Mainflux.mainflux/auth/keto/policies_test.go

package keto

import (
	"fmt"
	"testing"

	"github.com/mainflux/mainflux/auth"
	acl "github.com/ory/keto/proto/ory/keto/acl/v1alpha1"
	"github.com/stretchr/testify/assert"
)

func TestIsSubjectSet(t *testing.T) {
	cases := []struct {
		desc       string
		subjectSet string
		result     bool
	}{
		{
			desc:       "check valid subject set",
			subjectSet: "namespace:object#relation",
			result:     true,
		},
		{
			desc:       "check invalid subject set, missing namespace field",
			subjectSet: ":object#relation",
			result:     false,
		},
		{
			desc:       "check invalid subject set, missing object field",
			subjectSet: "namespace:#relation",
			result:     false,
		},
		{
			desc:       "check invalid subject set, missing relation field",
			subjectSet: "namespace:object#",
			result:     false,
		},
		{
			desc:       "check invalid subject set, empty subject set",
			subjectSet: ":#",
			result:     false,
		},
		{
			desc:       "check invalid subject set, missing subject set identifier",
			subjectSet: "namespace:#relation",
			result:     false,
		},
		{
			desc:       "check invalid subject set, missing object field",
			subjectSet: "namespace:object",
			result:     false,
		},
		{
			desc:       "check invalid subject set, unexpected object field",
			subjectSet: "namespace:object@relation",
			result:     false,
		},
	}

	for _, tc := range cases {
		iss := isSubjectSet(tc.subjectSet)
		assert.Equal(t, iss, tc.result, fmt.Sprintf("%s expected to be %v, got %v\n", tc.desc, tc.result, iss))
	}

}

func TestGetSubject(t *testing.T) {
	p1 := auth.PolicyReq{Subject: "subject", Object: "object", Relation: "relation"}
	s1 := getSubject(p1)
	ref1 := s1.GetRef()
	_, ok := ref1.(*acl.Subject_Id)
	assert.True(t, ok, fmt.Errorf("subject reference of %#v is expected to be (*acl.Subject_Id), got %T", p1, ref1))

	p2 := auth.PolicyReq{Subject: "members:group#access", Object: "object", Relation: "relation"}
	s2 := getSubject(p2)
	ref2 := s2.GetRef()
	_, ok = ref2.(*acl.Subject_Set)
	assert.True(t, ok, fmt.Errorf("subject reference of %#v is expected to be (*acl.Subject_Set), got %T", p2, ref2))
}
MF-1443 - Add policies (#1482) * MF-1443 - add policies Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * fix users create Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * MF-1454 - Add Policies for sharing a Thing (#1463) * MF-1454 - Add policies for sharing a Thing Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Add a test case for sharing thing and update mock of AddPolicy Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Update ShareThing parameter naming Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * MF-1454 - Policy Removal (#1466) * Add DeletePolicy gRPC endpoint in auth package Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Update default admin creation Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add policy addition endpoint (#1479) * NOISSUE - Add policy addition endpoint Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Update name of the method Signed-off-by: Burak Sekili <buraksekili@gmail.com> remove build tag Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add tests for AddPolicies (#1480) * NOISSUE - Add tests for adding policy and update authz check Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Add more tests and update request body validation Signed-off-by: Burak Sekili <buraksekili@gmail.com> * Update test case structure and utilize mock prefix for test ids Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * MF-1454 - Add initial policies for Group access control (#1467) Signed-off-by: Burak Sekili <buraksekili@gmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Resolve PR comments Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Co-authored-by: Author: Burak Sekili <buraksekili@gmail.com> 2021-10-27 00:38:28 +02:00			`package keto`

			`import (`
			`"fmt"`
			`"testing"`

			`"github.com/mainflux/mainflux/auth"`
			`acl "github.com/ory/keto/proto/ory/keto/acl/v1alpha1"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestIsSubjectSet(t *testing.T) {`
			`cases := []struct {`
			`desc string`
			`subjectSet string`
			`result bool`
			`}{`
			`{`
			`desc: "check valid subject set",`
			`subjectSet: "namespace:object#relation",`
			`result: true,`
			`},`
			`{`
			`desc: "check invalid subject set, missing namespace field",`
			`subjectSet: ":object#relation",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, missing object field",`
			`subjectSet: "namespace:#relation",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, missing relation field",`
			`subjectSet: "namespace:object#",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, empty subject set",`
			`subjectSet: ":#",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, missing subject set identifier",`
			`subjectSet: "namespace:#relation",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, missing object field",`
			`subjectSet: "namespace:object",`
			`result: false,`
			`},`
			`{`
			`desc: "check invalid subject set, unexpected object field",`
			`subjectSet: "namespace:object@relation",`
			`result: false,`
			`},`
			`}`

			`for _, tc := range cases {`
			`iss := isSubjectSet(tc.subjectSet)`
			`assert.Equal(t, iss, tc.result, fmt.Sprintf("%s expected to be %v, got %v\n", tc.desc, tc.result, iss))`
			`}`

			`}`

			`func TestGetSubject(t *testing.T) {`
			`p1 := auth.PolicyReq{Subject: "subject", Object: "object", Relation: "relation"}`
			`s1 := getSubject(p1)`
			`ref1 := s1.GetRef()`
			`_, ok := ref1.(*acl.Subject_Id)`
			`assert.True(t, ok, fmt.Errorf("subject reference of %#v is expected to be (*acl.Subject_Id), got %T", p1, ref1))`

			`p2 := auth.PolicyReq{Subject: "members:group#access", Object: "object", Relation: "relation"}`
			`s2 := getSubject(p2)`
			`ref2 := s2.GetRef()`
			`_, ok = ref2.(*acl.Subject_Set)`
			`assert.True(t, ok, fmt.Errorf("subject reference of %#v is expected to be (*acl.Subject_Set), got %T", p2, ref2))`
			`}`