package markitect_test import ( "os" "path/filepath" "testing" "gopkg.in/yaml.v3" "github.com/netkingdom/flex-auth/internal/markitect" "github.com/netkingdom/flex-auth/internal/registry" "github.com/netkingdom/flex-auth/pkg/api" ) func TestImportResourceManifestLoadsPinnedMarkitectShape(t *testing.T) { var manifest api.ResourceManifest loadYAML(t, filepath.Join("..", "..", "examples", "markitect", "resource_manifest.yaml"), &manifest) store := registry.NewStore() result, err := markitect.ImportResourceManifest(store, manifest) if err != nil { t.Fatalf("ImportResourceManifest: %v", err) } if result.Manifest.CaringProfile != api.CaringProfileCaring040RC2 { t.Fatalf("CaringProfile = %q; want %q", result.Manifest.CaringProfile, api.CaringProfileCaring040RC2) } if !hasDiagnostic(result.Diagnostics, "MARKITECT-CARING-PROFILE", "warning") { t.Fatalf("diagnostics = %+v; want missing CARING profile warning", result.Diagnostics) } resource, ok := store.Resource(markitect.SystemID, "document:internal-note") if !ok { t.Fatal("document:internal-note was not imported") } if resource.Attributes["caring_scope_level"] != api.ScopeLevelResource { t.Fatalf("caring_scope_level = %v; want Resource", resource.Attributes["caring_scope_level"]) } } func TestImportNamespaceResourceManifestClassifiesAllResources(t *testing.T) { var manifest api.ResourceManifest loadYAML(t, filepath.Join("..", "..", "examples", "markitect", "namespace_resource_manifest.yaml"), &manifest) store := registry.NewStore() result, err := markitect.ImportResourceManifest(store, manifest) if err != nil { t.Fatalf("ImportResourceManifest: %v\n%+v", err, result.Diagnostics) } if hasSeverity(result.Diagnostics, "error") { t.Fatalf("diagnostics = %+v; did not expect errors", result.Diagnostics) } span, ok := store.Resource(markitect.SystemID, "span:internal-note#risk:customer-email") if !ok { t.Fatal("span resource was not imported") } if span.Attributes["caring_scope_level"] != api.ScopeLevelField { t.Fatalf("span caring_scope_level = %v; want Field", span.Attributes["caring_scope_level"]) } if span.TrustZone != "restricted" { t.Fatalf("span.TrustZone = %q; want restricted", span.TrustZone) } } func TestImportAmbiguousManifestReportsClassificationWarnings(t *testing.T) { var manifest api.ResourceManifest loadYAML(t, filepath.Join("..", "..", "examples", "markitect", "ambiguous_resource_manifest.yaml"), &manifest) store := registry.NewStore() result, err := markitect.ImportResourceManifest(store, manifest) if err != nil { t.Fatalf("ImportResourceManifest: %v", err) } if !hasDiagnostic(result.Diagnostics, "MARKITECT-LABELS-MISSING", "warning") { t.Fatalf("diagnostics = %+v; want labels warning", result.Diagnostics) } if !hasDiagnostic(result.Diagnostics, "MARKITECT-TRUST-ZONE-MISSING", "warning") { t.Fatalf("diagnostics = %+v; want trust zone warning", result.Diagnostics) } } func TestImportRejectsUnknownMarkitectResourceType(t *testing.T) { manifest := api.ResourceManifest{ ID: "bad", System: markitect.SystemID, CaringProfile: api.CaringProfileCaring040RC2, Resources: []api.Resource{ {ID: "unknown:1", Type: "unknown_type", Labels: []string{"internal"}, TrustZone: "internal"}, }, Metadata: map[string]any{"flex_auth_contract": api.FlexAuthContractV0}, } _, err := markitect.ImportResourceManifest(registry.NewStore(), manifest) if err == nil { t.Fatal("ImportResourceManifest accepted unknown resource type") } } func hasDiagnostic(diagnostics []markitect.Diagnostic, code, severity string) bool { for _, diagnostic := range diagnostics { if diagnostic.Code == code && diagnostic.Severity == severity { return true } } return false } func hasSeverity(diagnostics []markitect.Diagnostic, severity string) bool { for _, diagnostic := range diagnostics { if diagnostic.Severity == severity { return true } } return false } func loadYAML(t *testing.T, path string, out any) { t.Helper() data, err := os.ReadFile(path) if err != nil { t.Fatalf("read %s: %v", path, err) } if err := yaml.Unmarshal(data, out); err != nil { t.Fatalf("unmarshal %s: %v", path, err) } }