go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/logdog/appengine/coordinator/endpoints/services/service_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/logdog/appengine/coordinator/endpoints/services/service_test.go (about)

     1  // Copyright 2015 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package services
    16  
    17  import (
    18  	"testing"
    19  
    20  	logdog "go.chromium.org/luci/logdog/api/endpoints/coordinator/services/v1"
    21  	ct "go.chromium.org/luci/logdog/appengine/coordinator/coordinatorTest"
    22  	"go.chromium.org/luci/server/auth"
    23  
    24  	. "github.com/smartystreets/goconvey/convey"
    25  	. "go.chromium.org/luci/common/testing/assertions"
    26  )
    27  
    28  func TestServiceAuth(t *testing.T) {
    29  	t.Parallel()
    30  
    31  	Convey(`With a testing configuration`, t, func() {
    32  		c, env := ct.Install()
    33  
    34  		svr := New(ServerSettings{NumQueues: 2}).(*logdog.DecoratedServices)
    35  
    36  		Convey(`With an application config installed`, func() {
    37  			Convey(`Will reject users if there is an authentication error (no state).`, func() {
    38  				c = auth.WithState(c, nil)
    39  
    40  				_, err := svr.Prelude(c, "test", nil)
    41  				So(err, ShouldBeRPCInternal)
    42  			})
    43  
    44  			Convey(`With an authentication state`, func() {
    45  				Convey(`Will reject users who are not logged in.`, func() {
    46  					_, err := svr.Prelude(c, "test", nil)
    47  					So(err, ShouldBeRPCPermissionDenied)
    48  				})
    49  
    50  				Convey(`When a user is logged in`, func() {
    51  					env.AuthState.Identity = "user:user@example.com"
    52  
    53  					Convey(`Will reject users who are not members of the service group.`, func() {
    54  						_, err := svr.Prelude(c, "test", nil)
    55  						So(err, ShouldBeRPCPermissionDenied)
    56  					})
    57  
    58  					Convey(`Will allow users who are members of the service group.`, func() {
    59  						env.ActAsService()
    60  
    61  						_, err := svr.Prelude(c, "test", nil)
    62  						So(err, ShouldBeNil)
    63  					})
    64  				})
    65  			})
    66  		})
    67  	})
    68  }