Skip to content

Commit

Permalink
Refactor the tests for better readability on rules.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pushpalanka
Pushpalanka committed Dec 6, 2024
1 parent d8d1bbf commit e0bea8e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 19 deletions.
55 changes: 40 additions & 15 deletions filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
msg: "Allow Requests with spaces in path",
filterName: "opaAuthorizeRequest",
bundleName: "somebundle.tar.gz",
regoQuery: "envoy/authz/allow",
regoQuery: "envoy/authz/allow_with_space_in_path",
requestPath: "/my%20path",
requestMethod: "GET",
contextExtensions: "",
Expand Down Expand Up @@ -106,7 +106,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
msg: "Allow Requests with query parameters",
filterName: "opaAuthorizeRequest",
bundleName: "somebundle.tar.gz",
regoQuery: "envoy/authz/allow",
regoQuery: "envoy/authz/allow_with_query",
requestPath: "/allow-with-query?pass=yes&id=1&id=2&msg=help%20me",
requestMethod: "GET",
contextExtensions: "",
Expand Down Expand Up @@ -173,8 +173,8 @@ func TestAuthorizeRequestFilter(t *testing.T) {
msg: "Simple Forbidden with Query Parameters",
filterName: "opaAuthorizeRequest",
bundleName: "somebundle.tar.gz",
regoQuery: "envoy/authz/allow",
requestPath: "/allow-with-query?tofail=true",
regoQuery: "envoy/authz/deny_with_query",
requestPath: "/allow-me?tofail=true",
requestMethod: "GET",
contextExtensions: "",
expectedStatus: http.StatusForbidden,
Expand Down Expand Up @@ -384,6 +384,20 @@ func TestAuthorizeRequestFilter(t *testing.T) {
backendHeaders: make(http.Header),
removeHeaders: make(http.Header),
},
{
msg: "Allow Requests ignoring fragment",
filterName: "opaAuthorizeRequest",
bundleName: "somebundle.tar.gz",
regoQuery: "envoy/authz/allow_with_path_having_fragment",
requestPath: "/path-with-empty-query#fragment?",
requestMethod: "GET",
contextExtensions: "",
expectedStatus: http.StatusOK,
expectedBody: "Welcome!",
expectedHeaders: make(http.Header),
backendHeaders: make(http.Header),
removeHeaders: make(http.Header),
},
} {
t.Run(ti.msg, func(t *testing.T) {
t.Logf("Running test for %v", ti)
Expand All @@ -406,32 +420,43 @@ func TestAuthorizeRequestFilter(t *testing.T) {
package envoy.authz
default allow = false
default deny_with_query = false
allow {
input.parsed_path = [ "allow" ]
input.parsed_query = {}
input.parsed_path == [ "allow" ]
input.parsed_query == {}
}
allow_with_http_path {
input.attributes.request.http.path == "/some/api/path?q1=v1&msg=help%20me"
}
allow {
input.parsed_path = [ "my path" ]
allow_with_space_in_path {
input.parsed_path == [ "my path" ]
}
allow_with_path_having_empty_query {
input.parsed_path = [ "path-with-empty-query" ]
input.parsed_query = {}
input.parsed_path == [ "path-with-empty-query" ]
input.parsed_query == {}
}
allow {
input.parsed_path = [ "allow-with-query" ]
allow_with_query {
input.parsed_path == [ "allow-with-query" ]
input.parsed_query.pass == ["yes"]
input.parsed_query.id == ["1", "2"]
input.parsed_query.msg == ["help me"]
}
deny_with_query {
input.attributes.request.http.path == "/allow-me?tofail=true"
not input.parsed_query.tofail == ["true"]
}
allow_with_path_having_fragment {
input.parsed_path == [ "path-with-empty-query" ]
input.attributes.request.http.path == "/path-with-empty-query"
}
allow_context_extensions {
input.attributes.contextExtensions["com.mycompany.myprop"] == "myvalue"
}
Expand All @@ -447,8 +472,8 @@ func TestAuthorizeRequestFilter(t *testing.T) {
"http_status": 401
}
allow_object = response {
input.parsed_path = [ "allow", "structured" ]
allow_object := response {
input.parsed_path == [ "allow", "structured" ]
response := {
"allowed": true,
"headers": {
Expand Down Expand Up @@ -485,7 +510,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
decision_id := input.attributes.metadataContext.filterMetadata.open_policy_agent.decision_id
allow_object_decision_id_in_header = response {
allow_object_decision_id_in_header := response {
input.parsed_path = ["allow", "structured"]
decision_id
response := {
Expand Down
8 changes: 4 additions & 4 deletions filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func TestServerResponseFilter(t *testing.T) {
regoQuery: "envoy/authz/allow_object",
requestPath: "/allow/structured/with-empty-query-string?",
expectedStatus: http.StatusOK,
expectedBody: "Welcome from policy!",
expectedBody: "Welcome from policy with empty query string!",
expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}},
},
{
Expand All @@ -87,7 +87,7 @@ func TestServerResponseFilter(t *testing.T) {
regoQuery: "envoy/authz/allow_object",
requestPath: "/allow/structured/with-query?pass=yes",
expectedStatus: http.StatusOK,
expectedBody: "Welcome from policy!",
expectedBody: "Welcome from policy with query params!",
expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}},
},
{
Expand Down Expand Up @@ -201,7 +201,7 @@ func TestServerResponseFilter(t *testing.T) {
response := {
"allowed": true,
"headers": {"x-ext-auth-allow": "yes"},
"body": "Welcome from policy!",
"body": "Welcome from policy with empty query string!",
"http_status": 200
}
}
Expand All @@ -212,7 +212,7 @@ func TestServerResponseFilter(t *testing.T) {
response := {
"allowed": true,
"headers": {"x-ext-auth-allow": "yes"},
"body": "Welcome from policy!",
"body": "Welcome from policy with query params!",
"http_status": 200
}
}
Expand Down

0 comments on commit e0bea8e

Please sign in to comment.