security/access/caveat_test.go - release.go.v23 - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package access_test

 import (
 	"testing"

 	"v.io/v23/context"
 	"v.io/v23/security"
 	"v.io/v23/security/access"
 	"v.io/v23/vdl"
 )

 func TestAccessTagCaveat(t *testing.T) {
 	var (
 		server     = newPrincipal(t)
 		bserver, _ = server.BlessSelf("server")
 		caveat, _  = access.NewAccessTagCaveat(access.Debug, access.Resolve)
 		bclient, _ = server.Bless(newPrincipal(t).PublicKey(), bserver, "debugger", caveat)
 		tests      = []struct {
 			MethodTags []*vdl.Value
 			OK         bool
 		}{
 			{nil, false},
 			{[]*vdl.Value{vdl.ValueOf(access.Debug)}, true},
 			{[]*vdl.Value{vdl.ValueOf(access.Resolve)}, true},
 			{[]*vdl.Value{vdl.ValueOf(access.Read), vdl.ValueOf(access.Debug)}, true},
 			{[]*vdl.Value{vdl.ValueOf(access.Read), vdl.ValueOf(access.Write)}, false},
 			{[]*vdl.Value{vdl.ValueOf("Debug"), vdl.ValueOf("Resolve")}, false},
 		}
 	)
 	security.AddToRoots(server, bserver)
 	ctx, cancel := context.RootContext()
 	defer cancel()
 	for idx, test := range tests {
 		call := security.NewCall(&security.CallParams{
 			MethodTags:      test.MethodTags,
 			LocalPrincipal:  server,
 			RemoteBlessings: bclient,
 		})
 		got, rejected := security.RemoteBlessingNames(ctx, call)
 		if test.OK {
 			if len(got) != 1 || got[0] != "server:debugger" {
 				t.Errorf("Got (%v, %v), wanted ([%q], nil) for method tags %v (test case #%d)", got, rejected, "server:debugger", test.MethodTags, idx)
 			}
 		}
 		if !test.OK && len(got) != 0 {
 			t.Errorf("Got (%v, %v), wanted all blessings to be rejected for method tags %v (test case #%d)", got, rejected, test.MethodTags, idx)
 		}
 	}
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package access_test

	import (
	"testing"

	"v.io/v23/context"
	"v.io/v23/security"
	"v.io/v23/security/access"
	"v.io/v23/vdl"
	)

	func TestAccessTagCaveat(t *testing.T) {
	var (
	server = newPrincipal(t)
	bserver, _ = server.BlessSelf("server")
	caveat, _ = access.NewAccessTagCaveat(access.Debug, access.Resolve)
	bclient, _ = server.Bless(newPrincipal(t).PublicKey(), bserver, "debugger", caveat)
	tests = []struct {
	MethodTags []*vdl.Value
	OK bool
	}{
	{nil, false},
	{[]*vdl.Value{vdl.ValueOf(access.Debug)}, true},
	{[]*vdl.Value{vdl.ValueOf(access.Resolve)}, true},
	{[]*vdl.Value{vdl.ValueOf(access.Read), vdl.ValueOf(access.Debug)}, true},
	{[]*vdl.Value{vdl.ValueOf(access.Read), vdl.ValueOf(access.Write)}, false},
	{[]*vdl.Value{vdl.ValueOf("Debug"), vdl.ValueOf("Resolve")}, false},
	}
	)
	security.AddToRoots(server, bserver)
	ctx, cancel := context.RootContext()
	defer cancel()
	for idx, test := range tests {
	call := security.NewCall(&security.CallParams{
	MethodTags: test.MethodTags,
	LocalPrincipal: server,
	RemoteBlessings: bclient,
	})
	got, rejected := security.RemoteBlessingNames(ctx, call)
	if test.OK {
	if len(got) != 1 \|\| got[0] != "server:debugger" {
	t.Errorf("Got (%v, %v), wanted ([%q], nil) for method tags %v (test case #%d)", got, rejected, "server:debugger", test.MethodTags, idx)
	}
	}
	if !test.OK && len(got) != 0 {
	t.Errorf("Got (%v, %v), wanted all blessings to be rejected for method tags %v (test case #%d)", got, rejected, test.MethodTags, idx)
	}
	}
	}