From 2bfefb123605f48f3b21fea260d5f680402dc410 Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 9 Jul 2025 16:53:36 -0600 Subject: test: consolidate some of the duplicate tests --- tests/authorization/cedar_authorizer_test.rs | 70 +--------------- tests/authorization/check_service_test.rs | 115 ++++++--------------------- 2 files changed, 25 insertions(+), 160 deletions(-) (limited to 'tests') diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs index 27b676ba..88357058 100644 --- a/tests/authorization/cedar_authorizer_test.rs +++ b/tests/authorization/cedar_authorizer_test.rs @@ -16,28 +16,6 @@ mod tests { build_cedar_authorizer(entities) } - #[test] - fn test_cedar_authorizer_allows_valid_token() { - assert!(subject().authorize(build_request(|item: &mut HttpRequest| { - item.headers = build_headers(vec![( - "authorization".to_string(), - "Bearer valid-token".to_string(), - )]); - }))); - } - - #[test] - fn test_cedar_authorizer_denies_invalid_token() { - assert!( - !subject().authorize(build_request(|item: &mut HttpRequest| { - item.headers = build_headers(vec![( - "authorization".to_string(), - "Bearer invalid-token".to_string(), - )]); - })) - ); - } - #[test] fn test_cedar_authorizer_denies_missing_header() { assert!( @@ -48,43 +26,7 @@ mod tests { } #[test] - fn test_cedar_authorizer_allows_static_assets() { - assert!(subject().authorize(build_request(|item: &mut HttpRequest| { - let method = String::from("GET"); - let host = String::from("sparkle.staging.runway.gitlab.net"); - let path = "/public/style.css"; - - item.method = method.clone(); - item.path = path.to_string(); - item.host = host.to_string(); - item.headers = build_headers(vec![ - (String::from(":path"), path.to_string()), - (String::from(":method"), method), - (String::from(":authority"), host), - ]); - }))); - } - - #[test] - fn test_cedar_authorizer_allows_js_assets() { - assert!(subject().authorize(build_request(|item: &mut HttpRequest| { - let method = String::from("GET"); - let host = String::from("sparkle.staging.runway.gitlab.net"); - let path = "/app.js"; - - item.method = method.clone(); - item.path = path.to_string(); - item.host = host.to_string(); - item.headers = build_headers(vec![ - (String::from(":path"), path.to_string()), - (String::from(":method"), method), - (String::from(":authority"), host), - ]); - }))); - } - - #[test] - fn test_public_sparkle_endpoints() { + fn test_unauthenticated_sparkle_endpoints() { let hosts = vec![ "localhost:10000", "sparkle.runway.gitlab.net", @@ -93,19 +35,11 @@ mod tests { let routes = vec![ ("GET", "/", true), - ("GET", "/application.js", true), ("GET", "/callback", true), ("GET", "/dashboard/nav", true), - ("GET", "/favicon.ico", true), - ("GET", "/favicon.png", true), ("GET", "/health", true), - ("GET", "/htmx.js", true), - ("GET", "/index.html", true), - ("GET", "/logo.png", true), - ("GET", "/pico.min.css", true), ("GET", "/signout", true), ("GET", "/sparkles", true), - ("GET", "/vue.global.js", true), ("POST", "/sparkles/restore", true), ("GET", "/dashboard", false), ("POST", "/sparkles", false), @@ -139,7 +73,7 @@ mod tests { // * delete sparkles: `:delete, gid://sparkle/Sparkle/*` // * delete single sparkle: `:delete, gid://sparkle/Sparkle/:id` #[test] - fn test_allow_read_sparkles() { + fn test_authenticated_sparkle_endpoints() { let request = build_request(|item: &mut HttpRequest| { item.method = "GET".to_string(); item.path = "/sparkles".to_string(); diff --git a/tests/authorization/check_service_test.rs b/tests/authorization/check_service_test.rs index ae8c1de5..24921846 100644 --- a/tests/authorization/check_service_test.rs +++ b/tests/authorization/check_service_test.rs @@ -4,7 +4,6 @@ mod tests { use authzd::CheckService; use envoy_types::ext_authz::v3::pb::Authorization; use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest; - use std::collections::HashMap; use std::sync::Arc; fn subject() -> CheckService { @@ -14,30 +13,8 @@ mod tests { } #[tokio::test] - async fn test_check_allows_valid_bearer_token() { - let request = tonic::Request::new(build_request(|item: &mut HttpRequest| { - item.path = String::from("/"); - item.headers = build_headers(vec![( - "authorization".to_string(), - format!("Bearer {}", String::from("valid-token")), - )]) - })); - - let response = subject().check(request).await; - assert!(response.is_ok()); - - let check_response = response.unwrap().into_inner(); - assert!(check_response.status.is_some()); - - let status = check_response.status.unwrap(); - assert_eq!(tonic::Code::from_i32(status.code), tonic::Code::Ok); - } - - #[tokio::test] - async fn test_check_denies_invalid_bearer_token() { - let request = tonic::Request::new(build_request(|item: &mut HttpRequest| { - item.headers = HashMap::new(); - })); + async fn test_no_headers() { + let request = tonic::Request::new(build_request(|_http| {})); let response = subject().check(request).await; assert!(response.is_ok()); @@ -54,27 +31,31 @@ mod tests { #[tokio::test] async fn test_static_assets() { - let static_paths = vec![ - "app.js", - "favicon.ico", - "image.jpg", - "index.html", - "logo.png", - "style.css", + let routes = vec![ + ("GET", "/app.js", tonic::Code::Ok), + ("GET", "/application.js", tonic::Code::Ok), + ("GET", "/favicon.ico", tonic::Code::Ok), + ("GET", "/favicon.png", tonic::Code::Ok), + ("GET", "/image.jpg", tonic::Code::Ok), + ("GET", "/assets/image.jpg", tonic::Code::Ok), + ("GET", "/assets/style.css", tonic::Code::Ok), + ("GET", "/assets/application.js", tonic::Code::Ok), + ("GET", "/htmx.js", tonic::Code::Ok), + ("GET", "/index.html", tonic::Code::Ok), + ("GET", "/logo.png", tonic::Code::Ok), + ("GET", "/pico.min.css", tonic::Code::Ok), + ("GET", "/vue.global.js", tonic::Code::Ok), ]; - for path in static_paths { + for (method, path, expected_status_code) in &routes { let request = tonic::Request::new(build_request(|item: &mut HttpRequest| { - let method = String::from("GET"); - let host = String::from("sparkle.staging.runway.gitlab.net"); - - item.method = method.clone(); + item.method = method.to_string(); item.path = path.to_string(); - item.host = host.to_string(); + item.host = "localhost:3000".to_string(); item.headers = build_headers(vec![ - (String::from(":path"), path.to_string()), - (String::from(":method"), method), - (String::from(":authority"), host), + (String::from(":path"), item.path.to_string()), + (String::from(":method"), item.method.to_string()), + (String::from(":authority"), item.host.to_string()), ]); })); @@ -85,49 +66,7 @@ mod tests { assert!(check_response.status.is_some()); let status = check_response.status.unwrap(); - assert_eq!(tonic::Code::from_i32(status.code), tonic::Code::Ok); - } - } - - #[tokio::test] - async fn test_no_headers() { - let request = tonic::Request::new(build_request(|_http| {})); - - let response = subject().check(request).await; - assert!(response.is_ok()); - - let check_response = response.unwrap().into_inner(); - assert!(check_response.status.is_some()); - - let status = check_response.status.unwrap(); - assert_eq!( - tonic::Code::from_i32(status.code), - tonic::Code::Unauthenticated - ); - } - - #[tokio::test] - async fn test_table() { - let test_cases = vec![ - ("Bearer valid-token", tonic::Code::Ok), - ("Bearer invalid-token", tonic::Code::Unauthenticated), - ("Basic valid-token", tonic::Code::Unauthenticated), - ("", tonic::Code::Unauthenticated), - ]; - - for (auth_value, expected_status_code) in test_cases { - let request = tonic::Request::new(build_request(|item: &mut HttpRequest| { - item.headers = - build_headers(vec![("authorization".to_string(), auth_value.to_string())]); - })); - - let response = subject().check(request).await; - assert!(response.is_ok()); - - let check_response = response.unwrap().into_inner(); - let status = check_response.status.unwrap(); - - assert_eq!(tonic::Code::from_i32(status.code), expected_status_code); + assert_eq!(tonic::Code::from_i32(status.code), *expected_status_code); } } @@ -141,19 +80,11 @@ mod tests { let routes = vec![ ("GET", "/", tonic::Code::Ok), - ("GET", "/application.js", tonic::Code::Ok), ("GET", "/callback", tonic::Code::Ok), ("GET", "/dashboard/nav", tonic::Code::Ok), - ("GET", "/favicon.ico", tonic::Code::Ok), - ("GET", "/favicon.png", tonic::Code::Ok), ("GET", "/health", tonic::Code::Ok), - ("GET", "/htmx.js", tonic::Code::Ok), - ("GET", "/index.html", tonic::Code::Ok), - ("GET", "/logo.png", tonic::Code::Ok), - ("GET", "/pico.min.css", tonic::Code::Ok), ("GET", "/signout", tonic::Code::Ok), ("GET", "/sparkles", tonic::Code::Ok), - ("GET", "/vue.global.js", tonic::Code::Ok), ("POST", "/sparkles/restore", tonic::Code::Ok), ("GET", "/dashboard", tonic::Code::Unauthenticated), ("POST", "/sparkles", tonic::Code::Unauthenticated), -- cgit v1.2.3