apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56537 Commits
2296 Branches
613 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: de1df2f4e9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'de1df2f4e9'
${ noResults }
grafana/pkg/services/accesscontrol/permreg/permreg_test.go

281 lines
6.5 KiB
Raw Blame History

package permreg
import (
"testing"
"github.com/stretchr/testify/require"
)
func Test_permissionRegistry_RegisterPluginScope(t *testing.T) {
tests := []struct {
scope string
wantKind string
wantScope string
}{
{
scope: "folders:uid:AABBCC",
wantKind: "folders",
wantScope: "folders:uid:",
},
{
scope: "plugins:id:test-app",
wantKind: "plugins",
wantScope: "plugins:id:",
},
{
scope: "resource:uid:res",
wantKind: "resource",
wantScope: "resource:uid:",
},
{
scope: "resource:*",
wantKind: "resource",
wantScope: "resource:",
},
}
for _, tt := range tests {
t.Run(tt.scope, func(t *testing.T) {
pr := newPermissionRegistry()
pr.RegisterPluginScope(tt.scope)
got, ok := pr.kindScopePrefix[tt.wantKind]
require.True(t, ok)
require.Equal(t, tt.wantScope, got)
})
}
}
func Test_permissionRegistry_RegisterPermission(t *testing.T) {
tests := []struct {
name string
action string
scope string
wantKind string
wantPrefixSet PrefixSet
wantErr bool
}{
{
name: "register folders read",
action: "folders:read",
scope: "folders:*",
wantKind: "folders",
wantPrefixSet: PrefixSet{"folders:uid:": true},
},
{
name: "register app plugin settings read",
action: "test-app.settings:read",
wantKind: "settings",
wantPrefixSet: PrefixSet{},
},
{
name: "register an action on an unknown kind",
action: "unknown:action",
scope: "unknown:uid:*",
wantErr: true,
},
{
name: "register an action that is already registered",
action: "already:registered",
scope: "already:uid:*",
wantPrefixSet: PrefixSet{"already:uid:": true},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
pr := newPermissionRegistry()
// Pretend that an action is registered
pr.actionScopePrefixes["already:registered"] = PrefixSet{"already:uid:": true}
err := pr.RegisterPermission(tt.action, tt.scope)
if tt.wantErr {
require.Error(t, err)
return
}
got, ok := pr.actionScopePrefixes[tt.action]
require.True(t, ok)
for k, v := range got {
require.Equal(t, v, tt.wantPrefixSet[k])
}
})
}
}
func Test_permissionRegistry_IsPermissionValid(t *testing.T) {
pr := newPermissionRegistry()
err := pr.RegisterPermission("folders:read", "folders:*")
require.NoError(t, err)
err = pr.RegisterPermission("dashboards:read", "dashboards:*")
require.NoError(t, err)
err = pr.RegisterPermission("dashboards:read", "folders:*")
require.NoError(t, err)
err = pr.RegisterPermission("test-app.settings:read", "")
require.NoError(t, err)
tests := []struct {
name string
action string
scope string
wantErr bool
}{
{
name: "valid folders read",
action: "folders:read",
scope: "folders:uid:AABBCC",
wantErr: false,
},
{
name: "valid folders read with wildcard",
action: "folders:read",
scope: "folders:uid:*",
wantErr: false,
},
{
name: "valid folders read with kind level wildcard",
action: "folders:read",
scope: "folders:*",
wantErr: false,
},
{
name: "valid dashboards read with dashboard scope",
action: "dashboards:read",
scope: "dashboards:uid:my_team_dash",
wantErr: false,
},
{
name: "valid dashboards read with folder scope",
action: "dashboards:read",
scope: "folders:uid:my_team_folder",
wantErr: false,
},
{
name: "valid folders read with super wildcard",
action: "folders:read",
scope: "*",
wantErr: false,
},
{
name: "invalid folders read with wrong kind",
action: "folders:read",
scope: "unknown:uid:AABBCC",
wantErr: true,
},
{
name: "invalid folders read with wrong attribute",
action: "folders:read",
scope: "folders:id:3",
wantErr: true,
},
{
name: "valid app plugin settings read",
action: "test-app.settings:read",
scope: "",
wantErr: false,
},
{
name: "app plugin settings read with a scope",
action: "test-app.settings:read",
scope: "folders:uid:*",
wantErr: true,
},
{
name: "unknown action",
action: "unknown:write",
scope: "",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := pr.IsPermissionValid(tt.action, tt.scope)
if tt.wantErr {
require.Error(t, err)
return
}
require.NoError(t, err)
})
}
}
func Test_permissionRegistry_GetScopePrefixes(t *testing.T) {
pr := newPermissionRegistry()
err := pr.RegisterPermission("folders:read", "folders:uid:")
require.NoError(t, err)
err = pr.RegisterPermission("test-app.settings:read", "")
require.NoError(t, err)
tests := []struct {
name string
action string
want PrefixSet
shouldExist bool
}{
{
name: "get folders read scope prefixes",
action: "folders:read",
want: PrefixSet{"folders:uid:": true},
shouldExist: true,
},
{
name: "get app plugin settings read scope prefixes",
action: "test-app.settings:read",
want: PrefixSet{},
shouldExist: true,
},
{
name: "get unknown action scope prefixes",
action: "unknown:write",
want: PrefixSet{},
shouldExist: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, got1 := pr.GetScopePrefixes(tt.action)
if !tt.shouldExist {
require.False(t, got1)
return
}
require.True(t, got1)
require.Len(t, tt.want, len(got))
for k, v := range got {
require.Equal(t, v, tt.want[k])
}
})
}
}
func Test_generateValidScopeFormats(t *testing.T) {
tests := []struct {
name string
prefixSet PrefixSet
want []string
}{
{
name: "empty prefix set",
prefixSet: PrefixSet{},
want: []string{},
},
{
name: "short prefix",
prefixSet: PrefixSet{"folders:": true},
want: []string{"*", "folders:*"},
},
{
name: "single prefix",
prefixSet: PrefixSet{"folders:uid:": true},
want: []string{"*", "folders:*", "folders:uid:*"},
},
{
name: "multiple prefixes",
prefixSet: PrefixSet{"folders:uid:": true, "dashboards:uid:": true},
want: []string{"*", "folders:*", "folders:uid:*", "dashboards:*", "dashboards:uid:*"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := generateValidScopeFormats(tt.prefixSet)
require.ElementsMatch(t, tt.want, got)
})
}
}