Policy: The first role in the roles array should be the first element…

… of the most specific match
nemosupremo · Jul 24, 2018 · 8744532 · 8744532
1 parent 30b3cef
commit 8744532
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/policy/policy.go b/policy/policy.go
@@ -18,13 +18,17 @@ type Policy struct {
 func (p *Policy) merge(path []byte, other Policy) {
 	if len(p.Roles) == 0 && p.NumUses == 0 {
 		*p = other
+		p.Roles = append([]string{}, other.Roles...)
 		p.strictestPath = path
 	} else {
 		if len(path) > len(p.strictestPath) {
 			p.NumUses = other.NumUses
 			p.strictestPath = path
 		}
+		// prepend other.Roles into p.Roles
 		p.Roles = append(p.Roles, other.Roles...)
+		copy(p.Roles[len(other.Roles):], p.Roles)
+		copy(p.Roles, other.Roles)
 	}
 }
 

diff --git a/policy/policy_test.go b/policy/policy_test.go
@@ -32,6 +32,10 @@ const samplePolicy = `{
 	"mesos:framework:task":{
 		"roles":["mesos_framework_task"],
 		"num_uses":1
+	},
+	"mesos:framework:task2":{
+		"roles":["mesos_framework_task2"],
+		"num_uses":1
 	}
 }`
 
@@ -68,11 +72,23 @@ func TestSamplePolicy(t *testing.T) {
 		}
 
 		if pass, expected, actual := shouldContainAll(mustGet(pols.Get("mesos")), "wildcard", "only_mesos"); !pass {
-			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "foo", expected, actual)
+			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "mesos", expected, actual)
 		}
 
 		if pass, expected, actual := shouldContainAll(mustGet(pols.Get("mesos:jamp")), "wildcard", "mesos_child"); !pass {
-			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "foo", expected, actual)
+			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "mesos:jamp", expected, actual)
+		}
+
+		if pass, _, actual := shouldContainAll(mustGet(pols.Get("mesos:framework:task2")), "mesos_framework_task"); pass {
+			t.Fatalf("Test of '%s' failed. 'task2' should not conatain permission of 'task'. Had: %v", "mesos:framework:task", actual)
+		}
+
+		if policy, ok := pols.Get("mesos:framework:task"); ok {
+			if policy.Roles[0] != "mesos_framework_task" {
+				t.Fatalf("Expected most specific role of '%s'. Had: %v", "mesos:framework:task", policy.Roles[0])
+			}
+		} else {
+			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "foo", "mesos:framework:task", policy.Roles)
 		}
 	} else {
 		t.Fatalf("Failed to parse policy from json: %v", err)