From b984d4c73160defd2ce4d0d2e31fcf70eeca0cf3 Mon Sep 17 00:00:00 2001 From: Alexgao001 Date: Fri, 27 Oct 2023 18:13:17 +0800 Subject: [PATCH] add test --- e2e/tests/permission_test.go | 67 ++++++++++++++++++++++------------- x/permission/keeper/keeper.go | 4 +-- 2 files changed, 44 insertions(+), 27 deletions(-) diff --git a/e2e/tests/permission_test.go b/e2e/tests/permission_test.go index f64318904..92eec103b 100644 --- a/e2e/tests/permission_test.go +++ b/e2e/tests/permission_test.go @@ -1965,54 +1965,71 @@ func (s *StorageTestSuite) TestExpiredAccountPolicyGCAndRePut() { } func (s *StorageTestSuite) TestExpiredGroupPolicyGCAndRePut() { - var err error ctx := context.Background() - user1 := s.GenAndChargeAccounts(1, 1000000)[0] + user := s.GenAndChargeAccounts(3, 10000) + _, owner, bucketName, bucketId, _, _ := s.createObjectWithVisibility(storagetypes.VISIBILITY_TYPE_PUBLIC_READ) - _, owner, bucketName, _, _, objectId := s.createObjectWithVisibility(storagetypes.VISIBILITY_TYPE_PUBLIC_READ) + // Create Group + testGroupName := "testGroup" + msgCreateGroup := storagetypes.NewMsgCreateGroup(owner.GetAddr(), testGroupName, "") + s.SendTxBlock(owner, msgCreateGroup) + membersToAdd := []*storagetypes.MsgGroupMember{ + {Member: user[1].GetAddr().String()}, + } + membersToDelete := []sdk.AccAddress{} + msgUpdateGroupMember := storagetypes.NewMsgUpdateGroupMember(owner.GetAddr(), owner.GetAddr(), testGroupName, membersToAdd, membersToDelete) + s.SendTxBlock(owner, msgUpdateGroupMember) - principal := types.NewPrincipalWithAccount(user1.GetAddr()) + // Head Group + headGroupRequest := storagetypes.QueryHeadGroupRequest{GroupOwner: owner.GetAddr().String(), GroupName: testGroupName} + headGroupResponse, err := s.Client.HeadGroup(ctx, &headGroupRequest) + s.Require().NoError(err) + s.Require().Equal(headGroupResponse.GroupInfo.GroupName, testGroupName) + s.Require().True(owner.GetAddr().Equals(sdk.MustAccAddressFromHex(headGroupResponse.GroupInfo.Owner))) + s.T().Logf("GroupInfo: %s", headGroupResponse.GetGroupInfo().String()) + + principal := types.NewPrincipalWithGroupId(headGroupResponse.GroupInfo.Id) + // Put bucket policy for group + expirationTime := time.Now().Add(5 * time.Second) - // Put bucket policy bucketStatement := &types.Statement{ Actions: []types.ActionType{types.ACTION_DELETE_BUCKET}, Effect: types.EFFECT_ALLOW, } - expirationTime := time.Now().Add(5 * time.Second) - msgPutBucketPolicy := storagetypes.NewMsgPutPolicy(owner.GetAddr(), types2.NewBucketGRN(bucketName).String(), principal, []*types.Statement{bucketStatement}, &expirationTime) s.SendTxBlock(owner, msgPutBucketPolicy) - // Query the policy which is enforced on bucket - grn1 := types2.NewBucketGRN(bucketName) - queryPolicyForAccountResp, err := s.Client.QueryPolicyForAccount(ctx, &storagetypes.QueryPolicyForAccountRequest{ - Resource: grn1.String(), - PrincipalAddress: user1.GetAddr().String(), - }) + // Query bucket policy for group + grn := types2.NewBucketGRN(bucketName) + queryPolicyForGroupReq := storagetypes.QueryPolicyForGroupRequest{ + Resource: grn.String(), + PrincipalGroupId: headGroupResponse.GroupInfo.Id.String(), + } + + queryPolicyForGroupResp, err := s.Client.QueryPolicyForGroup(ctx, &queryPolicyForGroupReq) s.Require().NoError(err) - s.Require().Equal(objectId, queryPolicyForAccountResp.Policy.ResourceId) + s.Require().Equal(bucketId, queryPolicyForGroupResp.Policy.ResourceId) + s.Require().Equal(queryPolicyForGroupResp.Policy.ResourceType, resource.RESOURCE_TYPE_BUCKET) + s.Require().Equal(types.EFFECT_ALLOW, queryPolicyForGroupResp.Policy.Statements[0].Effect) + bucketPolicyId := queryPolicyForGroupResp.Policy.Id // wait for policy expired time.Sleep(5 * time.Second) - // query the policy, which is already GC, should get err. - _, err = s.Client.QueryPolicyForAccount(ctx, &storagetypes.QueryPolicyForAccountRequest{ - Resource: grn1.String(), - PrincipalAddress: user1.GetAddr().String(), - }) + // policy is GC + _, err = s.Client.QueryPolicyById(ctx, &storagetypes.QueryPolicyByIdRequest{PolicyId: bucketPolicyId.String()}) s.Require().Error(err) + s.Require().ErrorContains(err, "No such Policy") // the user should be able to re-put policy for the bucket. msgPutBucketPolicy = storagetypes.NewMsgPutPolicy(owner.GetAddr(), types2.NewBucketGRN(bucketName).String(), principal, []*types.Statement{bucketStatement}, nil) s.SendTxBlock(owner, msgPutBucketPolicy) - // Query the policy which is enforced on bucket. - queryPolicyForAccountResp, err = s.Client.QueryPolicyForAccount(ctx, &storagetypes.QueryPolicyForAccountRequest{ - Resource: grn1.String(), - PrincipalAddress: user1.GetAddr().String(), - }) + queryPolicyForGroupResp, err = s.Client.QueryPolicyForGroup(ctx, &queryPolicyForGroupReq) s.Require().NoError(err) - s.Require().Equal(objectId, queryPolicyForAccountResp.Policy.ResourceId) + s.Require().Equal(bucketId, queryPolicyForGroupResp.Policy.ResourceId) + s.Require().Equal(queryPolicyForGroupResp.Policy.ResourceType, resource.RESOURCE_TYPE_BUCKET) + s.Require().Equal(types.EFFECT_ALLOW, queryPolicyForGroupResp.Policy.Statements[0].Effect) } diff --git a/x/permission/keeper/keeper.go b/x/permission/keeper/keeper.go index 7916d3c7c..3c105514a 100644 --- a/x/permission/keeper/keeper.go +++ b/x/permission/keeper/keeper.go @@ -537,6 +537,8 @@ func (k Keeper) RemoveExpiredPolicies(ctx sdk.Context) { k.cdc.MustUnmarshal(store.Get(types.GetPolicyByIDKey(policyId)), &policy) store.Delete(types.GetPolicyByIDKey(policyId)) + ctx.EventManager().EmitTypedEvents(&types.EventDeletePolicy{PolicyId: policyId}) //nolint: errcheck + count++ //1. the policy is an account policy, delete policyKey -> policyId. //2. the policy is group policy within a policy group, delete the index in the policy group @@ -565,8 +567,6 @@ func (k Keeper) RemoveExpiredPolicies(ctx sdk.Context) { } } } - ctx.EventManager().EmitTypedEvents(&types.EventDeletePolicy{PolicyId: policyId}) //nolint: errcheck - count++ } } }