Add test case to show how to use hook info

gatewayd-io · May 24, 2024 · 78203ed · 78203ed
1 parent 85bcff7
commit 78203ed
Showing 1 changed file with 104 additions and 0 deletions.
diff --git a/act/registry_test.go b/act/registry_test.go
@@ -483,6 +483,110 @@ func Test_Apply_BadPolicy(t *testing.T) {
 	}
 }
 
+// Test_Apply_Hook tests the Apply function of the act registry with a policy that
+// has the hook info and makes use of it.
+func Test_Apply_Hook(t *testing.T) {
+	buf := bytes.Buffer{}
+	logger := zerolog.New(&buf)
+
+	// Custom policy leveraging the hook info.
+	policies := map[string]*sdkAct.Policy{
+		"passthrough": sdkAct.MustNewPolicy(
+			"passthrough",
+			"true",
+			nil,
+		),
+		"log": sdkAct.MustNewPolicy(
+			"log",
+			`Signal.log == true && Policy.log == "enabled" &&
+			split(Hook.Params.client.remote, ":")[0] == "192.168.0.1"`,
+			map[string]any{
+				"log": "enabled",
+			},
+		),
+	}
+
+	actRegistry := NewActRegistry(
+		Registry{
+			Signals:              BuiltinSignals(),
+			Policies:             policies,
+			Actions:              BuiltinActions(),
+			DefaultPolicyName:    config.DefaultPolicy,
+			PolicyTimeout:        config.DefaultPolicyTimeout,
+			DefaultActionTimeout: config.DefaultActionTimeout,
+			Logger:               logger,
+		})
+	assert.NotNil(t, actRegistry)
+
+	hook := sdkAct.Hook{
+		Name:     "HOOK_NAME_ON_TRAFFIC_FROM_CLIENT",
+		Priority: 1000,
+		// Input parameters for the hook.
+		Params: map[string]any{
+			"field": "value",
+			"server": map[string]any{
+				"local":  "value",
+				"remote": "value",
+			},
+			"client": map[string]any{
+				"local":  "value",
+				"remote": "192.168.0.1:15432",
+			},
+			"request": "Base64EncodedRequest",
+			"error":   "",
+		},
+		// Output parameters for the hook.
+		Result: map[string]any{
+			"field": "value",
+			"server": map[string]any{
+				"local":  "value",
+				"remote": "value",
+			},
+			"client": map[string]any{
+				"local":  "value",
+				"remote": "value",
+			},
+			"request": "Base64EncodedRequest",
+			"error":   "",
+			sdkAct.Signals: []any{
+				sdkAct.Log("error", "error message", map[string]any{"key": "value"}).ToMap(),
+			},
+			"response": "Base64EncodedResponse",
+		},
+	}
+
+	outputs := actRegistry.Apply(
+		[]sdkAct.Signal{
+			*sdkAct.Log(
+				"error",
+				"policy matched, so we are seeing this error message",
+				map[string]any{"key": "value"},
+			),
+		},
+		hook,
+	)
+	assert.NotNil(t, outputs)
+	assert.Len(t, outputs, 1)
+	assert.Equal(t, "log", outputs[0].MatchedPolicy)
+	assert.Equal(t, outputs[0].Metadata, map[string]any{
+		"key":     "value",
+		"level":   "error",
+		"log":     true,
+		"message": "policy matched from incoming address 192.168.0.1, so we are seeing this error message",
+	})
+	assert.False(t, outputs[0].Sync) // Asynchronous action.
+	assert.True(t, cast.ToBool(outputs[0].Verdict))
+	assert.False(t, outputs[0].Terminal)
+
+	result, err := actRegistry.Run(outputs[0], WithResult(hook.Result))
+	assert.Equal(t, err, gerr.ErrAsyncAction, "expected async action sentinel error")
+	assert.Nil(t, result, "expected nil result")
+
+	time.Sleep(time.Millisecond) // wait for async action to complete
+
+	assert.Contains(t, buf.String(), `{"level":"error","key":"value","message":"policy matched from incoming address 192.168.0.1, so we are seeing this error message"}`) //nolint:lll
+}
+
 // Test_Run tests the Run function of the act registry with a non-terminal action.
 func Test_Run(t *testing.T) {
 	logger := zerolog.Logger{}