go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/realms/permissions_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/realms/permissions_test.go (about)

     1  // Copyright 2020 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package realms
    16  
    17  import (
    18  	"fmt"
    19  	"testing"
    20  
    21  	. "github.com/smartystreets/goconvey/convey"
    22  	. "go.chromium.org/luci/common/testing/assertions"
    23  )
    24  
    25  func TestValidatePermissionName(t *testing.T) {
    26  	t.Parallel()
    27  
    28  	Convey("Works", t, func() {
    29  		So(ValidatePermissionName("service.subject.verb"), ShouldBeNil)
    30  
    31  		So(ValidatePermissionName("service.subject.verb.stuff"), ShouldNotBeNil)
    32  		So(ValidatePermissionName("service.subject"), ShouldNotBeNil)
    33  		So(ValidatePermissionName("service.subject."), ShouldNotBeNil)
    34  		So(ValidatePermissionName("service..verb"), ShouldNotBeNil)
    35  		So(ValidatePermissionName(".subject.verb"), ShouldNotBeNil)
    36  		So(ValidatePermissionName(""), ShouldNotBeNil)
    37  	})
    38  }
    39  
    40  func TestRegister(t *testing.T) {
    41  	// This test interacts with the global `perms` cache.
    42  	// t.Parallel()
    43  
    44  	Convey("TestRegister", t, func() {
    45  		// Make sure the test succeeds when using `go test . -count=2`.
    46  		clearPermissions()
    47  
    48  		Convey("Works", func() {
    49  			p1 := RegisterPermission("luci.dev.testing1")
    50  			So(p1.Name(), ShouldEqual, "luci.dev.testing1")
    51  			So(p1.String(), ShouldEqual, "luci.dev.testing1")
    52  			So(fmt.Sprintf("%q", p1), ShouldEqual, `"luci.dev.testing1"`)
    53  
    54  			p2 := RegisterPermission("luci.dev.testing2")
    55  			p2.AddFlags(UsedInQueryRealms)
    56  
    57  			// Reregistering doesn't clear the flags.
    58  			RegisterPermission("luci.dev.testing2")
    59  			So(RegisteredPermissions(), ShouldResemble, map[Permission]PermissionFlags{
    60  				p1: 0,
    61  				p2: UsedInQueryRealms,
    62  			})
    63  		})
    64  
    65  		Convey("Panics on bad name", func() {
    66  			So(func() { RegisterPermission(".bad.name") }, ShouldPanic)
    67  		})
    68  
    69  		Convey("Panics on mutation after freeze", func() {
    70  			p1 := RegisterPermission("luci.dev.testing1")
    71  			_ = RegisteredPermissions()
    72  			So(func() { RegisterPermission("luci.dev.testing1") }, ShouldPanic)
    73  			So(func() { p1.AddFlags(UsedInQueryRealms) }, ShouldPanic)
    74  		})
    75  	})
    76  }
    77  
    78  func TestGetPermissions(t *testing.T) {
    79  	// This test interacts with the global `perms` cache.
    80  	// t.Parallel()
    81  
    82  	Convey("TestGetPermissions", t, func() {
    83  		clearPermissions()
    84  		RegisterPermission("luci.dev.testing1")
    85  		RegisterPermission("luci.dev.testing2")
    86  
    87  		Convey("Get single permission works", func() {
    88  			perms, err := GetPermissions("luci.dev.testing1")
    89  			So(err, ShouldBeNil)
    90  			So(perms, ShouldHaveLength, 1)
    91  			So(perms[0].Name(), ShouldEqual, "luci.dev.testing1")
    92  		})
    93  
    94  		Convey("Get multiple permissions works", func() {
    95  			perms, err := GetPermissions("luci.dev.testing1", "luci.dev.testing2")
    96  			So(err, ShouldBeNil)
    97  			So(perms, ShouldHaveLength, 2)
    98  			So(perms[0].Name(), ShouldEqual, "luci.dev.testing1")
    99  			So(perms[1].Name(), ShouldEqual, "luci.dev.testing2")
   100  
   101  			// Get in a different order.
   102  			perms, err = GetPermissions("luci.dev.testing2", "luci.dev.testing1")
   103  			So(err, ShouldBeNil)
   104  			So(perms, ShouldHaveLength, 2)
   105  			So(perms[0].Name(), ShouldEqual, "luci.dev.testing2")
   106  			So(perms[1].Name(), ShouldEqual, "luci.dev.testing1")
   107  
   108  			// Get duplicates.
   109  			perms, err = GetPermissions("luci.dev.testing1", "luci.dev.testing1")
   110  			So(err, ShouldBeNil)
   111  			So(perms, ShouldHaveLength, 2)
   112  			So(perms[0].Name(), ShouldEqual, "luci.dev.testing1")
   113  			So(perms[1].Name(), ShouldEqual, "luci.dev.testing1")
   114  		})
   115  
   116  		Convey("Get unregistered permission returns error", func() {
   117  			perms, err := GetPermissions("luci.dev.unregistered")
   118  			So(err, ShouldErrLike, "permission not registered", "luci.dev.unregistered")
   119  			So(perms, ShouldBeNil)
   120  
   121  			// Mixed with registered permission.
   122  			perms, err = GetPermissions("luci.dev.testing1", "luci.dev.unregistered")
   123  			So(err, ShouldErrLike, "permission not registered", "luci.dev.unregistered")
   124  			So(perms, ShouldBeNil)
   125  		})
   126  	})
   127  }