add basic acl tests

Author: ndyakov

acl_commands_test.go

@@ -21,8 +21,8 @@ var _ = Describe("ACL Users Commands", Label("NonRedisEnterprise"), func() {
 
 	AfterEach(func() {
 		_, err := client.ACLDelUser(context.Background(), TestUserName).Result()
-		Expect(client.Close()).NotTo(HaveOccurred())
 		Expect(err).NotTo(HaveOccurred())
+		Expect(client.Close()).NotTo(HaveOccurred())
 	})
 
 	It("list only default user", func() {
@@ -69,40 +69,106 @@ var _ = Describe("ACL Permissions", Label("NonRedisEnterprise"), func() {
 
 	AfterEach(func() {
 		_, err := client.ACLDelUser(context.Background(), TestUserName).Result()
-		Expect(client.Close()).NotTo(HaveOccurred())
 		Expect(err).NotTo(HaveOccurred())
+		Expect(client.Close()).NotTo(HaveOccurred())
 	})
 
-	It("list only default user", func() {
-		res, err := client.ACLList(ctx).Result()
+	It("reset permissions", func() {
+		add, err := client.ACLSetUser(ctx,
+			TestUserName,
+			"reset",
+			"nopass",
+			"on",
+		).Result()
 		Expect(err).NotTo(HaveOccurred())
-		Expect(res).To(HaveLen(1))
-		Expect(res[0]).To(ContainSubstring("default"))
+		Expect(add).To(Equal("OK"))
+
+		connection := client.Conn()
+		authed, err := connection.AuthACL(ctx, TestUserName, "").Result()
+		Expect(err).NotTo(HaveOccurred())
+		Expect(authed).To(Equal("OK"))
+
+		_, err = connection.Get(ctx, "anykey").Result()
+		Expect(err).To(HaveOccurred())
 	})
 
-	It("setuser and deluser", func() {
-		res, err := client.ACLList(ctx).Result()
+	It("add write permissions", func() {
+		add, err := client.ACLSetUser(ctx,
+			TestUserName,
+			"reset",
+			"nopass",
+			"on",
+			"~*",
+			"+SET",
+		).Result()
 		Expect(err).NotTo(HaveOccurred())
-		Expect(res).To(HaveLen(1))
-		Expect(res[0]).To(ContainSubstring("default"))
+		Expect(add).To(Equal("OK"))
 
-		add, err := client.ACLSetUser(ctx, TestUserName, "nopass", "on", "allkeys", "+set", "+get").Result()
+		connection := client.Conn()
+		authed, err := connection.AuthACL(ctx, TestUserName, "").Result()
+		Expect(err).NotTo(HaveOccurred())
+		Expect(authed).To(Equal("OK"))
+
+		// can write
+		v, err := connection.Set(ctx, "anykey", "anyvalue", 0).Result()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(v).To(Equal("OK"))
+
+		// but can't read
+		value, err := connection.Get(ctx, "anykey").Result()
+		Expect(err).To(HaveOccurred())
+		Expect(value).To(BeEmpty())
+	})
+
+	It("add read permissions", func() {
+		add, err := client.ACLSetUser(ctx,
+			TestUserName,
+			"reset",
+			"nopass",
+			"on",
+			"~*",
+			"+GET",
+		).Result()
 		Expect(err).NotTo(HaveOccurred())
 		Expect(add).To(Equal("OK"))
 
-		resAfter, err := client.ACLList(ctx).Result()
+		connection := client.Conn()
+		authed, err := connection.AuthACL(ctx, TestUserName, "").Result()
 		Expect(err).NotTo(HaveOccurred())
-		Expect(resAfter).To(HaveLen(2))
-		Expect(resAfter[1]).To(ContainSubstring(TestUserName))
+		Expect(authed).To(Equal("OK"))
 
-		deletedN, err := client.ACLDelUser(ctx, TestUserName).Result()
+		// can read
+		value, err := connection.Get(ctx, "anykey").Result()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(value).To(Equal("anyvalue"))
+
+		// but can't delete
+		del, err := connection.Del(ctx, "anykey").Result()
+		Expect(err).To(HaveOccurred())
+		Expect(del).ToNot(Equal(1))
+	})
+
+	It("add del permissions", func() {
+		add, err := client.ACLSetUser(ctx,
+			TestUserName,
+			"reset",
+			"nopass",
+			"on",
+			"~*",
+			"+DEL",
+		).Result()
 		Expect(err).NotTo(HaveOccurred())
-		Expect(deletedN).To(BeNumerically("==", 1))
+		Expect(add).To(Equal("OK"))
 
-		resAfterDeletion, err := client.ACLList(ctx).Result()
+		connection := client.Conn()
+		authed, err := connection.AuthACL(ctx, TestUserName, "").Result()
 		Expect(err).NotTo(HaveOccurred())
-		Expect(resAfterDeletion).To(HaveLen(1))
-		Expect(resAfterDeletion[0]).To(BeEquivalentTo(res[0]))
+		Expect(authed).To(Equal("OK"))
+
+		// can read
+		del, err := connection.Del(ctx, "anykey").Result()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(del).To(BeEquivalentTo(1))
 	})
 })