mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-05-18 10:10:14 +00:00
Stavros
94 lines
2.7 KiB
Go
94 lines
2.7 KiB
Go
package service_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/tinyauthapp/tinyauth/internal/service"
|
|
"github.com/tinyauthapp/tinyauth/internal/test"
|
|
"github.com/tinyauthapp/tinyauth/internal/utils/logger"
|
|
)
|
|
|
|
// Create test rule
|
|
type TestRule struct{}
|
|
|
|
func (rule *TestRule) Evaluate(ctx *service.ACLContext) service.Effect {
|
|
switch ctx.Path {
|
|
case "/allowed":
|
|
return service.EffectAllow
|
|
case "/denied":
|
|
return service.EffectDeny
|
|
default:
|
|
return service.EffectAbstain
|
|
}
|
|
}
|
|
|
|
func TestPolicyEngine(t *testing.T) {
|
|
log := logger.NewLogger().WithTestConfig()
|
|
log.Init()
|
|
|
|
cfg, _ := test.CreateTestConfigs(t)
|
|
|
|
testRule := &TestRule{}
|
|
|
|
// Engine should fail with invalid policy
|
|
cfg.Auth.ACLs.Policy = "invalid_policy"
|
|
_, err := service.NewPolicyEngine(cfg, log)
|
|
assert.Error(t, err)
|
|
|
|
// Engine should initialize with 'allow' policy
|
|
cfg.Auth.ACLs.Policy = string(service.PolicyAllow)
|
|
engine, err := service.NewPolicyEngine(cfg, log)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, service.PolicyAllow, engine.Policy())
|
|
|
|
// Engine should initialize with 'deny' policy
|
|
cfg.Auth.ACLs.Policy = string(service.PolicyDeny)
|
|
engine, err = service.NewPolicyEngine(cfg, log)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, service.PolicyDeny, engine.Policy())
|
|
|
|
// Engine should allow adding rules
|
|
engine, err = service.NewPolicyEngine(cfg, log)
|
|
assert.NoError(t, err)
|
|
engine.RegisterRule("test-rule", testRule)
|
|
_, ok := engine.Rules()["test-rule"]
|
|
assert.True(t, ok)
|
|
|
|
// Begin allow policy tests
|
|
cfg.Auth.ACLs.Policy = string(service.PolicyAllow)
|
|
engine, err = service.NewPolicyEngine(cfg, log)
|
|
assert.NoError(t, err)
|
|
engine.RegisterRule("test-rule", testRule)
|
|
|
|
// With allow policy, if rule allows, access should be allowed
|
|
ctx := &service.ACLContext{Path: "/allowed"}
|
|
assert.Equal(t, true, engine.Evaluate("test-rule", ctx))
|
|
|
|
// With allow policy, if rule denies, access should be denied
|
|
ctx.Path = "/denied"
|
|
assert.Equal(t, false, engine.Evaluate("test-rule", ctx))
|
|
|
|
// With allow policy, if rule abstains, access should be allowed (default)
|
|
ctx.Path = "/abstain"
|
|
assert.Equal(t, true, engine.Evaluate("test-rule", ctx))
|
|
|
|
// Begin deny policy tests
|
|
cfg.Auth.ACLs.Policy = string(service.PolicyDeny)
|
|
engine, err = service.NewPolicyEngine(cfg, log)
|
|
assert.NoError(t, err)
|
|
engine.RegisterRule("test-rule", testRule)
|
|
|
|
// With deny policy, if rule allows, access should be allowed
|
|
ctx.Path = "/allowed"
|
|
assert.Equal(t, true, engine.Evaluate("test-rule", ctx))
|
|
|
|
// With deny policy, if rule denies, access should be denied
|
|
ctx.Path = "/denied"
|
|
assert.Equal(t, false, engine.Evaluate("test-rule", ctx))
|
|
|
|
// With deny policy, if rule abstains, access should be denied (default)
|
|
ctx.Path = "/abstain"
|
|
assert.Equal(t, false, engine.Evaluate("test-rule", ctx))
|
|
}
|