Merge pull request #91 from uw-labs/fix-copy-pasta

simonhdickson · web-flow · commit 73be4b48cb6e · 2020-08-13T15:01:52.000+01:00
Fix ACL copy pasta
diff --git a/backend/acl/sink_test.go b/backend/acl/sink_test.go
@@ -0,0 +1,78 @@
+package acl
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/uw-labs/proximo/proto"
+	"github.com/uw-labs/substrate"
+)
+
+func Test_FactoryConsumeOnlyClientCannotPublish(t *testing.T) {
+	assert := require.New(t)
+
+	c, err := ConfigFromString(fmt.Sprintf(`
+default:
+  roles: []
+roles:
+- id: "read-dogs"
+  consume: ["dogs.*"]
+clients:
+- id: "dog-consumer"
+  secret: "%s"
+  roles: ["read-dogs"]`, passwordHash))
+
+	s := AsyncSinkFactory{
+		Config: c,
+		Next:   backend{},
+	}
+
+	ctx := createCtx("dog-consumer", password)
+
+	_, err = s.NewAsyncSink(ctx, &proto.StartPublishRequest{
+		Topic: "dogs",
+	})
+
+	assert.Equal(err, ErrUnauthorized)
+}
+
+func Test_FactoryPublishOnlyClientCanPublish(t *testing.T) {
+	assert := require.New(t)
+
+	c, err := ConfigFromString(fmt.Sprintf(`
+default:
+  roles: []
+roles:
+- id: "write-dogs"
+  publish: ["dogs.*"]
+clients:
+- id: "dog-publisher"
+  secret: "%s"
+  roles: ["write-dogs"]`, passwordHash))
+
+	s := AsyncSinkFactory{
+		Config: c,
+		Next:   backend{},
+	}
+
+	ctx := createCtx("dog-publisher", password)
+
+	_, err = s.NewAsyncSink(ctx, &proto.StartPublishRequest{
+		Topic: "dogs",
+	})
+
+	assert.NoError(err)
+}
+
+type backend struct {
+}
+
+func (s backend) NewAsyncSource(ctx context.Context, req *proto.StartConsumeRequest) (substrate.AsyncMessageSource, error) {
+	return nil, nil
+}
+
+func (s backend) NewAsyncSink(ctx context.Context, req *proto.StartPublishRequest) (substrate.AsyncMessageSink, error) {
+	return nil, nil
+}
diff --git a/backend/acl/source.go b/backend/acl/source.go
@@ -19,7 +19,7 @@ func (s AsyncSourceFactory) NewAsyncSource(ctx context.Context, req *proto.Start
 		return nil, err
 	}
 
-	if !containsRegex(scope.Publish, req.Topic) {
+	if !containsRegex(scope.Consume, req.Topic) {
 		return nil, ErrUnauthorized
 	}
 
diff --git a/backend/acl/source_test.go b/backend/acl/source_test.go
@@ -0,0 +1,65 @@
+package acl
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/uw-labs/proximo/proto"
+)
+
+func Test_FactoryPublishOnlyClientCannotConsume(t *testing.T) {
+	assert := require.New(t)
+
+	c, err := ConfigFromString(fmt.Sprintf(`
+default:
+  roles: []
+roles:
+- id: "write-dogs"
+  publish: ["dogs.*"]
+clients:
+- id: "dog-publisher"
+  secret: "%s"
+  roles: ["write-dogs"]`, passwordHash))
+
+	s := AsyncSourceFactory{
+		Config: c,
+		Next:   backend{},
+	}
+
+	ctx := createCtx("dog-publisher", password)
+
+	_, err = s.NewAsyncSource(ctx, &proto.StartConsumeRequest{
+		Topic: "dogs",
+	})
+
+	assert.Equal(err, ErrUnauthorized)
+}
+
+func Test_FactoryConsumeOnlyClientCanConsume(t *testing.T) {
+	assert := require.New(t)
+
+	c, err := ConfigFromString(fmt.Sprintf(`
+default:
+  roles: []
+roles:
+- id: "read-dogs"
+  consume: ["dogs.*"]
+clients:
+- id: "dog-consumer"
+  secret: "%s"
+  roles: ["read-dogs"]`, passwordHash))
+
+	s := AsyncSourceFactory{
+		Config: c,
+		Next:   backend{},
+	}
+
+	ctx := createCtx("dog-consumer", password)
+
+	_, err = s.NewAsyncSource(ctx, &proto.StartConsumeRequest{
+		Topic: "dogs",
+	})
+
+	assert.NoError(err)
+}

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ func (s AsyncSourceFactory) NewAsyncSource(ctx context.Context, req *proto.Start`
`19`	`19`	`return nil, err`
`20`	`20`	`}`
`21`	`21`
`22`		`- if !containsRegex(scope.Publish, req.Topic) {`
	`22`	`+ if !containsRegex(scope.Consume, req.Topic) {`
`23`	`23`	`return nil, ErrUnauthorized`
`24`	`24`	`}`
`25`	`25`