326de2afc6
--- type: change message: |- Fully implement credential commits The actual commit objects and related refactoring had already been done, this commit takes the next step of implementing the access control changes, tests for verification, and refactoring of the dehub command to support multiple commit message types (as well as a small fix to dcmd). change_hash: AJyuAR0koVoe+uPBisa5qXsbW8YhlgOKNhnvy9uv7hQ8 credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5tVzoACgkQlcRvpqQRSKyznw//b9lWd4V4G81cFwGAxZtJ3JiFpspYdtTAUUcLi9nogGsDmqkkSQxLdmBCT99QtaenKsxpad+9sXhkZpgWF/AyCX9pN6TTlMKuRcDXeoMUjeKjRpRhCHN0Lt8Sz80NDPYIa81r9cH0o1987GirgGmDEkYNDAFPDdGNDcCad/LLnG+ONwOl9WEM1q5O4etUPurTywlBiELDjHxeLzqgxCo8fMaMejW6mxnMDV6DIHiX6INWZAAG66HPVetmq6EVl9bnFgZmgKNzqKzFVZJRdGQNbhR/WzlOh0HPyJGwCveZPM5Zjd/dpfQUYEGGprVKc0G0YVNU2Hcz6O7hqafGGxWpCFW6zKrNmBRaW2u2zjVJD4ukmWn9gFuKJKhs0kyawRTbHNIX+gonYv9lDFO3cZ5qcsJbSAYSHrCav121z0GsQDoFJMJDQnP0syEEbAaxdQe7Bd7bmOM3SpCOLJLF1+X7Srrq5//u6fiFDxQ82Ylo3hG/r7/QT/vSipUCglx4POq33+z8VEHGhVfl4dgSU6OgIV/S7evKC7EiS/jh/xywU44RHpxFhwS3hthHxZqgRIHTm65DqGYWWZds2Hkr29TTRajuf0t4MxqY2MrLAhNJUc6OmrVN+lWMmm/z1FEhfrOvZ8v7mOSqTKwkvbsZzk5mpeo2RrLdNnnWvTCy87FpA48= account: mediocregopher
224 lines
5.4 KiB
Go
224 lines
5.4 KiB
Go
package accessctl
|
|
|
|
import (
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/davecgh/go-spew/spew"
|
|
)
|
|
|
|
func normalizeResult(res MatchResult) MatchResult {
|
|
if len(res.ChangeAccessControls) == 0 {
|
|
res.ChangeAccessControls = nil
|
|
}
|
|
return res
|
|
}
|
|
|
|
func TestMatch(t *testing.T) {
|
|
secondCond := Condition{
|
|
Signature: &ConditionSignature{
|
|
AnyAccount: true,
|
|
Count: "2",
|
|
},
|
|
}
|
|
|
|
tests := []struct {
|
|
descr string
|
|
|
|
branchACs []BranchAccessControl
|
|
interactions MatchInteractions
|
|
result MatchResult
|
|
}{
|
|
{
|
|
descr: "empty input empty result",
|
|
result: MatchResult{
|
|
BranchPattern: "**",
|
|
},
|
|
},
|
|
{
|
|
descr: "empty access controls",
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
FilePathsChanged: []string{"foo", "bar"},
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []MatchedChangeAccessControl{
|
|
{
|
|
ChangeAccessControl: DefaultChangeAccessControl,
|
|
FilePaths: []string{"foo", "bar"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
descr: "empty filesPathsChanged",
|
|
branchACs: DefaultBranchAccessControls,
|
|
interactions: MatchInteractions{Branch: "main"},
|
|
result: MatchResult{BranchPattern: "main"},
|
|
},
|
|
{
|
|
descr: "no matching branch patterns",
|
|
branchACs: []BranchAccessControl{{
|
|
BranchPattern: "dunk",
|
|
ChangeAccessControls: []ChangeAccessControl{{
|
|
FilePathPattern: "**",
|
|
Condition: secondCond,
|
|
}},
|
|
}},
|
|
interactions: MatchInteractions{
|
|
Branch: "crunk",
|
|
FilePathsChanged: []string{"foo"},
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "**",
|
|
ChangeAccessControls: []MatchedChangeAccessControl{{
|
|
ChangeAccessControl: DefaultChangeAccessControl,
|
|
FilePaths: []string{"foo"},
|
|
}},
|
|
},
|
|
},
|
|
{
|
|
descr: "no matching files",
|
|
branchACs: []BranchAccessControl{{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []ChangeAccessControl{{
|
|
FilePathPattern: "boo",
|
|
Condition: secondCond,
|
|
}},
|
|
}},
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
FilePathsChanged: []string{"foo"},
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []MatchedChangeAccessControl{{
|
|
ChangeAccessControl: DefaultChangeAccessControl,
|
|
FilePaths: []string{"foo"},
|
|
}},
|
|
},
|
|
},
|
|
{
|
|
descr: "branch pattern precedent",
|
|
branchACs: []BranchAccessControl{
|
|
{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []ChangeAccessControl{{
|
|
FilePathPattern: "foo",
|
|
Condition: secondCond,
|
|
}},
|
|
},
|
|
{
|
|
BranchPattern: "**",
|
|
ChangeAccessControls: []ChangeAccessControl{
|
|
DefaultChangeAccessControl,
|
|
},
|
|
},
|
|
},
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
FilePathsChanged: []string{"foo"},
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []MatchedChangeAccessControl{{
|
|
ChangeAccessControl: ChangeAccessControl{
|
|
FilePathPattern: "foo",
|
|
Condition: secondCond,
|
|
},
|
|
FilePaths: []string{"foo"},
|
|
}},
|
|
},
|
|
},
|
|
{
|
|
descr: "multiple files matching FilePathPatterns",
|
|
branchACs: []BranchAccessControl{{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []ChangeAccessControl{{
|
|
FilePathPattern: "foo*",
|
|
Condition: secondCond,
|
|
}},
|
|
}},
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
FilePathsChanged: []string{"foo_a", "bar", "foo_b"},
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
ChangeAccessControls: []MatchedChangeAccessControl{
|
|
{
|
|
ChangeAccessControl: DefaultChangeAccessControl,
|
|
FilePaths: []string{"bar"},
|
|
},
|
|
{
|
|
ChangeAccessControl: ChangeAccessControl{
|
|
FilePathPattern: "foo*",
|
|
Condition: secondCond,
|
|
},
|
|
FilePaths: []string{"foo_a", "foo_b"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
descr: "no defined CredentialAccessControl",
|
|
branchACs: []BranchAccessControl{{
|
|
BranchPattern: "main",
|
|
}},
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
CredentialAdded: true,
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
CredentialAccessControl: &MatchedCredentialAccessControl{
|
|
CredentialAccessControl: DefaultCredentialAccessControl,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
descr: "defined CredentialAccessControl",
|
|
branchACs: []BranchAccessControl{{
|
|
BranchPattern: "main",
|
|
CredentialAccessControl: &CredentialAccessControl{
|
|
Condition: Condition{
|
|
Signature: &ConditionSignature{
|
|
AccountIDs: []string{"foo", "bar", "baz"},
|
|
},
|
|
},
|
|
},
|
|
}},
|
|
interactions: MatchInteractions{
|
|
Branch: "main",
|
|
CredentialAdded: true,
|
|
},
|
|
result: MatchResult{
|
|
BranchPattern: "main",
|
|
CredentialAccessControl: &MatchedCredentialAccessControl{
|
|
CredentialAccessControl: CredentialAccessControl{
|
|
Condition: Condition{
|
|
Signature: &ConditionSignature{
|
|
AccountIDs: []string{"foo", "bar", "baz"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.descr, func(t *testing.T) {
|
|
res, err := Match(test.branchACs, test.interactions)
|
|
if err != nil {
|
|
t.Fatalf("error matching: %v", err)
|
|
}
|
|
res, expRes := normalizeResult(res), normalizeResult(test.result)
|
|
if !reflect.DeepEqual(res, expRes) {
|
|
t.Fatalf("expected:%s\ngot: %s", spew.Sdump(expRes), spew.Sdump(res))
|
|
}
|
|
})
|
|
}
|
|
}
|