(t *testing.T)
| 16 | ) |
| 17 | |
| 18 | func TestCheckCommand(t *testing.T) { |
| 19 | nspace := &namespace.Namespace{Name: t.Name()} |
| 20 | nspaceUser := &namespace.Namespace{Name: "User"} |
| 21 | |
| 22 | newCmd := func() *cobra.Command { |
| 23 | cmd := &cobra.Command{ |
| 24 | Use: "keto", |
| 25 | } |
| 26 | RegisterCommandsRecursive(cmd) |
| 27 | relationtuple.RegisterCommandsRecursive(cmd) |
| 28 | return cmd |
| 29 | } |
| 30 | |
| 31 | ts := client.NewTestServer(t, []*namespace.Namespace{nspace, nspaceUser}, newCmd) |
| 32 | defer ts.Shutdown(t) |
| 33 | |
| 34 | tuple1 := helpers.RandomTupleWithSubjectID(nspace.Name) |
| 35 | tuple2 := helpers.RandomTupleWithSubjectSet(nspace.Name, nspaceUser.Name) |
| 36 | ts.Cmd.ExecNoErr(t, "relation-tuple", "create", tuple2.SubjectSet.String(), tuple2.Relation, tuple2.Namespace+":"+tuple2.Object) |
| 37 | ts.Cmd.ExecNoErr(t, "relation-tuple", "create", *tuple1.SubjectID, tuple1.Relation, tuple1.Namespace+":"+tuple1.Object) |
| 38 | |
| 39 | t.Run("case=SubjectSet", func(t *testing.T) { |
| 40 | subject := tuple2.SubjectSet.String() |
| 41 | rel := tuple2.Relation |
| 42 | nsObj := tuple2.Namespace + ":" + tuple2.Object |
| 43 | |
| 44 | noPermSubject := tuple2.SubjectSet.Namespace + ":no-perm-subject" |
| 45 | |
| 46 | t.Run("case=allowed when tuple exists", func(t *testing.T) { |
| 47 | stdOut := ts.Cmd.ExecNoErr(t, "check", subject, rel, nsObj) |
| 48 | require.Equal(t, "Allowed\n", stdOut) |
| 49 | }) |
| 50 | |
| 51 | t.Run("case=denied for unrelated subject", func(t *testing.T) { |
| 52 | stdOut := ts.Cmd.ExecNoErr(t, "check", noPermSubject, rel, nsObj) |
| 53 | require.Equal(t, "Denied\n", stdOut) |
| 54 | }) |
| 55 | |
| 56 | t.Run("case=4-arg format still works with deprecation warning", func(t *testing.T) { |
| 57 | stdOut, stdErr, err := ts.Cmd.Exec(nil, "check", subject, rel, tuple2.Namespace, tuple2.Object) |
| 58 | require.NoError(t, err) |
| 59 | require.Equal(t, "Allowed\n", stdOut) |
| 60 | require.Contains(t, stdErr, "deprecated") |
| 61 | }) |
| 62 | |
| 63 | t.Run("case=errors on invalid namespace:object format", func(t *testing.T) { |
| 64 | _, stdErr, err := ts.Cmd.Exec(nil, "check", subject, rel, "no-colon-here") |
| 65 | require.Error(t, err) |
| 66 | require.Contains(t, stdErr, "expected <object_namespace>:<object_id> format") |
| 67 | }) |
| 68 | }) |
| 69 | |
| 70 | t.Run("case=SubjectID", func(t *testing.T) { |
| 71 | subject := *tuple1.SubjectID |
| 72 | rel := tuple1.Relation |
| 73 | nsObj := tuple1.Namespace + ":" + tuple1.Object |
| 74 | |
| 75 | noPermSubject := "no-perm-subject" |
nothing calls this directly
no test coverage detected