github.com/wostzone/hub/auth@v0.0.0-20220118060317-7bb375743b17/pkg/aclstore/AclFileStore_test.go

github.com/wostzone/hub/auth@v0.0.0-20220118060317-7bb375743b17/pkg/aclstore/AclFileStore_test.go (about)

     1  package aclstore_test
     2  
     3  import (
     4  	"os"
     5  	"path"
     6  	"testing"
     7  	"time"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/wostzone/hub/auth/pkg/aclstore"
    11  	"github.com/wostzone/hub/auth/pkg/authorize"
    12  	"github.com/wostzone/hub/lib/client/pkg/config"
    13  )
    14  
    15  // NOTE: this name must match the auth_opt_* filenames in mosquitto.conf.template
    16  // also used in mosquittomgr testing
    17  const aclFileName = "testaclstore.acl" // auth_opt_aclFile
    18  var aclFilePath string
    19  var configFolder string
    20  
    21  // TestMain for all auth tests, setup of default folders and filenames
    22  func TestMain(m *testing.M) {
    23  	_ = config.SetLogging("info", "")
    24  	cwd, _ := os.Getwd()
    25  	homeFolder := path.Join(cwd, "../../test")
    26  	configFolder = path.Join(homeFolder, "config")
    27  
    28  	// Make sure ACL and password files exist
    29  	aclFilePath = path.Join(configFolder, aclFileName)
    30  	fp, _ := os.Create(aclFilePath)
    31  	// fp.WriteString("group1:\n  user1: manager\n")
    32  	_ = fp.Close()
    33  
    34  	res := m.Run()
    35  	os.Exit(res)
    36  }
    37  
    38  func TestOpenCloseAclStore(t *testing.T) {
    39  	aclStore := aclstore.NewAclFileStore(aclFilePath, "TestOpenCloseAclStore")
    40  	err := aclStore.Open()
    41  	assert.NoError(t, err)
    42  
    43  	time.Sleep(time.Second * 1)
    44  	assert.NoError(t, err)
    45  	aclStore.Close()
    46  }
    47  
    48  func TestSetRoleAndRestart(t *testing.T) {
    49  	user1 := "user1"
    50  	user2 := "user2"
    51  	role1 := authorize.GroupRoleManager
    52  	role2 := authorize.GroupRoleManager
    53  	group1 := "group1"
    54  	group2 := "all"
    55  	aclStore := aclstore.NewAclFileStore(aclFilePath, "TestSetRole")
    56  	err := aclStore.Open()
    57  	assert.NoError(t, err)
    58  
    59  	err = aclStore.SetRole(user1, group1, role1)
    60  	err = aclStore.SetRole(user1, group2, role1)
    61  	err = aclStore.SetRole(user2, group2, role2)
    62  	assert.NoError(t, err)
    63  
    64  	// stop and reload
    65  	aclStore.Close()
    66  	err = aclStore.Open()
    67  	assert.NoError(t, err)
    68  
    69  	// time to reload
    70  	time.Sleep(time.Second)
    71  
    72  	groups := aclStore.GetGroups(user1)
    73  	assert.GreaterOrEqual(t, len(groups), 1)
    74  	ur1 := aclStore.GetRole(user1, groups)
    75  	assert.Equal(t, role1, ur1)
    76  
    77  	groups = aclStore.GetGroups(user2)
    78  	ur2 := aclStore.GetRole(user2, groups)
    79  	assert.Equal(t, role1, ur2)
    80  
    81  	aclStore.Close()
    82  }
    83  
    84  func TestRemoveRole(t *testing.T) {
    85  	user1 := "user1"
    86  	role1 := authorize.GroupRoleManager
    87  	group1 := "group1"
    88  	aclStore := aclstore.NewAclFileStore(aclFilePath, "TestSetRole")
    89  	err := aclStore.Open()
    90  	assert.NoError(t, err)
    91  
    92  	err = aclStore.SetRole(user1, group1, role1)
    93  	assert.NoError(t, err)
    94  
    95  	// clearing role should remove user from the group
    96  	err = aclStore.SetRole(user1, group1, authorize.GroupRoleNone)
    97  	assert.NoError(t, err)
    98  
    99  	// needs reload to take effect
   100  	time.Sleep(time.Second)
   101  
   102  	groups := aclStore.GetGroups(user1)
   103  	assert.Equal(t, 0, len(groups))
   104  
   105  	aclStore.Close()
   106  }
   107  
   108  func TestWriteAclToTempFail(t *testing.T) {
   109  	aclStore := aclstore.NewAclFileStore(aclFilePath, "TestWriteAclToTempFail")
   110  	acls := make(map[string]aclstore.AclGroup)
   111  
   112  	err := aclStore.Open()
   113  	assert.NoError(t, err)
   114  	_, err = aclstore.WriteAclsToTempFile("/badfolder", acls)
   115  	assert.Error(t, err)
   116  	aclStore.Close()
   117  }
   118  
   119  func TestCompareRoles(t *testing.T) {
   120  	ge := aclstore.IsRoleGreaterEqual(authorize.GroupRoleViewer, authorize.GroupRoleNone)
   121  	assert.True(t, ge)
   122  	ge = aclstore.IsRoleGreaterEqual(authorize.GroupRoleNone, authorize.GroupRoleViewer)
   123  	assert.False(t, ge)
   124  
   125  	ge = aclstore.IsRoleGreaterEqual(authorize.GroupRoleEditor, authorize.GroupRoleViewer)
   126  	assert.True(t, ge)
   127  	ge = aclstore.IsRoleGreaterEqual(authorize.GroupRoleViewer, authorize.GroupRoleEditor)
   128  	assert.False(t, ge)
   129  
   130  	ge = aclstore.IsRoleGreaterEqual(authorize.GroupRoleManager, authorize.GroupRoleEditor)
   131  	assert.True(t, ge)
   132  	ge = aclstore.IsRoleGreaterEqual(authorize.GroupRoleEditor, authorize.GroupRoleManager)
   133  	assert.False(t, ge)
   134  
   135  }
   136  
   137  func TestMissingAclFile(t *testing.T) {
   138  	as := aclstore.NewAclFileStore("missingaclfile", "TestMissingAclFile")
   139  	err := as.Open()
   140  	assert.Error(t, err)
   141  	as.Close()
   142  
   143  }
   144  
   145  func TestBadAclFile(t *testing.T) {
   146  	// loading the hub-bad.yaml should fail as it isn't a valid yaml file
   147  	badAclFile := path.Join(configFolder, "badaclfile.acl")
   148  	fp, _ := os.Create(badAclFile)
   149  	fp.WriteString("This is not a valid acl file\nParsing should fail.")
   150  	as := aclstore.NewAclFileStore(badAclFile, "TestBadAclFile")
   151  	err := as.Open()
   152  	assert.Error(t, err)
   153  	as.Close()
   154  }
   155  
   156  func TestFailWriteFile(t *testing.T) {
   157  	as := aclstore.NewAclFileStore("/root/nopermissions", "TestFailWriteFile")
   158  
   159  	err := as.Open()
   160  	assert.Error(t, err)
   161  
   162  	// err = os.Chmod(aclFile, 0400)
   163  	// assert.NoError(t, err)
   164  
   165  	// err = aclStore.SetRole("user1", "group1", "somerole")
   166  	// assert.Error(t, err)
   167  	// os.Remove(aclFile)
   168  	as.Close()
   169  }