ARSN-375: update tests

lib/auth/backends/ChainBackend.ts

@@ -151,7 +151,15 @@ export default class ChainBackend extends BaseBackend {
         });
 
         return Object.keys(policyMap).map(key => {
-            const policyRes: any = { isAllowed: policyMap[key].isAllowed };
+            const policyRes: any = {
+                isAllowed: policyMap[key].isAllowed,
+            };
+            if (policyMap[key].action) {
+                policyRes.action = policyMap[key].action;
+            }
+            if (typeof policyMap[key].isImplicit === 'boolean') {
+                policyRes.isImplicit = policyMap[key].isImplicit;
+            }
             if (policyMap[key].arn !== '') {
                 policyRes.arn = policyMap[key].arn;
             }

tests/unit/auth/chainBackend.spec.js

@@ -192,11 +192,11 @@ describe('Auth Backend: Chain Backend', () => {
         it('should return an error if any of the clients fails', done => {
             const backend = new ChainBackend('chain', [
                 new TestBackend('test1', null, {
-                    message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
+                    message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
                 }),
                 new TestBackend('test2', testError, null),
                 new TestBackend('test3', null, {
-                    message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
+                    message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
                 }),
             ]);
 
@@ -209,23 +209,25 @@ describe('Auth Backend: Chain Backend', () => {
         it('should merge results from clients into a single response object', done => {
             const backend = new ChainBackend('chain', [
                 new TestBackend('test1', null, {
-                    message: { body: [{ isAllowed: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
+                    message: { body: [{ action: "PutObject", isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
                 }),
                 new TestBackend('test2', null, {
-                    message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' }] },
+                    message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' }] },
                 }),
                 new TestBackend('test3', null, {
-                    message: { body: [{ isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' }] },
+                    message: { body: [{ action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' }] },
                 }),
             ]);
 
             backend.checkPolicies(null, null, null, (err, res) => {
                 assert.ifError(err);
                 assert.deepStrictEqual(res, {
-                    message: { body: [
+                    message: {
-                        { isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj1' },
+                        body: [
-                        { isAllowed: true, arn: 'arn:aws:s3:::policybucket/obj2' },
+                            { action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj1' },
-                    ] },
+                            { action: "PutObject", isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/obj2' },
+                        ]
+                    },
                 });
                 done();
             });
@@ -264,45 +266,63 @@ describe('Auth Backend: Chain Backend', () => {
     describe('::_mergePolicies', () => {
         it('should correctly merge policies', () => {
             const policyResps = [
-                { message: { body: [
+                {
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
+                    message: {
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
+                        body: [
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
+                            { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
-                ] } },
+                            { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
-                { message: { body: [
+                            { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false1' },
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
+                            { action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false2' },
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/true2' },
+                        ]
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
+                    }
-                ] } },
+                },
+                {
+                    message: {
+                        body: [
+                            { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
+                            { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
+                            { action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
+                            { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
+                        ]
+                    }
+                },
             ];
             assert.deepStrictEqual(
                 ChainBackend._mergePolicies(policyResps),
                 [
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
+                    { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
+                    { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/false1' },
+                    { action: 'GetObject', isAllowed: false, isImplicit: true, arn: 'arn:aws:s3:::policybucket/false1' },
-                    { isAllowed: false, arn: 'arn:aws:s3:::policybucket/false2' },
+                    { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/false2' },
                 ],
             );
             const policyRespsNested = [
-                { message: { body: [
+                {
-                    [
+                    message: {
-                        { isAllowed: false, arn: 'arn:aws:s3:::policybucket/true1' },
+                        body: [
-                        { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
+                            [
-                    ],
+                                { action: 'GetObject', isAllowed: false, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
-                ] } },
+                                { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
-                { message: { body: [
+                            ],
-                    [
+                        ]
-                        { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
+                    }
-                        { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
+                },
-                    ],
+                {
-                ] } },
+                    message: {
+                        body: [
+                            [
+                                { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
+                                { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
+                            ],
+                        ]
+                    }
+                },
             ];
             assert.deepStrictEqual(
                 ChainBackend._mergePolicies(policyRespsNested),
                 [
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true1' },
+                    { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true1' },
-                    { isAllowed: true, arn: 'arn:aws:s3:::policybucket/true2' },
+                    { action: 'GetObject', isAllowed: true, isImplicit: false, arn: 'arn:aws:s3:::policybucket/true2' },
                 ],
             );
         });