Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(345)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/serviceaccounts/rpc_import_service_accounts_configs_test.go

Issue 2997433002: tokenserver: Validate and parse service_accounts.cfg rules. (Closed)
Patch Set: set order Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« tokenserver/appengine/impl/serviceaccounts/config_validation.go ('K') | « tokenserver/appengine/impl/serviceaccounts/config_validation_test.go ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The LUCI Authors. 1 // Copyright 2017 The LUCI Authors.
2 // 2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License. 4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at 5 // You may obtain a copy of the License at
6 // 6 //
7 // http://www.apache.org/licenses/LICENSE-2.0 7 // http://www.apache.org/licenses/LICENSE-2.0
8 // 8 //
9 // Unless required by applicable law or agreed to in writing, software 9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, 10 // distributed under the License is distributed on an "AS IS" BASIS,
(...skipping 25 matching lines...) Expand all
36 t.Parallel() 36 t.Parallel()
37 37
38 Convey("Works", t, func() { 38 Convey("Works", t, func() {
39 ctx := gaetesting.TestingContext() 39 ctx := gaetesting.TestingContext()
40 ctx, clk := testclock.UseTime(ctx, testclock.TestTimeUTC) 40 ctx, clk := testclock.UseTime(ctx, testclock.TestTimeUTC)
41 41
42 ctx = prepareCfg(ctx, `rules { 42 ctx = prepareCfg(ctx, `rules {
43 name: "rule 1" 43 name: "rule 1"
44 owner: "developer@example.com" 44 owner: "developer@example.com"
45 service_account: "abc@robots.com" 45 service_account: "abc@robots.com"
46 » » » allowed_scope: "https://scope" 46 » » » allowed_scope: "https://www.googleapis.com/scope"
47 end_user: "user:abc@example.com" 47 end_user: "user:abc@example.com"
48 end_user: "group:group-name" 48 end_user: "group:group-name"
49 proxy: "user:proxy@example.com" 49 proxy: "user:proxy@example.com"
50 max_grant_validity_duration: 3600 50 max_grant_validity_duration: 3600
51 }`) 51 }`)
52 52
53 rules := NewRulesCache() 53 rules := NewRulesCache()
54 rpc := ImportServiceAccountsConfigsRPC{RulesCache: rules} 54 rpc := ImportServiceAccountsConfigsRPC{RulesCache: rules}
55 55
56 // No config. 56 // No config.
57 r, err := rules.Rules(ctx) 57 r, err := rules.Rules(ctx)
58 So(err, ShouldEqual, policy.ErrNoPolicy) 58 So(err, ShouldEqual, policy.ErrNoPolicy)
59 59
60 resp, err := rpc.ImportServiceAccountsConfigs(ctx, nil) 60 resp, err := rpc.ImportServiceAccountsConfigs(ctx, nil)
61 So(err, ShouldBeNil) 61 So(err, ShouldBeNil)
62 So(resp, ShouldResemble, &admin.ImportedConfigs{ 62 So(resp, ShouldResemble, &admin.ImportedConfigs{
63 » » » Revision: "16d15198a351a6a9beb7afe6f3485c9a47b18f7d", 63 » » » Revision: "1cf48bbdc045f33856894adf9c7d7e4211e28b2a",
64 }) 64 })
65 65
66 // Have config now. 66 // Have config now.
67 r, err = rules.Rules(ctx) 67 r, err = rules.Rules(ctx)
68 So(err, ShouldBeNil) 68 So(err, ShouldBeNil)
69 » » So(r.ConfigRevision(), ShouldEqual, "16d15198a351a6a9beb7afe6f34 85c9a47b18f7d") 69 » » So(r.ConfigRevision(), ShouldEqual, "1cf48bbdc045f33856894adf9c7 d7e4211e28b2a")
70 70
71 // Noop import. 71 // Noop import.
72 resp, err = rpc.ImportServiceAccountsConfigs(ctx, nil) 72 resp, err = rpc.ImportServiceAccountsConfigs(ctx, nil)
73 So(err, ShouldBeNil) 73 So(err, ShouldBeNil)
74 » » So(resp.Revision, ShouldEqual, "16d15198a351a6a9beb7afe6f3485c9a 47b18f7d") 74 » » So(resp.Revision, ShouldEqual, "1cf48bbdc045f33856894adf9c7d7e42 11e28b2a")
75 75
76 // Try to import completely broken config. 76 // Try to import completely broken config.
77 ctx = prepareCfg(ctx, `I'm broken`) 77 ctx = prepareCfg(ctx, `I'm broken`)
78 _, err = rpc.ImportServiceAccountsConfigs(ctx, nil) 78 _, err = rpc.ImportServiceAccountsConfigs(ctx, nil)
79 So(err, ShouldErrLike, `line 1.0: unknown field name`) 79 So(err, ShouldErrLike, `line 1.0: unknown field name`)
80 80
81 // Old config is not replaced. 81 // Old config is not replaced.
82 r, _ = rules.Rules(ctx) 82 r, _ = rules.Rules(ctx)
83 » » So(r.ConfigRevision(), ShouldEqual, "16d15198a351a6a9beb7afe6f34 85c9a47b18f7d") 83 » » So(r.ConfigRevision(), ShouldEqual, "1cf48bbdc045f33856894adf9c7 d7e4211e28b2a")
84 84
85 // Roll time to expire local rules cache. 85 // Roll time to expire local rules cache.
86 clk.Add(10 * time.Minute) 86 clk.Add(10 * time.Minute)
87 87
88 // Have new config now! 88 // Have new config now!
89 ctx = prepareCfg(ctx, `rules { 89 ctx = prepareCfg(ctx, `rules {
90 name: "rule 2" 90 name: "rule 2"
91 owner: "developer@example.com" 91 owner: "developer@example.com"
92 service_account: "abc@robots.com" 92 service_account: "abc@robots.com"
93 » » » allowed_scope: "https://scope" 93 » » » allowed_scope: "https://www.googleapis.com/scope"
94 end_user: "user:abc@example.com" 94 end_user: "user:abc@example.com"
95 end_user: "group:group-name" 95 end_user: "group:group-name"
96 proxy: "user:proxy@example.com" 96 proxy: "user:proxy@example.com"
97 max_grant_validity_duration: 3600 97 max_grant_validity_duration: 3600
98 }`) 98 }`)
99 99
100 // Import it. 100 // Import it.
101 resp, err = rpc.ImportServiceAccountsConfigs(ctx, nil) 101 resp, err = rpc.ImportServiceAccountsConfigs(ctx, nil)
102 So(err, ShouldBeNil) 102 So(err, ShouldBeNil)
103 So(resp, ShouldResemble, &admin.ImportedConfigs{ 103 So(resp, ShouldResemble, &admin.ImportedConfigs{
104 » » » Revision: "663ea6e319c41b6fcee65d8d1d5c758813aa0fb1", 104 » » » Revision: "7d835b8ae2e227099324bf17ee1f2c828011ff1c",
105 }) 105 })
106 106
107 // It is now active. 107 // It is now active.
108 r, err = rules.Rules(ctx) 108 r, err = rules.Rules(ctx)
109 So(err, ShouldBeNil) 109 So(err, ShouldBeNil)
110 » » So(r.ConfigRevision(), ShouldEqual, "663ea6e319c41b6fcee65d8d1d5 c758813aa0fb1") 110 » » So(r.ConfigRevision(), ShouldEqual, "7d835b8ae2e227099324bf17ee1 f2c828011ff1c")
111 }) 111 })
112 } 112 }
113 113
114 func prepareCfg(c context.Context, configFile string) context.Context { 114 func prepareCfg(c context.Context, configFile string) context.Context {
115 return testconfig.WithCommonClient(c, memory.New(map[string]memory.Confi gSet{ 115 return testconfig.WithCommonClient(c, memory.New(map[string]memory.Confi gSet{
116 "services/" + info.AppID(c): { 116 "services/" + info.AppID(c): {
117 "service_accounts.cfg": configFile, 117 "service_accounts.cfg": configFile,
118 }, 118 },
119 })) 119 }))
120 } 120 }
OLDNEW
« tokenserver/appengine/impl/serviceaccounts/config_validation.go ('K') | « tokenserver/appengine/impl/serviceaccounts/config_validation_test.go ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698