github.com/wrgl/wrgl@v0.14.0/pkg/auth/fs/authz_test.go

github.com/wrgl/wrgl@v0.14.0/pkg/auth/fs/authz_test.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright © 2022 Wrangle Ltd
     3  
     4  package authfs
     5  
     6  import (
     7  	"fmt"
     8  	"net/http"
     9  	"os"
    10  	"path/filepath"
    11  	"testing"
    12  	"time"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  	"github.com/stretchr/testify/require"
    16  	"github.com/wrgl/wrgl/pkg/auth"
    17  	"github.com/wrgl/wrgl/pkg/local"
    18  	"github.com/wrgl/wrgl/pkg/testutils"
    19  )
    20  
    21  func TestAuthzStore(t *testing.T) {
    22  	dir, err := testutils.TempDir("", "test_flatdb")
    23  	require.NoError(t, err)
    24  	defer os.RemoveAll(dir)
    25  	rd, err := local.NewRepoDir(dir, "")
    26  	require.NoError(t, err)
    27  	defer rd.Close()
    28  
    29  	s, err := NewAuthzStore(rd)
    30  	require.NoError(t, err)
    31  
    32  	email1 := "alice@domain.com"
    33  	email2 := "bob@domain.com"
    34  	require.NoError(t, s.AddPolicy(email1, auth.ScopeRepoRead))
    35  	require.NoError(t, s.AddPolicy(email2, auth.ScopeRepoRead))
    36  	require.NoError(t, s.AddPolicy(email2, auth.ScopeRepoWrite))
    37  
    38  	r, err := http.NewRequest(http.MethodGet, "/", nil)
    39  	require.NoError(t, err)
    40  
    41  	ok, err := s.Authorized(r, email1, auth.ScopeRepoRead)
    42  	require.NoError(t, err)
    43  	assert.True(t, ok)
    44  	ok, err = s.Authorized(r, email1, auth.ScopeRepoWrite)
    45  	require.NoError(t, err)
    46  	assert.False(t, ok)
    47  	ok, err = s.Authorized(r, email2, auth.ScopeRepoWrite)
    48  	require.NoError(t, err)
    49  	assert.True(t, ok)
    50  
    51  	scopes, err := s.ListPolicies(email1)
    52  	require.NoError(t, err)
    53  	assert.Equal(t, []string{auth.ScopeRepoRead}, scopes)
    54  	scopes, err = s.ListPolicies(email2)
    55  	require.NoError(t, err)
    56  	assert.Equal(t, []string{auth.ScopeRepoRead, auth.ScopeRepoWrite}, scopes)
    57  
    58  	require.NoError(t, s.Flush())
    59  
    60  	s, err = NewAuthzStore(rd)
    61  	require.NoError(t, err)
    62  	ok, err = s.Authorized(r, email1, auth.ScopeRepoRead)
    63  	require.NoError(t, err)
    64  	assert.True(t, ok)
    65  	require.NoError(t, s.RemovePolicy(email1, auth.ScopeRepoRead))
    66  	ok, err = s.Authorized(r, email1, auth.ScopeRepoRead)
    67  	require.NoError(t, err)
    68  	assert.False(t, ok)
    69  
    70  	require.NoError(t, s.Flush())
    71  
    72  	s, err = NewAuthzStore(rd)
    73  	require.NoError(t, err)
    74  	ok, err = s.Authorized(r, email1, auth.ScopeRepoRead)
    75  	require.NoError(t, err)
    76  	assert.False(t, ok)
    77  }
    78  
    79  func TestAuthzStoreWatchFile(t *testing.T) {
    80  	dir, err := testutils.TempDir("", "test_flatdb")
    81  	require.NoError(t, err)
    82  	defer os.RemoveAll(dir)
    83  	rd, err := local.NewRepoDir(dir, "")
    84  	require.NoError(t, err)
    85  	defer rd.Close()
    86  
    87  	s, err := NewAuthzStore(rd)
    88  	require.NoError(t, err)
    89  	defer s.Close()
    90  
    91  	f, err := os.Create(filepath.Join(dir, "authz.csv"))
    92  	require.NoError(t, err)
    93  	_, err = f.Write([]byte(fmt.Sprintf("p, john.doe@domain.com, -, %s\n", auth.ScopeRepoRead)))
    94  	require.NoError(t, err)
    95  	require.NoError(t, f.Close())
    96  
    97  	time.Sleep(time.Millisecond * 100)
    98  	scopes, err := s.ListPolicies("john.doe@domain.com")
    99  	require.NoError(t, err)
   100  	assert.Equal(t, []string{auth.ScopeRepoRead}, scopes)
   101  }