From d099e77eaa8e51eef14cd775234bfd4b12098a4c Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 25 Jun 2025 14:20:33 -0600
Subject: test: move cedar_authorizer tests to integration test suite

---
 tests/authorization/cedar_authorizer_test.rs | 78 ++++++++++++++++++++++++++++
 tests/authorization/mod.rs                   |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 tests/authorization/cedar_authorizer_test.rs
 create mode 100644 tests/authorization/mod.rs

(limited to 'tests/authorization')

diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
new file mode 100644
index 00000000..2ed3dd68
--- /dev/null
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -0,0 +1,78 @@
+#[cfg(test)]
+mod tests {
+    use crate::common::create_request;
+    use authzd::Authorizer;
+    use authzd::CedarAuthorizer;
+    use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;
+    use std::collections::HashMap;
+
+    #[test]
+    fn test_cedar_authorizer_allows_valid_token() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(
+            "authorization".to_string(),
+            "Bearer valid-token".to_string(),
+        );
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_denies_invalid_token() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(
+            "authorization".to_string(),
+            "Bearer invalid-token".to_string(),
+        );
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(!result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_denies_missing_header() {
+        let authorizer = CedarAuthorizer::new();
+        let headers = HashMap::new();
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(!result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_allows_static_assets() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(":path".to_string(), "/public/style.css".to_string());
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+
+    #[test]
+    fn test_cedar_authorizer_allows_js_assets() {
+        let authorizer = CedarAuthorizer::new();
+        let mut headers = HashMap::new();
+        headers.insert(":path".to_string(), "/app.js".to_string());
+        let request = create_request(|item: &mut HttpRequest| {
+            item.headers = headers;
+        });
+
+        let result = authorizer.authorize(request);
+        assert!(result);
+    }
+}
diff --git a/tests/authorization/mod.rs b/tests/authorization/mod.rs
new file mode 100644
index 00000000..a8aab73a
--- /dev/null
+++ b/tests/authorization/mod.rs
@@ -0,0 +1 @@
+mod cedar_authorizer_test;
-- 
cgit v1.2.3