add roundtrip tests for snapshots

divarvel · divarvel · commit 88d8e8b1216c · 2024-12-06T09:23:52.000+01:00
diff --git a/biscuit-auth/src/datalog/mod.rs b/biscuit-auth/src/datalog/mod.rs
@@ -733,7 +733,7 @@ impl World {
 }
 
 /// runtime limits for the Datalog engine
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub struct RunLimits {
     /// maximum number of Datalog facts (memory usage)
     pub max_facts: u64,
diff --git a/biscuit-auth/src/token/authorizer/snapshot.rs b/biscuit-auth/src/token/authorizer/snapshot.rs
@@ -271,3 +271,95 @@ pub(crate) fn proto_origin_to_authorizer_origin(
 
     Ok(new_origin)
 }
+
+#[cfg(test)]
+mod tests {
+    use std::collections::HashMap;
+    use std::time::Duration;
+
+    use crate::{datalog::RunLimits, Algorithm, AuthorizerBuilder};
+    use crate::{Authorizer, BiscuitBuilder, KeyPair};
+
+    #[test]
+    fn roundtrip_builder() {
+        let secp_pubkey = KeyPair::new_with_algorithm(Algorithm::Secp256r1).public();
+        let ed_pubkey = KeyPair::new_with_algorithm(Algorithm::Ed25519).public();
+        let builder = AuthorizerBuilder::new()
+            .limits(RunLimits {
+                max_facts: 42,
+                max_iterations: 42,
+                max_time: Duration::from_secs(1),
+            })
+            .code_with_params(
+                r#"
+                fact(true);
+                head($a) <- fact($a);
+                check if head(true) trusting authority, {ed_pubkey}, {secp_pubkey};
+                allow if head(true);
+                deny if head(false);
+        "#,
+                HashMap::default(),
+                HashMap::from([
+                    ("ed_pubkey".to_string(), ed_pubkey),
+                    ("secp_pubkey".to_string(), secp_pubkey),
+                ]),
+            )
+            .unwrap();
+        let snapshot = builder.snapshot().unwrap();
+
+        let parsed = AuthorizerBuilder::from_snapshot(snapshot).unwrap();
+        assert_eq!(parsed.dump_code(), builder.dump_code());
+        assert_eq!(parsed.limits, builder.limits);
+    }
+
+    #[test]
+    fn roundtrip_with_token_pre_run() {
+        let secp_pubkey = KeyPair::new_with_algorithm(Algorithm::Secp256r1).public();
+        let ed_pubkey = KeyPair::new_with_algorithm(Algorithm::Ed25519).public();
+        let builder = AuthorizerBuilder::new()
+            .limits(RunLimits {
+                max_facts: 42,
+                max_iterations: 42,
+                max_time: Duration::from_secs(1),
+            })
+            .code_with_params(
+                r#"
+                fact(true);
+                head($a) <- fact($a);
+                check if head(true) trusting authority, {ed_pubkey}, {secp_pubkey};
+                allow if head(true);
+                deny if head(false);
+        "#,
+                HashMap::default(),
+                HashMap::from([
+                    ("ed_pubkey".to_string(), ed_pubkey),
+                    ("secp_pubkey".to_string(), secp_pubkey),
+                ]),
+            )
+            .unwrap();
+        let biscuit = BiscuitBuilder::new()
+            .code_with_params(
+                r#"
+                bfact(true);
+                bhead($a) <- fact($a);
+                check if bhead(true) trusting authority, {ed_pubkey}, {secp_pubkey};
+                "#,
+                HashMap::default(),
+                HashMap::from([
+                    ("ed_pubkey".to_string(), ed_pubkey),
+                    ("secp_pubkey".to_string(), secp_pubkey),
+                ]),
+            )
+            .unwrap()
+            .build(&KeyPair::new())
+            .unwrap();
+
+        let authorizer = builder.build(&biscuit).unwrap();
+
+        let snapshot = authorizer.snapshot().unwrap();
+
+        let parsed = Authorizer::from_snapshot(snapshot).unwrap();
+        assert_eq!(parsed.dump_code(), authorizer.dump_code());
+        assert_eq!(parsed.limits(), authorizer.limits());
+    }
+}
diff --git a/biscuit-auth/src/token/builder/authorizer.rs b/biscuit-auth/src/token/builder/authorizer.rs
@@ -31,7 +31,7 @@ pub struct AuthorizerBuilder {
     authorizer_block_builder: BlockBuilder,
     policies: Vec<Policy>,
     extern_funcs: HashMap<String, ExternFunc>,
-    limits: AuthorizerLimits,
+    pub(crate) limits: AuthorizerLimits,
 }
 
 impl AuthorizerBuilder {

Original file line number	Diff line number	Diff line change
`@@ -733,7 +733,7 @@ impl World {`
`733`	`733`	`}`
`734`	`734`
`735`	`735`	`/// runtime limits for the Datalog engine`
`736`		`-#[derive(Debug, Clone)]`
	`736`	`+#[derive(Debug, Clone, PartialEq, Eq)]`
`737`	`737`	`pub struct RunLimits {`
`738`	`738`	`/// maximum number of Datalog facts (memory usage)`
`739`	`739`	`pub max_facts: u64,`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ pub struct AuthorizerBuilder {`
`31`	`31`	`authorizer_block_builder: BlockBuilder,`
`32`	`32`	`policies: Vec<Policy>,`
`33`	`33`	`extern_funcs: HashMap<String, ExternFunc>,`
`34`		`- limits: AuthorizerLimits,`
	`34`	`+ pub(crate) limits: AuthorizerLimits,`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`impl AuthorizerBuilder {`