github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/core/aclmgmt/resourceprovider_test.go (about) 1 /* 2 Copyright hechain. 2022 All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package aclmgmt 8 9 import ( 10 "fmt" 11 "os" 12 "testing" 13 14 "github.com/golang/protobuf/proto" 15 "github.com/hechain20/hechain/core/aclmgmt/mocks" 16 "github.com/hechain20/hechain/core/policy" 17 "github.com/hechain20/hechain/internal/pkg/identity" 18 msptesttools "github.com/hechain20/hechain/msp/mgmt/testtools" 19 "github.com/hechain20/hechain/protoutil" 20 "github.com/hyperledger/fabric-protos-go/common" 21 "github.com/hyperledger/fabric-protos-go/peer" 22 "github.com/stretchr/testify/require" 23 ) 24 25 func newPolicyProvider(pEvaluator policyEvaluator) aclmgmtPolicyProvider { 26 return &aclmgmtPolicyProviderImpl{pEvaluator} 27 } 28 29 // ------- mocks --------- 30 31 // mockPolicyEvaluatorImpl implements policyEvaluator 32 type mockPolicyEvaluatorImpl struct { 33 pmap map[string]string 34 peval map[string]error 35 } 36 37 func (pe *mockPolicyEvaluatorImpl) PolicyRefForAPI(resName string) string { 38 return pe.pmap[resName] 39 } 40 41 func (pe *mockPolicyEvaluatorImpl) Evaluate(polName string, sd []*protoutil.SignedData) error { 42 err, ok := pe.peval[polName] 43 if !ok { 44 return PolicyNotFound(polName) 45 } 46 47 // this could be non nil or some error 48 return err 49 } 50 51 //go:generate counterfeiter -o mocks/signer_serializer.go --fake-name SignerSerializer . signerSerializer 52 53 type signerSerializer interface { 54 identity.SignerSerializer 55 } 56 57 //go:generate counterfeiter -o mocks/defaultaclprovider.go --fake-name DefaultACLProvider . defaultACLProvider 58 59 func TestPolicyBase(t *testing.T) { 60 evaluator := &mockPolicyEvaluatorImpl{pmap: map[string]string{"res": "pol"}, peval: map[string]error{"pol": nil}} 61 provider := newPolicyProvider(evaluator) 62 63 t.Run("SignedProposal", func(t *testing.T) { 64 proposal, _ := protoutil.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 65 err := provider.CheckACL("pol", proposal) 66 require.NoError(t, err) 67 }) 68 69 t.Run("Envelope", func(t *testing.T) { 70 signer := &mocks.SignerSerializer{} 71 envelope, err := protoutil.CreateSignedEnvelope(common.HeaderType_CONFIG, "myc", signer, &common.ConfigEnvelope{}, 0, 0) 72 require.NoError(t, err) 73 err = provider.CheckACL("pol", envelope) 74 require.NoError(t, err) 75 }) 76 77 t.Run("SignedData", func(t *testing.T) { 78 data := &protoutil.SignedData{ 79 Data: []byte("DATA"), 80 Identity: []byte("IDENTITY"), 81 Signature: []byte("SIGNATURE"), 82 } 83 err := provider.CheckACL("pol", data) 84 require.NoError(t, err) 85 }) 86 } 87 88 func TestPolicyBad(t *testing.T) { 89 peval := &mockPolicyEvaluatorImpl{pmap: map[string]string{"res": "pol"}, peval: map[string]error{"pol": nil}} 90 pprov := newPolicyProvider(peval) 91 92 // bad policy 93 err := pprov.CheckACL("pol", []byte("not a signed proposal")) 94 require.Error(t, err, InvalidIdInfo("pol").Error()) 95 96 sProp, _ := protoutil.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 97 err = pprov.CheckACL("badpolicy", sProp) 98 require.Error(t, err) 99 100 sProp, _ = protoutil.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 101 sProp.ProposalBytes = []byte("bad proposal bytes") 102 err = pprov.CheckACL("res", sProp) 103 require.Error(t, err) 104 105 sProp, _ = protoutil.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 106 prop := &peer.Proposal{} 107 if proto.Unmarshal(sProp.ProposalBytes, prop) != nil { 108 t.FailNow() 109 } 110 prop.Header = []byte("bad hdr") 111 sProp.ProposalBytes = protoutil.MarshalOrPanic(prop) 112 err = pprov.CheckACL("res", sProp) 113 require.Error(t, err) 114 } 115 116 // test to ensure ptypes are processed by default provider 117 func TestForceDefaultsForPType(t *testing.T) { 118 defAclProvider := &mocks.DefaultACLProvider{} 119 defAclProvider.CheckACLReturns(nil) 120 defAclProvider.IsPtypePolicyReturns(true) 121 rp := &resourceProvider{defaultProvider: defAclProvider} 122 err := rp.CheckACL("aptype", "somechannel", struct{}{}) 123 require.NoError(t, err) 124 } 125 126 func TestCheckACLNoChannel(t *testing.T) { 127 // use mocked objects to test good path 128 mockDefAclProvider := &mocks.DefaultACLProvider{} 129 mockDefAclProvider.CheckACLNoChannelReturns(nil) 130 mockDefAclProvider.IsPtypePolicyReturns(true) 131 rp := &resourceProvider{defaultProvider: mockDefAclProvider} 132 err := rp.CheckACLNoChannel("aptype", struct{}{}) 133 require.NoError(t, err) 134 135 // error paths 136 defAclProvider := &defaultACLProviderImpl{ 137 pResourcePolicyMap: map[string]string{"aptype": policy.Admins}, 138 } 139 rp = &resourceProvider{defaultProvider: defAclProvider} 140 err = rp.CheckACLNoChannel("nontype", struct{}{}) 141 require.Error(t, err, "cannot override peer type policy for channeless ACL check") 142 143 rp = &resourceProvider{defaultProvider: defAclProvider} 144 err = rp.CheckACLNoChannel("aptype", struct{}{}) 145 require.EqualError(t, err, "Unknown id on channelless checkACL aptype") 146 } 147 148 func init() { 149 // setup the MSP manager so that we can sign/verify 150 err := msptesttools.LoadMSPSetupForTesting() 151 if err != nil { 152 fmt.Printf("Could not load msp config, err %s", err) 153 os.Exit(-1) 154 return 155 } 156 }