PR(TEST): Add Policy tests

shahzadlone · Feb 9, 2024 · 9ceb226 · 9ceb226
1 parent 1d78bae
commit 9ceb226
Show file tree

Hide file tree

Showing 14 changed files with 1,645 additions and 0 deletions.
diff --git a/tests/integration/acp/policy/README.md b/tests/integration/acp/policy/README.md
@@ -0,0 +1,19 @@
+## This directory tests the `Adding of a Policy` through DefraDB.
+
+### These are NOT DefraDB Policy Interface (DPI) Tests
+There are certain requirements for DPI. A policy must be a valid DPI to link to a collection.
+However it's important to note that DefraDB does allow uploading / adding policies that aren't
+DPI compliant as long as sourcehub (acp module) deems them to be valid. There are various reasons
+for this, mostly because DefraDB is a tool that can be used to upload policies to sourcehub that
+might not be only for use with collections / schema. Nonetheless we still need a way to validate
+that the policy linked within a collection within the schema that is being added/loading is valid.
+Therefore, when a schema is being loaded, and it has policyID and resource defined on the
+collection with the appropriate directive. At that point before we accept that schema the
+validation occurs. Inotherwords, we do not allow a non-DPI compliant policy to be specified
+on a collection schema, if it is, then the schema would be rejected.
+
+### Non-DPI Compliant Policies Documented In Tests
+These test files document some cases where DefraDB would upload policies that aren't DPI compliant,
+but are sourcehub compatible, might be worthwhile to look at the documented tests and notes there:
+- ./with_no_perms_test.go
+- ./with_permissionless_owner_test.go
diff --git a/tests/integration/acp/policy/basic_test.go b/tests/integration/acp/policy/basic_test.go
@@ -0,0 +1,100 @@
+// Copyright 2024 Democratized Data Foundation
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package test_acp_policy
+
+import (
+	"testing"
+
+	testUtils "github.com/sourcenetwork/defradb/tests/integration"
+)
+
+func TestACPAddPolicy_BasicYAML_ValidPolicyID(t *testing.T) {
+	test := testUtils.TestCase{
+		Description: "Test acp, adding basic policy in YAML format",
+		Actions: []any{
+			testUtils.AddPolicy{
+				IsYAML: true,
+
+				Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969",
+
+				Policy: `
+                    description: a basic policy that satisfies minimum DPI requirements
+
+                    actor:
+                      name: actor
+
+                    resources:
+                      users:
+                        permissions:
+                          read:
+                            expr: owner
+                          write:
+                            expr: owner
+
+                        relations:
+                          owner:
+                            types:
+                              - actor
+
+                `,
+
+				ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a",
+			},
+		},
+	}
+
+	testUtils.ExecuteTestCase(t, test)
+}
+
+func TestACPAddPolicy_BasicJSON_ValidPolicyID(t *testing.T) {
+	test := testUtils.TestCase{
+		Description: "Test acp, adding basic policy in JSON format",
+		Actions: []any{
+			testUtils.AddPolicy{
+				IsYAML: false,
+
+				Creator: "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969",
+
+				Policy: `
+					{
+					  "description": "a basic policy that satisfies minimum DPI requirements",
+					  "resources": {
+					    "users": {
+					      "permissions": {
+					        "read": {
+					          "expr": "owner"
+					        },
+					        "write": {
+					          "expr": "owner"
+					        }
+					      },
+					      "relations": {
+					        "owner": {
+					          "types": [
+					            "actor"
+					          ]
+					        }
+					      }
+					    }
+					  },
+					  "actor": {
+					    "name": "actor"
+					  }
+					}
+                `,
+
+				ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a",
+			},
+		},
+	}
+
+	testUtils.ExecuteTestCase(t, test)
+}
diff --git a/tests/integration/acp/policy/fixture.go b/tests/integration/acp/policy/fixture.go
@@ -0,0 +1,14 @@
+// Copyright 2024 Democratized Data Foundation
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package test_acp_policy
+
+var actor1Signature = "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969"
+var actor2Signature = "cosmos1x25hhksxhu86r45hqwk28dd70qzux3262hdrll"
diff --git a/tests/integration/acp/policy/with_extra_perms_and_relations_test.go b/tests/integration/acp/policy/with_extra_perms_and_relations_test.go
@@ -0,0 +1,64 @@
+// Copyright 2024 Democratized Data Foundation
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package test_acp_policy
+
+import (
+	"testing"
+
+	testUtils "github.com/sourcenetwork/defradb/tests/integration"
+)
+
+func TestACPAddPolicy_ExtraPermissionsAndExtraRelations_ValidPolicyID(t *testing.T) {
+	test := testUtils.TestCase{
+
+		Description: "Test acp, add policy, extra permissions and relations, still valid",
+
+		Actions: []any{
+			testUtils.AddPolicy{
+				IsYAML: true,
+
+				Creator: actor1Signature,
+
+				Policy: `
+                    description: a policy
+
+                    actor:
+                      name: actor
+
+                    resources:
+                      users:
+                        permissions:
+                          write:
+                            expr: owner
+                          read:
+                            expr: owner + reader
+                          extra:
+                            expr: joker
+
+                        relations:
+                          owner:
+                            types:
+                              - actor
+                          reader:
+                            types:
+                              - actor
+                          joker:
+                            types:
+                              - actor
+                `,
+
+				ExpectedPolicyID: "ecfeeebd1b65e6a21b2f1b57006176bcbc6a37ef238f27c7034953f46fe04674",
+			},
+		},
+	}
+
+	testUtils.ExecuteTestCase(t, test)
+}
diff --git a/tests/integration/acp/policy/with_extra_perms_test.go b/tests/integration/acp/policy/with_extra_perms_test.go
@@ -0,0 +1,99 @@
+// Copyright 2024 Democratized Data Foundation
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package test_acp_policy
+
+import (
+	"testing"
+
+	testUtils "github.com/sourcenetwork/defradb/tests/integration"
+)
+
+func TestACPAddPolicy_ExtraPermissions_ValidPolicyID(t *testing.T) {
+	test := testUtils.TestCase{
+
+		Description: "Test acp, add policy, extra permissions, still valid",
+
+		Actions: []any{
+			testUtils.AddPolicy{
+				IsYAML: true,
+
+				Creator: actor1Signature,
+
+				Policy: `
+                    description: a policy
+
+                    resources:
+                      users:
+                        permissions:
+                          read:
+                            expr: owner
+                          write:
+                            expr: owner
+                          extra:
+                            expr: owner
+
+                        relations:
+                          owner:
+                            types:
+                              - actor
+
+                    actor:
+                      name: actor
+                `,
+
+				ExpectedPolicyID: "9d518bb2d5aceb2c8f9b12b909eecd50276c1bd0250069875f265166e6030bb5",
+			},
+		},
+	}
+
+	testUtils.ExecuteTestCase(t, test)
+}
+
+func TestACPAddPolicy_ExtraDuplicatePermissions_Error(t *testing.T) {
+	test := testUtils.TestCase{
+
+		Description: "Test acp, add policy, extra duplicate permissions, return error",
+
+		Actions: []any{
+			testUtils.AddPolicy{
+				IsYAML: true,
+
+				Creator: actor1Signature,
+
+				Policy: `
+                    description: a policy
+
+                    resources:
+                      users:
+                        permissions:
+                          read:
+                            expr: owner
+                          write:
+                            expr: owner
+                          write:
+                            expr: owner
+
+                        relations:
+                          owner:
+                            types:
+                              - actor
+
+                    actor:
+                      name: actor
+                `,
+
+				ExpectedError: "key \"write\" already set in map",
+			},
+		},
+	}
+
+	testUtils.ExecuteTestCase(t, test)
+}