package acl import ( "reflect" "strings" "testing" ) func TestACLPolicy_Parse_HCL(t *testing.T) { inp := ` key "" { policy = "read" } key "foo/" { policy = "write" } key "foo/bar/" { policy = "read" } key "foo/bar/baz" { policy = "deny" } service "" { policy = "write" } service "foo" { policy = "read" } event "" { policy = "read" } event "foo" { policy = "write" } event "bar" { policy = "deny" } prepared_query "" { policy = "read" } prepared_query "foo" { policy = "write" } prepared_query "bar" { policy = "deny" } keyring = "deny" ` exp := &Policy{ Keys: []*KeyPolicy{ &KeyPolicy{ Prefix: "", Policy: PolicyRead, }, &KeyPolicy{ Prefix: "foo/", Policy: PolicyWrite, }, &KeyPolicy{ Prefix: "foo/bar/", Policy: PolicyRead, }, &KeyPolicy{ Prefix: "foo/bar/baz", Policy: PolicyDeny, }, }, Services: []*ServicePolicy{ &ServicePolicy{ Name: "", Policy: PolicyWrite, }, &ServicePolicy{ Name: "foo", Policy: PolicyRead, }, }, Events: []*EventPolicy{ &EventPolicy{ Event: "", Policy: PolicyRead, }, &EventPolicy{ Event: "foo", Policy: PolicyWrite, }, &EventPolicy{ Event: "bar", Policy: PolicyDeny, }, }, PreparedQueries: []*PreparedQueryPolicy{ &PreparedQueryPolicy{ Prefix: "", Policy: PolicyRead, }, &PreparedQueryPolicy{ Prefix: "foo", Policy: PolicyWrite, }, &PreparedQueryPolicy{ Prefix: "bar", Policy: PolicyDeny, }, }, Keyring: PolicyDeny, } out, err := Parse(inp) if err != nil { t.Fatalf("err: %v", err) } if !reflect.DeepEqual(out, exp) { t.Fatalf("bad: %#v %#v", out, exp) } } func TestACLPolicy_Parse_JSON(t *testing.T) { inp := `{ "key": { "": { "policy": "read" }, "foo/": { "policy": "write" }, "foo/bar/": { "policy": "read" }, "foo/bar/baz": { "policy": "deny" } }, "service": { "": { "policy": "write" }, "foo": { "policy": "read" } }, "event": { "": { "policy": "read" }, "foo": { "policy": "write" }, "bar": { "policy": "deny" } }, "prepared_query": { "": { "policy": "read" }, "foo": { "policy": "write" }, "bar": { "policy": "deny" } }, "keyring": "deny" }` exp := &Policy{ Keys: []*KeyPolicy{ &KeyPolicy{ Prefix: "", Policy: PolicyRead, }, &KeyPolicy{ Prefix: "foo/", Policy: PolicyWrite, }, &KeyPolicy{ Prefix: "foo/bar/", Policy: PolicyRead, }, &KeyPolicy{ Prefix: "foo/bar/baz", Policy: PolicyDeny, }, }, Services: []*ServicePolicy{ &ServicePolicy{ Name: "", Policy: PolicyWrite, }, &ServicePolicy{ Name: "foo", Policy: PolicyRead, }, }, Events: []*EventPolicy{ &EventPolicy{ Event: "", Policy: PolicyRead, }, &EventPolicy{ Event: "foo", Policy: PolicyWrite, }, &EventPolicy{ Event: "bar", Policy: PolicyDeny, }, }, PreparedQueries: []*PreparedQueryPolicy{ &PreparedQueryPolicy{ Prefix: "", Policy: PolicyRead, }, &PreparedQueryPolicy{ Prefix: "foo", Policy: PolicyWrite, }, &PreparedQueryPolicy{ Prefix: "bar", Policy: PolicyDeny, }, }, Keyring: PolicyDeny, } out, err := Parse(inp) if err != nil { t.Fatalf("err: %v", err) } if !reflect.DeepEqual(out, exp) { t.Fatalf("bad: %#v %#v", out, exp) } } func TestACLPolicy_Keyring_Empty(t *testing.T) { inp := ` keyring = "" ` exp := &Policy{ Keyring: "", } out, err := Parse(inp) if err != nil { t.Fatalf("err: %v", err) } if !reflect.DeepEqual(out, exp) { t.Fatalf("bad: %#v %#v", out, exp) } } func TestACLPolicy_Bad_Policy(t *testing.T) { cases := []string{ `key "" { policy = "nope" }`, `service "" { policy = "nope" }`, `event "" { policy = "nope" }`, `prepared_query "" { policy = "nope" }`, `keyring = "nope"`, } for _, c := range cases { _, err := Parse(c) if err == nil || !strings.Contains(err.Error(), "Invalid") { t.Fatalf("expected policy error, got: %#v", err) } } }