some tests for ScriptRule

sscarduzio · sscarduzio · commit 5711b41dd953 · 2016-04-23T18:51:11.000+01:00
diff --git a/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ACLTest.java b/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ACLTest.java
@@ -28,17 +28,22 @@
 
 public class ACLTest {
   private static ACL acl;
+
   public static ACL mkACL(String fileName) {
-    ACL _acl = null;
+    Settings s = getSettings(fileName);
+    return new ACL(s);
+  }
+
+  static Settings getSettings(String fileName) {
     try {
       byte[] encoded = Files.readAllBytes(Paths.get(System.getProperty("user.dir") + fileName));
       String str = Charsets.UTF_8.decode(ByteBuffer.wrap(encoded)).toString();
-      Settings s = Settings.builder().loadFromSource(str).build();
-      _acl = new ACL(s);
+      return Settings.builder().loadFromSource(str).build();
     } catch (IOException e) {
       e.printStackTrace();
+      throw new Error();
     }
-    return _acl;
+
   }
 
   @BeforeClass
@@ -50,6 +55,7 @@ public static RequestContext mockReq(String uri, String address, String apiKey,
     RestRequest r = mock(RestRequest.class, RETURNS_DEEP_STUBS);
     when(r.method()).thenReturn(method);
     when(r.uri()).thenReturn(uri);
+    when(r.path()).thenReturn(uri);
     when(r.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 80));
     when(r.header("X-Forwarded-For")).thenReturn(xForwardedForHeader);
     when(r.header("X-Api-Key")).thenReturn(apiKey);
diff --git a/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ScriptACLTest.java b/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ScriptACLTest.java
@@ -0,0 +1,105 @@
+package org.elasticsearch.rest.action.readonlyrest.acl.test;
+
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.plugin.readonlyrest.acl.ACL;
+import org.elasticsearch.plugin.readonlyrest.acl.RequestContext;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.Block;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.BlockExitResult;
+import org.elasticsearch.rest.RestRequest;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ScriptACLTest {
+  private static Settings s = null;
+  private static RequestContext rc = null;
+
+  @BeforeClass
+  public static void setUpBeforeClass() throws Throwable {
+    s = ACLTest.getSettings("/src/test/script_test_rules.yml");
+    rc = ACLTest.mockReq("/path", "1.1.1.1", "", "", 0, RestRequest.Method.PUT, null, new String[]{"index1"}, "action");
+
+  }
+
+  private static ACL setScript(String script) {
+    s = Settings.builder().put(s).put("readonlyrest.access_control_rules.0.script", script).build();
+    return new ACL(s);
+  }
+
+  @Test
+  public final void testActionIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "  rc.getAction() == 'action'" +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+  @Test
+  public final void testOAIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "    rc.getRemoteAddress() == '1.1.1.1'" +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+  @Test
+  public final void testIndicesIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "    rc.getIndices().length == 1 && rc.getIndices()[0] == 'index1' " +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+  @Test
+  public final void testMethodIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "    rc.getRequest().method().toString() == 'PUT'" +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+  @Test
+  public final void testPathIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "    rc.getRequest().path() == '/path'" +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+  @Test
+  public final void testContentIsRead() throws Throwable {
+    BlockExitResult res = setScript("function onRequest(rc){\n" +
+        "  print('hello: ' + rc.toString());\n" +
+        "  if(" +
+        "    rc.getContent() == 'test'" +
+        "  ){ return true;} return false;}").check(rc);
+    assertTrue(res.isMatch());
+    assertTrue(res.getBlock().getPolicy() == Block.Policy.ALLOW);
+    assertEquals("1", res.getBlock().getName());
+  }
+
+
+
+}
diff --git a/src/test/script_test_rules.yml b/src/test/script_test_rules.yml
@@ -0,0 +1,6 @@
+readonlyrest:
+    enable: true
+    access_control_rules:
+
+    - name: 1
+      type: allow
