From a45c159dac5893c7214e18a59c8a6d5115472e44 Mon Sep 17 00:00:00 2001 From: mo khan Date: Fri, 4 Jul 2025 18:47:33 -0600 Subject: test: add missing public asset tests --- etc/authzd/policy0.cedar | 21 ++++++- tests/authorization/check_service_test.rs | 101 +++++++++++++++++++++++++----- 2 files changed, 103 insertions(+), 19 deletions(-) diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar index 56457622..75cf8178 100644 --- a/etc/authzd/policy0.cedar +++ b/etc/authzd/policy0.cedar @@ -22,11 +22,28 @@ when { permit(principal, action, resource) when { context has host && context has method && context has path && ( - context.host == "sparkle.staging.runway.gitlab.net" && + context.host == "sparkle.staging.runway.gitlab.net" && ( context.method == "GET" && ( context.path == "/" || - context.path == "/app.js" || + context.path == "/callback" || + context.path == "/dashboard/nav" || + context.path == "/health" || + context.path == "/signout" || + context.path == "/sparkles" || + context.path like "*.bmp" || + context.path like "*.css" || + context.path like "*.gif" || + context.path like "*.html" || + context.path like "*.ico" || + context.path like "*.jpeg" || + context.path like "*.jpg" || + context.path like "*.js" || + context.path like "*.png" || context.path == "/callback" ) + ) || ( + context.method == "POST" && ( + context.path == "/sparkles/restore" + ) ) }; diff --git a/tests/authorization/check_service_test.rs b/tests/authorization/check_service_test.rs index 73812fa1..5ea0cb95 100644 --- a/tests/authorization/check_service_test.rs +++ b/tests/authorization/check_service_test.rs @@ -125,26 +125,9 @@ mod tests { #[tokio::test] async fn test_public_sparkle_endpoints() { - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/application.js"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/callback"}}, // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/dashboard", Headers: loggedInHeaders}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/dashboard/nav"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/favicon.ico"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/favicon.png"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/favicon.png"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/health"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/htmx.js"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/index.html"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/logo.png"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/pico.min.css"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/signout"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/sparkles"}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "GET", Path: "/vue.global.js"}}, // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "POST", Path: "/sparkles", Headers: loggedInHeaders}}, - // {status: tonic::Code::Ok, http: &HTTPRequest{Method: "POST", Path: "/sparkles/restore"}}, - // {status: tonic::Code::PermissionDenied, http: &HTTPRequest{Method: "GET", Path: "/dashboard"}}, // {status: tonic::Code::PermissionDenied, http: &HTTPRequest{Method: "GET", Path: "/dashboard", Headers: invalidHeaders}}, - // {status: tonic::Code::PermissionDenied, http: &HTTPRequest{Method: "POST", Path: "/sparkles"}}, let test_cases = vec![ ( @@ -165,6 +148,90 @@ mod tests { "sparkle.staging.runway.gitlab.net", tonic::Code::Ok, ), + ( + "GET", + "/dashboard/nav", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/favicon.ico", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/favicon.png", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/health", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/htmx.js", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/index.html", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/logo.png", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/pico.min.css", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/signout", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/sparkles", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/vue.global.js", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "POST", + "/sparkles/restore", + "sparkle.staging.runway.gitlab.net", + tonic::Code::Ok, + ), + ( + "GET", + "/dashboard", + "sparkle.staging.runway.gitlab.net", + tonic::Code::PermissionDenied, + ), + ( + "POST", + "/sparkles", + "sparkle.staging.runway.gitlab.net", + tonic::Code::PermissionDenied, + ), ]; for (method, path, host, expected_status_code) in test_cases { -- cgit v1.2.3