github.com/grailbio/base@v0.0.11/cmd/ticket-server/googlegroups_test.go (about) 1 // Copyright 2018 GRAIL, Inc. All rights reserved. 2 // Use of this source code is governed by the Apache-2.0 3 // license that can be found in the LICENSE file. 4 5 package main 6 7 import ( 8 "testing" 9 10 "github.com/grailbio/base/vcontext" 11 "github.com/stretchr/testify/assert" 12 "v.io/v23/security" 13 "v.io/v23/security/access" 14 ) 15 16 var ( 17 testDomainList = []string{"grailbio.com", "contractors.grail.com"} 18 ) 19 20 func TestInit(t *testing.T) { 21 ctx := vcontext.Background() 22 f := func() { 23 hostedDomains = nil 24 googleGroupsInit(ctx, "admin@grailbio.com") 25 } 26 assert.PanicsWithValue(t, "hostedDomains not initialized", f) 27 28 f = func() { 29 googleBlesserInit([]string{}) 30 googleGroupsInit(ctx, "admin@grailbio.com") 31 } 32 assert.PanicsWithValue(t, "hostedDomains not initialized", f) 33 } 34 35 func TestEmail(t *testing.T) { 36 ctx := vcontext.Background() 37 googleBlesserInit(testDomainList) 38 googleGroupsInit(ctx, "admin@grailbio.com") 39 40 cases := []struct { 41 blessing string 42 email string 43 }{ 44 {"v23.grail.com:google:razvanm@grailbio.com", "razvanm@grailbio.com"}, 45 {"v23.grail.com:google:razvanm@grailbio.com:_role", "razvanm@grailbio.com"}, 46 {"v23.grail.com:google:complex_+.email@grailbio.com:_role", "complex_+.email@grailbio.com"}, 47 {"v23.grail.com:google:razvanm@grailbioacom", ""}, 48 {"v23.grail.com:google:razvanm@gmail.com", ""}, 49 {"v23.grail.com:google:razvanm@", ""}, 50 {"v23.grail.com:google:razvanm", ""}, 51 {"v23.grail.com:google", ""}, 52 {"v23.grail.com:xxx:razvanm@grailbio.com", ""}, 53 {"v23.grail.com:googlegroups:eng@grailbio.com", ""}, 54 {"v23.grail.com:googlegroups:golang-nuts@googlegroups.com:google:razvanm@grailbio.com", ""}, 55 {"v23.grail.com:googlegroups:eng@grailbio.com:google:razvanm@grailbio.com", ""}, 56 } 57 58 prefix := "v23.grail.com" 59 for _, c := range cases { 60 got, want := verifyAndExtractEmailFromBlessing(c.blessing, prefix), c.email 61 if got != want { 62 t.Errorf("email(%q, %q): got %q, want %q", c.blessing, prefix, got, want) 63 } 64 } 65 } 66 67 func TestGroup(t *testing.T) { 68 ctx := vcontext.Background() 69 googleBlesserInit(testDomainList) 70 googleGroupsInit(ctx, "admin@grailbio.com") 71 72 cases := []struct { 73 blessing string 74 email string 75 }{ 76 {"v23.grail.com:googlegroups:eng-dev-access@grailbio.com", "eng-dev-access@grailbio.com"}, 77 {"v23.grail.com:googlegroups:golang-nuts@googlegroups.com", ""}, 78 {"v23.grail.com:googlegroups:golang-_+.nuts@grailbio.com", "golang-_+.nuts@grailbio.com"}, 79 {"v23.grail.com:googlegroups:eng@", ""}, 80 {"v23.grail.com:googlegroups:eng", ""}, 81 {"v23.grail.com:googlegroups", ""}, 82 {"v23.grail.com:xxx:eng@grailbio.com", ""}, 83 {"v23.grail.com:google:razvanm@grailbio.com", ""}, 84 {"v23.grail.com:google:razvanm@grailbio.com:googlegroups:golang-nuts@googlegroups.com", ""}, 85 {"v23.grail.com:google:razvanm@grailbio.com:googlegroups:eng@grailbio.com", ""}, 86 } 87 88 prefix := "v23.grail.com" 89 for _, c := range cases { 90 got, want := extractGroupEmailFromBlessing(ctx, c.blessing, prefix), c.email 91 if got != want { 92 t.Errorf("email(%q, %q): got %q, want %q", c.blessing, prefix, got, want) 93 } 94 } 95 } 96 97 func TestAclIncludes(t *testing.T) { 98 ctx := vcontext.Background() 99 googleBlesserInit(testDomainList) 100 googleGroupsInit(ctx, "admin@grailbio.com") 101 102 cases := []struct { 103 acl access.AccessList 104 want bool 105 }{ 106 { 107 access.AccessList{ 108 In: []security.BlessingPattern{}, 109 NotIn: []string{}, 110 }, 111 false, 112 }, 113 { 114 access.AccessList{ 115 In: []security.BlessingPattern{ 116 "v23.grail.com:google:razvanm@grailbio.com", 117 }, 118 NotIn: []string{}, 119 }, 120 true, 121 }, 122 { 123 access.AccessList{ 124 In: []security.BlessingPattern{ 125 "v23.grail.com:googlegroups:eng-dev-access@grailbio.com", 126 }, 127 NotIn: []string{}, 128 }, 129 true, 130 }, 131 { 132 access.AccessList{ 133 In: []security.BlessingPattern{}, 134 NotIn: []string{ 135 "v23.grail.com:googlegroups:eng-dev-access@grailbio.com", 136 }, 137 }, 138 false, 139 }, 140 { 141 access.AccessList{ 142 In: []security.BlessingPattern{ 143 "v23.grail.com:google:razvanm@grailbio.com", 144 }, 145 NotIn: []string{ 146 "v23.grail.com:googlegroups:eng-dev-access@grailbio.com", 147 }, 148 }, 149 false, 150 }, 151 { 152 access.AccessList{ 153 In: []security.BlessingPattern{ 154 "v23.grail.com:googlegroups:eng-dev-access@grailbio.com", 155 }, 156 NotIn: []string{ 157 "v23.grail.com:google:razvanm@grailbio.com", 158 }, 159 }, 160 false, 161 }, 162 } 163 164 prefix := "v23.grail.com" 165 blessings := []string{"v23.grail.com:google:razvanm@grailbio.com"} 166 a := &authorizer{ 167 isMember: func(user, group string) bool { 168 return user == "razvanm@grailbio.com" && group == "eng-dev-access@grailbio.com" 169 }, 170 } 171 for _, c := range cases { 172 got := a.aclIncludes(ctx, c.acl, blessings, prefix) 173 if got != c.want { 174 t.Errorf("aclIncludes(%+v, %v): got %v, want %v", c.acl, blessings, got, c.want) 175 } 176 } 177 }