134 lines
3.1 KiB
Go
134 lines
3.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"bytes"
|
|
"reflect"
|
|
"testing"
|
|
)
|
|
|
|
const validB64 = "AAAAC3NzaC1lZDI1NTE5AAAAICy1v/Sn0kGhu1LXzCsnx3wlk5ESdncS66JWo13yeJod"
|
|
|
|
func TestParse(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
file string
|
|
want map[string]*KeyPermission
|
|
}{
|
|
{
|
|
name: "two fields only defaults",
|
|
file: "ssh-ed25519 " + validB64 + "\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "default",
|
|
Endpoints: []string{"*"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "extra whitespace collapsed and default endpoints",
|
|
file: "ssh-ed25519 " + validB64 + " alice\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "alice",
|
|
Endpoints: []string{"*"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "four fields full",
|
|
file: "ssh-ed25519 " + validB64 + " bob /api/foo,/api/bar\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "bob",
|
|
Endpoints: []string{"/api/foo", "/api/bar"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "comment lines ignored and multiple entries",
|
|
file: "# header\n\nssh-ed25519 " + validB64 + " user1\nssh-ed25519 " + validB64 + " user2 /api/x\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "user1",
|
|
Endpoints: []string{"*"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "three entries variety",
|
|
file: "ssh-ed25519 " + validB64 + "\nssh-ed25519 " + validB64 + " alice /api/a,/api/b\nssh-ed25519 " + validB64 + " bob /api/c\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "alice",
|
|
Endpoints: []string{"*"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "two entries w/ wildcard",
|
|
file: "ssh-ed25519 " + validB64 + " alice /api/a\n* * * /api/b\n",
|
|
want: map[string]*KeyPermission{
|
|
validB64: &KeyPermission{
|
|
Name: "alice",
|
|
Endpoints: []string{"/api/a"},
|
|
},
|
|
"*": &KeyPermission{
|
|
Name: "default",
|
|
Endpoints: []string{"/api/b"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "tags for everyone",
|
|
file: "* * * /api/tags",
|
|
want: map[string]*KeyPermission{
|
|
"*": &KeyPermission{
|
|
Name: "default",
|
|
Endpoints: []string{"/api/tags"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "default name",
|
|
file: "* * somename",
|
|
want: map[string]*KeyPermission{
|
|
"*": &KeyPermission{
|
|
Name: "somename",
|
|
Endpoints: []string{"*"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "unsupported key type",
|
|
file: "ssh-rsa AAAAB3Nza...\n",
|
|
want: map[string]*KeyPermission{},
|
|
},
|
|
{
|
|
name: "bad base64",
|
|
file: "ssh-ed25519 invalid@@@\n",
|
|
want: map[string]*KeyPermission{},
|
|
},
|
|
{
|
|
name: "just an asterix",
|
|
file: "*\n",
|
|
want: map[string]*KeyPermission{},
|
|
},
|
|
}
|
|
|
|
for _, tc := range tests {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
perms := NewAPIPermissions()
|
|
err := perms.parse(bytes.NewBufferString(tc.file))
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if len(perms.permissions) != len(tc.want) {
|
|
t.Fatalf("got %d entries, want %d", len(perms.permissions), len(tc.want))
|
|
}
|
|
if !reflect.DeepEqual(perms.permissions, tc.want) {
|
|
t.Errorf("got %+v, want %+v", perms.permissions, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|