func TestDelegationRolesParent(t *testing.T) {
delgA := data.DelegationRole{
BaseRole: data.BaseRole{
Keys: nil,
Name: "targets/a",
Threshold: 1,
},
Paths: []string{"path", "anotherpath"},
}
delgB := data.DelegationRole{
BaseRole: data.BaseRole{
Keys: nil,
Name: "targets/a/b",
Threshold: 1,
},
Paths: []string{"path/b", "anotherpath/b", "b/invalidpath"},
}
// Assert direct parent relationship
assert.True(t, delgA.IsParentOf(delgB))
assert.False(t, delgB.IsParentOf(delgA))
assert.False(t, delgA.IsParentOf(delgA))
delgC := data.DelegationRole{
BaseRole: data.BaseRole{
Keys: nil,
Name: "targets/a/b/c",
Threshold: 1,
},
Paths: []string{"path/b", "anotherpath/b/c", "c/invalidpath"},
}
// Assert direct parent relationship
assert.True(t, delgB.IsParentOf(delgC))
assert.False(t, delgB.IsParentOf(delgB))
assert.False(t, delgA.IsParentOf(delgC))
assert.False(t, delgC.IsParentOf(delgB))
assert.False(t, delgC.IsParentOf(delgA))
assert.False(t, delgC.IsParentOf(delgC))
// Check that parents correctly restrict paths
restrictedDelgB, err := delgA.Restrict(delgB)
assert.NoError(t, err)
assert.Contains(t, restrictedDelgB.Paths, "path/b")
assert.Contains(t, restrictedDelgB.Paths, "anotherpath/b")
assert.NotContains(t, restrictedDelgB.Paths, "b/invalidpath")
_, err = delgB.Restrict(delgA)
assert.Error(t, err)
_, err = delgA.Restrict(delgC)
assert.Error(t, err)
_, err = delgC.Restrict(delgB)
assert.Error(t, err)
_, err = delgC.Restrict(delgA)
assert.Error(t, err)
// Make delgA have no paths and check that it changes delgB and delgC accordingly when chained
delgA.Paths = []string{}
restrictedDelgB, err = delgA.Restrict(delgB)
assert.NoError(t, err)
assert.Empty(t, restrictedDelgB.Paths)
restrictedDelgC, err := restrictedDelgB.Restrict(delgC)
assert.NoError(t, err)
assert.Empty(t, restrictedDelgC.Paths)
}
