github.com/clly/consul@v1.4.5/agent/consul/filter_test.go (about) 1 package consul 2 3 import ( 4 "reflect" 5 "testing" 6 7 "github.com/hashicorp/consul/acl" 8 "github.com/hashicorp/consul/agent/structs" 9 ) 10 11 func TestFilter_DirEnt(t *testing.T) { 12 t.Parallel() 13 policy, _ := acl.NewPolicyFromSource("", 0, testFilterRules, acl.SyntaxLegacy, nil) 14 aclR, _ := acl.NewPolicyAuthorizer(acl.DenyAll(), []*acl.Policy{policy}, nil) 15 16 type tcase struct { 17 in []string 18 out []string 19 } 20 cases := []tcase{ 21 tcase{ 22 in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"}, 23 out: []string{"foo/test", "foo/other"}, 24 }, 25 tcase{ 26 in: []string{"abe", "lincoln"}, 27 out: nil, 28 }, 29 tcase{ 30 in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, 31 out: []string{"foo/1", "foo/2", "foo/3"}, 32 }, 33 } 34 35 for _, tc := range cases { 36 ents := structs.DirEntries{} 37 for _, in := range tc.in { 38 ents = append(ents, &structs.DirEntry{Key: in}) 39 } 40 41 ents = FilterDirEnt(aclR, ents) 42 var outL []string 43 for _, e := range ents { 44 outL = append(outL, e.Key) 45 } 46 47 if !reflect.DeepEqual(outL, tc.out) { 48 t.Fatalf("bad: %#v %#v", outL, tc.out) 49 } 50 } 51 } 52 53 func TestFilter_Keys(t *testing.T) { 54 t.Parallel() 55 policy, _ := acl.NewPolicyFromSource("", 0, testFilterRules, acl.SyntaxLegacy, nil) 56 aclR, _ := acl.NewPolicyAuthorizer(acl.DenyAll(), []*acl.Policy{policy}, nil) 57 58 type tcase struct { 59 in []string 60 out []string 61 } 62 cases := []tcase{ 63 tcase{ 64 in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"}, 65 out: []string{"foo/test", "foo/other"}, 66 }, 67 tcase{ 68 in: []string{"abe", "lincoln"}, 69 out: []string{}, 70 }, 71 tcase{ 72 in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, 73 out: []string{"foo/1", "foo/2", "foo/3"}, 74 }, 75 } 76 77 for _, tc := range cases { 78 out := FilterKeys(aclR, tc.in) 79 if !reflect.DeepEqual(out, tc.out) { 80 t.Fatalf("bad: %#v %#v", out, tc.out) 81 } 82 } 83 } 84 85 func TestFilter_TxnResults(t *testing.T) { 86 t.Parallel() 87 policy, _ := acl.NewPolicyFromSource("", 0, testFilterRules, acl.SyntaxLegacy, nil) 88 aclR, _ := acl.NewPolicyAuthorizer(acl.DenyAll(), []*acl.Policy{policy}, nil) 89 90 type tcase struct { 91 in []string 92 out []string 93 } 94 cases := []tcase{ 95 tcase{ 96 in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"}, 97 out: []string{"foo/test", "foo/other"}, 98 }, 99 tcase{ 100 in: []string{"abe", "lincoln"}, 101 out: nil, 102 }, 103 tcase{ 104 in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, 105 out: []string{"foo/1", "foo/2", "foo/3"}, 106 }, 107 } 108 109 for _, tc := range cases { 110 results := structs.TxnResults{} 111 for _, in := range tc.in { 112 results = append(results, &structs.TxnResult{KV: &structs.DirEntry{Key: in}}) 113 } 114 115 results = FilterTxnResults(aclR, results) 116 var outL []string 117 for _, r := range results { 118 outL = append(outL, r.KV.Key) 119 } 120 121 if !reflect.DeepEqual(outL, tc.out) { 122 t.Fatalf("bad: %#v %#v", outL, tc.out) 123 } 124 } 125 126 // Run a non-KV result. 127 results := structs.TxnResults{} 128 results = append(results, &structs.TxnResult{}) 129 results = FilterTxnResults(aclR, results) 130 if len(results) != 1 { 131 t.Fatalf("should not have filtered non-KV result") 132 } 133 } 134 135 var testFilterRules = ` 136 key "" { 137 policy = "deny" 138 } 139 key "foo/" { 140 policy = "read" 141 } 142 key "foo/priv/" { 143 policy = "deny" 144 } 145 key "zip/" { 146 policy = "read" 147 } 148 `