From a140c5bac913d45321ae62b06bd9b05af136fe41 Mon Sep 17 00:00:00 2001 From: Ashutosh Narkar Date: Fri, 11 Aug 2023 15:25:28 -0700 Subject: [PATCH] add runtime unit test Signed-off-by: Ashutosh Narkar --- runtime/runtime_test.go | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/runtime/runtime_test.go b/runtime/runtime_test.go index f71d7c52e16..c46c06c3f51 100644 --- a/runtime/runtime_test.go +++ b/runtime/runtime_test.go @@ -280,6 +280,61 @@ func TestCheckOPAUpdateLoopWithNewUpdate(t *testing.T) { testCheckOPAUpdateLoop(t, baseURL, "OPA is out of date.") } +func TestRuntimeWithAuthzSchemaVerification(t *testing.T) { + ctx := context.Background() + + fs := map[string]string{ + "test/authz.rego": `package system.authz + + default allow := false + + allow { + input.identity = "foo" + }`, + } + + test.WithTempFS(fs, func(rootDir string) { + rootDir = filepath.Join(rootDir, "test") + + params := NewParams() + params.Paths = []string{rootDir} + params.Authorization = server.AuthorizationBasic + + _, err := NewRuntime(ctx, params) + if err != nil { + t.Fatal(err) + } + + badModule := []byte(`package system.authz + + default allow := false + + allow { + input.identty = "foo" + }`) + + if err := os.WriteFile(path.Join(rootDir, "authz.rego"), badModule, 0644); err != nil { + t.Fatal(err) + } + + _, err = NewRuntime(ctx, params) + if err == nil { + t.Fatal("Expected error but got nil") + } + + if !strings.Contains(err.Error(), "undefined ref: input.identty") { + t.Errorf("Expected error \"%v\" not found", "undefined ref: input.identty") + } + + // no verification checks + params.Authorization = server.AuthorizationOff + _, err = NewRuntime(ctx, params) + if err != nil { + t.Fatal(err) + } + }) +} + func TestCheckAuthIneffective(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 2*time.Millisecond) defer cancel() // NOTE(sr): The timeout will have been reached by the time `done` is closed.