: validGrants
}) | 66 shouldError(&messages.AclSet{Name: "?bad i'd", Acls: validGrants
}) |
67 shouldError(validAclSet, validAclSet) | 67 shouldError(validAclSet, validAclSet) |
68 }) | 68 }) |
69 | 69 |
70 Convey("Task Acls", t, func() { | 70 Convey("Task Acls", t, func() { |
71 » » Convey("Without AclSets", func() { | 71 » » Convey("READER and OWNER ACLs are required", func() { |
72 » » » jobAcls, err := ValidateTaskAcls(nil, []string{}, validG
rants) | 72 » » » _, err := ValidateTaskAcls(nil, []string{}, |
73 » » » So(err, ShouldBeNil) | 73 » » » » []*messages.Acl{{Role: messages.Acl_READER, Gran
tedTo: "group:readers"}}) |
74 » » » So(jobAcls.Owners, ShouldResemble, []string{}) | 74 » » » So(err.Error(), ShouldResemble, "Job or Trigger must hav
e OWNER acl set") |
75 » » » So(jobAcls.Readers, ShouldResemble, []string{"group:all"
}) | 75 |
| 76 » » » _, err = ValidateTaskAcls(nil, []string{}, |
| 77 » » » » []*messages.Acl{{Role: messages.Acl_OWNER, Grant
edTo: "group:owners"}}) |
| 78 » » » So(err.Error(), ShouldResemble, "Job or Trigger must hav
e READER acl set") |
76 }) | 79 }) |
77 | 80 |
78 Convey("Without AclSets but with bad ACLs", func() { | 81 Convey("Without AclSets but with bad ACLs", func() { |
79 _, err := ValidateTaskAcls(nil, []string{}, []*messages.
Acl{ | 82 _, err := ValidateTaskAcls(nil, []string{}, []*messages.
Acl{ |
80 {Role: messages.Acl_OWNER, GrantedTo: ""}}) | 83 {Role: messages.Acl_OWNER, GrantedTo: ""}}) |
81 So(err, ShouldNotBeNil) | 84 So(err, ShouldNotBeNil) |
82 }) | 85 }) |
83 | 86 |
84 Convey("Many ACLs", func() { | 87 Convey("Many ACLs", func() { |
85 taskGrants := make([]*messages.Acl, maxGrantsPerJob) | 88 taskGrants := make([]*messages.Acl, maxGrantsPerJob) |
86 » » » for i := 0; i < maxGrantsPerJob; i++ { | 89 » » » taskGrants[0] = &messages.Acl{Role: messages.Acl_READER,
GrantedTo: "group:readers"} |
| 90 » » » for i := 1; i < maxGrantsPerJob; i++ { |
87 taskGrants[i] = &messages.Acl{Role: messages.Acl
_OWNER, GrantedTo: fmt.Sprintf("group:%d", i)} | 91 taskGrants[i] = &messages.Acl{Role: messages.Acl
_OWNER, GrantedTo: fmt.Sprintf("group:%d", i)} |
88 } | 92 } |
| 93 So(len(taskGrants), ShouldEqual, maxGrantsPerJob) |
89 Convey("Hitting max is OK", func() { | 94 Convey("Hitting max is OK", func() { |
90 r, err := ValidateTaskAcls(nil, []string{}, task
Grants) | 95 r, err := ValidateTaskAcls(nil, []string{}, task
Grants) |
91 So(err, ShouldBeNil) | 96 So(err, ShouldBeNil) |
92 » » » » So(len(r.Owners), ShouldEqual, maxGrantsPerJob) | 97 » » » » So(len(r.Readers), ShouldEqual, 1) |
| 98 » » » » So(len(r.Owners), ShouldEqual, maxGrantsPerJob-1
) |
93 }) | 99 }) |
94 Convey("1 too many", func() { | 100 Convey("1 too many", func() { |
95 aclSets := map[string][]*messages.Acl{ | 101 aclSets := map[string][]*messages.Acl{ |
96 "public": {{Role: messages.Acl_READER, G
rantedTo: "group:all"}}, | 102 "public": {{Role: messages.Acl_READER, G
rantedTo: "group:all"}}, |
97 } | 103 } |
98 _, err := ValidateTaskAcls(aclSets, []string{"pu
blic"}, taskGrants) | 104 _, err := ValidateTaskAcls(aclSets, []string{"pu
blic"}, taskGrants) |
99 So(err.Error(), ShouldResemble, "Job or Trigger
can have at most 32 acls, but 33 given") | 105 So(err.Error(), ShouldResemble, "Job or Trigger
can have at most 32 acls, but 33 given") |
100 }) | 106 }) |
101 }) | 107 }) |
102 | 108 |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
209 Convey("GrantsByRole.Equal", t, func() { | 215 Convey("GrantsByRole.Equal", t, func() { |
210 x1 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b",
"c"}} | 216 x1 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b",
"c"}} |
211 x2 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b",
"c"}} | 217 x2 := GrantsByRole{Readers: []string{"a"}, Owners: []string{"b",
"c"}} |
212 So(x1.Equal(&x2), ShouldBeTrue) | 218 So(x1.Equal(&x2), ShouldBeTrue) |
213 y := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{
"b", "d"}} | 219 y := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{
"b", "d"}} |
214 z := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{
"b", "c", "d"}} | 220 z := GrantsByRole{Readers: []string{"e", "g"}, Owners: []string{
"b", "c", "d"}} |
215 So(x1.Equal(&y), ShouldBeFalse) | 221 So(x1.Equal(&y), ShouldBeFalse) |
216 So(y.Equal(&z), ShouldBeFalse) | 222 So(y.Equal(&z), ShouldBeFalse) |
217 }) | 223 }) |
218 } | 224 } |
OLD | NEW |