Fix tests
This commit is contained in:
Tomaž Jerman
parent
ea0f1eac47
commit
08c8f29dca
@ -258,7 +258,10 @@ func (app *CortezaApp) Provision(ctx context.Context) (err error) {
|
||||
// @todo envoy should be decoupled from RBAC and import directly into store,
|
||||
// w/o using any access control
|
||||
|
||||
rbac.SetGlobal(rbac.NoopSvc(rbac.Allow))
|
||||
rbac.SetGlobal(rbac.NoopSvc(rbac.Allow, rbac.Config{
|
||||
RuleStorage: app.Store,
|
||||
RoleStorage: app.Store,
|
||||
}))
|
||||
defer rbac.SetGlobal(nil)
|
||||
}
|
||||
|
||||
|
||||
@ -48,7 +48,10 @@ func TestCharts(t *testing.T) {
|
||||
req := require.New(t)
|
||||
svc := &chart{
|
||||
store: s,
|
||||
ac: &accessControl{rbac: rbac.NoopSvc(rbac.Allow)},
|
||||
ac: &accessControl{rbac: rbac.NoopSvc(rbac.Allow, rbac.Config{
|
||||
RuleStorage: s,
|
||||
RoleStorage: s,
|
||||
})},
|
||||
}
|
||||
res, err := svc.Create(ctx, &types.Chart{Name: "My first chart", NamespaceID: namespaceID})
|
||||
req.NoError(unwrapChartInternal(err))
|
||||
|
||||
@ -83,6 +83,8 @@ func makeTestModuleService(t *testing.T, mods ...any) *module {
|
||||
CleanupInterval: time.Hour * 2,
|
||||
ReindexInterval: time.Hour * 2,
|
||||
IndexFlushInterval: time.Hour * 2,
|
||||
RuleStorage: svc.store,
|
||||
RoleStorage: svc.store,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
svc.ac = &accessControl{rbac: rc}
|
||||
@ -129,7 +131,7 @@ func TestModules(t *testing.T) {
|
||||
|
||||
svc := makeTestModuleService(t,
|
||||
ns,
|
||||
rbac.NoopSvc(rbac.Allow),
|
||||
rbac.NoopSvc(rbac.Allow, rbac.Config{}),
|
||||
)
|
||||
|
||||
res, err := svc.Create(ctx, &types.Module{Name: "My first module", NamespaceID: ns.ID})
|
||||
@ -174,7 +176,7 @@ func TestModule_LabelSearch(t *testing.T) {
|
||||
req = require.New(t)
|
||||
svc = makeTestModuleService(t,
|
||||
ns,
|
||||
rbac.NoopSvc(rbac.Allow),
|
||||
rbac.NoopSvc(rbac.Allow, rbac.Config{}),
|
||||
)
|
||||
|
||||
ctx = context.Background()
|
||||
@ -246,7 +248,7 @@ func TestModule_LabelCRUD(t *testing.T) {
|
||||
req = require.New(t)
|
||||
svc = makeTestModuleService(t,
|
||||
ns,
|
||||
rbac.NoopSvc(rbac.Allow),
|
||||
rbac.NoopSvc(rbac.Allow, rbac.Config{}),
|
||||
)
|
||||
|
||||
findAndReturnLabel = func(id uint64) map[string]string {
|
||||
|
||||
@ -50,7 +50,10 @@ func TestPageDeleting(t *testing.T) {
|
||||
|
||||
svc = &page{
|
||||
store: s,
|
||||
ac: &accessControl{rbac: rbac.NoopSvc(rbac.Allow)},
|
||||
ac: &accessControl{rbac: rbac.NoopSvc(rbac.Allow, rbac.Config{
|
||||
RuleStorage: s,
|
||||
RoleStorage: s,
|
||||
})},
|
||||
eventbus: eventbus.New(),
|
||||
locale: ResourceTranslationsManager(locale.Static()),
|
||||
}
|
||||
|
||||
@ -88,6 +88,8 @@ func makeTestRecordService(t *testing.T, mods ...any) *record {
|
||||
CleanupInterval: time.Hour * 2,
|
||||
ReindexInterval: time.Hour * 2,
|
||||
IndexFlushInterval: time.Hour * 2,
|
||||
RuleStorage: svc.store,
|
||||
RoleStorage: svc.store,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
svc.rbacSvc = rc
|
||||
@ -263,8 +265,8 @@ func TestRecord_boolFieldPermissionIssueKBR(t *testing.T) {
|
||||
modConf = types.ModuleConfig{DAL: types.ModuleConfigDAL{ConnectionID: 1}}
|
||||
|
||||
mod = &types.Module{ID: nextID(), NamespaceID: ns.ID, Config: modConf}
|
||||
stringField = &types.ModuleField{ID: nextID(), ModuleID: mod.ID, Name: "string", Kind: "String"}
|
||||
boolField = &types.ModuleField{ID: nextID(), ModuleID: mod.ID, Name: "bool", Kind: "Boolean"}
|
||||
stringField = &types.ModuleField{ID: nextID(), NamespaceID: ns.ID, ModuleID: mod.ID, Name: "string", Kind: "String"}
|
||||
boolField = &types.ModuleField{ID: nextID(), NamespaceID: ns.ID, ModuleID: mod.ID, Name: "bool", Kind: "Boolean"}
|
||||
|
||||
authRoleID uint64 = 1
|
||||
|
||||
@ -916,6 +918,8 @@ func TestSetRecordOwner(t *testing.T) {
|
||||
CleanupInterval: time.Hour * 2,
|
||||
ReindexInterval: time.Hour * 2,
|
||||
IndexFlushInterval: time.Hour * 2,
|
||||
RuleStorage: s,
|
||||
RoleStorage: s,
|
||||
})
|
||||
ac = &accessControl{rbac: rbacService}
|
||||
|
||||
|
||||
@ -169,10 +169,16 @@ func SetGlobal(svc *Service) {
|
||||
}
|
||||
|
||||
// NoopSvc creates a blank RBAC service which always returns the stated access
|
||||
func NoopSvc(access Access) (svc *Service) {
|
||||
func NoopSvc(access Access, cc Config) (svc *Service) {
|
||||
return &Service{
|
||||
noop: true,
|
||||
noopAccess: access,
|
||||
logger: zap.NewNop(),
|
||||
|
||||
RuleStorage: cc.RuleStorage,
|
||||
RoleStorage: cc.RoleStorage,
|
||||
|
||||
cfg: cc,
|
||||
}
|
||||
}
|
||||
|
||||
@ -856,7 +862,7 @@ func (svc *Service) segmentRoles(roles partRoles, resource string) (indexed, uni
|
||||
unindexed = partRoles{}
|
||||
indexed = partRoles{}
|
||||
|
||||
if svc.index.index.empty() {
|
||||
if svc.index == nil || svc.index.index == nil || svc.index.index.empty() {
|
||||
return indexed, roles, nil
|
||||
}
|
||||
|
||||
@ -949,11 +955,13 @@ func (svc *Service) incCounterSync(roles partRoles, res Resource) {
|
||||
}
|
||||
|
||||
func (svc *Service) incCounterAsync(roles partRoles, res Resource) {
|
||||
if svc.usageCounter != nil && svc.usageCounter.incChan != nil {
|
||||
for _, rr := range roles {
|
||||
for r := range rr {
|
||||
svc.usageCounter.incChan <- fmt.Sprintf("%d:%s", r, res.RbacResource())
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (svc *Service) cleanupCounterSync(roles ...*Role) {
|
||||
@ -963,9 +971,11 @@ func (svc *Service) cleanupCounterSync(roles ...*Role) {
|
||||
}
|
||||
|
||||
func (svc *Service) cleanupCounterAsync(roles ...*Role) {
|
||||
if svc.usageCounter != nil && svc.usageCounter.rmChan != nil {
|
||||
for _, r := range roles {
|
||||
svc.usageCounter.rmChan <- r.id
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (svc *Service) updateWrapperIndex(ctx context.Context) (err error) {
|
||||
@ -1081,7 +1091,9 @@ func (svc *Service) logAccessSync(timing time.Duration) {
|
||||
}
|
||||
|
||||
func (svc *Service) logAccessAsync(timing time.Duration) {
|
||||
if svc.StatLogger != nil && svc.StatLogger.timingChan != nil {
|
||||
svc.StatLogger.timingChan <- timing
|
||||
}
|
||||
}
|
||||
|
||||
func (svc *Service) logCachePerformance(hits, misses partRoles, resource, op string) {
|
||||
@ -1124,7 +1136,7 @@ func (svc *Service) logCachePerformanceSync(hits, misses partRoles, resource, op
|
||||
|
||||
func (svc *Service) logCachePerformanceAsync(hits, misses partRoles, resource, op string) {
|
||||
// Hits
|
||||
{
|
||||
if svc.StatLogger != nil && svc.StatLogger.cacheHitChan != nil {
|
||||
rls := make([]uint64, 0, 4)
|
||||
|
||||
for _, rr := range hits {
|
||||
@ -1142,7 +1154,7 @@ func (svc *Service) logCachePerformanceAsync(hits, misses partRoles, resource, o
|
||||
}
|
||||
|
||||
// Misses
|
||||
{
|
||||
if svc.StatLogger != nil && svc.StatLogger.cacheMissChan != nil {
|
||||
rls := make([]uint64, 0, 4)
|
||||
|
||||
for _, rr := range misses {
|
||||
|
||||
@ -30,6 +30,10 @@ func (svc *wrapperIndex) add(role uint64, resource string, rules ...*Rule) {
|
||||
}
|
||||
|
||||
func (svc *wrapperIndex) get(role uint64, op string, res string) (out []*Rule) {
|
||||
if svc == nil {
|
||||
return
|
||||
}
|
||||
|
||||
svc.mux.RLock()
|
||||
defer svc.mux.RUnlock()
|
||||
|
||||
|
||||
@ -55,6 +55,8 @@ func TestUser_ProtectedSearch(t *testing.T) {
|
||||
CleanupInterval: time.Hour * 2,
|
||||
ReindexInterval: time.Hour * 2,
|
||||
IndexFlushInterval: time.Hour * 2,
|
||||
RuleStorage: s,
|
||||
RoleStorage: s,
|
||||
})
|
||||
)
|
||||
|
||||
|
||||
@ -160,7 +160,7 @@ func TestModuleList_filterForbidden(t *testing.T) {
|
||||
h.makeModule(ns, "module")
|
||||
f := h.makeModule(ns, "module_forbidden")
|
||||
|
||||
helpers.DenyMe(h, types.ModuleRbacResource(0, f.ID), "read")
|
||||
helpers.DenyMe(h, types.ModuleRbacResource(f.NamespaceID, f.ID), "read")
|
||||
|
||||
h.apiInit().
|
||||
Get(fmt.Sprintf("/namespace/%d/module/", ns.ID)).
|
||||
|
||||
@ -326,7 +326,7 @@ func TestRecordListForbiddenFields(t *testing.T) {
|
||||
|
||||
module := h.repoMakeRecordModuleWithFields("record testing module")
|
||||
helpers.AllowMe(h, module.RbacResource(), "records.create", "records.search")
|
||||
helpers.DenyMe(h, types.ModuleFieldRbacResource(0, 0, module.Fields[0].ID), "record.value.read")
|
||||
helpers.DenyMe(h, types.ModuleFieldRbacResource(module.NamespaceID, module.ID, module.Fields[0].ID), "record.value.read")
|
||||
|
||||
h.makeRecord(module, &types.RecordValue{Name: "name", Value: "v_name_0"}, &types.RecordValue{Name: "email", Value: "v_email_0"})
|
||||
h.makeRecord(module, &types.RecordValue{Name: "name", Value: "v_name_1"}, &types.RecordValue{Name: "email", Value: "v_email_1"})
|
||||
@ -657,9 +657,9 @@ func TestRecordUpdate_forbiddenFields(t *testing.T) {
|
||||
&types.RecordValue{Name: "f-b-t-n", Value: "1"}, // no-value
|
||||
&types.RecordValue{Name: "f-b-t-v", Value: "1"}, // value
|
||||
)
|
||||
helpers.AllowMe(h, types.RecordRbacResource(0, 0, record.ID), "update")
|
||||
helpers.AllowMe(h, types.RecordRbacResource(record.NamespaceID, record.ModuleID, record.ID), "update")
|
||||
helpers.AllowMe(h, module.Fields[0].RbacResource(), "record.value.update")
|
||||
helpers.DenyMe(h, types.ModuleFieldRbacResource(0, record.ModuleID, 0), "record.value.update")
|
||||
helpers.DenyMe(h, types.ModuleFieldRbacResource(record.NamespaceID, record.ModuleID, 0), "record.value.update")
|
||||
|
||||
h.apiInit().
|
||||
Post(fmt.Sprintf("/namespace/%d/module/%d/record/%d", module.NamespaceID, module.ID, record.ID)).
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user