open-vault/api/output_policy_test.go

81 lines
1.9 KiB
Go
Raw Normal View History

package api
import (
"net/http"
"net/url"
"testing"
)
func TestBuildSamplePolicy(t *testing.T) {
t.Parallel()
testCases := []struct {
name string
req *OutputPolicyError
expected string
err error
}{
{
"happy path",
&OutputPolicyError{
method: http.MethodGet,
path: "/something",
},
formatOutputPolicy("/something", []string{"read"}),
nil,
},
{ // test included to clear up some confusion around the sanitize comment
"demonstrate that this function does not format fully",
&OutputPolicyError{
method: http.MethodGet,
path: "http://vault.test/v1/something",
},
formatOutputPolicy("http://vault.test/v1/something", []string{"read"}),
nil,
},
{ // test that list is properly returned
"list over read returned",
&OutputPolicyError{
method: http.MethodGet,
path: "/something",
params: url.Values{
"list": []string{"true"},
},
},
formatOutputPolicy("/something", []string{"list"}),
nil,
},
{
"valid protected path",
&OutputPolicyError{
method: http.MethodGet,
path: "/sys/config/ui/headers/",
},
formatOutputPolicy("/sys/config/ui/headers/", []string{"read", "sudo"}),
nil,
},
{ // ensure that a formatted path that trims the trailing slash as the code does still works for recognizing a sudo path
"valid protected path no trailing /",
&OutputPolicyError{
method: http.MethodGet,
path: "/sys/config/ui/headers",
},
formatOutputPolicy("/sys/config/ui/headers", []string{"read", "sudo"}),
nil,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result, err := tc.req.buildSamplePolicy()
if tc.err != err {
t.Fatalf("expected for the error to be %v instead got %v\n", tc.err, err)
}
if tc.expected != result {
t.Fatalf("expected for the policy string to be %v instead got %v\n", tc.expected, result)
}
})
}
}