TestChainEngine tests the chain of RBAC Engines by configuring the chain of engines in a certain way in different scenarios. After configuring the chain of engines in a certain way, this test pings the chain of engines with different types of data representing incoming RPC's (piped into a context),
(t *testing.T)
| 693 | // different types of data representing incoming RPC's (piped into a context), |
| 694 | // and verifies that it works as expected. |
| 695 | func (s) TestChainEngine(t *testing.T) { |
| 696 | defer func(gc func(ctx context.Context) net.Conn) { |
| 697 | getConnection = gc |
| 698 | }(getConnection) |
| 699 | tests := []struct { |
| 700 | name string |
| 701 | rbacConfigs []*v3rbacpb.RBAC |
| 702 | rbacQueries []rbacQuery |
| 703 | policyName string |
| 704 | }{ |
| 705 | // SuccessCaseAnyMatch tests a single RBAC Engine instantiated with |
| 706 | // a config with a policy with any rules for both permissions and |
| 707 | // principals, meaning that any data about incoming RPC's that the RBAC |
| 708 | // Engine is queried with should match that policy. |
| 709 | { |
| 710 | name: "SuccessCaseAnyMatch", |
| 711 | rbacConfigs: []*v3rbacpb.RBAC{ |
| 712 | { |
| 713 | Policies: map[string]*v3rbacpb.Policy{ |
| 714 | "anyone": { |
| 715 | Permissions: []*v3rbacpb.Permission{ |
| 716 | {Rule: &v3rbacpb.Permission_Any{Any: true}}, |
| 717 | }, |
| 718 | Principals: []*v3rbacpb.Principal{ |
| 719 | {Identifier: &v3rbacpb.Principal_Any{Any: true}}, |
| 720 | }, |
| 721 | }, |
| 722 | }, |
| 723 | }, |
| 724 | }, |
| 725 | rbacQueries: []rbacQuery{ |
| 726 | { |
| 727 | rpcData: &rpcData{ |
| 728 | fullMethod: "some method", |
| 729 | peerInfo: &peer.Peer{ |
| 730 | Addr: &addr{ipAddress: "0.0.0.0"}, |
| 731 | }, |
| 732 | }, |
| 733 | wantStatusCode: codes.OK, |
| 734 | }, |
| 735 | }, |
| 736 | }, |
| 737 | // SuccessCaseSimplePolicy is a test that tests a single policy |
| 738 | // that only allows an rpc to proceed if the rpc is calling with a certain |
| 739 | // path. |
| 740 | { |
| 741 | name: "SuccessCaseSimplePolicy", |
| 742 | rbacConfigs: []*v3rbacpb.RBAC{ |
| 743 | { |
| 744 | Policies: map[string]*v3rbacpb.Policy{ |
| 745 | "localhost-fan": { |
| 746 | Permissions: []*v3rbacpb.Permission{ |
| 747 | {Rule: &v3rbacpb.Permission_UrlPath{UrlPath: &v3matcherpb.PathMatcher{Rule: &v3matcherpb.PathMatcher_Path{Path: &v3matcherpb.StringMatcher{MatchPattern: &v3matcherpb.StringMatcher_Exact{Exact: "localhost-fan-page"}}}}}}, |
| 748 | }, |
| 749 | Principals: []*v3rbacpb.Principal{ |
| 750 | {Identifier: &v3rbacpb.Principal_Any{Any: true}}, |
| 751 | }, |
| 752 | }, |
nothing calls this directly
no test coverage detected