go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/appengine/impl/serviceaccounts/config_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/appengine/impl/serviceaccounts/config_test.go (about)

     1  // Copyright 2020 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package serviceaccounts
    16  
    17  import (
    18  	"context"
    19  	"testing"
    20  
    21  	"google.golang.org/protobuf/encoding/prototext"
    22  
    23  	"go.chromium.org/luci/tokenserver/api/admin/v1"
    24  	"go.chromium.org/luci/tokenserver/appengine/impl/utils/policy"
    25  
    26  	. "github.com/smartystreets/goconvey/convey"
    27  )
    28  
    29  const fakeMappingConfig = `
    30  mapping {
    31  	project: "proj1"
    32  	project: "proj2"
    33  	service_account: "sa1@example.com"
    34  	service_account: "sa2@example.com"
    35  }
    36  
    37  mapping {
    38  	project: "proj3"
    39  	service_account: "sa3@example.com"
    40  }
    41  
    42  mapping {
    43  	project: "proj4"
    44  }
    45  
    46  use_project_scoped_account: "proj5"
    47  use_project_scoped_account: "proj6"
    48  `
    49  
    50  func TestMapping(t *testing.T) {
    51  	t.Parallel()
    52  
    53  	Convey("Works", t, func() {
    54  		ctx := context.Background()
    55  
    56  		mapping, err := loadMapping(ctx, fakeMappingConfig)
    57  		So(err, ShouldBeNil)
    58  		So(mapping, ShouldNotBeNil)
    59  
    60  		So(mapping.CanProjectUseAccount("proj1", "sa1@example.com"), ShouldBeTrue)
    61  		So(mapping.CanProjectUseAccount("proj2", "sa1@example.com"), ShouldBeTrue)
    62  		So(mapping.CanProjectUseAccount("proj3", "sa1@example.com"), ShouldBeFalse)
    63  		So(mapping.CanProjectUseAccount("proj4", "sa1@example.com"), ShouldBeFalse)
    64  
    65  		So(mapping.CanProjectUseAccount("proj1", "sa2@example.com"), ShouldBeTrue)
    66  		So(mapping.CanProjectUseAccount("proj2", "sa2@example.com"), ShouldBeTrue)
    67  		So(mapping.CanProjectUseAccount("proj3", "sa2@example.com"), ShouldBeFalse)
    68  		So(mapping.CanProjectUseAccount("proj4", "sa2@example.com"), ShouldBeFalse)
    69  
    70  		So(mapping.CanProjectUseAccount("proj1", "sa3@example.com"), ShouldBeFalse)
    71  		So(mapping.CanProjectUseAccount("proj2", "sa3@example.com"), ShouldBeFalse)
    72  		So(mapping.CanProjectUseAccount("proj3", "sa3@example.com"), ShouldBeTrue)
    73  		So(mapping.CanProjectUseAccount("proj4", "sa3@example.com"), ShouldBeFalse)
    74  
    75  		So(mapping.UseProjectScopedAccount("proj1"), ShouldBeFalse)
    76  		So(mapping.UseProjectScopedAccount("proj5"), ShouldBeTrue)
    77  		So(mapping.UseProjectScopedAccount("proj6"), ShouldBeTrue)
    78  	})
    79  }
    80  
    81  func loadMapping(ctx context.Context, text string) (*Mapping, error) {
    82  	cfg := &admin.ServiceAccountsProjectMapping{}
    83  	err := prototext.Unmarshal([]byte(text), cfg)
    84  	if err != nil {
    85  		return nil, err
    86  	}
    87  	mapping, err := prepareMapping(ctx, policy.ConfigBundle{configFileName: cfg}, "fake-revision")
    88  	if err != nil {
    89  		return nil, err
    90  	}
    91  	return mapping.(*Mapping), nil
    92  }