diff --git a/tests/integration/acp/README.md b/tests/integration/acp/README.md new file mode 100644 index 0000000000..501f305e41 --- /dev/null +++ b/tests/integration/acp/README.md @@ -0,0 +1,6 @@ +## More Information on what each directory tests. + + +1) `./add_policy` + - This directory tests ONLY the `Adding of a Policy` through DefraDB. + - Does NOT test DPI validation. diff --git a/tests/integration/acp/add_policy/README.md b/tests/integration/acp/add_policy/README.md new file mode 100644 index 0000000000..b007723d79 --- /dev/null +++ b/tests/integration/acp/add_policy/README.md @@ -0,0 +1,20 @@ +## This directory tests the `Adding of a Policy` through DefraDB. + +### These are NOT DefraDB Policy Interface (DPI) Tests +There are certain requirements for DPI. A policy must be a valid DPI to link to a collection. +However it's important to note that DefraDB does allow uploading / adding policies that aren't +DPI compliant as long as sourcehub (acp module) deems them to be valid. There are various reasons +for this, mostly because DefraDB is a tool that can be used to upload policies to sourcehub that +might not be only for use with collections / schema. Nonetheless we still need a way to validate +that the policy linked within a collection within the schema that is being added/loading is valid. +Therefore, when a schema is being loaded, and it has policyID and resource defined on the +collection with the appropriate directive. At that point before we accept that schema the +validation occurs. Inotherwords, we do not allow a non-DPI compliant policy to be specified +on a collection schema, if it is, then the schema would be rejected. + +### Non-DPI Compliant Policies Documented In Tests +These test files document some cases where DefraDB would upload policies that aren't DPI compliant, +but are sourcehub compatible, might be worthwhile to look at the documented tests and notes there: +- `./with_no_perms_test.go` +- `./with_no_resources_test.go` +- `./with_permissionless_owner_test.go` diff --git a/tests/integration/acp/add_policy/basic_test.go b/tests/integration/acp/add_policy/basic_test.go new file mode 100644 index 0000000000..aa30ee0f53 --- /dev/null +++ b/tests/integration/acp/add_policy/basic_test.go @@ -0,0 +1,102 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_BasicYAML_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + Description: "Test acp, adding basic policy in YAML format", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969", + + Policy: ` + description: a basic policy that satisfies minimum DPI requirements + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_BasicJSON_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + Description: "Test acp, adding basic policy in JSON format", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: false, + + Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969", + + Policy: ` + { + "description": "a basic policy that satisfies minimum DPI requirements", + "resources": { + "users": { + "permissions": { + "read": { + "expr": "owner" + }, + "write": { + "expr": "owner" + } + }, + "relations": { + "owner": { + "types": [ + "actor" + ] + } + } + } + }, + "actor": { + "name": "actor" + } + } + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/fixture.go b/tests/integration/acp/add_policy/fixture.go new file mode 100644 index 0000000000..8fc2edb7cd --- /dev/null +++ b/tests/integration/acp/add_policy/fixture.go @@ -0,0 +1,18 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + acpUtils "github.com/sourcenetwork/defradb/tests/integration/acp" +) + +var actor1Signature = acpUtils.Actor1Signature +var actor2Signature = acpUtils.Actor2Signature diff --git a/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go b/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go new file mode 100644 index 0000000000..e9882f8e4f --- /dev/null +++ b/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go @@ -0,0 +1,64 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_ExtraPermissionsAndExtraRelations_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, extra permissions and relations, still valid", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + extra: + expr: joker + + relations: + owner: + types: + - actor + reader: + types: + - actor + joker: + types: + - actor + `, + + ExpectedPolicyID: "ecfeeebd1b65e6a21b2f1b57006176bcbc6a37ef238f27c7034953f46fe04674", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_extra_perms_test.go b/tests/integration/acp/add_policy/with_extra_perms_test.go new file mode 100644 index 0000000000..202c53a292 --- /dev/null +++ b/tests/integration/acp/add_policy/with_extra_perms_test.go @@ -0,0 +1,99 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_ExtraPermissions_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, extra permissions, still valid", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + extra: + expr: owner + + relations: + owner: + types: + - actor + + actor: + name: actor + `, + + ExpectedPolicyID: "9d518bb2d5aceb2c8f9b12b909eecd50276c1bd0250069875f265166e6030bb5", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_ExtraDuplicatePermissions_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, extra duplicate permissions, return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + + actor: + name: actor + `, + + ExpectedError: "key \"write\" already set in map", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_extra_relations_test.go b/tests/integration/acp/add_policy/with_extra_relations_test.go new file mode 100644 index 0000000000..c324ebf7ca --- /dev/null +++ b/tests/integration/acp/add_policy/with_extra_relations_test.go @@ -0,0 +1,111 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_ExtraRelations_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, extra relations, still valid", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + joker: + types: + - actor + `, + + ExpectedPolicyID: "450c47aa47b7b07820f99e5cb38170dc108a2f12b137946e6b47d0c0a73b607f", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_ExtraDuplicateRelations_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, extra duplicate relations permissions, return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + joker: + types: + - actor + + joker: + types: + - actor + `, + + ExpectedError: "key \"joker\" already set in map", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_invalid_relations_test.go b/tests/integration/acp/add_policy/with_invalid_relations_test.go new file mode 100644 index 0000000000..768a442756 --- /dev/null +++ b/tests/integration/acp/add_policy/with_invalid_relations_test.go @@ -0,0 +1,87 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_NoRelations_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no relations, should return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + `, + + ExpectedError: "resource users: resource missing owner relation: invalid policy", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_NoRelationsLabel_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no relations label, should return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + `, + + ExpectedError: "resource users: resource missing owner relation: invalid policy", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_invalid_required_relation_test.go b/tests/integration/acp/add_policy/with_invalid_required_relation_test.go new file mode 100644 index 0000000000..2149c7cd30 --- /dev/null +++ b/tests/integration/acp/add_policy/with_invalid_required_relation_test.go @@ -0,0 +1,98 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_MissingRequiredOwnerRelation_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, missing requred owner relation, should return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969", + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: reader + read: + expr: reader + + relations: + reader: + types: + - actor + `, + + ExpectedError: "resource users: resource missing owner relation: invalid policy", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_DuplicateOwnerRelation_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, duplicate required owner relations, return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969", + + Policy: ` + description: a policy + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + owner: + types: + - actor + + actor: + name: actor + `, + + ExpectedError: "key \"owner\" already set in map", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_invalid_resource_test.go b/tests/integration/acp/add_policy/with_invalid_resource_test.go new file mode 100644 index 0000000000..89a94a03f1 --- /dev/null +++ b/tests/integration/acp/add_policy/with_invalid_resource_test.go @@ -0,0 +1,46 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_OneResourceThatIsEmpty_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, one resource that is empty, should return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + `, + + ExpectedError: "resource users: resource missing owner relation: invalid policy", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_managed_relation_test.go b/tests/integration/acp/add_policy/with_managed_relation_test.go new file mode 100644 index 0000000000..1dca72e66c --- /dev/null +++ b/tests/integration/acp/add_policy/with_managed_relation_test.go @@ -0,0 +1,62 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_WithRelationManagingOtherRelation_ValidPolicyID(t *testing.T) { + test := testUtils.TestCase{ + Description: "Test acp, where a relation is managing another relation, valid policy id", + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969", + + Policy: ` + description: a policy with admin relation managing reader relation + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + reader + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + admin: + manages: + - reader + types: + - actor + `, + + ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_multi_policies_test.go b/tests/integration/acp/add_policy/with_multi_policies_test.go new file mode 100644 index 0000000000..f53e555393 --- /dev/null +++ b/tests/integration/acp/add_policy/with_multi_policies_test.go @@ -0,0 +1,371 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_AddMultipleDifferentPolicies_ValidPolicyIDs(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add multiple different policies", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: another policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + reader + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + admin: + manages: + - reader + types: + - actor + `, + + ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_AddMultipleDifferentPoliciesInDifferentFmts_ValidPolicyIDs(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add multiple different policies in different formats", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: false, + + Creator: actor1Signature, + + Policy: ` + { + "description": "a policy", + "actor": { + "name": "actor" + }, + "resources": { + "users": { + "permissions": { + "read": { + "expr": "owner" + }, + "write": { + "expr": "owner" + } + }, + "relations": { + "owner": { + "types": [ + "actor" + ] + } + } + } + } + } + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: another policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + reader + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + admin: + manages: + - reader + types: + - actor + `, + + ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_AddDuplicatePolicyByOtherCreator_ValidPolicyIDs(t *testing.T) { + const policyUsedByBoth string = ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + ` + + test := testUtils.TestCase{ + + Description: "Test acp, add duplicate policies by different actors, valid", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: policyUsedByBoth, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor2Signature, + + Policy: policyUsedByBoth, + + ExpectedPolicyID: "551c57323f33decfdc23312e5e1036e3ab85d2414e962814dab9101619dd9ff9", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_AddMultipleDuplicatePolicies_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add duplicate policies, error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + + `, + + ExpectedError: "policy dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a: policy exists", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_AddMultipleDuplicatePoliciesDifferentFmts_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add duplicate policies different formats, error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + `, + + ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + }, + + testUtils.AddPolicy{ + IsYAML: false, + + Creator: actor1Signature, + + Policy: ` + { + "description": "a policy", + "actor": { + "name": "actor" + }, + "resources": { + "users": { + "permissions": { + "read": { + "expr": "owner" + }, + "write": { + "expr": "owner" + } + }, + "relations": { + "owner": { + "types": [ + "actor" + ] + } + } + } + } + } + `, + + ExpectedError: "policy dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a: policy exists", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_multiple_resources_test.go b/tests/integration/acp/add_policy/with_multiple_resources_test.go new file mode 100644 index 0000000000..1aeb6df570 --- /dev/null +++ b/tests/integration/acp/add_policy/with_multiple_resources_test.go @@ -0,0 +1,179 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_MultipleResources_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, multiple resources, valid ID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + books: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "cf082c11fa812dddaa5093f0ccae66c2b5294efe0a2b50ffdcbc0185adf6adf1", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_MultipleResourcesUsingRelationDefinedInOther_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, multiple resources using other's relation, return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + books: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + `, + + ExpectedError: "resource books missing relation reader", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_SecondResourcesMissingRequiredOwner_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, multiple resources second missing required owner, return error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + books: + permissions: + write: + expr: owner + read: + expr: owner + reader + + relations: + reader: + types: + - actor + `, + + ExpectedError: "resource books: resource missing owner relation: invalid policy", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_no_perms_test.go b/tests/integration/acp/add_policy/with_no_perms_test.go new file mode 100644 index 0000000000..dcd3191a58 --- /dev/null +++ b/tests/integration/acp/add_policy/with_no_perms_test.go @@ -0,0 +1,171 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +// Note: Eventhough this file shows we can load a policy, that has no permissions. It is important +// to know that DPI always has a set of permissions it requires. Therefore when a schema is loaded, +// and it has policyID and resource defined on the collection, then before we accept that schema +// the validation occurs. +// Inotherwords, we do not allow a non-DPI compliant policy to be specified on a collection schema, if +// it is the schema would be rejected. However we register the policy with acp module even if +// the policy is not DPI compliant. + +func TestACP_AddPolicy_NoPermissionsOnlyOwner_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no permissions only owner relation", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + + relations: + owner: + types: + - actor + + `, + + ExpectedPolicyID: "b6edfd9d24a79067a2f5960e1369499ebaf4c5ec6747e2f444f33bf9c3915fcb", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_NoPermissionsMultiRelations_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no permissions with multi relations", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + + relations: + owner: + types: + - actor + reader: + types: + - actor + + `, + + ExpectedPolicyID: "7eb7448daa631cfe33da3a149f5eea716026f54bf23ce1315c594259382c5c57", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_NoPermissionsLabelOnlyOwner_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no permissions label only owner relation", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + relations: + owner: + types: + - actor + + `, + + ExpectedPolicyID: "b6edfd9d24a79067a2f5960e1369499ebaf4c5ec6747e2f444f33bf9c3915fcb", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_NoPermissionsLabelMultiRelations_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no permissions label with multi relations", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + relations: + owner: + types: + - actor + reader: + types: + - actor + + `, + + ExpectedPolicyID: "7eb7448daa631cfe33da3a149f5eea716026f54bf23ce1315c594259382c5c57", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_no_resources_test.go b/tests/integration/acp/add_policy/with_no_resources_test.go new file mode 100644 index 0000000000..8e6dd651b6 --- /dev/null +++ b/tests/integration/acp/add_policy/with_no_resources_test.go @@ -0,0 +1,75 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +// Eventhough empty resources make no sense from a DefraDB (DPI) perspective, +// it is still a valid sourcehub policy for now. +func TestACP_AddPolicy_NoResource_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no resource, valid policy", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + `, + + ExpectedPolicyID: "b72d8ec56ffb141922781d2b1b0803404bef57be0eeec98f1662f3017fc2de35", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +// Eventhough empty resources make no sense from a DefraDB (DPI) perspective, +// it is still a valid sourcehub policy for now. +func TestACP_AddPolicy_NoResourceLabel_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, no resource label, valid policy", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + `, + + ExpectedPolicyID: "b72d8ec56ffb141922781d2b1b0803404bef57be0eeec98f1662f3017fc2de35", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_perm_expr_test.go b/tests/integration/acp/add_policy/with_perm_expr_test.go new file mode 100644 index 0000000000..fedbda20d0 --- /dev/null +++ b/tests/integration/acp/add_policy/with_perm_expr_test.go @@ -0,0 +1,102 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithMinus_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with permission expr having owner in the end with minus, ValidID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: reader - owner + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "d74384d99b6732c3a6e0e47c7b75ea19553f643bcca416380530d8ad4e50e529", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +// Note: this and above test both result in different policy ids. +func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithMinusNoSpace_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with permission expr having owner in the end with minus no space, ValidID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: reader-owner + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "f6d5d6d8b0183230fcbdf06cfe14b611f782752d276006ad4622231eeaf60820", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_perm_invalid_expr_test.go b/tests/integration/acp/add_policy/with_perm_invalid_expr_test.go new file mode 100644 index 0000000000..439d338b2b --- /dev/null +++ b/tests/integration/acp/add_policy/with_perm_invalid_expr_test.go @@ -0,0 +1,143 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_EmptyExpressionInPermission_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with permission having empr expr, error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedError: "relation read: error parsing: expression needs: term", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithInocorrectSymbol_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with permission expr having owner in the end with incorrect symbol, error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: reader ^ owner + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedError: "error parsing expression reader ^ owner: unknown token:", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithInocorrectSymbolNoSpace_Error(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with permission expr having owner in the end with incorrect symbol with no space, error", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: reader^owner + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedError: "error parsing expression reader^owner: unknown token:", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_permissionless_owner_test.go b/tests/integration/acp/add_policy/with_permissionless_owner_test.go new file mode 100644 index 0000000000..33fb6ca71d --- /dev/null +++ b/tests/integration/acp/add_policy/with_permissionless_owner_test.go @@ -0,0 +1,150 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +// Note: Similar to the one in ./with_no_perms_test.go +// Eventhough this file shows we can load a policy, that assigns no read/write permissions which +// are required for DPI. When a schema is loaded, and it has policyID and resource defined on the +// collection, then before we accept that schema the validation occurs. Inotherwords, we do not +// allow a non-DPI compliant policy to be specified on a collection schema, if it is, then the schema +// would be rejected. However we register the policy with acp module even if policy isn't DPI compliant. + +func TestACP_AddPolicy_PermissionlessOwnerWrite_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with owner having no write permissions, valid ID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: reader + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "af1ee9ffe8558da8455dc1cfc5897028c16c038a053b4cf740dfcef8032d944a", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_PermissionlessOwnerRead_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with owner having no read permissions, valid ID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: owner + reader + read: + expr: reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "3ceb4a4be889998496355604b68836bc280dc26dab829af3ec45b63d7767a7f1", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} + +func TestACP_AddPolicy_PermissionlessOwnerReadWrite_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy with owner having no read/write permissions, valid ID", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + write: + expr: reader + read: + expr: owner + reader + + relations: + owner: + types: + - actor + reader: + types: + - actor + `, + + ExpectedPolicyID: "af1ee9ffe8558da8455dc1cfc5897028c16c038a053b4cf740dfcef8032d944a", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/add_policy/with_unused_relations_test.go b/tests/integration/acp/add_policy/with_unused_relations_test.go new file mode 100644 index 0000000000..858817d7b4 --- /dev/null +++ b/tests/integration/acp/add_policy/with_unused_relations_test.go @@ -0,0 +1,60 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp_add_policy + +import ( + "testing" + + testUtils "github.com/sourcenetwork/defradb/tests/integration" +) + +func TestACP_AddPolicy_UnusedRelation_ValidID(t *testing.T) { + test := testUtils.TestCase{ + + Description: "Test acp, add policy, unused relation in permissions", + + Actions: []any{ + testUtils.AddPolicy{ + IsYAML: true, + + Creator: actor1Signature, + + Policy: ` + description: a policy + + actor: + name: actor + + resources: + users: + permissions: + read: + expr: owner + write: + expr: owner + + relations: + owner: + types: + - actor + reader: + types: + - actor + + `, + + ExpectedPolicyID: "e1bb7702f653d4f9a0595d2d97c209fc0da8f315be007bd19545599eed41ae42", + }, + }, + } + + testUtils.ExecuteTestCase(t, test) +} diff --git a/tests/integration/acp/fixture.go b/tests/integration/acp/fixture.go new file mode 100644 index 0000000000..ea0ccfc09d --- /dev/null +++ b/tests/integration/acp/fixture.go @@ -0,0 +1,14 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package test_acp + +var Actor1Signature = "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969" +var Actor2Signature = "cosmos1x25hhksxhu86r45hqwk28dd70qzux3262hdrll"