rbac_service_config_parser_test.cc
Go to the documentation of this file.
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
16 
17 #include <gmock/gmock-matchers.h>
18 #include <gmock/gmock.h>
19 #include <gtest/gtest.h>
20 
21 #include "src/core/lib/service_config/service_config_impl.h"
22 #include "test/core/util/test_config.h"
23 
24 // A regular expression to enter referenced or child errors.
25 #ifdef GRPC_ERROR_IS_ABSEIL_STATUS
26 #define CHILD_ERROR_TAG ".*children.*"
27 #else
28 #define CHILD_ERROR_TAG ".*referenced_errors.*"
29 #endif
30 
31 namespace grpc_core {
32 namespace testing {
33 namespace {
34 
35 // Test basic parsing of RBAC policy
36 TEST(RbacServiceConfigParsingTest, EmptyRbacPolicy) {
37  const char* test_json =
38  "{\n"
39  " \"methodConfig\": [ {\n"
40  " \"name\": [\n"
41  " {}\n"
42  " ],\n"
43  " \"rbacPolicy\": [ {\n"
44  " } ]"
45  " } ]\n"
46  "}";
47  grpc_error_handle error = GRPC_ERROR_NONE;
48  grpc_arg arg = grpc_channel_arg_integer_create(
49  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
50  grpc_channel_args args = {1, &arg};
51  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
52  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
53  const auto* vector_ptr =
54  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
55  ASSERT_NE(vector_ptr, nullptr);
56  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
57  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
58  ASSERT_NE(parsed_rbac_config, nullptr);
59  ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
60  EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->action(),
61  Rbac::Action::kDeny);
62  EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 0);
63 }
64 
65 // Test that RBAC policies are not parsed if the channel arg
66 // GRPC_ARG_PARSE_RBAC_METHOD_CONFIG is not present
67 TEST(RbacServiceConfigParsingTest, MissingChannelArg) {
68  const char* test_json =
69  "{\n"
70  " \"methodConfig\": [ {\n"
71  " \"name\": [\n"
72  " {}\n"
73  " ],\n"
74  " \"rbacPolicy\": [ {\n"
75  " } ]"
76  " } ]\n"
77  "}";
78  grpc_error_handle error = GRPC_ERROR_NONE;
79  auto svc_cfg = ServiceConfigImpl::Create(nullptr, test_json, &error);
80  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
81  const auto* vector_ptr =
82  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
83  ASSERT_NE(vector_ptr, nullptr);
84  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
85  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
86  ASSERT_EQ(parsed_rbac_config, nullptr);
87 }
88 
89 // Test an empty rbacPolicy array
90 TEST(RbacServiceConfigParsingTest, EmptyRbacPolicyArray) {
91  const char* test_json =
92  "{\n"
93  " \"methodConfig\": [ {\n"
94  " \"name\": [\n"
95  " {}\n"
96  " ],\n"
97  " \"rbacPolicy\": []"
98  " } ]\n"
99  "}";
100  grpc_error_handle error = GRPC_ERROR_NONE;
101  grpc_arg arg = grpc_channel_arg_integer_create(
102  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
103  grpc_channel_args args = {1, &arg};
104  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
105  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
106  const auto* vector_ptr =
107  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
108  ASSERT_NE(vector_ptr, nullptr);
109  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
110  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
111  ASSERT_EQ(parsed_rbac_config, nullptr);
112 }
113 
114 // Test presence of multiple RBAC policies in the array
115 TEST(RbacServiceConfigParsingTest, MultipleRbacPolicies) {
116  const char* test_json =
117  "{\n"
118  " \"methodConfig\": [ {\n"
119  " \"name\": [\n"
120  " {}\n"
121  " ],\n"
122  " \"rbacPolicy\": [ {}, {}, {} ]"
123  " } ]\n"
124  "}";
125  grpc_error_handle error = GRPC_ERROR_NONE;
126  grpc_arg arg = grpc_channel_arg_integer_create(
127  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
128  grpc_channel_args args = {1, &arg};
129  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
130  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
131  const auto* vector_ptr =
132  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
133  ASSERT_NE(vector_ptr, nullptr);
134  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
135  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
136  ASSERT_NE(parsed_rbac_config, nullptr);
137  for (auto i = 0; i < 3; ++i) {
138  ASSERT_NE(parsed_rbac_config->authorization_engine(i), nullptr);
139  EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->action(),
140  Rbac::Action::kDeny);
141  EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->num_policies(), 0);
142  }
143 }
144 
145 TEST(RbacServiceConfigParsingTest, BadRbacPolicyType) {
146  const char* test_json =
147  "{\n"
148  " \"methodConfig\": [ {\n"
149  " \"name\": [\n"
150  " {}\n"
151  " ],\n"
152  " \"rbacPolicy\": 1234"
153  " } ]\n"
154  "}";
155  grpc_error_handle error = GRPC_ERROR_NONE;
156  grpc_arg arg = grpc_channel_arg_integer_create(
157  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
158  grpc_channel_args args = {1, &arg};
159  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
160  EXPECT_THAT(
161  grpc_error_std_string(error),
162  ::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
163  "field:rbacPolicy error:type should be ARRAY"));
164  GRPC_ERROR_UNREF(error);
165 }
166 
167 TEST(RbacServiceConfigParsingTest, BadRulesType) {
168  const char* test_json =
169  "{\n"
170  " \"methodConfig\": [ {\n"
171  " \"name\": [\n"
172  " {}\n"
173  " ],\n"
174  " \"rbacPolicy\": [{\"rules\":1}]"
175  " } ]\n"
176  "}";
177  grpc_error_handle error = GRPC_ERROR_NONE;
178  grpc_arg arg = grpc_channel_arg_integer_create(
179  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
180  grpc_channel_args args = {1, &arg};
181  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
182  EXPECT_THAT(
183  grpc_error_std_string(error),
184  ::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
185  "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
186  "field:rules error:type should be OBJECT"));
187  GRPC_ERROR_UNREF(error);
188 }
189 
190 TEST(RbacServiceConfigParsingTest, BadActionAndPolicyType) {
191  const char* test_json =
192  "{\n"
193  " \"methodConfig\": [ {\n"
194  " \"name\": [\n"
195  " {}\n"
196  " ],\n"
197  " \"rbacPolicy\": [{\n"
198  " \"rules\":{\n"
199  " \"action\":{},\n"
200  " \"policies\":123\n"
201  " }\n"
202  " } ]\n"
203  " } ]\n"
204  "}";
205  grpc_error_handle error = GRPC_ERROR_NONE;
206  grpc_arg arg = grpc_channel_arg_integer_create(
207  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
208  grpc_channel_args args = {1, &arg};
209  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
210  EXPECT_THAT(
211  grpc_error_std_string(error),
212  ::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
213  "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
214  "field:action error:type should be NUMBER.*"
215  "field:policies error:type should be OBJECT"));
216  GRPC_ERROR_UNREF(error);
217 }
218 
219 TEST(RbacServiceConfigParsingTest, MissingPermissionAndPrincipals) {
220  const char* test_json =
221  "{\n"
222  " \"methodConfig\": [ {\n"
223  " \"name\": [\n"
224  " {}\n"
225  " ],\n"
226  " \"rbacPolicy\": [{\n"
227  " \"rules\":{\n"
228  " \"action\":1,\n"
229  " \"policies\":{\n"
230  " \"policy\":{\n"
231  " }\n"
232  " }\n"
233  " }\n"
234  " } ]\n"
235  " } ]\n"
236  "}";
237  grpc_error_handle error = GRPC_ERROR_NONE;
238  grpc_arg arg = grpc_channel_arg_integer_create(
239  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
240  grpc_channel_args args = {1, &arg};
241  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
242  EXPECT_THAT(
243  grpc_error_std_string(error),
244  ::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
245  "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
246  "policies key:'policy'" CHILD_ERROR_TAG
247  "field:permissions error:does not exist.*"
248  "field:principals error:does not exist"));
249  GRPC_ERROR_UNREF(error);
250 }
251 
252 TEST(RbacServiceConfigParsingTest, EmptyPrincipalAndPermission) {
253  const char* test_json =
254  "{\n"
255  " \"methodConfig\": [ {\n"
256  " \"name\": [\n"
257  " {}\n"
258  " ],\n"
259  " \"rbacPolicy\": [{\n"
260  " \"rules\":{\n"
261  " \"action\":1,\n"
262  " \"policies\":{\n"
263  " \"policy\":{\n"
264  " \"permissions\":[{}],\n"
265  " \"principals\":[{}]\n"
266  " }\n"
267  " }\n"
268  " }\n"
269  " } ]\n"
270  " } ]\n"
271  "}";
272  grpc_error_handle error = GRPC_ERROR_NONE;
273  grpc_arg arg = grpc_channel_arg_integer_create(
274  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
275  grpc_channel_args args = {1, &arg};
276  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
277  EXPECT_THAT(
278  grpc_error_std_string(error),
279  ::testing::ContainsRegex(
280  "Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
281  "policies key:'policy'" CHILD_ERROR_TAG
282  "permissions\\[0\\]" CHILD_ERROR_TAG "No valid rule found.*"
283  "principals\\[0\\]" CHILD_ERROR_TAG "No valid id found"));
284  GRPC_ERROR_UNREF(error);
285 }
286 
287 TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsTypes) {
288  const char* test_json =
289  "{\n"
290  " \"methodConfig\": [ {\n"
291  " \"name\": [\n"
292  " {}\n"
293  " ],\n"
294  " \"rbacPolicy\": [{\n"
295  " \"rules\":{\n"
296  " \"action\":1,\n"
297  " \"policies\":{\n"
298  " \"policy\":{\n"
299  " \"permissions\":[\n"
300  " {\"andRules\":{\"rules\":[{\"any\":true}]}},\n"
301  " {\"orRules\":{\"rules\":[{\"any\":true}]}},\n"
302  " {\"any\":true},\n"
303  " {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
304  " {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
305  " {\"destinationIp\":{\"addressPrefix\":\"::1\"}},\n"
306  " {\"destinationPort\":1234},\n"
307  " {\"metadata\":{\"invert\":true}},\n"
308  " {\"notRule\":{\"any\":true}},\n"
309  " {\"requestedServerName\":{\"exact\":\"\"}}\n"
310  " ],\n"
311  " \"principals\":[\n"
312  " {\"andIds\":{\"ids\":[{\"any\":true}]}},\n"
313  " {\"orIds\":{\"ids\":[{\"any\":true}]}},\n"
314  " {\"any\":true},\n"
315  " {\"authenticated\":{\n"
316  " \"principalName\":{\"exact\":\"\"}}},\n"
317  " {\"sourceIp\":{\"addressPrefix\":\"::1\"}},\n"
318  " {\"directRemoteIp\":{\"addressPrefix\":\"::1\"}},\n"
319  " {\"remoteIp\":{\"addressPrefix\":\"::1\"}},\n"
320  " {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
321  " {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
322  " {\"metadata\":{\"invert\":true}},\n"
323  " {\"notId\":{\"any\":true}}\n"
324  " ]\n"
325  " }\n"
326  " }\n"
327  " }\n"
328  " } ]\n"
329  " } ]\n"
330  "}";
331  grpc_error_handle error = GRPC_ERROR_NONE;
332  grpc_arg arg = grpc_channel_arg_integer_create(
333  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
334  grpc_channel_args args = {1, &arg};
335  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
336  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
337  const auto* vector_ptr =
338  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
339  ASSERT_NE(vector_ptr, nullptr);
340  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
341  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
342  ASSERT_NE(parsed_rbac_config, nullptr);
343  ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
344  EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
345 }
346 
347 TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsBadTypes) {
348  const char* test_json =
349  "{\n"
350  " \"methodConfig\": [ {\n"
351  " \"name\": [\n"
352  " {}\n"
353  " ],\n"
354  " \"rbacPolicy\": [{\n"
355  " \"rules\":{\n"
356  " \"action\":1,\n"
357  " \"policies\":{\n"
358  " \"policy\":{\n"
359  " \"permissions\":[\n"
360  " {\"andRules\":1234},\n"
361  " {\"orRules\":1234},\n"
362  " {\"any\":1234},\n"
363  " {\"header\":1234},\n"
364  " {\"urlPath\":1234},\n"
365  " {\"destinationIp\":1234},\n"
366  " {\"destinationPort\":\"port\"},\n"
367  " {\"metadata\":1234},\n"
368  " {\"notRule\":1234},\n"
369  " {\"requestedServerName\":1234}\n"
370  " ],\n"
371  " \"principals\":[\n"
372  " {\"andIds\":1234},\n"
373  " {\"orIds\":1234},\n"
374  " {\"any\":1234},\n"
375  " {\"authenticated\":1234},\n"
376  " {\"sourceIp\":1234},\n"
377  " {\"directRemoteIp\":1234},\n"
378  " {\"remoteIp\":1234},\n"
379  " {\"header\":1234},\n"
380  " {\"urlPath\":1234},\n"
381  " {\"metadata\":1234},\n"
382  " {\"notId\":1234}\n"
383  " ]\n"
384  " }\n"
385  " }\n"
386  " }\n"
387  " } ]\n"
388  " } ]\n"
389  "}";
390  grpc_error_handle error = GRPC_ERROR_NONE;
391  grpc_arg arg = grpc_channel_arg_integer_create(
392  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
393  grpc_channel_args args = {1, &arg};
394  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
395  EXPECT_THAT(
396  grpc_error_std_string(error),
397  ::testing::ContainsRegex(
398  "Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
399  "policies key:'policy'" CHILD_ERROR_TAG
400  "permissions\\[0\\]" CHILD_ERROR_TAG
401  "field:andRules error:type should be OBJECT.*"
402  "permissions\\[1\\]" CHILD_ERROR_TAG
403  "field:orRules error:type should be OBJECT.*"
404  "permissions\\[2\\]" CHILD_ERROR_TAG
405  "field:any error:type should be BOOLEAN.*"
406  "permissions\\[3\\]" CHILD_ERROR_TAG
407  "field:header error:type should be OBJECT.*"
408  "permissions\\[4\\]" CHILD_ERROR_TAG
409  "field:urlPath error:type should be OBJECT.*"
410  "permissions\\[5\\]" CHILD_ERROR_TAG
411  "field:destinationIp error:type should be OBJECT.*"
412  "permissions\\[6\\]" CHILD_ERROR_TAG
413  "field:destinationPort error:failed to parse.*"
414  "permissions\\[7\\]" CHILD_ERROR_TAG
415  "field:metadata error:type should be OBJECT.*"
416  "permissions\\[8\\]" CHILD_ERROR_TAG
417  "field:notRule error:type should be OBJECT.*"
418  "permissions\\[9\\]" CHILD_ERROR_TAG
419  "field:requestedServerName error:type should be OBJECT.*"
420  "principals\\[0\\]" CHILD_ERROR_TAG
421  "field:andIds error:type should be OBJECT.*"
422  "principals\\[1\\]" CHILD_ERROR_TAG
423  "field:orIds error:type should be OBJECT.*"
424  "principals\\[2\\]" CHILD_ERROR_TAG
425  "field:any error:type should be BOOLEAN.*"
426  "principals\\[3\\]" CHILD_ERROR_TAG
427  "field:authenticated error:type should be OBJECT.*"
428  "principals\\[4\\]" CHILD_ERROR_TAG
429  "field:sourceIp error:type should be OBJECT.*"
430  "principals\\[5\\]" CHILD_ERROR_TAG
431  "field:directRemoteIp error:type should be OBJECT.*"
432  "principals\\[6\\]" CHILD_ERROR_TAG
433  "field:remoteIp error:type should be OBJECT.*"
434  "principals\\[7\\]" CHILD_ERROR_TAG
435  "field:header error:type should be OBJECT.*"
436  "principals\\[8\\]" CHILD_ERROR_TAG
437  "field:urlPath error:type should be OBJECT.*"
438  "principals\\[9\\]" CHILD_ERROR_TAG
439  "field:metadata error:type should be OBJECT.*"
440  "principals\\[10\\]" CHILD_ERROR_TAG
441  "field:notId error:type should be OBJECT.*"));
442  GRPC_ERROR_UNREF(error);
443 }
444 
445 TEST(RbacServiceConfigParsingTest, HeaderMatcherVariousTypes) {
446  const char* test_json =
447  "{\n"
448  " \"methodConfig\": [ {\n"
449  " \"name\": [\n"
450  " {}\n"
451  " ],\n"
452  " \"rbacPolicy\": [{\n"
453  " \"rules\":{\n"
454  " \"action\":1,\n"
455  " \"policies\":{\n"
456  " \"policy\":{\n"
457  " \"permissions\":[\n"
458  " {\"header\":{\"name\":\"name\", \"exactMatch\":\"\", \n"
459  " \"invertMatch\":true}},\n"
460  " {\"header\":{\"name\":\"name\", \"safeRegexMatch\":{\n"
461  " \"regex\":\"\"}}},\n"
462  " {\"header\":{\"name\":\"name\", \"rangeMatch\":{\n"
463  " \"start\":0, \"end\":1}}},\n"
464  " {\"header\":{\"name\":\"name\", \"presentMatch\":true}},\n"
465  " {\"header\":{\"name\":\"name\", \"prefixMatch\":\"\"}},\n"
466  " {\"header\":{\"name\":\"name\", \"suffixMatch\":\"\"}},\n"
467  " {\"header\":{\"name\":\"name\", \"containsMatch\":\"\"}}\n"
468  " ],\n"
469  " \"principals\":[]\n"
470  " }\n"
471  " }\n"
472  " }\n"
473  " } ]\n"
474  " } ]\n"
475  "}";
476  grpc_error_handle error = GRPC_ERROR_NONE;
477  grpc_arg arg = grpc_channel_arg_integer_create(
478  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
479  grpc_channel_args args = {1, &arg};
480  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
481  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
482  const auto* vector_ptr =
483  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
484  ASSERT_NE(vector_ptr, nullptr);
485  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
486  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
487  ASSERT_NE(parsed_rbac_config, nullptr);
488  ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
489  EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
490 }
491 
492 TEST(RbacServiceConfigParsingTest, HeaderMatcherBadTypes) {
493  const char* test_json =
494  "{\n"
495  " \"methodConfig\": [ {\n"
496  " \"name\": [\n"
497  " {}\n"
498  " ],\n"
499  " \"rbacPolicy\": [{\n"
500  " \"rules\":{\n"
501  " \"action\":1,\n"
502  " \"policies\":{\n"
503  " \"policy\":{\n"
504  " \"permissions\":[\n"
505  " {\"header\":{\"name\":\"name\", \"exactMatch\":1, \n"
506  " \"invertMatch\":1}},\n"
507  " {\"header\":{\"name\":\"name\", \"safeRegexMatch\":1}},\n"
508  " {\"header\":{\"name\":\"name\", \"rangeMatch\":1}},\n"
509  " {\"header\":{\"name\":\"name\", \"presentMatch\":1}},\n"
510  " {\"header\":{\"name\":\"name\", \"prefixMatch\":1}},\n"
511  " {\"header\":{\"name\":\"name\", \"suffixMatch\":1}},\n"
512  " {\"header\":{\"name\":\"name\", \"containsMatch\":1}}\n"
513  " ],\n"
514  " \"principals\":[]\n"
515  " }\n"
516  " }\n"
517  " }\n"
518  " } ]\n"
519  " } ]\n"
520  "}";
521  grpc_error_handle error = GRPC_ERROR_NONE;
522  grpc_arg arg = grpc_channel_arg_integer_create(
523  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
524  grpc_channel_args args = {1, &arg};
525  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
526  EXPECT_THAT(
527  grpc_error_std_string(error),
528  ::testing::ContainsRegex(
529  "Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
530  "policies key:'policy'" CHILD_ERROR_TAG
531  "permissions\\[0\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
532  "field:invertMatch error:type should be BOOLEAN.*"
533  "field:exactMatch error:type should be STRING.*"
534  "permissions\\[1\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
535  "field:safeRegexMatch error:type should be OBJECT.*"
536  "permissions\\[2\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
537  "field:rangeMatch error:type should be OBJECT.*"
538  "permissions\\[3\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
539  "field:presentMatch error:type should be BOOLEAN.*"
540  "permissions\\[4\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
541  "field:prefixMatch error:type should be STRING.*"
542  "permissions\\[5\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
543  "field:suffixMatch error:type should be STRING.*"
544  "permissions\\[6\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
545  "field:containsMatch error:type should be STRING.*"));
546  GRPC_ERROR_UNREF(error);
547 }
548 
549 TEST(RbacServiceConfigParsingTest, StringMatcherVariousTypes) {
550  const char* test_json =
551  "{\n"
552  " \"methodConfig\": [ {\n"
553  " \"name\": [\n"
554  " {}\n"
555  " ],\n"
556  " \"rbacPolicy\": [{\n"
557  " \"rules\":{\n"
558  " \"action\":1,\n"
559  " \"policies\":{\n"
560  " \"policy\":{\n"
561  " \"permissions\":[\n"
562  " {\"requestedServerName\":{\"exact\":\"\", \n"
563  " \"ignoreCase\":true}},\n"
564  " {\"requestedServerName\":{\"prefix\":\"\"}},\n"
565  " {\"requestedServerName\":{\"suffix\":\"\"}},\n"
566  " {\"requestedServerName\":{\"safeRegex\":{\n"
567  " \"regex\":\"\"}}},\n"
568  " {\"requestedServerName\":{\"contains\":\"\"}}\n"
569  " ],\n"
570  " \"principals\":[]\n"
571  " }\n"
572  " }\n"
573  " }\n"
574  " } ]\n"
575  " } ]\n"
576  "}";
577  grpc_error_handle error = GRPC_ERROR_NONE;
578  grpc_arg arg = grpc_channel_arg_integer_create(
579  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
580  grpc_channel_args args = {1, &arg};
581  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
582  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
583  const auto* vector_ptr =
584  svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
585  ASSERT_NE(vector_ptr, nullptr);
586  auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
587  ((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
588  ASSERT_NE(parsed_rbac_config, nullptr);
589  ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
590  EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
591 }
592 
593 TEST(RbacServiceConfigParsingTest, StringMatcherBadTypes) {
594  const char* test_json =
595  "{\n"
596  " \"methodConfig\": [ {\n"
597  " \"name\": [\n"
598  " {}\n"
599  " ],\n"
600  " \"rbacPolicy\": [{\n"
601  " \"rules\":{\n"
602  " \"action\":1,\n"
603  " \"policies\":{\n"
604  " \"policy\":{\n"
605  " \"permissions\":[\n"
606  " {\"requestedServerName\":{\"exact\":1, \n"
607  " \"ignoreCase\":1}},\n"
608  " {\"requestedServerName\":{\"prefix\":1}},\n"
609  " {\"requestedServerName\":{\"suffix\":1}},\n"
610  " {\"requestedServerName\":{\"safeRegex\":1}},\n"
611  " {\"requestedServerName\":{\"contains\":1}}\n"
612  " ],\n"
613  " \"principals\":[]\n"
614  " }\n"
615  " }\n"
616  " }\n"
617  " } ]\n"
618  " } ]\n"
619  "}";
620  grpc_error_handle error = GRPC_ERROR_NONE;
621  grpc_arg arg = grpc_channel_arg_integer_create(
622  const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
623  grpc_channel_args args = {1, &arg};
624  auto svc_cfg = ServiceConfigImpl::Create(&args, test_json, &error);
625  EXPECT_THAT(
626  grpc_error_std_string(error),
627  ::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
628  "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
629  "policies key:'policy'" CHILD_ERROR_TAG
630  "permissions\\[0\\]" CHILD_ERROR_TAG
631  "requestedServerName" CHILD_ERROR_TAG
632  "field:ignoreCase error:type should be BOOLEAN.*"
633  "field:exact error:type should be STRING.*"
634  "permissions\\[1\\]" CHILD_ERROR_TAG
635  "requestedServerName" CHILD_ERROR_TAG
636  "field:prefix error:type should be STRING.*"
637  "permissions\\[2\\]" CHILD_ERROR_TAG
638  "requestedServerName" CHILD_ERROR_TAG
639  "field:suffix error:type should be STRING.*"
640  "permissions\\[3\\]" CHILD_ERROR_TAG
641  "requestedServerName" CHILD_ERROR_TAG
642  "field:safeRegex error:type should be OBJECT.*"
643  "permissions\\[4\\]" CHILD_ERROR_TAG
644  "requestedServerName" CHILD_ERROR_TAG
645  "field:contains error:type should be STRING.*"));
646  GRPC_ERROR_UNREF(error);
647 }
648 
649 } // namespace
650 } // namespace testing
651 } // namespace grpc_core
652 
653 int main(int argc, char** argv) {
654  grpc::testing::TestEnvironment env(&argc, argv);
655  ::testing::InitGoogleTest(&argc, argv);
656  grpc_init();
657  int ret = RUN_ALL_TESTS();
658  grpc_shutdown();
659  return ret;
660 }
grpc_arg
Definition: grpc_types.h:103
testing
Definition: aws_request_signer_test.cc:25
ASSERT_NE
#define ASSERT_NE(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2060
testing::ContainsRegex
PolymorphicMatcher< internal::MatchesRegexMatcher > ContainsRegex(const internal::RE *regex)
Definition: cares/cares/test/gmock-1.8.0/gmock/gmock.h:8835
GRPC_ERROR_NONE
#define GRPC_ERROR_NONE
Definition: error.h:234
get
absl::string_view get(const Cont &c)
Definition: abseil-cpp/absl/strings/str_replace_test.cc:185
generate.env
env
Definition: generate.py:37
EXPECT_THAT
#define EXPECT_THAT(value, matcher)
grpc_core::RbacServiceConfigParser::ParserIndex
static size_t ParserIndex()
Definition: rbac_service_config_parser.cc:612
grpc_core
Definition: call_metric_recorder.h:31
grpc_core::Rbac::Action::kDeny
@ kDeny
error
grpc_error_handle error
Definition: retry_filter.cc:499
grpc_channel_args
Definition: grpc_types.h:132
EXPECT_EQ
#define EXPECT_EQ(a, b)
Definition: iomgr/time_averaged_stats_test.cc:27
asyncio_get_stats.args
args
Definition: asyncio_get_stats.py:40
GRPC_ARG_PARSE_RBAC_METHOD_CONFIG
#define GRPC_ARG_PARSE_RBAC_METHOD_CONFIG
Definition: rbac_service_config_parser.h:43
arg
Definition: cmdline.cc:40
grpc_empty_slice
GPRAPI grpc_slice grpc_empty_slice(void)
Definition: slice/slice.cc:42
main
int main(int argc, char **argv)
Definition: rbac_service_config_parser_test.cc:653
RUN_ALL_TESTS
int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2471
grpc_core::ServiceConfigImpl::Create
static RefCountedPtr< ServiceConfig > Create(const grpc_channel_args *args, absl::string_view json_string, grpc_error_handle *error)
Definition: service_config_impl.cc:41
test_config.h
testing::InitGoogleTest
GTEST_API_ void InitGoogleTest(int *argc, char **argv)
Definition: bloaty/third_party/googletest/googletest/src/gtest.cc:6106
grpc_channel_arg_integer_create
grpc_arg grpc_channel_arg_integer_create(char *name, int value)
Definition: channel_args.cc:484
grpc_error_std_string
std::string grpc_error_std_string(grpc_error_handle error)
Definition: error.cc:944
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
grpc::testing::TestEnvironment
Definition: test/core/util/test_config.h:54
service_config_impl.h
GRPC_ERROR_UNREF
#define GRPC_ERROR_UNREF(err)
Definition: error.h:262
grpc_core::testing::TEST
TEST(ServiceConfigParserTest, DoubleRegistration)
Definition: service_config_test.cc:448
CHILD_ERROR_TAG
#define CHILD_ERROR_TAG
Definition: rbac_service_config_parser_test.cc:28
grpc_init
GRPCAPI void grpc_init(void)
Definition: init.cc:146
grpc_error
Definition: error_internal.h:42
grpc_shutdown
GRPCAPI void grpc_shutdown(void)
Definition: init.cc:209
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
rbac_service_config_parser.h
ASSERT_EQ
#define ASSERT_EQ(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2056

grpc
Author(s):
autogenerated on Fri May 16 2025 02:59:59