blob: 8c5f2a54255121e4e2b8bd35f19da9c0c0c73e5e [file] [log] [blame]
load('@stdlib//internal/luci/lib/acl.star', 'acl', 'aclimpl')
def test_works():
# Works in general.
acls = [
acl.entry(acl.BUILDBUCKET_READER),
acl.entry(acl.BUILDBUCKET_WRITER),
]
assert.eq(aclimpl.validate_acls(acls), acls)
# None or [] is OK.
assert.eq(aclimpl.validate_acls(None), [])
assert.eq(aclimpl.validate_acls([]), [])
# Wrong type is NOT ok.
assert.fails(
lambda: aclimpl.validate_acls(111),
'bad "acls": got int 111, expecting list')
assert.fails(
lambda: aclimpl.validate_acls([111]),
'bad "acls": got int 111, expecting acl.entry')
# Checks project_level_only.
assert.true(acl.PROJECT_CONFIGS_READER.project_level_only)
acls = acls + [acl.entry(acl.PROJECT_CONFIGS_READER)]
assert.eq(aclimpl.validate_acls(acls, project_level=True), acls)
assert.fails(
lambda: aclimpl.validate_acls(acls),
'role PROJECT_CONFIGS_READER can only be set at the project level')
test_works()