Skip to content

Commit

Permalink
test: add tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@ishanarya0
ishanarya0 committed Mar 13, 2024
1 parent de00939 commit b1f6044
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 4 deletions.
1 change: 1 addition & 0 deletions internal/proxy/middleware/authz/authz.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
c.notAllowed(rw, err)
return
}
c.log.Info("successfully checked permission", "permission", permission.Name, "result", isAuthorized)
if isAuthorized {
break
}
Expand Down
58 changes: 57 additions & 1 deletion test/e2e_test/smoke/proxy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ type EndToEndProxySmokeTestSuite struct {
orgID string
orgSlug string
projID string
projSlug string
groupID string
client shieldv1beta1.ShieldServiceClient
cancelClient func()
Expand Down Expand Up @@ -57,6 +58,7 @@ func (s *EndToEndProxySmokeTestSuite) SetupTest() {
s.Require().NoError(err)
s.Require().Equal(1, len(pRes.GetProjects()))
s.projID = pRes.GetProjects()[0].GetId()
s.projSlug = pRes.GetProjects()[0].GetSlug()

gRes, err := s.client.ListGroups(ctx, &shieldv1beta1.ListGroupsRequest{})
s.Require().NoError(err)
Expand Down Expand Up @@ -161,10 +163,11 @@ func (s *EndToEndProxySmokeTestSuite) TestProxyToEchoServer() {
s.Assert().Equal(401, res.StatusCode)
})

s.Run("permission expression: user not having permission at org level will not be authenticated by middleware auth", func() {
s.Run("permission expression: user not having permission at proj level will not be authenticated by middleware auth", func() {
url := fmt.Sprintf("http://localhost:%d/api/create_firehose_based_on_sink", s.appConfig.Proxy.Services[0].Port)
reqBodyMap := map[string]any{
"organization": s.orgID,
"project": s.projID,
"configs": map[string]any{
"env_vars": map[string]any{
"SINK_TYPE": "bigquery",
Expand All @@ -186,10 +189,63 @@ func (s *EndToEndProxySmokeTestSuite) TestProxyToEchoServer() {
s.Assert().Equal(401, res.StatusCode)
})

s.Run("permission expression: user not having permission at org level will not be authenticated by middleware auth", func() {
url := fmt.Sprintf("http://localhost:%d/api/create_firehose_based_on_sink", s.appConfig.Proxy.Services[0].Port)
reqBodyMap := map[string]any{
"organization": s.orgID,
"project": s.projID,
"configs": map[string]any{
"env_vars": map[string]any{
"SINK_TYPE": "blob",
},
},
}
reqBodyBytes, err := json.Marshal(reqBodyMap)
s.Require().NoError(err)

req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(reqBodyBytes))
s.Require().NoError(err)

req.Header.Set(testbench.IdentityHeader, "[email protected]")

res, err := http.DefaultClient.Do(req)
s.Require().NoError(err)

defer res.Body.Close()
s.Assert().Equal(401, res.StatusCode)
})

s.Run("permission expression: user not having permission at org level will not be authenticated by middleware auth with org passed as slug", func() {
url := fmt.Sprintf("http://localhost:%d/api/create_firehose_based_on_sink", s.appConfig.Proxy.Services[0].Port)
reqBodyMap := map[string]any{
"organization": s.orgSlug,
"project": s.projSlug,
"configs": map[string]any{
"env_vars": map[string]any{
"SINK_TYPE": "blob",
},
},
}
reqBodyBytes, err := json.Marshal(reqBodyMap)
s.Require().NoError(err)

req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(reqBodyBytes))
s.Require().NoError(err)

req.Header.Set(testbench.IdentityHeader, "[email protected]")

res, err := http.DefaultClient.Do(req)
s.Require().NoError(err)

defer res.Body.Close()
s.Assert().Equal(401, res.StatusCode)
})

s.Run("permission expression: user not having permission at proj level will not be authenticated by middleware auth with proj passed as slug", func() {
url := fmt.Sprintf("http://localhost:%d/api/create_firehose_based_on_sink", s.appConfig.Proxy.Services[0].Port)
reqBodyMap := map[string]any{
"organization": s.orgSlug,
"project": s.projSlug,
"configs": map[string]any{
"env_vars": map[string]any{
"SINK_TYPE": "bigquery",
Expand Down
25 changes: 24 additions & 1 deletion test/e2e_test/testbench/testdata/configs/resources/resource.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,27 @@ shield/organization:
- firehose_bq_admin
- name: manage_gcs_firehose
roles:
- firehose_gcs_admin
- firehose_gcs_admin

shield/project:
type: system
roles:
- name: sink_editor
principals:
- shield/user
- shield/group
- name: firehose_project_bq_admin
principals:
- shield/user
- shield/group
- name: firehose_project_gcs_admin
principals:
- shield/user
- shield/group
permissions:
- name: manage_bq_firehose
roles:
- firehose_project_bq_admin
- name: manage_gcs_firehose
roles:
- firehose_project_bq_admin
7 changes: 5 additions & 2 deletions test/e2e_test/testbench/testdata/configs/rules/rule.yamltpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,9 @@ rules:
organization:
key: organization
type: json_payload
project:
key: project
type: json_payload
sink:
key: configs.env_vars.SINK_TYPE
type: json_payload
Expand All @@ -101,8 +104,8 @@ rules:
operator: ==
value: "blob"
- name: manage_bq_firehose
namespace: shield/organization
attribute: organization
namespace: shield/project
attribute: project
expression:
attribute: sink
operator: ==
Expand Down

0 comments on commit b1f6044

Please sign in to comment.