#3 updated access control entry filters and also added go docs

ackris · Sep 10, 2024 · a42de7f · a42de7f
1 parent c9fd050
commit a42de7f
Show file tree

Hide file tree

Showing 2 changed files with 286 additions and 9 deletions.
diff --git a/pkg/acl/access_control_entry_filter.go b/pkg/acl/access_control_entry_filter.go
@@ -1,3 +1,17 @@
+// Copyright 2024 Atomstate Technologies Private Limited
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package acl
 
 import (
@@ -13,6 +27,11 @@ type AccessControlEntryFilter struct {
 var Any = NewAccessControlEntryFilter("", "", OpAny, ANY)
 
 // NewAccessControlEntryFilter creates an instance of an access control entry filter with the provided parameters.
+// It validates the operation and permission type to ensure they are not UNKNOWN.
+//
+// Example usage:
+//
+//	filter := NewAccessControlEntryFilter("user1", "localhost", OpRead, ALLOW)
 func NewAccessControlEntryFilter(principal, host string, operation AclOperation, permissionType AclPermissionType) *AccessControlEntryFilter {
 	if operation == OpUnknown {
 		panic("operation cannot be unknown")
@@ -26,46 +45,71 @@ func NewAccessControlEntryFilter(principal, host string, operation AclOperation,
 }
 
 // Principal returns the principal or an empty string if none.
+//
+// Example usage:
+//
+//	principal := filter.Principal()
 func (f *AccessControlEntryFilter) Principal() string {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return ""
 	}
 	return f.data.principal
 }
 
 // Host returns the host or an empty string if none. The value "*" means any host.
+//
+// Example usage:
+//
+//	host := filter.Host()
 func (f *AccessControlEntryFilter) Host() string {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return ""
 	}
 	return f.data.host
 }
 
 // Operation returns the AclOperation.
+//
+// Example usage:
+//
+//	operation := filter.Operation()
 func (f *AccessControlEntryFilter) Operation() AclOperation {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return OpUnknown // Return a known state if data is nil
 	}
 	return f.data.operation
 }
 
 // PermissionType returns the AclPermissionType.
+//
+// Example usage:
+//
+//	permissionType := filter.PermissionType()
 func (f *AccessControlEntryFilter) PermissionType() AclPermissionType {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return UNKNOWN // Return a known state if data is nil
 	}
 	return f.data.permissionType
 }
 
 // IsUnknown returns true if there are any UNKNOWN components.
+//
+// Example usage:
+//
+//	isUnknown := filter.IsUnknown()
 func (f *AccessControlEntryFilter) IsUnknown() bool {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return true // If data is nil, consider it unknown
 	}
 	return f.data.IsUnknown()
 }
 
 // Matches returns true if this filter matches the given AccessControlEntry.
+//
+// Example usage:
+//
+//	entry := NewAccessControlEntry("user1", "localhost", OpRead, ALLOW)
+//	matches := filter.Matches(entry)
 func (f *AccessControlEntryFilter) Matches(other *AccessControlEntry) bool {
 	if other == nil {
 		return false // Cannot match against a nil entry
@@ -83,37 +127,64 @@ func (f *AccessControlEntryFilter) Matches(other *AccessControlEntry) bool {
 }
 
 // MatchesAtMostOne returns true if this filter could only match one ACE.
+//
+// Example usage:
+//
+//	atMostOne := filter.MatchesAtMostOne()
 func (f *AccessControlEntryFilter) MatchesAtMostOne() bool {
 	return f.FindIndefiniteField() == ""
 }
 
-// FindIndefiniteField returns a string describing an ANY or UNKNOWN field, or an empty string if there is no such field.
+// FindIndefiniteField returns a string describing an ANY or UNKNOWN field, or an empty string
+// if there is no such field.
+//
+// Example usage:
+//
+//	indefiniteField := filter.FindIndefiniteField()
 func (f *AccessControlEntryFilter) FindIndefiniteField() string {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return "" // If data is nil, return empty
 	}
 	return f.data.FindIndefiniteField()
 }
 
 // String returns a string representation of the AccessControlEntryFilter.
+//
+// Example usage:
+//
+//	str := filter.String()
 func (f *AccessControlEntryFilter) String() string {
-	if f.data == nil {
+	if f == nil {
 		return "nil AccessControlEntryFilter" // Provide a clear indication of nil
 	}
+	if f.data == nil {
+		return "AccessControlEntryFilter with nil data"
+	}
 	return fmt.Sprintf("%v", f.data)
 }
 
 // Equals returns true if this filter is equal to another filter.
+//
+// Example usage:
+//
+//	isEqual := filter.Equals(otherFilter)
 func (f *AccessControlEntryFilter) Equals(other *AccessControlEntryFilter) bool {
 	if other == nil {
 		return false // Cannot be equal to a nil filter
 	}
+	if f == nil {
+		return false // This filter is nil
+	}
 	return f.data.Equals(other.data)
 }
 
 // HashCode returns a hash code for the filter.
+//
+// Example usage:
+//
+//	hash := filter.HashCode()
 func (f *AccessControlEntryFilter) HashCode() int {
-	if f.data == nil {
+	if f == nil || f.data == nil {
 		return 0 // Return a known hash code for nil
 	}
 	return f.data.HashCode()

diff --git a/pkg/acl/access_control_entry_filter_test.go b/pkg/acl/access_control_entry_filter_test.go
@@ -0,0 +1,206 @@
+// Copyright 2024 Atomstate Technologies Private Limited
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package acl
+
+import (
+	"testing"
+)
+
+func TestNewAccessControlEntryFilter(t *testing.T) {
+	t.Run("valid_parameters", func(t *testing.T) {
+		filter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+		if filter == nil {
+			t.Errorf("NewAccessControlEntryFilter returned nil")
+		}
+	})
+
+	t.Run("invalid_operation", func(t *testing.T) {
+		defer func() {
+			if r := recover(); r == nil {
+				t.Errorf("NewAccessControlEntryFilter did not panic with invalid operation")
+			}
+		}()
+		NewAccessControlEntryFilter("user", "host", OpUnknown, ALLOW)
+	})
+
+	t.Run("invalid_permission_type", func(t *testing.T) {
+		defer func() {
+			if r := recover(); r == nil {
+				t.Errorf("NewAccessControlEntryFilter did not panic with invalid permission type")
+			}
+		}()
+		NewAccessControlEntryFilter("user", "host", OpRead, UNKNOWN)
+	})
+}
+
+func TestAccessControlEntryFilter(t *testing.T) {
+	filter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+
+	t.Run("principal", func(t *testing.T) {
+		if filter.Principal() != "user" {
+			t.Errorf("Principal() returned %s, expected %s", filter.Principal(), "user")
+		}
+	})
+
+	t.Run("host", func(t *testing.T) {
+		if filter.Host() != "host" {
+			t.Errorf("Host() returned %s, expected %s", filter.Host(), "host")
+		}
+	})
+
+	t.Run("operation", func(t *testing.T) {
+		if filter.Operation() != OpRead {
+			t.Errorf("Operation() returned %v, expected %v", filter.Operation(), OpRead)
+		}
+	})
+
+	t.Run("permission_type", func(t *testing.T) {
+		if filter.PermissionType() != ALLOW {
+			t.Errorf("PermissionType() returned %v, expected %v", filter.PermissionType(), ALLOW)
+		}
+	})
+
+	t.Run("is_unknown", func(t *testing.T) {
+		if filter.IsUnknown() {
+			t.Errorf("IsUnknown() returned true, expected false")
+		}
+	})
+
+	t.Run("matches_at_most_one", func(t *testing.T) {
+		if !filter.MatchesAtMostOne() {
+			t.Errorf("MatchesAtMostOne() returned false, expected true")
+		}
+	})
+
+	t.Run("find_indefinite_field", func(t *testing.T) {
+		if field := filter.FindIndefiniteField(); field != "" {
+			t.Errorf("FindIndefiniteField() returned %s, expected empty string", field)
+		}
+	})
+
+	t.Run("string_representation", func(t *testing.T) {
+		expected := "(principal=user, host=host, operation=3, permissionType=3)" // Adjust these values based on your AclOperation and AclPermissionType values
+		if str := filter.String(); str != expected {
+			t.Errorf("String() returned %s, expected %s", str, expected)
+		}
+	})
+
+	t.Run("equals", func(t *testing.T) {
+		sameFilter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+		if !filter.Equals(sameFilter) {
+			t.Errorf("Equals() returned false, expected true")
+		}
+	})
+
+	t.Run("hash_code", func(t *testing.T) {
+		sameFilter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+		if filter.HashCode() != sameFilter.HashCode() {
+			t.Errorf("HashCode() returned different values for equal filters")
+		}
+	})
+}
+
+func TestAccessControlEntryFilter_Matches(t *testing.T) {
+	filter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+
+	t.Run("matches_entry", func(t *testing.T) {
+		entry := NewAccessControlEntry("user", "host", OpRead, ALLOW)
+		if !filter.Matches(entry) {
+			t.Errorf("Matches() returned false, expected true")
+		}
+	})
+
+	t.Run("does_not_match_entry", func(t *testing.T) {
+		entry := NewAccessControlEntry("user", "host", OpWrite, ALLOW)
+		if filter.Matches(entry) {
+			t.Errorf("Matches() returned true, expected false")
+		}
+	})
+
+	t.Run("does_not_match_nil_entry", func(t *testing.T) {
+		if filter.Matches(nil) {
+			t.Errorf("Matches() returned true when matching against nil")
+		}
+	})
+}
+
+func TestAccessControlEntryFilter_Nil(t *testing.T) {
+	var filter *AccessControlEntryFilter
+
+	t.Run("principal_nil", func(t *testing.T) {
+		if filter.Principal() != "" {
+			t.Errorf("Principal() returned %s, expected empty string", filter.Principal())
+		}
+	})
+
+	t.Run("host_nil", func(t *testing.T) {
+		if filter.Host() != "" {
+			t.Errorf("Host() returned %s, expected empty string", filter.Host())
+		}
+	})
+
+	t.Run("operation_nil", func(t *testing.T) {
+		if filter.Operation() != OpUnknown {
+			t.Errorf("Operation() returned %v, expected %v", filter.Operation(), OpUnknown)
+		}
+	})
+
+	t.Run("permission_type_nil", func(t *testing.T) {
+		if filter.PermissionType() != UNKNOWN {
+			t.Errorf("PermissionType() returned %v, expected %v", filter.PermissionType(), UNKNOWN)
+		}
+	})
+
+	t.Run("is_unknown_nil", func(t *testing.T) {
+		if !filter.IsUnknown() {
+			t.Errorf("IsUnknown() returned false, expected true")
+		}
+	})
+
+	t.Run("find_indefinite_field_nil", func(t *testing.T) {
+		if field := filter.FindIndefiniteField(); field != "" {
+			t.Errorf("FindIndefiniteField() returned %s, expected empty string", field)
+		}
+	})
+
+	t.Run("string_representation_nil", func(t *testing.T) {
+		expected := "nil AccessControlEntryFilter"
+		if str := filter.String(); str != expected {
+			t.Errorf("String() returned %s, expected %s", str, expected)
+		}
+	})
+
+	t.Run("equals_nil", func(t *testing.T) {
+		if filter.Equals(nil) {
+			t.Errorf("Equals() returned true when comparing with nil")
+		}
+	})
+
+	t.Run("hash_code_nil", func(t *testing.T) {
+		if filter.HashCode() != 0 {
+			t.Errorf("HashCode() returned %d, expected 0", filter.HashCode())
+		}
+	})
+}
+
+func BenchmarkAccessControlEntryFilter_Matches(b *testing.B) {
+	filter := NewAccessControlEntryFilter("user", "host", OpRead, ALLOW)
+	entry := NewAccessControlEntry("user", "host", OpRead, ALLOW)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		filter.Matches(entry)
+	}
+}