(t *testing.T)
| 13 | ) |
| 14 | |
| 15 | func TestACL(t *testing.T) { |
| 16 | t.Parallel() |
| 17 | |
| 18 | serverRunner := testenv.NewInProcRunner(t) |
| 19 | serverEnvironment := testenv.NewCLITest(t, testenv.RepoFormatNotImportant, serverRunner) |
| 20 | |
| 21 | defer serverEnvironment.RunAndExpectSuccess(t, "repo", "disconnect") |
| 22 | |
| 23 | serverEnvironment.RunAndExpectSuccess(t, "repo", "create", "filesystem", "--path", serverEnvironment.RepoDir, "--override-hostname=foo", "--override-username=foo", "--enable-actions") |
| 24 | |
| 25 | require.Empty(t, serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "list")) |
| 26 | |
| 27 | // enable ACLs - that should insert all the rules. |
| 28 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "enable") |
| 29 | |
| 30 | require.Len(t, serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "list"), len(auth.DefaultACLs)) |
| 31 | |
| 32 | // reduce default access to snapshots to APPEND - this will fail because exactly identical rule already exists and grants FULL access. |
| 33 | serverEnvironment.RunAndExpectFailure(t, "server", "acl", "add", "--user", "*@*", "--target", "type=snapshot,username=OWN_USER,hostname=OWN_HOST", "--access=APPEND") |
| 34 | |
| 35 | // reduce default access to snapshots to APPEND with --overwrite, this will succeed. |
| 36 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "*@*", "--target", "type=snapshot,username=OWN_USER,hostname=OWN_HOST", "--access=APPEND", "--overwrite") |
| 37 | |
| 38 | // add read access to all snapshots and policies for user foo@bar |
| 39 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "foo@bar", "--target", "type=snapshot", "--access=READ") |
| 40 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "foo@bar", "--target", "type=policy", "--access=READ") |
| 41 | |
| 42 | // add append access to all snapshots and read-only access to policies for user another@bar |
| 43 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "another@bar", "--target", "type=snapshot", "--access=APPEND") |
| 44 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "another@bar", "--target", "type=policy", "--access=READ") |
| 45 | |
| 46 | // add full access to global policy for all users |
| 47 | serverEnvironment.RunAndExpectSuccess(t, "server", "acl", "add", "--user", "*@*", "--target", "type=policy,policyType=global", "--access=FULL") |
| 48 | |
| 49 | serverEnvironment.RunAndExpectSuccess(t, "server", "users", "add", "foo@bar", "--user-password", "baz") |
| 50 | serverEnvironment.RunAndExpectSuccess(t, "server", "users", "add", "another@bar", "--user-password", "baz") |
| 51 | serverEnvironment.RunAndExpectSuccess(t, "server", "users", "add", "alice@wonderland", "--user-password", "baz") |
| 52 | |
| 53 | const keepLatestSnapshots = 3 |
| 54 | |
| 55 | serverEnvironment.RunAndExpectSuccess(t, "policy", "set", "another@bar", fmt.Sprintf("--keep-latest=%v", keepLatestSnapshots)) |
| 56 | |
| 57 | var sp testutil.ServerParameters |
| 58 | |
| 59 | wait, kill := serverEnvironment.RunAndProcessStderr(t, sp.ProcessOutput, |
| 60 | "server", "start", |
| 61 | "--address=localhost:0", |
| 62 | "--server-control-username=admin-user", |
| 63 | "--server-control-password=admin-pwd", |
| 64 | "--tls-generate-cert", |
| 65 | "--tls-generate-rsa-key-size=2048", // use shorter key size to speed up generation |
| 66 | ) |
| 67 | |
| 68 | t.Logf("detected server parameters %#v", sp) |
| 69 | |
| 70 | defer wait() |
| 71 | defer kill() |
| 72 |
nothing calls this directly
no test coverage detected