git.frostfs.info/TrueCloudLab/frostfs-sdk-go@v0.0.0-20241022124111-5361f0ecebd3/container/acl/acl_basic_test.go

git.frostfs.info/TrueCloudLab/frostfs-sdk-go@v0.0.0-20241022124111-5361f0ecebd3/container/acl/acl_basic_test.go (about)

     1  package acl
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/require"
     7  )
     8  
     9  func TestBasic_DisableExtension(t *testing.T) {
    10  	var val, val2 Basic
    11  
    12  	require.True(t, val.Extendable())
    13  	val2.FromBits(val.Bits())
    14  	require.True(t, val2.Extendable())
    15  
    16  	val.DisableExtension()
    17  
    18  	require.False(t, val.Extendable())
    19  	val2.FromBits(val.Bits())
    20  	require.False(t, val2.Extendable())
    21  }
    22  
    23  func TestBasic_MakeSticky(t *testing.T) {
    24  	var val, val2 Basic
    25  
    26  	require.False(t, val.Sticky())
    27  	val2.FromBits(val.Bits())
    28  	require.False(t, val2.Sticky())
    29  
    30  	val.MakeSticky()
    31  
    32  	require.True(t, val.Sticky())
    33  	val2.FromBits(val.Bits())
    34  	require.True(t, val2.Sticky())
    35  }
    36  
    37  func TestBasic_AllowBearerRules(t *testing.T) {
    38  	var val Basic
    39  
    40  	require.Panics(t, func() { val.AllowBearerRules(opZero) })
    41  	require.Panics(t, func() { val.AllowBearerRules(opLast) })
    42  
    43  	require.Panics(t, func() { val.AllowedBearerRules(opZero) })
    44  	require.Panics(t, func() { val.AllowedBearerRules(opLast) })
    45  
    46  	for op := opZero + 1; op < opLast; op++ {
    47  		val := val
    48  
    49  		require.False(t, val.AllowedBearerRules(op))
    50  
    51  		val.AllowBearerRules(op)
    52  
    53  		for j := opZero + 1; j < opLast; j++ {
    54  			if j == op {
    55  				require.True(t, val.AllowedBearerRules(j), op)
    56  			} else {
    57  				require.False(t, val.AllowedBearerRules(j), op)
    58  			}
    59  		}
    60  	}
    61  }
    62  
    63  func TestBasic_AllowOp(t *testing.T) {
    64  	var val, val2 Basic
    65  
    66  	require.Panics(t, func() { val.IsOpAllowed(opZero, roleZero+1) })
    67  	require.Panics(t, func() { val.IsOpAllowed(opLast, roleZero+1) })
    68  	require.Panics(t, func() { val.IsOpAllowed(opZero+1, roleZero) })
    69  	require.Panics(t, func() { val.IsOpAllowed(opZero+1, roleLast) })
    70  
    71  	for op := opZero + 1; op < opLast; op++ {
    72  		require.Panics(t, func() { val.AllowOp(op, RoleInnerRing) })
    73  
    74  		if isReplicationOp(op) {
    75  			require.Panics(t, func() { val.AllowOp(op, RoleContainer) })
    76  			require.True(t, val.IsOpAllowed(op, RoleContainer))
    77  		}
    78  	}
    79  
    80  	require.True(t, val.IsOpAllowed(OpObjectGet, RoleInnerRing))
    81  	require.True(t, val.IsOpAllowed(OpObjectHead, RoleInnerRing))
    82  	require.True(t, val.IsOpAllowed(OpObjectSearch, RoleInnerRing))
    83  	require.True(t, val.IsOpAllowed(OpObjectHash, RoleInnerRing))
    84  
    85  	const op = opZero + 1
    86  	const role = RoleOthers
    87  
    88  	require.False(t, val.IsOpAllowed(op, role))
    89  	val2.FromBits(val.Bits())
    90  	require.False(t, val2.IsOpAllowed(op, role))
    91  
    92  	val.AllowOp(op, role)
    93  
    94  	require.True(t, val.IsOpAllowed(op, role))
    95  	val2.FromBits(val.Bits())
    96  	require.True(t, val2.IsOpAllowed(op, role))
    97  }
    98  
    99  type opsExpected struct {
   100  	owner, container, innerRing, others, bearer bool
   101  }
   102  
   103  func testOp(t *testing.T, v Basic, op Op, exp opsExpected) {
   104  	require.Equal(t, exp.owner, v.IsOpAllowed(op, RoleOwner), op)
   105  	require.Equal(t, exp.container, v.IsOpAllowed(op, RoleContainer), op)
   106  	require.Equal(t, exp.innerRing, v.IsOpAllowed(op, RoleInnerRing), op)
   107  	require.Equal(t, exp.others, v.IsOpAllowed(op, RoleOthers), op)
   108  	require.Equal(t, exp.bearer, v.AllowedBearerRules(op), op)
   109  }
   110  
   111  type expected struct {
   112  	extendable, sticky bool
   113  
   114  	mOps map[Op]opsExpected
   115  }
   116  
   117  func testBasicPredefined(t *testing.T, val Basic, name string, exp expected) {
   118  	require.Equal(t, exp.sticky, val.Sticky())
   119  	require.Equal(t, exp.extendable, val.Extendable())
   120  
   121  	for op, exp := range exp.mOps {
   122  		testOp(t, val, op, exp)
   123  	}
   124  
   125  	s := val.EncodeToString()
   126  
   127  	var val2 Basic
   128  
   129  	require.NoError(t, val2.DecodeString(s))
   130  	require.Equal(t, val, val2)
   131  
   132  	require.NoError(t, val2.DecodeString(name))
   133  	require.Equal(t, val, val2)
   134  }
   135  
   136  func TestBasicPredefined(t *testing.T) {
   137  	t.Run("private", func(t *testing.T) {
   138  		exp := expected{
   139  			extendable: false,
   140  			sticky:     false,
   141  			mOps: map[Op]opsExpected{
   142  				OpObjectHash: {
   143  					owner:     true,
   144  					container: true,
   145  					innerRing: true,
   146  					others:    false,
   147  					bearer:    false,
   148  				},
   149  				OpObjectRange: {
   150  					owner:     true,
   151  					container: false,
   152  					innerRing: false,
   153  					others:    false,
   154  					bearer:    false,
   155  				},
   156  				OpObjectSearch: {
   157  					owner:     true,
   158  					container: true,
   159  					innerRing: true,
   160  					others:    false,
   161  					bearer:    false,
   162  				},
   163  				OpObjectDelete: {
   164  					owner:     true,
   165  					container: false,
   166  					innerRing: false,
   167  					others:    false,
   168  					bearer:    false,
   169  				},
   170  				OpObjectPut: {
   171  					owner:     true,
   172  					container: true,
   173  					innerRing: false,
   174  					others:    false,
   175  					bearer:    false,
   176  				},
   177  				OpObjectHead: {
   178  					owner:     true,
   179  					container: true,
   180  					innerRing: true,
   181  					others:    false,
   182  					bearer:    false,
   183  				},
   184  				OpObjectGet: {
   185  					owner:     true,
   186  					container: true,
   187  					innerRing: true,
   188  					others:    false,
   189  					bearer:    false,
   190  				},
   191  			},
   192  		}
   193  
   194  		testBasicPredefined(t, Private, NamePrivate, exp)
   195  		exp.extendable = true
   196  		testBasicPredefined(t, PrivateExtended, NamePrivateExtended, exp)
   197  	})
   198  
   199  	t.Run("public-read", func(t *testing.T) {
   200  		exp := expected{
   201  			extendable: false,
   202  			sticky:     false,
   203  			mOps: map[Op]opsExpected{
   204  				OpObjectHash: {
   205  					owner:     true,
   206  					container: true,
   207  					innerRing: true,
   208  					others:    true,
   209  					bearer:    true,
   210  				},
   211  				OpObjectRange: {
   212  					owner:     true,
   213  					container: false,
   214  					innerRing: false,
   215  					others:    true,
   216  					bearer:    true,
   217  				},
   218  				OpObjectSearch: {
   219  					owner:     true,
   220  					container: true,
   221  					innerRing: true,
   222  					others:    true,
   223  					bearer:    true,
   224  				},
   225  				OpObjectDelete: {
   226  					owner:     true,
   227  					container: false,
   228  					innerRing: false,
   229  					others:    false,
   230  					bearer:    false,
   231  				},
   232  				OpObjectPut: {
   233  					owner:     true,
   234  					container: true,
   235  					innerRing: false,
   236  					others:    false,
   237  					bearer:    false,
   238  				},
   239  				OpObjectHead: {
   240  					owner:     true,
   241  					container: true,
   242  					innerRing: true,
   243  					others:    true,
   244  					bearer:    true,
   245  				},
   246  				OpObjectGet: {
   247  					owner:     true,
   248  					container: true,
   249  					innerRing: true,
   250  					others:    true,
   251  					bearer:    true,
   252  				},
   253  			},
   254  		}
   255  
   256  		testBasicPredefined(t, PublicRO, NamePublicRO, exp)
   257  		exp.extendable = true
   258  		testBasicPredefined(t, PublicROExtended, NamePublicROExtended, exp)
   259  	})
   260  
   261  	t.Run("public-read-write", func(t *testing.T) {
   262  		exp := expected{
   263  			extendable: false,
   264  			sticky:     false,
   265  			mOps: map[Op]opsExpected{
   266  				OpObjectHash: {
   267  					owner:     true,
   268  					container: true,
   269  					innerRing: true,
   270  					others:    true,
   271  					bearer:    true,
   272  				},
   273  				OpObjectRange: {
   274  					owner:     true,
   275  					container: false,
   276  					innerRing: false,
   277  					others:    true,
   278  					bearer:    true,
   279  				},
   280  				OpObjectSearch: {
   281  					owner:     true,
   282  					container: true,
   283  					innerRing: true,
   284  					others:    true,
   285  					bearer:    true,
   286  				},
   287  				OpObjectDelete: {
   288  					owner:     true,
   289  					container: false,
   290  					innerRing: false,
   291  					others:    true,
   292  					bearer:    true,
   293  				},
   294  				OpObjectPut: {
   295  					owner:     true,
   296  					container: true,
   297  					innerRing: false,
   298  					others:    true,
   299  					bearer:    true,
   300  				},
   301  				OpObjectHead: {
   302  					owner:     true,
   303  					container: true,
   304  					innerRing: true,
   305  					others:    true,
   306  					bearer:    true,
   307  				},
   308  				OpObjectGet: {
   309  					owner:     true,
   310  					container: true,
   311  					innerRing: true,
   312  					others:    true,
   313  					bearer:    true,
   314  				},
   315  			},
   316  		}
   317  
   318  		testBasicPredefined(t, PublicRW, NamePublicRW, exp)
   319  		exp.extendable = true
   320  		testBasicPredefined(t, PublicRWExtended, NamePublicRWExtended, exp)
   321  	})
   322  
   323  	t.Run("public-append", func(t *testing.T) {
   324  		exp := expected{
   325  			extendable: false,
   326  			sticky:     false,
   327  			mOps: map[Op]opsExpected{
   328  				OpObjectHash: {
   329  					owner:     true,
   330  					container: true,
   331  					innerRing: true,
   332  					others:    true,
   333  					bearer:    true,
   334  				},
   335  				OpObjectRange: {
   336  					owner:     true,
   337  					container: false,
   338  					innerRing: false,
   339  					others:    true,
   340  					bearer:    true,
   341  				},
   342  				OpObjectSearch: {
   343  					owner:     true,
   344  					container: true,
   345  					innerRing: true,
   346  					others:    true,
   347  					bearer:    true,
   348  				},
   349  				OpObjectDelete: {
   350  					owner:     true,
   351  					container: false,
   352  					innerRing: false,
   353  					others:    false,
   354  					bearer:    true,
   355  				},
   356  				OpObjectPut: {
   357  					owner:     true,
   358  					container: true,
   359  					innerRing: false,
   360  					others:    true,
   361  					bearer:    true,
   362  				},
   363  				OpObjectHead: {
   364  					owner:     true,
   365  					container: true,
   366  					innerRing: true,
   367  					others:    true,
   368  					bearer:    true,
   369  				},
   370  				OpObjectGet: {
   371  					owner:     true,
   372  					container: true,
   373  					innerRing: true,
   374  					others:    true,
   375  					bearer:    true,
   376  				},
   377  			},
   378  		}
   379  
   380  		testBasicPredefined(t, PublicAppend, NamePublicAppend, exp)
   381  		exp.extendable = true
   382  		testBasicPredefined(t, PublicAppendExtended, NamePublicAppendExtended, exp)
   383  	})
   384  }