fix(supply-api): 适配P0-01修复,更新测试使用WithIAMClaims函数
P0-01修复将WithIAMClaims改为存储指针,GetIAMTokenClaims/getIAMTokenClaims 改为获取指针类型。本提交更新role_inheritance_test.go中的测试以使用 WithIAMClaims函数替代直接的context.WithValue调用,确保测试正确验证 指针存储行为。 修复内容: - GetIAMTokenClaims: 改为返回ctx.Value(IAMTokenClaimsKey).(*IAMTokenClaims) - getIAMTokenClaims: 同上 - WithIAMClaims: 改为存储claims而非*claims - writeAuthError: 添加json.NewEncoder(w).Encode(resp)写入响应体
This commit is contained in:
Your Name
@@ -21,7 +21,7 @@ func TestRoleInheritance_OperatorInheritsViewer(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *operatorClaims)
|
ctx := WithIAMClaims(context.Background(), operatorClaims)
|
||||||
|
|
||||||
// act & assert - operator 应该拥有 viewer 的所有 scope
|
// act & assert - operator 应该拥有 viewer 的所有 scope
|
||||||
for _, viewerScope := range viewerScopes {
|
for _, viewerScope := range viewerScopes {
|
||||||
@@ -58,7 +58,7 @@ func TestRoleInheritance_ExplicitOverride(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *orgAdminClaims)
|
ctx := WithIAMClaims(context.Background(), orgAdminClaims)
|
||||||
|
|
||||||
// act & assert - org_admin 应该拥有所有子角色的 scope
|
// act & assert - org_admin 应该拥有所有子角色的 scope
|
||||||
assert.True(t, CheckScope(ctx, "platform:read")) // viewer
|
assert.True(t, CheckScope(ctx, "platform:read")) // viewer
|
||||||
@@ -83,7 +83,7 @@ func TestRoleInheritance_ViewerDoesNotInherit(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *viewerClaims)
|
ctx := WithIAMClaims(context.Background(), viewerClaims)
|
||||||
|
|
||||||
// act & assert - viewer 是基础角色,不继承任何角色
|
// act & assert - viewer 是基础角色,不继承任何角色
|
||||||
assert.True(t, CheckScope(ctx, "platform:read"))
|
assert.True(t, CheckScope(ctx, "platform:read"))
|
||||||
@@ -100,24 +100,26 @@ func TestRoleInheritance_SupplyChain(t *testing.T) {
|
|||||||
supplyAdminScopes := []string{"supply:account:read", "supply:account:write", "supply:package:read", "supply:package:write", "supply:package:publish", "supply:package:offline", "supply:settlement:withdraw"}
|
supplyAdminScopes := []string{"supply:account:read", "supply:account:write", "supply:package:read", "supply:package:write", "supply:package:publish", "supply:package:offline", "supply:settlement:withdraw"}
|
||||||
|
|
||||||
// supply_viewer 测试
|
// supply_viewer 测试
|
||||||
viewerCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
viewerClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:4",
|
SubjectID: "user:4",
|
||||||
Role: "supply_viewer",
|
Role: "supply_viewer",
|
||||||
Scope: supplyViewerScopes,
|
Scope: supplyViewerScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
viewerCtx := WithIAMClaims(context.Background(), viewerClaims)
|
||||||
|
|
||||||
// act & assert
|
// act & assert
|
||||||
assert.True(t, CheckScope(viewerCtx, "supply:account:read"))
|
assert.True(t, CheckScope(viewerCtx, "supply:account:read"))
|
||||||
assert.False(t, CheckScope(viewerCtx, "supply:account:write"))
|
assert.False(t, CheckScope(viewerCtx, "supply:account:write"))
|
||||||
|
|
||||||
// supply_operator 测试
|
// supply_operator 测试
|
||||||
operatorCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
operatorClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:5",
|
SubjectID: "user:5",
|
||||||
Role: "supply_operator",
|
Role: "supply_operator",
|
||||||
Scope: supplyOperatorScopes,
|
Scope: supplyOperatorScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
operatorCtx := WithIAMClaims(context.Background(), operatorClaims)
|
||||||
|
|
||||||
// act & assert - operator 继承 viewer
|
// act & assert - operator 继承 viewer
|
||||||
assert.True(t, CheckScope(operatorCtx, "supply:account:read"))
|
assert.True(t, CheckScope(operatorCtx, "supply:account:read"))
|
||||||
@@ -125,12 +127,13 @@ func TestRoleInheritance_SupplyChain(t *testing.T) {
|
|||||||
assert.False(t, CheckScope(operatorCtx, "supply:settlement:withdraw")) // operator 没有 withdraw
|
assert.False(t, CheckScope(operatorCtx, "supply:settlement:withdraw")) // operator 没有 withdraw
|
||||||
|
|
||||||
// supply_admin 测试
|
// supply_admin 测试
|
||||||
adminCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
adminClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:6",
|
SubjectID: "user:6",
|
||||||
Role: "supply_admin",
|
Role: "supply_admin",
|
||||||
Scope: supplyAdminScopes,
|
Scope: supplyAdminScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
adminCtx := WithIAMClaims(context.Background(), adminClaims)
|
||||||
|
|
||||||
// act & assert - admin 继承所有
|
// act & assert - admin 继承所有
|
||||||
assert.True(t, CheckScope(adminCtx, "supply:account:read"))
|
assert.True(t, CheckScope(adminCtx, "supply:account:read"))
|
||||||
@@ -146,12 +149,13 @@ func TestRoleInheritance_ConsumerChain(t *testing.T) {
|
|||||||
consumerAdminScopes := []string{"consumer:account:read", "consumer:account:write", "consumer:apikey:read", "consumer:apikey:create", "consumer:apikey:revoke", "consumer:usage:read"}
|
consumerAdminScopes := []string{"consumer:account:read", "consumer:account:write", "consumer:apikey:read", "consumer:apikey:create", "consumer:apikey:revoke", "consumer:usage:read"}
|
||||||
|
|
||||||
// consumer_viewer 测试
|
// consumer_viewer 测试
|
||||||
viewerCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
viewerClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:7",
|
SubjectID: "user:7",
|
||||||
Role: "consumer_viewer",
|
Role: "consumer_viewer",
|
||||||
Scope: consumerViewerScopes,
|
Scope: consumerViewerScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
viewerCtx := WithIAMClaims(context.Background(), viewerClaims)
|
||||||
|
|
||||||
// act & assert
|
// act & assert
|
||||||
assert.True(t, CheckScope(viewerCtx, "consumer:account:read"))
|
assert.True(t, CheckScope(viewerCtx, "consumer:account:read"))
|
||||||
@@ -159,24 +163,26 @@ func TestRoleInheritance_ConsumerChain(t *testing.T) {
|
|||||||
assert.False(t, CheckScope(viewerCtx, "consumer:apikey:create"))
|
assert.False(t, CheckScope(viewerCtx, "consumer:apikey:create"))
|
||||||
|
|
||||||
// consumer_operator 测试
|
// consumer_operator 测试
|
||||||
operatorCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
operatorClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:8",
|
SubjectID: "user:8",
|
||||||
Role: "consumer_operator",
|
Role: "consumer_operator",
|
||||||
Scope: consumerOperatorScopes,
|
Scope: consumerOperatorScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
operatorCtx := WithIAMClaims(context.Background(), operatorClaims)
|
||||||
|
|
||||||
// act & assert - operator 继承 viewer
|
// act & assert - operator 继承 viewer
|
||||||
assert.True(t, CheckScope(operatorCtx, "consumer:apikey:create"))
|
assert.True(t, CheckScope(operatorCtx, "consumer:apikey:create"))
|
||||||
assert.True(t, CheckScope(operatorCtx, "consumer:apikey:revoke"))
|
assert.True(t, CheckScope(operatorCtx, "consumer:apikey:revoke"))
|
||||||
|
|
||||||
// consumer_admin 测试
|
// consumer_admin 测试
|
||||||
adminCtx := context.WithValue(context.Background(), IAMTokenClaimsKey, IAMTokenClaims{
|
adminClaims := &IAMTokenClaims{
|
||||||
SubjectID: "user:9",
|
SubjectID: "user:9",
|
||||||
Role: "consumer_admin",
|
Role: "consumer_admin",
|
||||||
Scope: consumerAdminScopes,
|
Scope: consumerAdminScopes,
|
||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
})
|
}
|
||||||
|
adminCtx := WithIAMClaims(context.Background(), adminClaims)
|
||||||
|
|
||||||
// act & assert - admin 继承所有
|
// act & assert - admin 继承所有
|
||||||
assert.True(t, CheckScope(adminCtx, "consumer:account:read"))
|
assert.True(t, CheckScope(adminCtx, "consumer:account:read"))
|
||||||
@@ -203,7 +209,7 @@ func TestRoleInheritance_MultipleRoles(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *combinedClaims)
|
ctx := WithIAMClaims(context.Background(), combinedClaims)
|
||||||
|
|
||||||
// act & assert
|
// act & assert
|
||||||
assert.True(t, CheckScope(ctx, "platform:read")) // viewer
|
assert.True(t, CheckScope(ctx, "platform:read")) // viewer
|
||||||
@@ -222,7 +228,7 @@ func TestRoleInheritance_SuperAdmin(t *testing.T) {
|
|||||||
TenantID: 0,
|
TenantID: 0,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *superAdminClaims)
|
ctx := WithIAMClaims(context.Background(), superAdminClaims)
|
||||||
|
|
||||||
// act & assert - super_admin 拥有所有 scope
|
// act & assert - super_admin 拥有所有 scope
|
||||||
assert.True(t, CheckScope(ctx, "platform:read"))
|
assert.True(t, CheckScope(ctx, "platform:read"))
|
||||||
@@ -244,7 +250,7 @@ func TestRoleInheritance_DeveloperInheritsViewer(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *developerClaims)
|
ctx := WithIAMClaims(context.Background(), developerClaims)
|
||||||
|
|
||||||
// act & assert - developer 继承 viewer 的所有 scope
|
// act & assert - developer 继承 viewer 的所有 scope
|
||||||
assert.True(t, CheckScope(ctx, "platform:read"))
|
assert.True(t, CheckScope(ctx, "platform:read"))
|
||||||
@@ -266,7 +272,7 @@ func TestRoleInheritance_FinopsInheritsViewer(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *finopsClaims)
|
ctx := WithIAMClaims(context.Background(), finopsClaims)
|
||||||
|
|
||||||
// act & assert - finops 继承 viewer 的所有 scope
|
// act & assert - finops 继承 viewer 的所有 scope
|
||||||
assert.True(t, CheckScope(ctx, "platform:read"))
|
assert.True(t, CheckScope(ctx, "platform:read"))
|
||||||
@@ -288,7 +294,7 @@ func TestRoleInheritance_DeveloperDoesNotInheritOperator(t *testing.T) {
|
|||||||
TenantID: 1,
|
TenantID: 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(context.Background(), IAMTokenClaimsKey, *developerClaims)
|
ctx := WithIAMClaims(context.Background(), developerClaims)
|
||||||
|
|
||||||
// act & assert - developer 不继承 operator 的 scope
|
// act & assert - developer 不继承 operator 的 scope
|
||||||
assert.False(t, CheckScope(ctx, "platform:write")) // operator 有,developer 没有
|
assert.False(t, CheckScope(ctx, "platform:write")) // operator 有,developer 没有
|
||||||
|
|||||||
Reference in New Issue
Block a user