forked from sebastianliu/etcd-adapter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
adapter_test.go
113 lines (92 loc) · 4.24 KB
/
adapter_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package etcdadapter
import (
"github.com/casbin/casbin"
"github.com/casbin/casbin/util"
"testing"
)
func testGetPolicy(t *testing.T, e *casbin.Enforcer, res [][]string) {
t.Helper()
myRes := e.GetPolicy()
if !util.Array2DEquals(res, myRes) {
t.Error("Test failed, Policy: ", myRes, ", supposed to be ", res)
return
}
t.Log("Test pass")
}
func initPolicy(t *testing.T, pathKey string, etcdEndpoints []string) {
// Because the ETCD is empty at first,
// so we need to load the policy from the file adapter (.CSV) first.
e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
a := NewAdapter(etcdEndpoints, pathKey)
// This is a trick to save the current policy to the ETCD.
// We can't call e.SavePolicy() because the adapter in the enforcer is still the file adapter.
// The current policy means the policy in the Casbin enforcer (aka in memory).
err := a.SavePolicy(e.GetModel())
if err != nil {
panic(err)
}
// Clear the current policy.
e.ClearPolicy()
testGetPolicy(t, e, [][]string{})
// Load the policy from ETCD.
err = a.LoadPolicy(e.GetModel())
if err != nil {
panic(err)
}
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}})
}
func testSaveLoad(t *testing.T, pathKey string, etcdEndpoints []string) {
// Initialize some policy in ETCD.
initPolicy(t, pathKey, etcdEndpoints)
// Note: you don't need to look at the above code
// if you already have a working ETCD with policy inside.
// Now the ETCD has policy, so we can provide a normal use case.
// Create an adapter and an enforcer.
// NewEnforcer() will load the policy automatically.
a := NewAdapter(etcdEndpoints, pathKey)
e := casbin.NewEnforcer("examples/rbac_model.conf", a)
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}})
}
func testAutoSave(t *testing.T, pathKey string, etcdEndpoints []string) {
// Initialize some policy in ETCD.
initPolicy(t, pathKey, etcdEndpoints)
// Note: you don't need to look at the above code
// if you already have a working ETCD with policy inside.
// Now the ETCD has policy, so we can provide a normal use case.
// Create an adapter and an enforcer.
// NewEnforcer() will load the policy automatically.
a := NewAdapter(etcdEndpoints, pathKey)
e := casbin.NewEnforcer("examples/rbac_model.conf", a)
// AutoSave is enabled by default.
// Now we disable it.
e.EnableAutoSave(false)
// Because AutoSave is disabled, the policy change only affects the policy in Casbin enforcer,
// it doesn't affect the policy in the storage.
e.AddPolicy("alice", "data1", "write")
// Reload the policy from the storage to see the effect.
e.LoadPolicy()
// This is still the original policy.
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}})
// Now we enable the AutoSave.
e.EnableAutoSave(true)
// Because AutoSave is enabled, the policy change not only affects the policy in Casbin enforcer,
// but also affects the policy in the storage.
e.AddPolicy("alice", "data1", "write")
// Reload the policy from the storage to see the effect.
e.LoadPolicy()
// The policy has a new rule: {"alice", "data1", "write"}.
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"alice", "data1", "write"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}})
// Remove the added rule.
e.RemovePolicy("alice", "data1", "write")
e.LoadPolicy()
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"bob", "data2", "write"}, {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"}})
// Remove "data2_admin" related policy rules via a filter.
// Two rules: {"data2_admin", "data2", "read"}, {"data2_admin", "data2", "write"} will be deleted.
e.RemoveFilteredPolicy(0, "data2_admin")
e.LoadPolicy()
testGetPolicy(t, e, [][]string{{"alice", "data1", "read"}, {"bob", "data2", "write"}})
}
func TestAdapters(t *testing.T) {
testSaveLoad(t, "casbin_policy_test", []string{"http://127.0.0.1:2379"})
testAutoSave(t, "casbin_policy_test", []string{"http://127.0.0.1:2379"})
}