mirror of
https://github.com/project-zot/zot.git
synced 2024-12-30 22:34:13 -05:00
test(authz): add an extra test for authz (#859)
Should help with test flakiness (the order in which the policies are read from the map impacted tested codepath) Signed-off-by: Andrei Aaron <andaaron@cisco.com> Signed-off-by: Andrei Aaron <andaaron@cisco.com>
This commit is contained in:
parent
261615c880
commit
1afc5c8c3f
1 changed files with 40 additions and 13 deletions
|
@ -266,17 +266,21 @@ func TestVerify(t *testing.T) {
|
|||
So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldNotPanic)
|
||||
})
|
||||
|
||||
Convey("Test verify default authorization fail", t, func(c C) {
|
||||
Convey("Test verify admin policy authz is not allowed if no authn is configured", t, func(c C) {
|
||||
tmpfile, err := os.CreateTemp("", "zot-test*.json")
|
||||
So(err, ShouldBeNil)
|
||||
defer os.Remove(tmpfile.Name()) // clean up
|
||||
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
|
||||
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
|
||||
"accessControl":{"**":{"defaultPolicy": ["read", "create"]},
|
||||
"/repo":{"anonymousPolicy": ["read", "create"]},
|
||||
"adminPolicy":{"users":["admin"],
|
||||
"actions":["read","create","update","delete"]}
|
||||
}}}`)
|
||||
"accessControl":{
|
||||
"**":{"defaultPolicy": ["read", "create"]},
|
||||
"/repo":{"anonymousPolicy": ["read", "create"]},
|
||||
"adminPolicy":{
|
||||
"users":["admin"],
|
||||
"actions":["read","create","update","delete"]
|
||||
}
|
||||
}
|
||||
}}`)
|
||||
_, err = tmpfile.Write(content)
|
||||
So(err, ShouldBeNil)
|
||||
err = tmpfile.Close()
|
||||
|
@ -285,18 +289,41 @@ func TestVerify(t *testing.T) {
|
|||
So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldPanic)
|
||||
})
|
||||
|
||||
Convey("Test verify default authorization fail", t, func(c C) {
|
||||
Convey("Test verify default policy authz is not allowed if no authn is configured", t, func(c C) {
|
||||
tmpfile, err := os.CreateTemp("", "zot-test*.json")
|
||||
So(err, ShouldBeNil)
|
||||
defer os.Remove(tmpfile.Name()) // clean up
|
||||
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
|
||||
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
|
||||
"accessControl":{"**":{"defaultPolicy": ["read", "create"]},
|
||||
"/repo":{"anonymousPolicy": ["read", "create"]},
|
||||
"/repo2":{"policies": [{
|
||||
"users": ["charlie"],
|
||||
"actions": ["read", "create", "update"]}]}
|
||||
}}}`)
|
||||
"accessControl":{
|
||||
"**":{"defaultPolicy": ["read", "create"]},
|
||||
"/repo":{"anonymousPolicy": ["read", "create"]}
|
||||
}
|
||||
}}`)
|
||||
_, err = tmpfile.Write(content)
|
||||
So(err, ShouldBeNil)
|
||||
err = tmpfile.Close()
|
||||
So(err, ShouldBeNil)
|
||||
os.Args = []string{"cli_test", "verify", tmpfile.Name()}
|
||||
So(func() { _ = cli.NewServerRootCmd().Execute() }, ShouldPanic)
|
||||
})
|
||||
|
||||
Convey("Test verify authz per user policies fail if no authn is configured", t, func(c C) {
|
||||
tmpfile, err := os.CreateTemp("", "zot-test*.json")
|
||||
So(err, ShouldBeNil)
|
||||
defer os.Remove(tmpfile.Name()) // clean up
|
||||
content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
|
||||
"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
|
||||
"accessControl":{
|
||||
"/repo":{"anonymousPolicy": ["read", "create"]},
|
||||
"/repo2":{
|
||||
"policies": [{
|
||||
"users": ["charlie"],
|
||||
"actions": ["read", "create", "update"]
|
||||
}]
|
||||
}
|
||||
}
|
||||
}}`)
|
||||
_, err = tmpfile.Write(content)
|
||||
So(err, ShouldBeNil)
|
||||
err = tmpfile.Close()
|
||||
|
|
Loading…
Reference in a new issue