oceanbox/openfga
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8f5be0c091ea2319d5090499b19d40bc3a76c664
openfga/tests/tests.yaml

259 lines
5.7 KiB
YAML
Raw Blame History

name: Model tests
model_file: fga.mod
tuple_file: tests.csv
tests:
- name: User properties
check:
- user: user:user@oceanbox.io
object: user:user@oceanbox.io
assertions:
active: true
registered: true
- user: user:user@oceanbox.io
object: user:user@oceanbox.io
assertions:
active: true
registered: true
- user: user:user@acme.com
object: user:user@acme.com
assertions:
active: true
registered: true
- name: Group membership
check:
- user: user:admin
object: group:/oceanbox
assertions:
member: true
admin: true
superuser: true
- user: user:admin@oceanbox.io
object: group:/oceanbox
assertions:
member: true
admin: true
superuser: false
- user: user:user@oceanbox.io
object: group:/oceanbox
assertions:
member: true
admin: false
superuser: false
- user: user:user@acme.com
object: group:/acme
assertions:
member: true
admin: true
superuser: false
- user: user:user@acme.com
object: group:/oceanbox
assertions:
member: false
admin: false
superuser: false
- name: System membership
check:
- user: system:atlantis
object: organization:oceanbox
assertions:
parent: true
- user: system:atlantis
object: organization:acme
assertions:
parent: true
- name: Domain membership
check:
- user: domain:oceanbox.io
object: organization:oceanbox
assertions:
realm: true
- user: domain:acme.com
object: organization:acme
assertions:
realm: true
- user: domain:acme.com
object: organization:oceabox
assertions:
realm: false
- name: Organization membership
check:
- user: user:admin@oceanbox.io
object: organization:oceanbox
assertions:
admin: true
superuser: false
- user: user:user@oceanbox.io
object: organization:acme
assertions:
admin: false
superuser: false
- user: user:user@acme.com
object: organization:acme
assertions:
admin: true
superuser: false
- user: user:user@acme.com
object: organization:oceanbox
assertions:
admin: false
superuser: false
- name: Archive access
check:
- user: user:user@oceanbox.io
object: archive:oceanbox-archive-1
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: transport
assertions:
admin: false
view: true
exec: true
- user: user:admin@oceanbox.io
object: archive:oceanbox-archive-1
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: transport
assertions:
admin: true
view: true
exec: true
- user: user:user@oceanbox.io
object: archive:oceanbox-archive-2
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: transport
assertions:
admin: false
view: true
exec: true
- user: user:user@acme.com
object: archive:acme-archive-1
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: transport
assertions:
admin: false
view: true
exec: true
- user: user:user@acme.com
object: archive:acme-archive-2
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: transport
assertions:
admin: false
view: true
exec: false
- name: List user groups
list_objects:
- user: user:user@oceanbox.io
type: group
assertions:
member:
- group:/oceanbox
- name: List user archives
list_objects:
- user: user:user@oceanbox.io
type: archive
context:
time: "2025-01-01T00:10:00Z"
assertions:
view:
- archive:oceanbox-archive-1
- archive:oceanbox-archive-2
- user: user:user@acme.com
type: archive
context:
time: "2025-01-01T00:10:00Z"
assertions:
view:
- archive:acme-archive-1
- archive:acme-archive-2
- user: user:user@acme.com
type: archive
context:
time: "2024-01-01T00:10:00Z"
assertions:
view: []
- name: List domain
list_objects:
- user: domain:oceanbox.io
type: group
assertions:
realm:
- group:/oceanbox
- user: domain:acme.com
type: group
assertions:
realm:
- group:/acme
- name: List group domains
list_users:
- object: group:/oceanbox
user_filter:
- type: domain
assertions:
realm:
users:
- domain:oceanbox.io
- object: group:/acme
user_filter:
- type: domain
assertions:
realm:
users:
- domain:acme.com
- name: List active users
list_users:
- object: group:/oceanbox
user_filter:
- type: user
assertions:
member:
users:
- user:user@oceanbox.io
- user:admin@oceanbox.io
- user:admin
- name: List archive users
list_users:
- object: archive:acme-archive-1
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
task: "transport"
user_filter:
- type: user
assertions:
exec:
users:
- user:admin
- user:user@acme.com
- object: archive:acme-archive-2
context:
time: "2025-01-01T00:10:00Z"
usage: 10.0
user_filter:
- type: user
assertions:
view:
users:
- user:user@acme.com
- user:admin@oceanbox.io
- user:admin
Reference in New Issue View Git Blame Copy Permalink