aboutsummaryrefslogtreecommitdiffstats
path: root/library/go/yandex/tvm/roles_parser_test.go
blob: 2b27100ff0d6ddd049d34ee9f17138b668916626 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

package tvm

import (
	"testing"
	"time"

	"github.com/stretchr/testify/require"
)

func TestRolesUserTicketCheckScopes(t *testing.T) {
	type TestCase struct {
		buf   string
		roles Roles
		err   string
	}

	cases := []TestCase{
		{
			buf: `{"revision":100500}`,
			err: "failed to parse roles: invalid json",
		},
		{
			buf: `{"born_date":1612791978.42}`,
			err: "failed to parse roles: invalid json",
		},
		{
			buf: `{"tvm":{"asd":{}}}`,
			err: "failed to parse roles: invalid tvmid 'asd'",
		},
		{
			buf: `{"user":{"asd":{}}}`,
			err: "failed to parse roles: invalid UID 'asd'",
		},
		{
			buf: `{"tvm":{"1120000000000493":{}}}`,
			err: "failed to parse roles: invalid tvmid '1120000000000493'",
		},
		{
			buf: `{"revision":"GYYDEMJUGBQWC","born_date":1612791978,"tvm":{"2012192":{"/group/system/system_on/abc/role/impersonator/":[{"scope":"/"}],"/group/system/system_on/abc/role/tree_edit/":[{"scope":"/"}]}},"user":{"1120000000000493":{"/group/system/system_on/abc/role/roles_manage/":[{"scope":"/services/meta_infra/tools/jobjira/"},{"scope":"/services/meta_edu/infrastructure/"}]}}}`,
			roles: Roles{
				tvmRoles: map[ClientID]*ConsumerRoles{
					ClientID(2012192): {
						roles: EntitiesByRoles{
							"/group/system/system_on/abc/role/impersonator/": {},
							"/group/system/system_on/abc/role/tree_edit/":    {},
						},
					},
				},
				userRoles: map[UID]*ConsumerRoles{
					UID(1120000000000493): {
						roles: EntitiesByRoles{
							"/group/system/system_on/abc/role/roles_manage/": {},
						},
					},
				},
				raw: []byte(`{"revision":"GYYDEMJUGBQWC","born_date":1612791978,"tvm":{"2012192":{"/group/system/system_on/abc/role/impersonator/":[{"scope":"/"}],"/group/system/system_on/abc/role/tree_edit/":[{"scope":"/"}]}},"user":{"1120000000000493":{"/group/system/system_on/abc/role/roles_manage/":[{"scope":"/services/meta_infra/tools/jobjira/"},{"scope":"/services/meta_edu/infrastructure/"}]}}}`),
				meta: Meta{
					Revision: "GYYDEMJUGBQWC",
					BornTime: time.Unix(1612791978, 0),
				},
			},
		},
	}

	for idx, c := range cases {
		r, err := NewRoles([]byte(c.buf))
		if c.err == "" {
			require.NoError(t, err, idx)

			r.meta.Applied = time.Time{}
			for _, roles := range r.tvmRoles {
				for _, v := range roles.roles {
					v.subtree = subTree{}
				}
			}
			for _, roles := range r.userRoles {
				for _, v := range roles.roles {
					v.subtree = subTree{}
				}
			}

			require.Equal(t, c.roles, *r, idx)
		} else {
			require.Error(t, err, idx)
			require.Contains(t, err.Error(), c.err, idx)
		}
	}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-23 19:35:23 +0000