summaryrefslogtreecommitdiff
path: root/pkg/policies/policies_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/policies/policies_test.go')
-rw-r--r--pkg/policies/policies_test.go32
1 files changed, 32 insertions, 0 deletions
diff --git a/pkg/policies/policies_test.go b/pkg/policies/policies_test.go
index e038edb..67179a7 100644
--- a/pkg/policies/policies_test.go
+++ b/pkg/policies/policies_test.go
@@ -30,6 +30,38 @@ func TestAllowed(t *testing.T) {
build(func(r *cedar.Request) { r.Action = cedar.NewEntityUID("HttpMethod", cedar.String("PATCH")) }),
build(func(r *cedar.Request) { r.Action = cedar.NewEntityUID("HttpMethod", cedar.String("DELETE")) }),
build(func(r *cedar.Request) { r.Action = cedar.NewEntityUID("HttpMethod", cedar.String("HEAD")) }),
+ build(func(r *cedar.Request) {
+ r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/organizations.json"))
+ }),
+ build(func(r *cedar.Request) { r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/groups.json")) }),
+ build(func(r *cedar.Request) {
+ r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/.well-known/openid-configuration"))
+ r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("idp.example.com")})
+ }),
+ build(func(r *cedar.Request) {
+ r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/.well-known/oauth-authorization-server"))
+ r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("idp.example.com")})
+ }),
+ // build(func(r *cedar.Request) {
+ // r.Principal = gid.NewEntityUID("gid://User/*")
+ // r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/.well-known/openid-configuration"))
+ // r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("idp.example.com")})
+ // }),
+ // build(func(r *cedar.Request) {
+ // r.Principal = gid.NewEntityUID("gid://User/*")
+ // r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/.well-known/oauth-authorization-server"))
+ // r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("idp.example.com")})
+ // }),
+ build(func(r *cedar.Request) {
+ r.Action = cedar.NewEntityUID("HttpMethod", cedar.String("POST"))
+ r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/twirp/authx.rpc.Ability/Allowed"))
+ r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("idp.example.com")})
+ }),
+ build(func(r *cedar.Request) {
+ r.Action = cedar.NewEntityUID("HttpMethod", cedar.String("GET"))
+ r.Resource = cedar.NewEntityUID("HttpPath", cedar.String("/index.html"))
+ r.Context = cedar.NewRecord(cedar.RecordMap{"host": cedar.String("ui.example.com")})
+ }),
}
for _, tt := range allowed {
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 02:52:52 +0000