Compare commits
No commits in common. "0abc8c28955e43483cfa4b6bf7551603d9759289" and "4b642cf8b4de5a2d911a658884e3c2effbe79443" have entirely different histories.
0abc8c2895
...
4b642cf8b4
|
|
@ -151,15 +151,7 @@ export default class ChainBackend extends BaseBackend {
|
||||||
});
|
});
|
||||||
|
|
||||||
return Object.keys(policyMap).map(key => {
|
return Object.keys(policyMap).map(key => {
|
||||||
const policyRes: any = {
|
const policyRes: any = { isAllowed: policyMap[key].isAllowed };
|
||||||
isAllowed: policyMap[key].isAllowed,
|
|
||||||
};
|
|
||||||
if (policyMap[key].action) {
|
|
||||||
policyRes.action = policyMap[key].action;
|
|
||||||
}
|
|
||||||
if (typeof policyMap[key].isImplicit === 'boolean') {
|
|
||||||
policyRes.isImplicit = policyMap[key].isImplicit;
|
|
||||||
}
|
|
||||||
if (policyMap[key].arn !== '') {
|
if (policyMap[key].arn !== '') {
|
||||||
policyRes.arn = policyMap[key].arn;
|
policyRes.arn = policyMap[key].arn;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -192,11 +192,11 @@ describe('Auth Backend: Chain Backend', () => {
|
||||||
it('should return an error if any of the clients fails', done => {
|
it('should return an error if any of the clients fails', done => {
|
||||||
const backend = new ChainBackend('chain', [
|
const backend = new ChainBackend('chain', [
|
||||||
new TestBackend('test1', null, {
|
new TestBackend('test1', null, {
|
||||||
message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||||
}),
|
}),
|
||||||
new TestBackend('test2', testError, null),
|
new TestBackend('test2', testError, null),
|
||||||
new TestBackend('test3', null, {
|
new TestBackend('test3', null, {
|
||||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||||
}),
|
}),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
@ -209,25 +209,23 @@ describe('Auth Backend: Chain Backend', () => {
|
||||||
it('should merge results from clients into a single response object', done => {
|
it('should merge results from clients into a single response object', done => {
|
||||||
const backend = new ChainBackend('chain', [
|
const backend = new ChainBackend('chain', [
|
||||||
new TestBackend('test1', null, {
|
new TestBackend('test1', null, {
|
||||||
message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||||
}),
|
}),
|
||||||
new TestBackend('test2', null, {
|
new TestBackend('test2', null, {
|
||||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' }] },
|
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' }] },
|
||||||
}),
|
}),
|
||||||
new TestBackend('test3', null, {
|
new TestBackend('test3', null, {
|
||||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||||
}),
|
}),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
backend.checkPolicies(null, null, null, (err, res) => {
|
backend.checkPolicies(null, null, null, (err, res) => {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
assert.deepStrictEqual(res, {
|
assert.deepStrictEqual(res, {
|
||||||
message: {
|
message: { body: [
|
||||||
body: [
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' },
|
||||||
{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' },
|
||||||
{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' },
|
] },
|
||||||
]
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
|
@ -266,63 +264,45 @@ describe('Auth Backend: Chain Backend', () => {
|
||||||
describe('::_mergePolicies', () => {
|
describe('::_mergePolicies', () => {
|
||||||
it('should correctly merge policies', () => {
|
it('should correctly merge policies', () => {
|
||||||
const policyResps = [
|
const policyResps = [
|
||||||
{
|
{ message: { body: [
|
||||||
message: {
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
body: [
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
] } },
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
{ message: { body: [
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false2' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
]
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
}
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||||
},
|
] } },
|
||||||
{
|
|
||||||
message: {
|
|
||||||
body: [
|
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
|
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
];
|
];
|
||||||
assert.deepStrictEqual(
|
assert.deepStrictEqual(
|
||||||
ChainBackend._mergePolicies(policyResps),
|
ChainBackend._mergePolicies(policyResps),
|
||||||
[
|
[
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
const policyRespsNested = [
|
const policyRespsNested = [
|
||||||
{
|
{ message: { body: [
|
||||||
message: {
|
|
||||||
body: [
|
|
||||||
[
|
[
|
||||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
],
|
],
|
||||||
]
|
] } },
|
||||||
}
|
{ message: { body: [
|
||||||
},
|
|
||||||
{
|
|
||||||
message: {
|
|
||||||
body: [
|
|
||||||
[
|
[
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
],
|
],
|
||||||
]
|
] } },
|
||||||
}
|
|
||||||
},
|
|
||||||
];
|
];
|
||||||
assert.deepStrictEqual(
|
assert.deepStrictEqual(
|
||||||
ChainBackend._mergePolicies(policyRespsNested),
|
ChainBackend._mergePolicies(policyRespsNested),
|
||||||
[
|
[
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue