1 files changed, 62 insertions, 0 deletions

diff --git a/app/app_test.go b/app/app_test.go
new file mode 100644
index 00000000..8aaaaee0
--- /dev/null
+++ b/app/app_test.go
@@ -0,0 +1,62 @@
+package app
+
+import (
+	http "net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/rpc"
+)
+
+func TestApp(t *testing.T) {
+	handler := New()
+	srv := httptest.NewServer(handler)
+	defer srv.Close()
+
+	t.Run("Ability.Allowed", func(t *testing.T) {
+		client := rpc.NewAbilityProtobufClient(srv.URL, &http.Client{})
+
+		t.Run("forbids", func(t *testing.T) {
+			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
+				Subject:    "",
+				Permission: "",
+				Resource:   "",
+			})
+			require.NoError(t, err)
+			assert.False(t, reply.Result)
+		})
+
+		t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
+			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
+				Subject:    "gid://example/User/alice",
+				Permission: "view",
+				Resource:   "gid://example/Album/jane_vacation",
+			})
+			require.NoError(t, err)
+			assert.True(t, reply.Result)
+		})
+
+		t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
+			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
+				Subject:    "gid://example/User/1",
+				Permission: "read",
+				Resource:   "gid://example/Organization/2",
+			})
+			require.NoError(t, err)
+			assert.True(t, reply.Result)
+		})
+	})
+
+	t.Run("GET /health", func(t *testing.T) {
+		t.Run("returns OK", func(t *testing.T) {
+			r := httptest.NewRequest("GET", "/health", nil)
+			w := httptest.NewRecorder()
+
+			handler.ServeHTTP(w, r)
+
+			assert.Equal(t, http.StatusOK, w.Code)
+		})
+	})
+}