MCPcopy
hub / github.com/grpc/grpc-go / TestChainEngine

Method TestChainEngine

internal/xds/rbac/rbac_engine_test.go:695–1935  ·  view source on GitHub ↗

TestChainEngine tests the chain of RBAC Engines by configuring the chain of engines in a certain way in different scenarios. After configuring the chain of engines in a certain way, this test pings the chain of engines with different types of data representing incoming RPC's (piped into a context),

(t *testing.T)

Source from the content-addressed store, hash-verified

693// different types of data representing incoming RPC's (piped into a context),
694// and verifies that it works as expected.
695func (s) TestChainEngine(t *testing.T) {
696 defer func(gc func(ctx context.Context) net.Conn) {
697 getConnection = gc
698 }(getConnection)
699 tests := []struct {
700 name string
701 rbacConfigs []*v3rbacpb.RBAC
702 rbacQueries []rbacQuery
703 policyName string
704 }{
705 // SuccessCaseAnyMatch tests a single RBAC Engine instantiated with
706 // a config with a policy with any rules for both permissions and
707 // principals, meaning that any data about incoming RPC's that the RBAC
708 // Engine is queried with should match that policy.
709 {
710 name: "SuccessCaseAnyMatch",
711 rbacConfigs: []*v3rbacpb.RBAC{
712 {
713 Policies: map[string]*v3rbacpb.Policy{
714 "anyone": {
715 Permissions: []*v3rbacpb.Permission{
716 {Rule: &v3rbacpb.Permission_Any{Any: true}},
717 },
718 Principals: []*v3rbacpb.Principal{
719 {Identifier: &v3rbacpb.Principal_Any{Any: true}},
720 },
721 },
722 },
723 },
724 },
725 rbacQueries: []rbacQuery{
726 {
727 rpcData: &rpcData{
728 fullMethod: "some method",
729 peerInfo: &peer.Peer{
730 Addr: &addr{ipAddress: "0.0.0.0"},
731 },
732 },
733 wantStatusCode: codes.OK,
734 },
735 },
736 },
737 // SuccessCaseSimplePolicy is a test that tests a single policy
738 // that only allows an rpc to proceed if the rpc is calling with a certain
739 // path.
740 {
741 name: "SuccessCaseSimplePolicy",
742 rbacConfigs: []*v3rbacpb.RBAC{
743 {
744 Policies: map[string]*v3rbacpb.Policy{
745 "localhost-fan": {
746 Permissions: []*v3rbacpb.Permission{
747 {Rule: &v3rbacpb.Permission_UrlPath{UrlPath: &v3matcherpb.PathMatcher{Rule: &v3matcherpb.PathMatcher_Path{Path: &v3matcherpb.StringMatcher{MatchPattern: &v3matcherpb.StringMatcher_Exact{Exact: "localhost-fan-page"}}}}}},
748 },
749 Principals: []*v3rbacpb.Principal{
750 {Identifier: &v3rbacpb.Principal_Any{Any: true}},
751 },
752 },

Callers

nothing calls this directly

Calls 15

IsAuthorizedMethod · 0.95
RegisterLoggerBuilderFunction · 0.92
NewIncomingContextFunction · 0.92
NewContextFunction · 0.92
CodeFunction · 0.92
createUDPATypedStructFunction · 0.85
NewChainEngineFunction · 0.85
FatalfMethod · 0.65
CloseMethod · 0.65
ErrorfMethod · 0.65
StringMethod · 0.65

Tested by

no test coverage detected