Compare commits
No commits in common. "0abc8c28955e43483cfa4b6bf7551603d9759289" and "4b642cf8b4de5a2d911a658884e3c2effbe79443" have entirely different histories.
0abc8c2895
...
4b642cf8b4
|
|
@ -151,15 +151,7 @@ export default class ChainBackend extends BaseBackend {
|
|||
});
|
||||
|
||||
return Object.keys(policyMap).map(key => {
|
||||
const policyRes: any = {
|
||||
isAllowed: policyMap[key].isAllowed,
|
||||
};
|
||||
if (policyMap[key].action) {
|
||||
policyRes.action = policyMap[key].action;
|
||||
}
|
||||
if (typeof policyMap[key].isImplicit === 'boolean') {
|
||||
policyRes.isImplicit = policyMap[key].isImplicit;
|
||||
}
|
||||
const policyRes: any = { isAllowed: policyMap[key].isAllowed };
|
||||
if (policyMap[key].arn !== '') {
|
||||
policyRes.arn = policyMap[key].arn;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -192,11 +192,11 @@ describe('Auth Backend: Chain Backend', () => {
|
|||
it('should return an error if any of the clients fails', done => {
|
||||
const backend = new ChainBackend('chain', [
|
||||
new TestBackend('test1', null, {
|
||||
message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
}),
|
||||
new TestBackend('test2', testError, null),
|
||||
new TestBackend('test3', null, {
|
||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
}),
|
||||
]);
|
||||
|
||||
|
|
@ -209,25 +209,23 @@ describe('Auth Backend: Chain Backend', () => {
|
|||
it('should merge results from clients into a single response object', done => {
|
||||
const backend = new ChainBackend('chain', [
|
||||
new TestBackend('test1', null, {
|
||||
message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
}),
|
||||
new TestBackend('test2', null, {
|
||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' }] },
|
||||
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' }] },
|
||||
}),
|
||||
new TestBackend('test3', null, {
|
||||
message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
|
||||
}),
|
||||
]);
|
||||
|
||||
backend.checkPolicies(null, null, null, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.deepStrictEqual(res, {
|
||||
message: {
|
||||
body: [
|
||||
{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' },
|
||||
{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' },
|
||||
]
|
||||
},
|
||||
message: { body: [
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' },
|
||||
] },
|
||||
});
|
||||
done();
|
||||
});
|
||||
|
|
@ -266,63 +264,45 @@ describe('Auth Backend: Chain Backend', () => {
|
|||
describe('::_mergePolicies', () => {
|
||||
it('should correctly merge policies', () => {
|
||||
const policyResps = [
|
||||
{
|
||||
message: {
|
||||
body: [
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
message: {
|
||||
body: [
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||
]
|
||||
}
|
||||
},
|
||||
{ message: { body: [
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||
] } },
|
||||
{ message: { body: [
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||
] } },
|
||||
];
|
||||
assert.deepStrictEqual(
|
||||
ChainBackend._mergePolicies(policyResps),
|
||||
[
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
|
||||
],
|
||||
);
|
||||
const policyRespsNested = [
|
||||
{
|
||||
message: {
|
||||
body: [
|
||||
{ message: { body: [
|
||||
[
|
||||
{ action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
],
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
message: {
|
||||
body: [
|
||||
] } },
|
||||
{ message: { body: [
|
||||
[
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
],
|
||||
]
|
||||
}
|
||||
},
|
||||
] } },
|
||||
];
|
||||
assert.deepStrictEqual(
|
||||
ChainBackend._mergePolicies(policyRespsNested),
|
||||
[
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
|
||||
{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
|
||||
],
|
||||
);
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue