Add test for auth token with "*" action

Test that an auth token with the "*" action is allowed any action on its
resource.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This commit is contained in:
Noah Treuhaft 2017-01-06 16:08:32 -08:00
parent ccb839e0e3
commit a33af0587b

View File

@ -454,6 +454,27 @@ func TestAccessController(t *testing.T) {
if userInfo.Name != "foo" { if userInfo.Name != "foo" {
t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name) t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
} }
// 5. Supply a token with full admin rights, which is represented as "*".
token, err = makeTestToken(
issuer, service,
[]*ResourceActions{{
Type: testAccess.Type,
Name: testAccess.Name,
Actions: []string{"*"},
}},
rootKeys[0], 1, time.Now(), time.Now().Add(5*time.Minute),
)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.compactRaw()))
_, err = accessController.Authorized(ctx, testAccess)
if err != nil {
t.Fatalf("accessController returned unexpected error: %s", err)
}
} }
// This tests that newAccessController can handle PEM blocks in the certificate // This tests that newAccessController can handle PEM blocks in the certificate