1b3083c98c
* update error message and properly handle list requests * since we do agressive sanitizes we need to optionally check trailing slash * added changelog record * remove redundant path formating * Update changelog/13106.txt Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> * addressed comments from review * also remove code that duplicates efforts in kv_list * abstracted helper func for testing * added test cases for the policy builder * updated the changelog to the correct one * removed calls that apear not to do anything given test case results * fixed spacing issue in output string * remove const representation of list url param * addressed comments for pr --------- Co-authored-by: lursu <leland.ursu@hashicorp.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
81 lines
1.9 KiB
Go
81 lines
1.9 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
"testing"
|
|
)
|
|
|
|
func TestBuildSamplePolicy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
testCases := []struct {
|
|
name string
|
|
req *OutputPolicyError
|
|
expected string
|
|
err error
|
|
}{
|
|
{
|
|
"happy path",
|
|
&OutputPolicyError{
|
|
method: http.MethodGet,
|
|
path: "/something",
|
|
},
|
|
formatOutputPolicy("/something", []string{"read"}),
|
|
nil,
|
|
},
|
|
{ // test included to clear up some confusion around the sanitize comment
|
|
"demonstrate that this function does not format fully",
|
|
&OutputPolicyError{
|
|
method: http.MethodGet,
|
|
path: "http://vault.test/v1/something",
|
|
},
|
|
formatOutputPolicy("http://vault.test/v1/something", []string{"read"}),
|
|
nil,
|
|
},
|
|
{ // test that list is properly returned
|
|
"list over read returned",
|
|
&OutputPolicyError{
|
|
method: http.MethodGet,
|
|
path: "/something",
|
|
params: url.Values{
|
|
"list": []string{"true"},
|
|
},
|
|
},
|
|
formatOutputPolicy("/something", []string{"list"}),
|
|
nil,
|
|
},
|
|
{
|
|
"valid protected path",
|
|
&OutputPolicyError{
|
|
method: http.MethodGet,
|
|
path: "/sys/config/ui/headers/",
|
|
},
|
|
formatOutputPolicy("/sys/config/ui/headers/", []string{"read", "sudo"}),
|
|
nil,
|
|
},
|
|
{ // ensure that a formatted path that trims the trailing slash as the code does still works for recognizing a sudo path
|
|
"valid protected path no trailing /",
|
|
&OutputPolicyError{
|
|
method: http.MethodGet,
|
|
path: "/sys/config/ui/headers",
|
|
},
|
|
formatOutputPolicy("/sys/config/ui/headers", []string{"read", "sudo"}),
|
|
nil,
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
result, err := tc.req.buildSamplePolicy()
|
|
if tc.err != err {
|
|
t.Fatalf("expected for the error to be %v instead got %v\n", tc.err, err)
|
|
}
|
|
|
|
if tc.expected != result {
|
|
t.Fatalf("expected for the policy string to be %v instead got %v\n", tc.expected, result)
|
|
}
|
|
})
|
|
}
|
|
}
|