Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(284)

Unified Diff: tokenserver/appengine/impl/serviceaccounts/config_validation_test.go

Issue 2997433002: tokenserver: Validate and parse service_accounts.cfg rules. (Closed)
Patch Set: tokenserver: Validate and parse service_accounts.cfg rules. Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: tokenserver/appengine/impl/serviceaccounts/config_validation_test.go
diff --git a/tokenserver/appengine/impl/serviceaccounts/config_validation_test.go b/tokenserver/appengine/impl/serviceaccounts/config_validation_test.go
index 19c104d5c87396f6ce7e94cc38a6111e0f16e0fd..a07e8f0429fcf5e1f286ed95eb4bed9d5069c35a 100644
--- a/tokenserver/appengine/impl/serviceaccounts/config_validation_test.go
+++ b/tokenserver/appengine/impl/serviceaccounts/config_validation_test.go
@@ -40,10 +40,11 @@ func TestValidation(t *testing.T) {
name: "rule 1"
owner: "developer@example.com"
service_account: "abc@robots.com"
- allowed_scope: "https://scope"
+ allowed_scope: "https://www.googleapis.com/scope"
end_user: "user:abc@example.com"
- end_user: "group:group-name"
+ end_user: "group:enduser-group"
proxy: "user:proxy@example.com"
+ proxy: "group:proxy-group"
max_grant_validity_duration: 3600
}
@@ -51,16 +52,115 @@ func TestValidation(t *testing.T) {
name: "rule 2"
owner: "developer@example.com"
service_account: "def@robots.com"
- allowed_scope: "https://scope"
+ allowed_scope: "https://www.googleapis.com/scope"
end_user: "user:abc@example.com"
- end_user: "group:group-name"
+ end_user: "group:enduser-group"
proxy: "user:proxy@example.com"
+ proxy: "group:proxy-group"
max_grant_validity_duration: 3600
}
`,
},
- // TODO(vadimsh): Add more cases.
+ // Minimal config.
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ }
+ `,
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ }
+ rules {
+ name: "rule 1"
+ }
+ `,
+ Errors: []string{"two rules with identical name"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ service_account: "abc@robots.com"
+ }
+ rules {
+ name: "rule 2"
+ service_account: "abc@robots.com"
+ }
+ `,
+ Errors: []string{"mentioned by more than one rule"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ service_account: "abc@robots.com"
+ }
+ `,
+ Errors: []string{`"name" is required`},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ service_account: "not an email"
+ }
+ `,
+ Errors: []string{"bad value"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ allowed_scope: "not a scope"
+ }
+ `,
+ Errors: []string{"bad scope"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ end_user: "group:"
+ end_user: "user:not an email"
+ }
+ `,
+ Errors: []string{"bad group entry", "bad value"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ proxy: "group:"
+ proxy: "user:not an email"
+ }
+ `,
+ Errors: []string{"bad group entry", "bad value"},
+ },
+
+ {
+ Cfg: `
+ rules {
+ name: "rule 1"
+ max_grant_validity_duration: -1
+ }
+ rules {
+ name: "rule 2"
+ max_grant_validity_duration: 10000000
+ }
+ `,
+ Errors: []string{"must be positive", "must not exceed"},
+ },
}
Convey("Validation works", t, func(c C) {

Powered by Google App Engine
This is Rietveld 408576698