diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 0000000..c928263 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,39 @@ +name: Coverage + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + cover: + name: Auto Codecov Coverage + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@master + + - name: Install Rust toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + + - name: Install cargo-tarpaulin + uses: baptiste0928/cargo-install@v3 + with: + crate: cargo-tarpaulin + + - name: Run cargo-tarpaulin + run: | + cargo tarpaulin --avoid-cfg-tarpaulin --out Xml + + - name: Upload to codecov.io + uses: codecov/codecov-action@v1 + with: + token: ${{secrets.CODECOV_TOKEN}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..d7ed59d --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,39 @@ +name: Auto Release + +on: + push: + # Sequence of patterns matched against refs/tags + tags: + - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10 + +jobs: + release: + name: Auto Release by Tags + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Install Rust toolchain + run: | + rustup set profile minimal + rustup update --no-self-update stable + rustup default stable + + - name: Cargo Login + run: cargo login ${{ secrets.CARGO_TOKEN }} + + - name: Cargo Publish + run: cargo publish + + - name: GitHub Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: false diff --git a/src/lib.rs b/src/lib.rs index baf7c06..a1001ee 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -188,24 +188,9 @@ mod tests { async fn test_load_policy() { let policy = "p, alice, data1, read\np, bob, data2, write"; let mut adapter = StringAdapter::new(policy); - let mut model = DefaultModel::from_str( - "[request_definition] - r = sub, obj, act - - [policy_definition] - p = sub, obj, act - - [role_definition] - g = _, _ - - [policy_effect] - e = some(where (p.eft == allow)) - - [matchers] - m = r.sub == p.sub && r.obj == p.obj && r.act == p.act", - ) - .await - .unwrap(); + let mut model = DefaultModel::from_file("tests/rbac_model.conf") + .await + .unwrap(); adapter.load_policy(&mut model).await.unwrap(); let enforcer = Enforcer::new(model, adapter).await.unwrap(); @@ -220,24 +205,9 @@ mod tests { async fn test_save_policy() { let policy = "p, alice, data1, read\np, bob, data2, write"; let mut adapter = StringAdapter::new(policy); - let mut model = DefaultModel::from_str( - "[request_definition] - r = sub, obj, act - - [policy_definition] - p = sub, obj, act - - [role_definition] - g = _, _ - - [policy_effect] - e = some(where (p.eft == allow)) - - [matchers] - m = r.sub == p.sub && r.obj == p.obj && r.act == p.act", - ) - .await - .unwrap(); + let mut model = DefaultModel::from_file("tests/rbac_model.conf") + .await + .unwrap(); adapter.load_policy(&mut model).await.unwrap(); adapter.save_policy(&mut model).await.unwrap(); @@ -253,24 +223,9 @@ mod tests { async fn test_clear_policy() { let policy = "p, alice, data1, read\np, bob, data2, write"; let mut adapter = StringAdapter::new(policy); - let mut model = DefaultModel::from_str( - "[request_definition] - r = sub, obj, act - - [policy_definition] - p = sub, obj, act - - [role_definition] - g = _, _ - - [policy_effect] - e = some(where (p.eft == allow)) - - [matchers] - m = r.sub == p.sub && r.obj == p.obj && r.act == p.act", - ) - .await - .unwrap(); + let mut model = DefaultModel::from_file("tests/rbac_model.conf") + .await + .unwrap(); adapter.load_policy(&mut model).await.unwrap(); adapter.clear_policy().await.unwrap(); @@ -284,24 +239,9 @@ mod tests { async fn test_is_filtered() { let policy = "p, alice, data1, read\np, bob, data2, write"; let mut adapter = StringAdapter::new(policy); - let mut model = DefaultModel::from_str( - "[request_definition] - r = sub, obj, act - - [policy_definition] - p = sub, obj, act - - [role_definition] - g = _, _ - - [policy_effect] - e = some(where (p.eft == allow)) - - [matchers] - m = r.sub == p.sub && r.obj == p.obj && r.act == p.act", - ) - .await - .unwrap(); + let mut model = DefaultModel::from_file("tests/rbac_model.conf") + .await + .unwrap(); let filter = Filter { p: vec!["alice"], @@ -312,6 +252,7 @@ mod tests { .load_filtered_policy(&mut model, filter) .await .unwrap(); + assert!(adapter.is_filtered()); } } diff --git a/tests/rbac_model.conf b/tests/rbac_model.conf new file mode 100644 index 0000000..71159e3 --- /dev/null +++ b/tests/rbac_model.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act \ No newline at end of file