open-vault/api/output_policy_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package api

import (
	"net/http"
	"net/url"
	"testing"
)

func TestBuildSamplePolicy(t *testing.T) {
	t.Parallel()

	testCases := []struct {
		name     string
		req      *OutputPolicyError
		expected string
		err      error
	}{
		{
			"happy path",
			&OutputPolicyError{
				method: http.MethodGet,
				path:   "/something",
			},
			formatOutputPolicy("/something", []string{"read"}),
			nil,
		},
		{ // test included to clear up some confusion around the sanitize comment
			"demonstrate that this function does not format fully",
			&OutputPolicyError{
				method: http.MethodGet,
				path:   "http://vault.test/v1/something",
			},
			formatOutputPolicy("http://vault.test/v1/something", []string{"read"}),
			nil,
		},
		{ // test that list is properly returned
			"list over read returned",
			&OutputPolicyError{
				method: http.MethodGet,
				path:   "/something",
				params: url.Values{
					"list": []string{"true"},
				},
			},
			formatOutputPolicy("/something", []string{"list"}),
			nil,
		},
		{
			"valid protected path",
			&OutputPolicyError{
				method: http.MethodGet,
				path:   "/sys/config/ui/headers/",
			},
			formatOutputPolicy("/sys/config/ui/headers/", []string{"read", "sudo"}),
			nil,
		},
		{ // ensure that a formatted path that trims the trailing slash as the code does still works for recognizing a sudo path
			"valid protected path no trailing /",
			&OutputPolicyError{
				method: http.MethodGet,
				path:   "/sys/config/ui/headers",
			},
			formatOutputPolicy("/sys/config/ui/headers", []string{"read", "sudo"}),
			nil,
		},
	}

	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			result, err := tc.req.buildSamplePolicy()
			if tc.err != err {
				t.Fatalf("expected for the error to be %v instead got %v\n", tc.err, err)
			}

			if tc.expected != result {
				t.Fatalf("expected for the policy string to be %v instead got %v\n", tc.expected, result)
			}
		})
	}
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

address various issues with the output-policy flag (#19160) * update error message and properly handle list requests * since we do agressive sanitizes we need to optionally check trailing slash * added changelog record * remove redundant path formating * Update changelog/13106.txt Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * addressed comments from review * also remove code that duplicates efforts in kv_list * abstracted helper func for testing * added test cases for the policy builder * updated the changelog to the correct one * removed calls that apear not to do anything given test case results * fixed spacing issue in output string * remove const representation of list url param * addressed comments for pr --------- Co-authored-by: lursu <leland.ursu@hashicorp.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> 2023-02-21 15:12:45 +00:00			`package api`

			`import (`
			`"net/http"`
			`"net/url"`
			`"testing"`
			`)`

			`func TestBuildSamplePolicy(t *testing.T) {`
			`t.Parallel()`

			`testCases := []struct {`
			`name string`
			`req *OutputPolicyError`
			`expected string`
			`err error`
			`}{`
			`{`
			`"happy path",`
			`&OutputPolicyError{`
			`method: http.MethodGet,`
			`path: "/something",`
			`},`
			`formatOutputPolicy("/something", []string{"read"}),`
			`nil,`
			`},`
			`{ // test included to clear up some confusion around the sanitize comment`
			`"demonstrate that this function does not format fully",`
			`&OutputPolicyError{`
			`method: http.MethodGet,`
			`path: "http://vault.test/v1/something",`
			`},`
			`formatOutputPolicy("http://vault.test/v1/something", []string{"read"}),`
			`nil,`
			`},`
			`{ // test that list is properly returned`
			`"list over read returned",`
			`&OutputPolicyError{`
			`method: http.MethodGet,`
			`path: "/something",`
			`params: url.Values{`
			`"list": []string{"true"},`
			`},`
			`},`
			`formatOutputPolicy("/something", []string{"list"}),`
			`nil,`
			`},`
			`{`
			`"valid protected path",`
			`&OutputPolicyError{`
			`method: http.MethodGet,`
			`path: "/sys/config/ui/headers/",`
			`},`
			`formatOutputPolicy("/sys/config/ui/headers/", []string{"read", "sudo"}),`
			`nil,`
			`},`
			`{ // ensure that a formatted path that trims the trailing slash as the code does still works for recognizing a sudo path`
			`"valid protected path no trailing /",`
			`&OutputPolicyError{`
			`method: http.MethodGet,`
			`path: "/sys/config/ui/headers",`
			`},`
			`formatOutputPolicy("/sys/config/ui/headers", []string{"read", "sudo"}),`
			`nil,`
			`},`
			`}`

			`for _, tc := range testCases {`
			`t.Run(tc.name, func(t *testing.T) {`
			`result, err := tc.req.buildSamplePolicy()`
			`if tc.err != err {`
			`t.Fatalf("expected for the error to be %v instead got %v\n", tc.err, err)`
			`}`

			`if tc.expected != result {`
			`t.Fatalf("expected for the policy string to be %v instead got %v\n", tc.expected, result)`
			`}`
			`})`
			`}`
			`}`