add runtime unit test

Signed-off-by: Ashutosh Narkar <[email protected]>

runtime/runtime_test.go

@@ -280,6 +280,61 @@ func TestCheckOPAUpdateLoopWithNewUpdate(t *testing.T) {
 	testCheckOPAUpdateLoop(t, baseURL, "OPA is out of date.")
 }
 
+func TestRuntimeWithAuthzSchemaVerification(t *testing.T) {
+	ctx := context.Background()
+
+	fs := map[string]string{
+		"test/authz.rego": `package system.authz
+
+		default allow := false
+
+		allow {
+          input.identity = "foo"
+		}`,
+	}
+
+	test.WithTempFS(fs, func(rootDir string) {
+		rootDir = filepath.Join(rootDir, "test")
+
+		params := NewParams()
+		params.Paths = []string{rootDir}
+		params.Authorization = server.AuthorizationBasic
+
+		_, err := NewRuntime(ctx, params)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		badModule := []byte(`package system.authz
+
+		default allow := false
+
+		allow {
+           input.identty = "foo"
+		}`)
+
+		if err := os.WriteFile(path.Join(rootDir, "authz.rego"), badModule, 0644); err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = NewRuntime(ctx, params)
+		if err == nil {
+			t.Fatal("Expected error but got nil")
+		}
+
+		if !strings.Contains(err.Error(), "undefined ref: input.identty") {
+			t.Errorf("Expected error \"%v\" not found", "undefined ref: input.identty")
+		}
+
+		// no verification checks
+		params.Authorization = server.AuthorizationOff
+		_, err = NewRuntime(ctx, params)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+}
+
 func TestCheckAuthIneffective(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Millisecond)
 	defer cancel() // NOTE(sr): The timeout will have been reached by the time `done` is closed.