Skip to content

Commit

Permalink
Add iam::policy::policy test(for Cow)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dean-leung @ridewindx
dean-leung authored and ridewindx committed Sep 16, 2021
1 parent 7623776 commit 9a56f29
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 42 deletions.
22 changes: 9 additions & 13 deletions src/iam/policy/action.rs
View file
Expand Up @@ -462,11 +462,7 @@ impl<'de, 'a> Deserialize<'de> for Action<'a> {
where
E: de::Error,
{
SUPPORTED_ACTIONS
.iter()
.find(|&a| a.0 == v)
.cloned()
.ok_or(E::custom(format!("invalid action '{}'", v)))
Ok(Action(Cow::Owned(v.to_owned())))
}
}

Expand Down Expand Up @@ -592,12 +588,7 @@ impl<'de, 'a> Deserialize<'de> for ActionSet<'a> {
where
E: de::Error,
{
let action = SUPPORTED_ACTIONS
.iter()
.find(|&a| a.0 == v)
.cloned()
.ok_or(E::custom(format!("invalid action '{}'", v)))?;
Ok(ActionSet(HashSet::from([action])))
Ok(ActionSet(HashSet::from([Action(Cow::Owned(v.to_owned()))])))
}

fn visit_seq<A>(self, mut seq: A) -> Result<Self::Value, A::Error>
Expand Down Expand Up @@ -818,8 +809,13 @@ mod tests {
false,
),
(r#"[]"#, iam_actionset!(), true, false),
(r#""foo""#, iam_actionset!(), true, false),
(r#"["s3:PutObject", "foo"]"#, iam_actionset!(), true, false),
(r#""foo""#, iam_actionset!(Action::from("foo")), false, true),
(
r#"["s3:PutObject", "foo"]"#,
iam_actionset!(PUT_OBJECT_ACTION, Action::from("foo")),
false,
true,
),
];

for (data, expected_result, expect_deserialize_err, expect_validate_err) in cases {
Expand Down
53 changes: 24 additions & 29 deletions src/iam/policy/policy.rs
View file
Expand Up @@ -117,7 +117,7 @@ impl<'a, 'b> Policy<'a, 'b> {
}

// Validates all statements are for given bucket or not.
pub fn validate(&self, bucket_name: &str) -> anyhow::Result<()> {
pub fn validate(&self) -> anyhow::Result<()> {
self.is_valid()
}

Expand Down Expand Up @@ -255,7 +255,7 @@ mod tests {
use crate::bucket::policy::{ALLOW, DENY};
use crate::iam_actionset;
use crate::utils::assert::*;
use crate::utils::{self, DateTime};
use crate::utils::{self, DateTime, DateTimeFormatExt};

#[test]
fn test_get_policies_from_claims() {
Expand Down Expand Up @@ -361,7 +361,7 @@ mod tests {
let anon_get_bucket_location_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: GET_BUCKET_LOCATION_ACTION,
action: Action::from(GET_BUCKET_LOCATION_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::default(),
is_owner: false,
Expand All @@ -373,7 +373,7 @@ mod tests {
let anon_put_object_action_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: PUT_OBJECT_ACTION,
action: Action::from(PUT_OBJECT_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::from([
(
Expand All @@ -391,7 +391,7 @@ mod tests {
let anon_get_object_action_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::default(),
is_owner: false,
Expand All @@ -403,7 +403,7 @@ mod tests {
let get_bucket_location_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: GET_BUCKET_LOCATION_ACTION,
action: Action::from(GET_BUCKET_LOCATION_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::default(),
is_owner: false,
Expand All @@ -415,7 +415,7 @@ mod tests {
let put_object_action_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: PUT_OBJECT_ACTION,
action: Action::from(PUT_OBJECT_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::from([
(
Expand All @@ -433,7 +433,7 @@ mod tests {
let get_object_action_args = Args {
account_name: "Q3AM3UQ867SPQQA43P2F".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "mybucket".to_string(),
condition_values: HashMap::default(),
is_owner: false,
Expand Down Expand Up @@ -885,7 +885,7 @@ mod tests {
Args {
account_name: "allowed".to_string(),
groups: vec![],
action: CREATE_BUCKET_ACTION,
action: Action::from(CREATE_BUCKET_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"LocationConstraint".to_string(),
Expand All @@ -903,7 +903,7 @@ mod tests {
Args {
account_name: "disallowed".to_string(),
groups: vec![],
action: CREATE_BUCKET_ACTION,
action: Action::from(CREATE_BUCKET_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"LocationConstraint".to_string(),
Expand All @@ -921,7 +921,7 @@ mod tests {
Args {
account_name: "allowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"versionid".to_string(),
Expand All @@ -939,7 +939,7 @@ mod tests {
Args {
account_name: "disallowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"versionid".to_string(),
Expand All @@ -957,7 +957,7 @@ mod tests {
Args {
account_name: "allowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"versionid".to_string(),
Expand All @@ -975,7 +975,7 @@ mod tests {
Args {
account_name: "disallowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"versionid".to_string(),
Expand All @@ -993,7 +993,7 @@ mod tests {
Args {
account_name: "allowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"versionid".to_string(),
Expand All @@ -1011,11 +1011,11 @@ mod tests {
Args {
account_name: "allowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"CurrentTime".to_string(),
vec![utils::now().to_rfc3339()],
vec![utils::now().rfc3339()],
)]),
is_owner: false,
object_name: "HappyFace.jpg".to_string(),
Expand All @@ -1029,11 +1029,11 @@ mod tests {
Args {
account_name: "disallowed".to_string(),
groups: vec![],
action: GET_OBJECT_ACTION,
action: Action::from(GET_OBJECT_ACTION),
bucket_name: "test".to_string(),
condition_values: HashMap::from([(
"CurrentTime".to_string(),
vec![utils::now().to_rfc3339()],
vec![utils::now().rfc3339()],
)]),
is_owner: false,
object_name: "HappyFace.jpg".to_string(),
Expand All @@ -1046,8 +1046,7 @@ mod tests {
for (data, allowed, args) in cases {
let policy = assert_ok!(serde_json::from_str::<Policy>(data));

// TODO: Validate of Policy need one param
assert_ok!(policy.is_valid());
assert_ok!(policy.validate());

let result = policy.is_allowed(&args);
assert_eq!(result, allowed);
Expand Down Expand Up @@ -1493,11 +1492,9 @@ mod tests {
assert!(result == expected_result);

if !expect_validation_err {
// TODO
assert_ok!(result.is_valid());
assert_ok!(result.validate());
} else {
// TODO
assert_err!(result.is_valid());
assert_err!(result.validate());
}
}
}
Expand Down Expand Up @@ -1565,11 +1562,9 @@ mod tests {

for (policy, expect_err) in cases {
if !expect_err {
// TODO
assert_ok!(policy.is_valid());
assert_ok!(policy.validate());
} else {
// TODO
assert_err!(policy.is_valid());
assert_err!(policy.validate());
}
}

Expand Down

0 comments on commit 9a56f29

Please sign in to comment.