registry auth tests: test more access types

2016-11-28 10:43:38 -05:00 · 2016-11-28 10:43:38 -05:00 · b4ace1dd29
commit b4ace1dd29
parent 9e96e6870f
3 changed files with 58 additions and 26 deletions
--- a/test/test_registry_v2_auth.py
+++ b/test/test_registry_v2_auth.py
@ -71,37 +71,62 @@ class TestRegistryV2Auth(unittest.TestCase):
    self.assertEqual(0, len(identity.provides))

  def test_token_with_access(self):
-    access = [
-      {
-        'type': 'repository',
-        'name': 'somens/somerepo',
-        'actions': ['pull', 'push'],
-      }
+    valid_access = [
+      [
+        {
+          'type': 'repository',
+          'name': 'somens/somerepo',
+          'actions': ['pull', 'push'],
+        }
+      ],
+      [
+        {
+          'type': 'repository',
+          'name': 'somens/somerepo',
+          'actions': ['pull', '*'],
+        }
+      ],
+      [
+        {
+          'type': 'repository',
+          'name': 'somens/somerepo',
+          'actions': ['*', 'push'],
+        }
+      ],
+      [
+        {
+          'type': 'repository',
+          'name': 'somens/somerepo',
+          'actions': ['*'],
+        }
+      ],
+      [
+        {
+          'type': 'repository',
+          'name': 'somens/somerepo',
+          'actions': ['pull', '*', 'push'],
+        }
+      ],
    ]
-    token = self._generate_token(self._generate_token_data(access=access))
-    identity = self._parse_token(token)
-    self.assertEqual(identity.id, TEST_USER.username)
-    self.assertEqual(1, len(identity.provides))
-    
-  def test_token_with_admin_access(self):
-    access = [
-      {
-        'type': 'repository',
-        'name': 'somens/somerepo',
-        'actions': ['*'],
-      }
-    ]
-    token = self._generate_token(self._generate_token_data(access=access))
-    identity = self._parse_token(token)
-    self.assertEqual(identity.id, TEST_USER.username)
-    self.assertEqual(1, len(identity.provides))
+    for access in valid_access:
+      token = self._generate_token(self._generate_token_data(access=access))
+      identity = self._parse_token(token)
+      self.assertEqual(identity.id, TEST_USER.username)
+      self.assertEqual(1, len(identity.provides))
+      role = list(identity.provides)[0][3]
+      if "*" in access[0]['actions']:
+        self.assertEqual(role, 'admin')
+      elif "push" in access[0]['actions']:
+        self.assertEqual(role, 'write')
+      elif "pull" in access[0]['actions']:
+        self.assertEqual(role, 'read')
    
  def test_malformed_access(self):
    access = [
      {
        'toipe': 'repository',
        'namesies': 'somens/somerepo',
-        'akshuns': ['pull', 'push'],
+        'akshuns': ['pull', 'push', '*'],
      }
    ]
    token = self._generate_token(self._generate_token_data(access=access))