diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-09 11:52:48 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-09 11:52:48 -0600 |
| commit | f160106ceaaeb4bca1f9bc3976d875429430dd44 (patch) | |
| tree | 79833a7c61f4b69a104b737db74fe072d162396f /tests/authorization/cedar_authorizer_test.rs | |
| parent | 3d7745e618dfd824afb83d860abcc8af90b0bd14 (diff) | |
test: define the types of scenarios that I want to cover using the x-jwt-claim-sub
Diffstat (limited to 'tests/authorization/cedar_authorizer_test.rs')
| -rw-r--r-- | tests/authorization/cedar_authorizer_test.rs | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs index 47dde0c8..0090f1a5 100644 --- a/tests/authorization/cedar_authorizer_test.rs +++ b/tests/authorization/cedar_authorizer_test.rs @@ -6,7 +6,11 @@ mod tests { use std::collections::HashMap; fn subject() -> authzd::CedarAuthorizer { - build_cedar_authorizer(cedar_policy::Entities::empty()) + subject_with(cedar_policy::Entities::empty()) + } + + fn subject_with(entities: cedar_policy::Entities) -> authzd::CedarAuthorizer { + build_cedar_authorizer(entities) } #[test] @@ -129,7 +133,26 @@ mod tests { item.method = "GET".to_string(); item.path = "/dashboard".to_string(); item.host = "sparkle.staging.runway.gitlab.net".to_string(); + item.headers = build_headers(vec![ + (String::from(":path"), item.path.to_string()), + (String::from(":method"), item.method.to_string()), + (String::from(":authority"), item.host.to_string()), + ( + String::from("x-jwt-claim-sub"), + "gid://gitlab/User/1".to_string(), + ), + ]); }); - assert!(subject().authorize(request)); + let entities = cedar_policy::Entities::empty(); + // TODO:: Add entities to represent access to: + // * list of sparkles: `:read, gid://sparkle/Sparkle/*` + // * single sparkle: `:read, gid://sparkle/Sparkle/:id` + // * create sparkle: `:create, gid://sparkle/Sparkle/*` + // * update sparkles: `:update, gid://sparkle/Sparkle/*` + // * update single sparkle: `:update, gid://sparkle/Sparkle/:id` + // * delete sparkles: `:delete, gid://sparkle/Sparkle/*` + // * delete single sparkle: `:delete, gid://sparkle/Sparkle/:id` + let authorizer = subject_with(entities); + assert!(authorizer.authorize(request)); } } |