1
// Copyright 2016 The Upspin Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
12
"upspin.io/test/testenv"
17
owner = "aly@example.com" // aly has keys in key/testdata/aly
18
writer = "bob@uncle.com" // bob has keys in key/testdata/bob
20
accessFile = owner + "/Access"
21
accessContent = "r,l: " + testenv.TestServerName + "\n*: " + owner
23
groupDir = owner + "/Group"
24
writersGroup = groupDir + "/" + WritersGroupFile
27
// setupEnv sets up a test environment, used by the tests in this package.
28
// The wait func, when called, blocks until onUpdate fires or a timeout occurs.
29
// The cleanup func should be called when the test function exits.
30
func setupEnv(t *testing.T) (ownerEnv *testenv.Env, wait, cleanup func()) {
32
ownerEnv, err = testenv.New(&testenv.Setup{
34
Packing: upspin.PlainPack,
35
Kind: "server", // Must implement Watch API.
41
updated := make(chan bool)
42
onUpdate = func() { <-updated }
44
const timeout = 2 * time.Second
46
case <-time.After(timeout):
47
t.Fatal("timed out waiting for update")
54
close(updated) // Unblock the update loop, if blocked.
61
// readyNow is closed at init time and should be passed no New, WrapStore, or
62
// WrapDir to indicate that it should poll immediately.
63
var readyNow chan struct{}
66
readyNow = make(chan struct{})
70
func TestCantFindFileAllowsAll(t *testing.T) {
71
ownerEnv, wait, cleanup := setupEnv(t)
74
perm := NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
77
// Everyone is allowed, since we can't read the owner file.
78
for _, user := range []upspin.UserName{
84
if !perm.IsWriter(user) {
85
t.Errorf("IsWriter(%q)=false, want true", user)
90
func TestNoFileAllowsAll(t *testing.T) {
91
ownerEnv, wait, cleanup := setupEnv(t)
94
// Put a permissive Access file, now server knows the file is not there.
95
r := testenv.NewRunner()
96
r.AddUser(ownerEnv.Config)
98
r.Put(accessFile, accessContent) // So server can lookup the file.
103
perm := NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
106
// Everyone is allowed.
107
for _, user := range []upspin.UserName{
113
if !perm.IsWriter(user) {
114
t.Errorf("user %q is not allowed; expected allowed", user)
119
func TestAllowsOnlyOwner(t *testing.T) {
120
ownerEnv, wait, cleanup := setupEnv(t)
123
r := testenv.NewRunner()
124
r.AddUser(ownerEnv.Config)
127
r.Put(accessFile, accessContent) // So server can lookup the file.
128
r.MakeDirectory(groupDir)
129
r.Put(writersGroup, owner) // Only owner can write.
134
perm := NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
138
if !perm.IsWriter(owner) {
139
t.Errorf("Owner is not allowed, expected allowed")
142
// No one else is allowed.
143
for _, user := range []upspin.UserName{
148
if perm.IsWriter(user) {
149
t.Errorf("user %q is allowed; expected not allowed", user)
154
func TestAllowsOthersAndWildcard(t *testing.T) {
155
ownerEnv, wait, cleanup := setupEnv(t)
158
r := testenv.NewRunner()
159
r.AddUser(ownerEnv.Config)
162
r.Put(accessFile, accessContent) // So server can lookup the file.
163
r.MakeDirectory(groupDir)
164
r.Put(writersGroup, owner+" "+writer+" *@superusers.com")
169
perm := NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
170
wait() // Update call
171
wait() // Watch event
173
// Owner, writer and a wildcard user are allowed.
174
for _, user := range []upspin.UserName{
177
"master@superusers.com",
179
if !perm.IsWriter(user) {
180
t.Errorf("%s is not allowed, expected allowed", user)
184
// No one else is allowed.
185
for _, user := range []upspin.UserName{
189
if perm.IsWriter(user) {
190
t.Errorf("user %q is allowed; expected not allowed", user)
194
// Remove everyone but owner.
195
// Update should happen quickly through the Watch API.
196
r.Put(writersGroup, owner)
202
for _, user := range []upspin.UserName{
204
"master@superusers.com",
208
if perm.IsWriter(user) {
209
t.Errorf("%s is allowed; expected not allowed", user)
214
// Regression test for issue #317.
215
func TestSequentialErrorsOk(t *testing.T) {
216
ownerEnv, wait, cleanup := setupEnv(t)
219
NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
222
// No crash, no problem.
226
func TestOrderOfPuts(t *testing.T) {
227
ownerEnv, wait, cleanup := setupEnv(t)
230
r := testenv.NewRunner()
231
r.AddUser(ownerEnv.Config)
234
r.MakeDirectory(groupDir)
235
r.Put(writersGroup, owner+" "+writer)
240
perm := NewWithDir(ownerEnv.Config, readyNow, owner, ownerEnv.DirServer)
241
wait() // Update call.
243
r.Put(accessFile, accessContent) // So server can lookup Writers.
244
wait() // New watch event.
246
// Owner and writer are allowed.
247
for _, user := range []upspin.UserName{
251
if !perm.IsWriter(user) {
252
t.Errorf("%s is not allowed, expected allowed", user)
257
func errorReturningWatch(_ upspin.PathName, _ int64, done <-chan struct{}) (<-chan upspin.Event, error) {
258
c := make(chan upspin.Event)
262
err := upspin.Event{Error: fmt.Errorf("error %d", i)}