From 0b0c9ce616ce471da449dee7e3a994d6d7ed4aa0 Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Mon, 10 Jan 2022 17:30:02 -0500 Subject: [PATCH] remove unused validation package the proto-generated validation should be used instead --- pkg/validation/identifiers.go | 69 -------- pkg/validation/identifiers_test.go | 97 ----------- pkg/validation/namespace_test.go | 256 ----------------------------- 3 files changed, 422 deletions(-) delete mode 100644 pkg/validation/identifiers.go delete mode 100644 pkg/validation/identifiers_test.go delete mode 100644 pkg/validation/namespace_test.go diff --git a/pkg/validation/identifiers.go b/pkg/validation/identifiers.go deleted file mode 100644 index be2eb479a3..0000000000 --- a/pkg/validation/identifiers.go +++ /dev/null @@ -1,69 +0,0 @@ -package validation - -import ( - "errors" - "fmt" - "regexp" -) - -const identifier = "[a-z][a-z0-9_]{1,62}[a-z0-9]" - -var ( - // ObjectNameRegex is the regular expression used to validate the object IDs. - ObjectNameRegex = regexp.MustCompile("^[a-zA-Z0-9/_-]{2,64}$") - - // RelationNameRegex is the regular expression used to validate the names of relations. - RelationNameRegex = regexp.MustCompile(fmt.Sprintf(`^(\.\.\.|%s)$`, identifier)) - - // NamespaceRegex is the regular expression used to validate namespace names. - NamespaceRegex = regexp.MustCompile(fmt.Sprintf("^(%s/)?%s$", identifier, identifier)) - - // NamespaceRegex is the regular expression used to validate namespace names - // that require tenant slugs. - NamespaceWithTenantRegex = regexp.MustCompile(fmt.Sprintf("^(%s)/(%s)$", identifier, identifier)) - - ErrInvalidObjectName = errors.New("invalid object name") - ErrInvalidRelationName = errors.New("invalid relation name") - ErrInvalidNamespaceName = errors.New("invalid namespace name") -) - -// ObjectName validates that the string provided is a valid object name. -func ObjectName(name string) error { - matched := ObjectNameRegex.MatchString(name) - if !matched { - return ErrInvalidObjectName - } - - return nil -} - -// RelationName validates that the string provided is a valid relation name. -func RelationName(name string) error { - matched := RelationNameRegex.MatchString(name) - if !matched { - return ErrInvalidRelationName - } - - return nil -} - -// NamespaceName validates that the string provided is a valid namespace name. -func NamespaceName(name string) error { - matched := NamespaceRegex.MatchString(name) - if !matched { - return ErrInvalidNamespaceName - } - - return nil -} - -// NamespaceNameWithTenant validates that the string provided is a valid namespace -// name and contains a tenant component. -func NamespaceNameWithTenant(name string) error { - matched := NamespaceWithTenantRegex.MatchString(name) - if !matched { - return ErrInvalidNamespaceName - } - - return nil -} diff --git a/pkg/validation/identifiers_test.go b/pkg/validation/identifiers_test.go deleted file mode 100644 index aae304c62b..0000000000 --- a/pkg/validation/identifiers_test.go +++ /dev/null @@ -1,97 +0,0 @@ -package validation - -import ( - "fmt" - "strings" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestRelationName(t *testing.T) { - testCases := []struct { - name string - expectedError error - }{ - {"", ErrInvalidRelationName}, - {"...", nil}, - {"foo", nil}, - {"bar", nil}, - {"foo1", nil}, - {"bar1", nil}, - {"ab", ErrInvalidRelationName}, - {"Foo1", ErrInvalidRelationName}, - {"foo_bar", nil}, - {"foo_bar_", ErrInvalidRelationName}, - {"foo/bar", ErrInvalidRelationName}, - {"foo/b", ErrInvalidRelationName}, - {"Foo/bar", ErrInvalidRelationName}, - {"foo/bar/baz", ErrInvalidRelationName}, - {strings.Repeat("f", 2), ErrInvalidRelationName}, - {strings.Repeat("f", 3), nil}, - {strings.Repeat("f", 4), nil}, - {strings.Repeat("\u0394", 4), ErrInvalidRelationName}, - {strings.Repeat("\n", 4), ErrInvalidRelationName}, - {strings.Repeat("_", 4), ErrInvalidRelationName}, - {strings.Repeat("-", 4), ErrInvalidRelationName}, - {strings.Repeat("/", 4), ErrInvalidRelationName}, - {strings.Repeat("\\", 4), ErrInvalidRelationName}, - {strings.Repeat("f", 64), nil}, - {strings.Repeat("f", 65), ErrInvalidRelationName}, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - require := require.New(t) - - require.Equal(tc.expectedError, RelationName(tc.name)) - }) - } -} - -func TestNamespaceName(t *testing.T) { - testCases := []struct { - name string - expectedError error - expectedRequireTenant error - }{ - {"", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"...", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"foo", nil, ErrInvalidNamespaceName}, - {"bar", nil, ErrInvalidNamespaceName}, - {"foo1", nil, ErrInvalidNamespaceName}, - {"bar1", nil, ErrInvalidNamespaceName}, - {"ab", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"Foo1", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"foo_bar", nil, ErrInvalidNamespaceName}, - {"foo_bar_", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"foo/bar", nil, nil}, - {"foo/b", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"Foo/bar", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {"foo/bar/baz", ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("f", 1), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("f", 3), nil, ErrInvalidNamespaceName}, - {strings.Repeat("f", 4), nil, ErrInvalidNamespaceName}, - {strings.Repeat("\u0394", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("\n", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("_", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("-", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("/", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("\\", 4), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("f", 64), nil, ErrInvalidNamespaceName}, - {fmt.Sprintf("%s/%s", strings.Repeat("f", 63), strings.Repeat("f", 63)), nil, nil}, - {fmt.Sprintf("%s/%s", strings.Repeat("f", 64), strings.Repeat("f", 64)), nil, nil}, - {fmt.Sprintf("%s/%s", strings.Repeat("f", 65), strings.Repeat("f", 64)), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {fmt.Sprintf("%s/%s", strings.Repeat("f", 64), strings.Repeat("f", 65)), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - {strings.Repeat("f", 65), ErrInvalidNamespaceName, ErrInvalidNamespaceName}, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - require := require.New(t) - - require.Equal(tc.expectedError, NamespaceName(tc.name)) - require.Equal(tc.expectedRequireTenant, NamespaceNameWithTenant(tc.name)) - }) - } -} diff --git a/pkg/validation/namespace_test.go b/pkg/validation/namespace_test.go deleted file mode 100644 index 6be8cfef8c..0000000000 --- a/pkg/validation/namespace_test.go +++ /dev/null @@ -1,256 +0,0 @@ -package validation - -import ( - "testing" - - v0 "github.com/authzed/authzed-go/proto/authzed/api/v0" - "github.com/stretchr/testify/require" - - ns "github.com/authzed/spicedb/pkg/namespace" -) - -func TestNamespaceValidation(t *testing.T) { - testCases := []struct { - name string - expectError bool - config *v0.NamespaceDefinition - }{ - {"empty", true, &v0.NamespaceDefinition{}}, - {"simple", false, ns.Namespace("user")}, - {"full", false, ns.Namespace( - "document", - ns.Relation("owner", nil), - ns.Relation("editor", ns.Union( - ns.This(), - ns.ComputedUserset("owner"), - )), - ns.Relation("parent", nil), - ns.Relation("lock", nil), - ns.Relation("viewer", ns.Union( - ns.This(), - ns.ComputedUserset("editor"), - ns.TupleToUserset("parent", "viewer"), - )), - )}, - {"working intersection", false, ns.Namespace( - "document", - ns.Relation("editor", ns.Intersection( - ns.This(), - ns.ComputedUserset("owner"), - )), - )}, - {"working exclusion", false, ns.Namespace( - "document", - ns.Relation("editor", ns.Exclusion( - ns.This(), - ns.ComputedUserset("owner"), - )), - )}, - {"bad relation name", true, ns.Namespace( - "document", - ns.Relation("a", nil), - )}, - {"bad rewrite", true, ns.Namespace( - "document", - ns.Relation("editor", &v0.UsersetRewrite{}), - )}, - {"nil union", true, ns.Namespace( - "document", - ns.Relation("editor", &v0.UsersetRewrite{ - RewriteOperation: &v0.UsersetRewrite_Union{}, - }), - )}, - {"no children", true, ns.Namespace( - "document", - ns.Relation("editor", &v0.UsersetRewrite{ - RewriteOperation: &v0.UsersetRewrite_Union{ - Union: &v0.SetOperation{}, - }, - }), - )}, - {"empty child", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{}, - }, - )), - )}, - {"nil child pointer", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - nil, - )), - )}, - {"nil child", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{}, - )), - )}, - {"bad ttu", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{}, - }, - }, - )), - )}, - {"ttu missing tupleset", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{ - ComputedUserset: &v0.ComputedUserset{ - Object: v0.ComputedUserset_TUPLE_USERSET_OBJECT, - Relation: "admin", - }, - }, - }, - }, - )), - )}, - {"ttu missing rewrite", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{ - Tupleset: &v0.TupleToUserset_Tupleset{ - Relation: "parent", - }, - }, - }, - }, - )), - )}, - {"ttu bad relation", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{ - Tupleset: &v0.TupleToUserset_Tupleset{ - Relation: "", - }, - ComputedUserset: &v0.ComputedUserset{ - Object: v0.ComputedUserset_TUPLE_USERSET_OBJECT, - Relation: "admin", - }, - }, - }, - }, - )), - )}, - {"ttu bad computed relation", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{ - Tupleset: &v0.TupleToUserset_Tupleset{ - Relation: "parent", - }, - ComputedUserset: &v0.ComputedUserset{ - Object: v0.ComputedUserset_TUPLE_USERSET_OBJECT, - Relation: "", - }, - }, - }, - }, - )), - )}, - {"ttu nil computed relation", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_TupleToUserset{ - TupleToUserset: &v0.TupleToUserset{ - Tupleset: &v0.TupleToUserset_Tupleset{ - Relation: "parent", - }, - ComputedUserset: &v0.ComputedUserset{ - Object: v0.ComputedUserset_TUPLE_USERSET_OBJECT, - }, - }, - }, - }, - )), - )}, - {"empty cu", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_ComputedUserset{}, - }, - )), - )}, - {"cu empty relation", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_ComputedUserset{ - ComputedUserset: &v0.ComputedUserset{}, - }, - }, - )), - )}, - {"cu bad relation name", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_ComputedUserset{ - ComputedUserset: &v0.ComputedUserset{ - Relation: "ab", - }, - }, - }, - )), - )}, - {"cu bad object type", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_ComputedUserset{ - ComputedUserset: &v0.ComputedUserset{ - Relation: "admin", - Object: 3, - }, - }, - }, - )), - )}, - {"child nil rewrite", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_UsersetRewrite{}, - }, - )), - )}, - {"child bad rewrite", true, ns.Namespace( - "document", - ns.Relation("viewer", ns.Union( - &v0.SetOperation_Child{ - ChildType: &v0.SetOperation_Child_UsersetRewrite{ - UsersetRewrite: &v0.UsersetRewrite{}, - }, - }, - )), - )}, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - err := tc.config.Validate() - if tc.expectError { - require.Error(t, err) - } else { - require.NoError(t, err) - } - }) - } -}