Explicitly test that requiring an empty capability set is a no-op

This should always work (tm), so adding a test that shows that it does.

Mostly useful for RPCs that are always configured to use a request filter
but where the actual capability set is optionally set and defaults to empty.

1 files changed, 10 insertions, 0 deletions

diff --git a/fnet/src/tests/frt/rpc/invoke.cpp b/fnet/src/tests/frt/rpc/invoke.cpp
index 764b3fb4a05..e69513aa980 100644
--- a/fnet/src/tests/frt/rpc/invoke.cpp
+++ b/fnet/src/tests/frt/rpc/invoke.cpp
@@ -231,6 +231,9 @@ public:
         rb.DefineMethod("capabilityAllowed", "", "",
                         FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
         rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::telemetry()));
+        rb.DefineMethod("emptyCapabilitySet", "", "",
+                        FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
+        rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::make_empty()));
     }
 
     void RPC_Test(FRT_RPCRequest *req)
@@ -504,6 +507,13 @@ TEST_F("access is allowed by capability filter when peer is granted the required
     EXPECT_TRUE(f1.server_instance().restricted_method_was_invoked());
 }
 
+TEST_F("access is allowed by capability filter when required capability set is empty", Fixture()) {
+    MyReq req("emptyCapabilitySet");
+    f1.target().InvokeSync(req.borrow(), timeout);
+    ASSERT_FALSE(req.get().IsError());
+    EXPECT_TRUE(f1.server_instance().restricted_method_was_invoked());
+}
+
 TEST_MAIN() {
     crypto = my_crypto_engine();
     TEST_RUN_ALL();