benchmarkUserCases builds a set of users with different roles and groups. The user id used as the subject and the orgs used to build the roles are returned.
()
| 25 | // The user id used as the subject and the orgs used to build the roles are |
| 26 | // returned. |
| 27 | func benchmarkUserCases() (cases []benchmarkCase, users uuid.UUID, orgs []uuid.UUID) { |
| 28 | orgs = []uuid.UUID{ |
| 29 | uuid.MustParse("bf7b72bd-a2b1-4ef2-962c-1d698e0483f6"), |
| 30 | uuid.MustParse("e4660c6f-b9de-422d-9578-cd888983a795"), |
| 31 | uuid.MustParse("fb13d477-06f4-42d9-b957-f6b89bd63515"), |
| 32 | } |
| 33 | |
| 34 | user := uuid.MustParse("10d03e62-7703-4df5-a358-4f76577d4e2f") |
| 35 | // noiseGroups are just added to add noise to the authorize call. They |
| 36 | // never match an object's list of groups. |
| 37 | noiseGroups := []string{uuid.NewString(), uuid.NewString(), uuid.NewString()} |
| 38 | |
| 39 | benchCases := []benchmarkCase{ |
| 40 | { |
| 41 | Name: "NoRoles", |
| 42 | Actor: rbac.Subject{ |
| 43 | ID: user.String(), |
| 44 | Roles: rbac.RoleIdentifiers{}, |
| 45 | Scope: rbac.ScopeAll, |
| 46 | }, |
| 47 | }, |
| 48 | { |
| 49 | Name: "Admin", |
| 50 | Actor: rbac.Subject{ |
| 51 | // Give some extra roles that an admin might have |
| 52 | Roles: rbac.RoleIdentifiers{rbac.ScopedRoleOrgMember(orgs[0]), rbac.RoleAuditor(), rbac.RoleOwner(), rbac.RoleMember()}, |
| 53 | ID: user.String(), |
| 54 | Scope: rbac.ScopeAll, |
| 55 | Groups: noiseGroups, |
| 56 | }, |
| 57 | }, |
| 58 | { |
| 59 | Name: "OrgAdmin", |
| 60 | Actor: rbac.Subject{ |
| 61 | Roles: rbac.RoleIdentifiers{rbac.ScopedRoleOrgMember(orgs[0]), rbac.ScopedRoleOrgAdmin(orgs[0]), rbac.RoleMember()}, |
| 62 | ID: user.String(), |
| 63 | Scope: rbac.ScopeAll, |
| 64 | Groups: noiseGroups, |
| 65 | }, |
| 66 | }, |
| 67 | { |
| 68 | Name: "OrgMember", |
| 69 | Actor: rbac.Subject{ |
| 70 | // Member of 2 orgs |
| 71 | Roles: rbac.RoleIdentifiers{rbac.ScopedRoleOrgMember(orgs[0]), rbac.ScopedRoleOrgMember(orgs[1]), rbac.RoleMember()}, |
| 72 | ID: user.String(), |
| 73 | Scope: rbac.ScopeAll, |
| 74 | Groups: noiseGroups, |
| 75 | }, |
| 76 | }, |
| 77 | { |
| 78 | Name: "ManyRoles", |
| 79 | Actor: rbac.Subject{ |
| 80 | // Admin of many orgs |
| 81 | Roles: rbac.RoleIdentifiers{ |
| 82 | rbac.ScopedRoleOrgMember(orgs[0]), rbac.ScopedRoleOrgAdmin(orgs[0]), |
| 83 | rbac.ScopedRoleOrgMember(orgs[1]), rbac.ScopedRoleOrgAdmin(orgs[1]), |
| 84 | rbac.ScopedRoleOrgMember(orgs[2]), rbac.ScopedRoleOrgAdmin(orgs[2]), |
no test coverage detected