1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
package app
import (
http "net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc"
)
func TestApp(t *testing.T) {
handler := New()
srv := httptest.NewServer(handler)
defer srv.Close()
t.Run("Ability.Allowed", func(t *testing.T) {
client := rpc.NewAbilityProtobufClient(srv.URL, &http.Client{})
t.Run("forbids", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
Subject: "",
Permission: "",
Resource: "",
})
require.NoError(t, err)
assert.False(t, reply.Result)
})
t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
Subject: "gid://example/User/alice",
Permission: "view",
Resource: "gid://example/Album/jane_vacation",
})
require.NoError(t, err)
assert.True(t, reply.Result)
})
t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
Subject: "gid://example/User/1",
Permission: "read",
Resource: "gid://example/Organization/2",
})
require.NoError(t, err)
assert.True(t, reply.Result)
})
})
t.Run("GET /health", func(t *testing.T) {
t.Run("returns OK", func(t *testing.T) {
r := httptest.NewRequest("GET", "/health", nil)
w := httptest.NewRecorder()
handler.ServeHTTP(w, r)
assert.Equal(t, http.StatusOK, w.Code)
})
})
}
|
