generated from coulomb/repo-seed
Implement canonical schema foundation
This commit is contained in:
50
internal/policy/package_test.go
Normal file
50
internal/policy/package_test.go
Normal file
@@ -0,0 +1,50 @@
|
||||
package policy_test
|
||||
|
||||
import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
|
||||
"github.com/netkingdom/flex-auth/pkg/api"
|
||||
)
|
||||
|
||||
func TestPolicyPackageMetadataParses(t *testing.T) {
|
||||
var metadata api.PolicyPackageMetadata
|
||||
loadYAML(t, filepath.Join("..", "..", "examples", "caring", "policy_package.yaml"), &metadata)
|
||||
|
||||
if metadata.Caring.Profile != api.CaringProfileCaring040RC2 {
|
||||
t.Fatalf("metadata.Caring.Profile = %q; want %q", metadata.Caring.Profile, api.CaringProfileCaring040RC2)
|
||||
}
|
||||
if len(metadata.Caring.Capabilities) != 1 || metadata.Caring.Capabilities[0] != api.CapabilityView {
|
||||
t.Errorf("metadata.Caring.Capabilities = %v; want [View]", metadata.Caring.Capabilities)
|
||||
}
|
||||
if len(metadata.Caring.Restrictions) != 1 || metadata.Caring.Restrictions[0] != api.RestrictionExportBlocked {
|
||||
t.Errorf("metadata.Caring.Restrictions = %v; want [ExportBlocked]", metadata.Caring.Restrictions)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPolicyFixtureParses(t *testing.T) {
|
||||
var fixture api.PolicyFixture
|
||||
loadYAML(t, filepath.Join("..", "..", "examples", "caring", "policy_fixture.yaml"), &fixture)
|
||||
|
||||
if fixture.Expect.Effect != api.DecisionEffectAllow {
|
||||
t.Errorf("fixture.Expect.Effect = %q; want allow", fixture.Expect.Effect)
|
||||
}
|
||||
if fixture.Request.CaringContext == nil {
|
||||
t.Fatal("fixture.Request.CaringContext is nil")
|
||||
}
|
||||
}
|
||||
|
||||
func loadYAML(t *testing.T, path string, out any) {
|
||||
t.Helper()
|
||||
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
t.Fatalf("read %s: %v", path, err)
|
||||
}
|
||||
if err := yaml.Unmarshal(data, out); err != nil {
|
||||
t.Fatalf("unmarshal %s: %v", path, err)
|
||||
}
|
||||
}
|
||||
43
internal/registry/manifest_test.go
Normal file
43
internal/registry/manifest_test.go
Normal file
@@ -0,0 +1,43 @@
|
||||
package registry_test
|
||||
|
||||
import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
|
||||
"github.com/netkingdom/flex-auth/pkg/api"
|
||||
)
|
||||
|
||||
func TestRegistryManifestsParse(t *testing.T) {
|
||||
var subjects api.SubjectManifest
|
||||
loadYAML(t, filepath.Join("..", "..", "examples", "caring", "subject_manifest.yaml"), &subjects)
|
||||
if len(subjects.Subjects) != 1 {
|
||||
t.Fatalf("Subjects len = %d; want 1", len(subjects.Subjects))
|
||||
}
|
||||
if subjects.Subjects[0].Roles[0] != api.CanonicalRoleDoer {
|
||||
t.Errorf("Subject role = %q; want Doer", subjects.Subjects[0].Roles[0])
|
||||
}
|
||||
|
||||
var fact api.RelationshipFact
|
||||
loadYAML(t, filepath.Join("..", "..", "examples", "caring", "relationship_fact.yaml"), &fact)
|
||||
if fact.Subject != "group:platform-architecture" || fact.Object != "document:internal-note" {
|
||||
t.Fatalf("relationship fact did not parse as expected: %+v", fact)
|
||||
}
|
||||
if fact.Caring == nil || fact.Caring.Profile != api.CaringProfileCaring040RC2 {
|
||||
t.Fatalf("fact.Caring = %+v; want CARING profile descriptor", fact.Caring)
|
||||
}
|
||||
}
|
||||
|
||||
func loadYAML(t *testing.T, path string, out any) {
|
||||
t.Helper()
|
||||
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
t.Fatalf("read %s: %v", path, err)
|
||||
}
|
||||
if err := yaml.Unmarshal(data, out); err != nil {
|
||||
t.Fatalf("unmarshal %s: %v", path, err)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user