graphvent/acl_test.go

package graphvent

import (
  "testing"
  "time"
  "reflect"
  "runtime/debug"
)

func checkSignal[S Signal](t *testing.T, signal Signal, check func(S)){
  response_casted, cast_ok := signal.(S)
  if cast_ok == false {
    error_signal, is_error := signal.(*ErrorSignal)
    if is_error {
      t.Log(string(debug.Stack()))
      t.Fatal(error_signal.Error)
    }
    t.Fatalf("Response of wrong type %s", reflect.TypeOf(signal))
  }

  check(response_casted)
}

func testSendACL[S Signal](t *testing.T, ctx *Context, listener *Node, action Tree, policies []Policy, check func(S)){
  acl_node, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt(policies))
  fatalErr(t, err)

  acl_signal := NewACLSignal(listener.ID, action)
  response, _ := testSend(t, ctx, acl_signal, listener, acl_node)

  checkSignal(t, response, check)
}

func testErrorSignal(t *testing.T, error_string string) func(*ErrorSignal){
  return func(response *ErrorSignal) {
    if response.Error != error_string {
      t.Fatalf("Wrong error: %s", response.Error)
    }
  }
}

func testSuccess(*SuccessSignal){}

func testSend(t *testing.T, ctx *Context, signal Signal, source, destination *Node) (ResponseSignal, []Signal) {
  source_listener, err := GetExt[*ListenerExt](source, ListenerExtType)
  fatalErr(t, err)

  messages := Messages{}
  messages = messages.Add(ctx, destination.ID, source, nil, signal)
  fatalErr(t, ctx.Send(messages))

  response, signals, err := WaitForResponse(source_listener.Chan, time.Millisecond*10, signal.ID())
  fatalErr(t, err)

  return response, signals
}

func TestACLBasic(t *testing.T) {
  ctx := logTestContext(t, []string{"serialize_types", "deserialize_types", "test", "listener_debug", "group", "acl", "policy"})

  listener, err := NewNode(ctx, nil, BaseNodeType, 100, nil, NewListenerExt(100))
  fatalErr(t, err)

  testSendACL(t, ctx, listener, nil, nil, testErrorSignal(t, "acl_denied"))

  testSendACL(t, ctx, listener, nil, []Policy{NewAllNodesPolicy(nil)}, testSuccess)

  group, err := NewNode(ctx, nil, GroupNodeType, 100, []Policy{
    DefaultGroupPolicy,
    NewPerNodePolicy(map[NodeID]Tree{
      listener.ID: {
        SerializedType(AddMemberSignalType): nil,
        SerializedType(AddSubGroupSignalType): nil,
      },
    }),
  }, NewGroupExt(nil))
  fatalErr(t, err)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewMemberOfPolicy(map[NodeID]map[string]Tree{
      group.ID: {
        "test_group": nil,
      },
    }),
  }, testErrorSignal(t, "acl_denied"))

  add_subgroup_signal := NewAddSubGroupSignal("test_group")
  add_subgroup_response, _ := testSend(t, ctx, add_subgroup_signal, listener, group)
  checkSignal(t, add_subgroup_response, testSuccess)

  add_member_signal := NewAddMemberSignal("test_group", listener.ID)
  add_member_response, _ := testSend(t, ctx, add_member_signal, listener, group)
  checkSignal(t, add_member_response, testSuccess)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewMemberOfPolicy(map[NodeID]map[string]Tree{
      group.ID: {
        "test_group": nil,
      },
    }),
  }, testSuccess)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewACLProxyPolicy(nil),
  }, testErrorSignal(t, "acl_denied"))

  acl_proxy_1, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt(nil))
  fatalErr(t, err)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewACLProxyPolicy([]NodeID{acl_proxy_1.ID}),
  }, testErrorSignal(t, "acl_denied"))

  acl_proxy_2, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt([]Policy{NewAllNodesPolicy(nil)}))
  fatalErr(t, err)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewACLProxyPolicy([]NodeID{acl_proxy_2.ID}),
  }, testSuccess)

  acl_proxy_3, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy},
    NewACLExt([]Policy{
      NewMemberOfPolicy(map[NodeID]map[string]Tree{
        group.ID: {
          "test_group": nil,
        },
      }),
    }),
  )
  fatalErr(t, err)

  testSendACL(t, ctx, listener, nil, []Policy{
    NewACLProxyPolicy([]NodeID{acl_proxy_3.ID}),
  }, testSuccess)
}
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`package graphvent`

			`import (`
			`"testing"`
			`"time"`
			`"reflect"`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`"runtime/debug"`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`)`

			`func checkSignal[S Signal](t *testing.T, signal Signal, check func(S)){`
			`response_casted, cast_ok := signal.(S)`
			`if cast_ok == false {`
			`error_signal, is_error := signal.(*ErrorSignal)`
			`if is_error {`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`t.Log(string(debug.Stack()))`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`t.Fatal(error_signal.Error)`
			`}`
			`t.Fatalf("Response of wrong type %s", reflect.TypeOf(signal))`
			`}`

			`check(response_casted)`
			`}`

			`func testSendACL[S Signal](t testing.T, ctx Context, listener *Node, action Tree, policies []Policy, check func(S)){`
			`acl_node, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt(policies))`
			`fatalErr(t, err)`

			`acl_signal := NewACLSignal(listener.ID, action)`
Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`response, _ := testSend(t, ctx, acl_signal, listener, acl_node)`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00
			`checkSignal(t, response, check)`
			`}`

			`func testErrorSignal(t testing.T, error_string string) func(ErrorSignal){`
			`return func(response *ErrorSignal) {`
			`if response.Error != error_string {`
			`t.Fatalf("Wrong error: %s", response.Error)`
			`}`
			`}`
			`}`

			`func testSuccess(*SuccessSignal){}`

Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`func testSend(t testing.T, ctx Context, signal Signal, source, destination *Node) (ResponseSignal, []Signal) {`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`source_listener, err := GetExt[*ListenerExt](source, ListenerExtType)`
			`fatalErr(t, err)`

			`messages := Messages{}`
Added Authorization to not pass node private keys 2023-10-14 15:05:23 -06:00			`messages = messages.Add(ctx, destination.ID, source, nil, signal)`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`fatalErr(t, ctx.Send(messages))`

Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`response, signals, err := WaitForResponse(source_listener.Chan, time.Millisecond*10, signal.ID())`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`fatalErr(t, err)`

Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`return response, signals`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`}`

			`func TestACLBasic(t *testing.T) {`
Reworked serialization to split type/value serilization/deserialization 2023-10-29 18:26:14 -06:00			`ctx := logTestContext(t, []string{"serialize_types", "deserialize_types", "test", "listener_debug", "group", "acl", "policy"})`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00
			`listener, err := NewNode(ctx, nil, BaseNodeType, 100, nil, NewListenerExt(100))`
			`fatalErr(t, err)`

			`testSendACL(t, ctx, listener, nil, nil, testErrorSignal(t, "acl_denied"))`

			`testSendACL(t, ctx, listener, nil, []Policy{NewAllNodesPolicy(nil)}, testSuccess)`

			`group, err := NewNode(ctx, nil, GroupNodeType, 100, []Policy{`
			`DefaultGroupPolicy,`
			`NewPerNodePolicy(map[NodeID]Tree{`
			`listener.ID: {`
			`SerializedType(AddMemberSignalType): nil,`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`SerializedType(AddSubGroupSignalType): nil,`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`},`
			`}),`
			`}, NewGroupExt(nil))`
			`fatalErr(t, err)`

			`testSendACL(t, ctx, listener, nil, []Policy{`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`NewMemberOfPolicy(map[NodeID]map[string]Tree{`
			`group.ID: {`
			`"test_group": nil,`
			`},`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`}),`
			`}, testErrorSignal(t, "acl_denied"))`

Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`add_subgroup_signal := NewAddSubGroupSignal("test_group")`
Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`add_subgroup_response, _ := testSend(t, ctx, add_subgroup_signal, listener, group)`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`checkSignal(t, add_subgroup_response, testSuccess)`

			`add_member_signal := NewAddMemberSignal("test_group", listener.ID)`
Added TestEventExt and TestEvent, added return of queued signals to WaitForResponse 2023-10-30 19:40:30 -06:00			`add_member_response, _ := testSend(t, ctx, add_member_signal, listener, group)`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`checkSignal(t, add_member_response, testSuccess)`

			`testSendACL(t, ctx, listener, nil, []Policy{`
Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`NewMemberOfPolicy(map[NodeID]map[string]Tree{`
			`group.ID: {`
			`"test_group": nil,`
			`},`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`}),`
			`}, testSuccess)`
Added ACLProxyPolicy 2023-10-13 13:45:30 -06:00
			`testSendACL(t, ctx, listener, nil, []Policy{`
			`NewACLProxyPolicy(nil),`
			`}, testErrorSignal(t, "acl_denied"))`

			`acl_proxy_1, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt(nil))`
			`fatalErr(t, err)`

			`testSendACL(t, ctx, listener, nil, []Policy{`
			`NewACLProxyPolicy([]NodeID{acl_proxy_1.ID}),`
			`}, testErrorSignal(t, "acl_denied"))`

			`acl_proxy_2, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy}, NewACLExt([]Policy{NewAllNodesPolicy(nil)}))`
			`fatalErr(t, err)`

			`testSendACL(t, ctx, listener, nil, []Policy{`
			`NewACLProxyPolicy([]NodeID{acl_proxy_2.ID}),`
			`}, testSuccess)`

Moved groups to use SubGroups instead so one node can support many sub_groups(admin, ref, user, etc.) to reduce signals sent 2023-10-15 15:14:33 -06:00			`acl_proxy_3, err := NewNode(ctx, nil, BaseNodeType, 100, []Policy{DefaultACLPolicy},`
			`NewACLExt([]Policy{`
			`NewMemberOfPolicy(map[NodeID]map[string]Tree{`
			`group.ID: {`
			`"test_group": nil,`
			`},`
			`}),`
			`}),`
			`)`
Added ACLProxyPolicy 2023-10-13 13:45:30 -06:00			`fatalErr(t, err)`

			`testSendACL(t, ctx, listener, nil, []Policy{`
			`NewACLProxyPolicy([]NodeID{acl_proxy_3.ID}),`
			`}, testSuccess)`
Added ACLExt and tests 2023-10-13 00:32:24 -06:00			`}`