JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d14f2e4164
storj/satellite/console/consolewasm/permission_test.go
Jessica Grebenschikov 3cc98de3ee satellite/console/wasm: reduce size to <9MB 
Make changes so that we only import the necessary files from the console package so that the generated wasm code is as small as possible.

This change gets the compiled wasm code down to 8.6MB uncompressed and 2MB when compressed with `gzip --best`.

https://review.dev.storj.io/c/storj/storj/+/3396

Change-Id: Ifdd4be285810757b46bbbe43327c0d0139e5f8f7
2020-12-14 16:41:39 +00:00

100 lines
4.2 KiB
Go
Raw Blame History

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
package consolewasm_test
import (
"testing"
"time"
"github.com/stretchr/testify/require"
"storj.io/common/errs2"
"storj.io/common/rpc/rpcstatus"
"storj.io/common/testcontext"
"storj.io/storj/private/testplanet"
console "storj.io/storj/satellite/console/consolewasm"
"storj.io/uplink"
)
func TestSetPermissionWithBuckets(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 10, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
satellitePeer := planet.Satellites[0]
satelliteNodeURL := satellitePeer.NodeURL().String()
uplinkPeer := planet.Uplinks[0]
APIKey := uplinkPeer.APIKey[satellitePeer.ID()]
apiKeyString := APIKey.Serialize()
projectID := uplinkPeer.Projects[0].ID.String()
require.Equal(t, 1, len(uplinkPeer.Projects))
passphrase := "supersecretpassphrase"
// Create an access grant with the uplink API key. With that access grant, create 2 buckets and upload an object.
uplinkAccess, err := uplinkPeer.Config.RequestAccessWithPassphrase(ctx, satelliteNodeURL, apiKeyString, passphrase)
require.NoError(t, err)
uplinkPeer.Access[satellitePeer.ID()] = uplinkAccess
testbucket1 := "buckettest1"
testbucket2 := "buckettest2"
testfilename := "file.txt"
testdata := []byte("fun data")
require.NoError(t, uplinkPeer.CreateBucket(ctx, satellitePeer, testbucket1))
require.NoError(t, uplinkPeer.CreateBucket(ctx, satellitePeer, testbucket2))
require.NoError(t, uplinkPeer.Upload(ctx, satellitePeer, testbucket1, testfilename, testdata))
require.NoError(t, uplinkPeer.Upload(ctx, satellitePeer, testbucket2, testfilename, testdata))
data, err := uplinkPeer.Download(ctx, satellitePeer, testbucket1, testfilename)
require.NoError(t, err)
require.Equal(t, data, testdata)
buckets := []string{testbucket1}
// Restrict the uplink access grant with read only permissions and only allows actions for 1 bucket.
var sharePrefixes []uplink.SharePrefix
for _, path := range buckets {
sharePrefixes = append(sharePrefixes, uplink.SharePrefix{
Bucket: path,
})
}
restrictedUplinkAccess, err := uplinkAccess.Share(uplink.ReadOnlyPermission(), sharePrefixes...)
require.NoError(t, err)
// Expect that we can download the object with the restricted access for the 1 allowed bucket.
uplinkPeer.Access[satellitePeer.ID()] = restrictedUplinkAccess
uplinkPeer.APIKey[satellitePeer.ID()] = APIKey
data, err = uplinkPeer.Download(ctx, satellitePeer, testbucket1, testfilename)
require.NoError(t, err)
require.Equal(t, data, testdata)
err = uplinkPeer.Upload(ctx, satellitePeer, testbucket1, "file2", testdata)
require.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
_, err = uplinkPeer.Download(ctx, satellitePeer, testbucket2, testfilename)
require.Error(t, err)
// Create restricted access with the console access grant code that allows full access to only 1 bucket.
readOnlyPermission := console.Permission{
AllowDownload: true,
AllowUpload: false,
AllowList: true,
AllowDelete: false,
NotBefore: time.Now().Add(-24 * time.Hour),
NotAfter: time.Now().Add(48 * time.Hour),
}
restrictedKey, err := console.SetPermission(apiKeyString, buckets, readOnlyPermission)
require.NoError(t, err)
restrictedAccessGrant, err := console.GenAccessGrant(satelliteNodeURL, restrictedKey.Serialize(), passphrase, projectID)
require.NoError(t, err)
restrictedAccess, err := uplink.ParseAccess(restrictedAccessGrant)
require.NoError(t, err)
// Expect that we can download the object with the restricted access for the 1 allowed bucket.
uplinkPeer.APIKey[satellitePeer.ID()] = restrictedKey
uplinkPeer.Access[satellitePeer.ID()] = restrictedAccess
data, err = uplinkPeer.Download(ctx, satellitePeer, testbucket1, testfilename)
require.NoError(t, err)
require.Equal(t, data, testdata)
err = uplinkPeer.Upload(ctx, satellitePeer, testbucket1, "file2", testdata)
require.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
_, err = uplinkPeer.Download(ctx, satellitePeer, testbucket2, testfilename)
require.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
})
}
Reference in New Issue View Git Blame Copy Permalink