func TestDelegationRolesParent(t *testing.T) { delgA := data.DelegationRole{ BaseRole: data.BaseRole{ Keys: nil, Name: "targets/a", Threshold: 1, }, Paths: []string{"path", "anotherpath"}, } delgB := data.DelegationRole{ BaseRole: data.BaseRole{ Keys: nil, Name: "targets/a/b", Threshold: 1, }, Paths: []string{"path/b", "anotherpath/b", "b/invalidpath"}, } // Assert direct parent relationship assert.True(t, delgA.IsParentOf(delgB)) assert.False(t, delgB.IsParentOf(delgA)) assert.False(t, delgA.IsParentOf(delgA)) delgC := data.DelegationRole{ BaseRole: data.BaseRole{ Keys: nil, Name: "targets/a/b/c", Threshold: 1, }, Paths: []string{"path/b", "anotherpath/b/c", "c/invalidpath"}, } // Assert direct parent relationship assert.True(t, delgB.IsParentOf(delgC)) assert.False(t, delgB.IsParentOf(delgB)) assert.False(t, delgA.IsParentOf(delgC)) assert.False(t, delgC.IsParentOf(delgB)) assert.False(t, delgC.IsParentOf(delgA)) assert.False(t, delgC.IsParentOf(delgC)) // Check that parents correctly restrict paths restrictedDelgB, err := delgA.Restrict(delgB) assert.NoError(t, err) assert.Contains(t, restrictedDelgB.Paths, "path/b") assert.Contains(t, restrictedDelgB.Paths, "anotherpath/b") assert.NotContains(t, restrictedDelgB.Paths, "b/invalidpath") _, err = delgB.Restrict(delgA) assert.Error(t, err) _, err = delgA.Restrict(delgC) assert.Error(t, err) _, err = delgC.Restrict(delgB) assert.Error(t, err) _, err = delgC.Restrict(delgA) assert.Error(t, err) // Make delgA have no paths and check that it changes delgB and delgC accordingly when chained delgA.Paths = []string{} restrictedDelgB, err = delgA.Restrict(delgB) assert.NoError(t, err) assert.Empty(t, restrictedDelgB.Paths) restrictedDelgC, err := restrictedDelgB.Restrict(delgC) assert.NoError(t, err) assert.Empty(t, restrictedDelgC.Paths) }