From fb05a439113daf8750be6df025f9676221d8e228 Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 16 Jul 2025 10:53:11 -0600 Subject: chore: add tests for authenticated sparkle endpoints --- tests/authorization/spice/authorizer_test.rs | 103 ++++++++++++++++++++++++--- tests/support/mod.rs | 2 + 2 files changed, 94 insertions(+), 11 deletions(-) (limited to 'tests') diff --git a/tests/authorization/spice/authorizer_test.rs b/tests/authorization/spice/authorizer_test.rs index b295b64b..e25008e4 100644 --- a/tests/authorization/spice/authorizer_test.rs +++ b/tests/authorization/spice/authorizer_test.rs @@ -1,18 +1,99 @@ #[cfg(test)] mod tests { - use crate::support::factory_bot::*; + use crate::support::*; use authzd::Authorizer; + use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest; + + fn subject() -> authzd::authorization::spice::Authorizer { + common::setup(); + authzd::authorization::spice::Authorizer::new() + } #[test] - fn test_example() { - let authorizer = authzd::authorization::spice::Authorizer::new(); - let request = build_request( - |item: &mut envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest| { - item.method = "GET".to_string(); - item.path = "/".to_string(); - }, - ); - - assert!(authorizer.authorize(request)) + fn test_unauthenticated_sparkle_endpoints() { + let hosts = vec![ + "localhost:10000", + "sparkle.runway.gitlab.net", + "sparkle.staging.runway.gitlab.net", + ]; + + let routes = vec![ + ("GET", "/", true), + ("GET", "/callback", true), + ("GET", "/dashboard/nav", true), + ("GET", "/signout", false), + ("GET", "/sparkles", true), + ("POST", "/sparkles/restore", true), + ("GET", "/dashboard", false), + ("POST", "/sparkles", false), + ]; + + let authorizer = subject(); + for host in hosts { + for (method, path, expected) in &routes { + let request = build_request(|item: &mut HttpRequest| { + item.method = method.to_string(); + item.path = path.to_string(); + item.host = host.to_string(); + item.headers = build_headers(vec![ + (String::from(":path"), path.to_string()), + (String::from(":method"), method.to_string()), + (String::from(":authority"), host.to_string()), + ]); + }); + + assert_eq!( + authorizer.authorize(request), + *expected, + "{} {}", + method, + path + ); + } + } + } + + #[test] + fn test_authenticated_sparkle_endpoints() { + let hosts = vec![ + "localhost:10000", + "sparkle.runway.gitlab.net", + "sparkle.staging.runway.gitlab.net", + ]; + + let routes = vec![ + ("GET", "/", true), + ("GET", "/callback", true), + ("GET", "/dashboard/nav", true), + ("GET", "/signout", true), + ("GET", "/sparkles", true), + ("GET", "/dashboard", true), + ("POST", "/sparkles", true), + ]; + + let authorizer = subject(); + for host in hosts { + for (method, path, expected) in &routes { + let request = build_request(|item: &mut HttpRequest| { + item.method = method.to_string(); + item.path = path.to_string(); + item.host = host.to_string(); + item.headers = build_headers(vec![ + (String::from(":path"), path.to_string()), + (String::from(":method"), method.to_string()), + (String::from(":authority"), host.to_string()), + (String::from("x-jwt-claim-sub"), "1675940".to_string()), + ]); + }); + + assert_eq!( + authorizer.authorize(request), + *expected, + "{} {}", + method, + path + ); + } + } } } diff --git a/tests/support/mod.rs b/tests/support/mod.rs index c46f39e5..1842756a 100644 --- a/tests/support/mod.rs +++ b/tests/support/mod.rs @@ -1,2 +1,4 @@ pub mod common; pub mod factory_bot; + +pub use factory_bot::*; -- cgit v1.2.3