parent
8fb839eac1
commit
a1a2f43f2f
|
@ -159,7 +159,7 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
err error
|
err error
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "Out of range compare is unathorized",
|
name: "Out of range compare is unauthorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Compare: []*pb.Compare{
|
Compare: []*pb.Compare{
|
||||||
{
|
{
|
||||||
|
@ -170,6 +170,18 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
err: auth.ErrPermissionDenied,
|
err: auth.ErrPermissionDenied,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "In range compare is authorized",
|
||||||
|
txnRequest: &pb.TxnRequest{
|
||||||
|
Compare: []*pb.Compare{
|
||||||
|
{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Success: []*pb.RequestOp{},
|
||||||
|
},
|
||||||
|
err: nil,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "Nil request range is always authorized",
|
name: "Nil request range is always authorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
|
@ -184,7 +196,7 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Range request in range is authorised",
|
name: "Range request in range is authorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
|
@ -196,11 +208,21 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestRange{
|
||||||
|
RequestRange: &pb.RangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Range request out of range is unauthorized",
|
name: "Range request out of range success case is unauthorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
|
@ -212,11 +234,47 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestRange{
|
||||||
|
RequestRange: &pb.RangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
err: auth.ErrPermissionDenied,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Range request out of range failure case is unauthorized",
|
||||||
|
txnRequest: &pb.TxnRequest{
|
||||||
|
Success: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestRange{
|
||||||
|
RequestRange: &pb.RangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestRange{
|
||||||
|
RequestRange: &pb.RangeRequest{
|
||||||
|
Key: []byte("boo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
err: auth.ErrPermissionDenied,
|
err: auth.ErrPermissionDenied,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Nil Put request is authorized",
|
name: "Nil Put request is always authorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
|
@ -240,11 +298,20 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestPut{
|
||||||
|
RequestPut: &pb.PutRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Put request out of range is unauthorized",
|
name: "Put request out of range success case is unauthorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
|
@ -255,6 +322,39 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestPut{
|
||||||
|
RequestPut: &pb.PutRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
err: auth.ErrPermissionDenied,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Put request out of range failure case is unauthorized",
|
||||||
|
txnRequest: &pb.TxnRequest{
|
||||||
|
Success: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestPut{
|
||||||
|
RequestPut: &pb.PutRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestPut{
|
||||||
|
RequestPut: &pb.PutRequest{
|
||||||
|
Key: []byte("boo"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
err: auth.ErrPermissionDenied,
|
err: auth.ErrPermissionDenied,
|
||||||
},
|
},
|
||||||
|
@ -272,14 +372,20 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Authorize delete range in range compare and rerquest",
|
name: "Delete range request in range is authorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Compare: []*pb.Compare{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Key: []byte("foo"),
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Success: []*pb.RequestOp{
|
Failure: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Request: &pb.RequestOp_RequestDeleteRange{
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
RequestDeleteRange: &pb.DeleteRangeRequest{
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
@ -294,14 +400,48 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Unauthorize delete range out of range keys",
|
name: "Delete range request out of range success case is unauthorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Compare: []*pb.Compare{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Key: []byte("foo"),
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("boo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
err: auth.ErrPermissionDenied,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Delete range request out of range failure case is unauthorized",
|
||||||
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Request: &pb.RequestOp_RequestDeleteRange{
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
RequestDeleteRange: &pb.DeleteRangeRequest{
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
@ -316,14 +456,48 @@ func TestCheckTxnAuth(t *testing.T) {
|
||||||
err: auth.ErrPermissionDenied,
|
err: auth.ErrPermissionDenied,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Unauthorize delete range out of range keys and PrevKv false",
|
name: "Delete range request out of range and PrevKv false success case is unauthorized",
|
||||||
txnRequest: &pb.TxnRequest{
|
txnRequest: &pb.TxnRequest{
|
||||||
Compare: []*pb.Compare{
|
Success: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Key: []byte("foo"),
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("boo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: false,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
err: auth.ErrPermissionDenied,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Delete range request out of range and PrevKv false failure case is unauthorized",
|
||||||
|
txnRequest: &pb.TxnRequest{
|
||||||
Success: []*pb.RequestOp{
|
Success: []*pb.RequestOp{
|
||||||
|
{
|
||||||
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
Key: []byte("foo"),
|
||||||
|
RangeEnd: []byte("zoo"),
|
||||||
|
PrevKv: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Failure: []*pb.RequestOp{
|
||||||
{
|
{
|
||||||
Request: &pb.RequestOp_RequestDeleteRange{
|
Request: &pb.RequestOp_RequestDeleteRange{
|
||||||
RequestDeleteRange: &pb.DeleteRangeRequest{
|
RequestDeleteRange: &pb.DeleteRangeRequest{
|
||||||
|
|
Loading…
Reference in New Issue