1package deb 2 3import ( 4 "github.com/aptly-dev/aptly/pgp" 5 . "gopkg.in/check.v1" 6) 7 8type UploadersSuite struct { 9} 10 11var _ = Suite(&UploadersSuite{}) 12 13func (s *UploadersSuite) TestExpandGroups(c *C) { 14 u := &Uploaders{ 15 Groups: map[string][]string{ 16 "group1": {"key1", "group2"}, 17 "group2": {"key1", "key2", "key3", "group3"}, 18 "group3": {}, 19 "group4": {"key1", "group5"}, 20 "group6": {"key1", "group8"}, 21 "group7": {"key2", "group6"}, 22 "group8": {"group7"}, 23 }, 24 } 25 26 c.Check(u.ExpandGroups([]string{"group1"}), DeepEquals, []string{"key1", "key2", "key3"}) 27 c.Check(u.ExpandGroups([]string{"group2"}), DeepEquals, []string{"key1", "key2", "key3"}) 28 c.Check(u.ExpandGroups([]string{"group3"}), DeepEquals, []string{}) 29 c.Check(u.ExpandGroups([]string{"group4"}), DeepEquals, []string{"key1", "group5"}) 30 c.Check(u.ExpandGroups([]string{"group6"}), DeepEquals, []string{"key1", "key2"}) 31 c.Check(u.ExpandGroups([]string{"group7"}), DeepEquals, []string{"key2", "key1"}) 32 c.Check(u.ExpandGroups([]string{"group8"}), DeepEquals, []string{"key2", "key1"}) 33} 34 35func (s *UploadersSuite) TestIsAllowed(c *C) { 36 u := &Uploaders{ 37 Groups: map[string][]string{ 38 "group1": {"37E1C17570096AD1", "EC4B033C70096AD1"}, 39 }, 40 Rules: []UploadersRule{ 41 { 42 CompiledCondition: &FieldQuery{Field: "Source", Relation: VersionEqual, Value: "calamares"}, 43 Allow: []string{"*"}, 44 }, 45 { 46 CompiledCondition: &FieldQuery{Field: "Source", Relation: VersionEqual, Value: "never-calamares"}, 47 Deny: []string{"*"}, 48 }, 49 { 50 CompiledCondition: &FieldQuery{Field: "Source", Relation: VersionEqual, Value: "some-calamares"}, 51 Allow: []string{"group1", "12345678"}, 52 }, 53 { 54 CompiledCondition: &FieldQuery{Field: "Source", Relation: VersionEqual, Value: "some-calamares"}, 55 Deny: []string{"45678901", "12345678"}, 56 }, 57 }, 58 } 59 60 // no keys - not allowed 61 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{}, Stanza: Stanza{"Source": "calamares"}}), ErrorMatches, "denied as no rule matches") 62 63 // no rule - not allowed 64 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"37E1C17570096AD1", "EC4B033C70096AD1"}, Stanza: Stanza{"Source": "unknown-calamares"}}), ErrorMatches, "denied as no rule matches") 65 66 // first rule: allow anyone do stuff with calamares 67 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "calamares"}}), IsNil) 68 69 // second rule: nobody is allowed to do stuff with never-calamares 70 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "never-calamares"}}), 71 ErrorMatches, "denied according to rule: {\"condition\":\"\",\"allow\":null,\"deny\":\\[\"\\*\"\\]}") 72 73 // third rule: anyone from the group or explicit key 74 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"45678901", "12345678"}, Stanza: Stanza{"Source": "some-calamares"}}), IsNil) 75 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"37E1C17570096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), IsNil) 76 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"70096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), IsNil) 77 78 // fourth rule: some are not allowed 79 c.Check(u.IsAllowed(&Changes{SignatureKeys: []pgp.Key{"ABCD1234", "45678901"}, Stanza: Stanza{"Source": "some-calamares"}}), 80 ErrorMatches, "denied according to rule: {\"condition\":\"\",\"allow\":null,\"deny\":\\[\"45678901\",\"12345678\"\\]}") 81} 82