package api_test import ( "os" "path/filepath" "testing" "gopkg.in/yaml.v3" "github.com/netkingdom/flex-auth/pkg/api" ) // TestResourceManifestExampleParses is the golden test for the pinned // FlexAuthResourceManifest shape. It loads examples/markitect/resource_manifest.yaml // and verifies every field the Markitect emitter produces. func TestResourceManifestExampleParses(t *testing.T) { path := filepath.Join("..", "..", "examples", "markitect", "resource_manifest.yaml") data, err := os.ReadFile(path) if err != nil { t.Fatalf("read %s: %v", path, err) } var got api.ResourceManifest if err := yaml.Unmarshal(data, &got); err != nil { t.Fatalf("unmarshal: %v", err) } if got.ID != "markitect-example-knowledge-base" { t.Errorf("ID = %q; want markitect-example-knowledge-base", got.ID) } if got.System != "markitect-tool" { t.Errorf("System = %q; want markitect-tool", got.System) } if got.Metadata["flex_auth_contract"] != api.FlexAuthContractV0 { t.Errorf("metadata.flex_auth_contract = %v; want %q", got.Metadata["flex_auth_contract"], api.FlexAuthContractV0) } wantActions := []string{"read", "query", "search", "package", "export"} if len(got.Actions) != len(wantActions) { t.Fatalf("Actions len = %d; want %d", len(got.Actions), len(wantActions)) } for i, a := range wantActions { if got.Actions[i] != a { t.Errorf("Actions[%d] = %q; want %q", i, got.Actions[i], a) } } if len(got.Resources) != 3 { t.Fatalf("Resources len = %d; want 3", len(got.Resources)) } kb := got.Resources[0] if kb.ID != "knowledge-base:markitect-example" || kb.Type != "knowledge_base" { t.Errorf("resources[0] = %+v; want knowledge-base header", kb) } if kb.TrustZone != "public" { t.Errorf("resources[0].trust_zone = %q; want public", kb.TrustZone) } internal := got.Resources[2] if internal.ID != "document:internal-note" { t.Errorf("resources[2].ID = %q; want document:internal-note", internal.ID) } if internal.Parent != "knowledge-base:markitect-example" { t.Errorf("resources[2].parent = %q; want knowledge-base:markitect-example", internal.Parent) } if internal.TrustZone != "internal" { t.Errorf("resources[2].trust_zone = %q; want internal", internal.TrustZone) } if len(internal.Labels) != 1 || internal.Labels[0] != "internal" { t.Errorf("resources[2].labels = %v; want [internal]", internal.Labels) } } func TestResourceManifestRequiredFields(t *testing.T) { const minimalYAML = `id: m1 system: s1 resources: - id: r1 type: document ` var m api.ResourceManifest if err := yaml.Unmarshal([]byte(minimalYAML), &m); err != nil { t.Fatalf("unmarshal: %v", err) } if m.ID == "" || m.System == "" || len(m.Resources) != 1 { t.Fatalf("minimal manifest did not round-trip: %+v", m) } } func TestMarkitectProtectedSystemNamespaceExampleParses(t *testing.T) { path := filepath.Join("..", "..", "examples", "markitect", "protected_system_manifest.yaml") data, err := os.ReadFile(path) if err != nil { t.Fatalf("read %s: %v", path, err) } var got api.ProtectedSystemManifest if err := yaml.Unmarshal(data, &got); err != nil { t.Fatalf("unmarshal: %v", err) } if got.ID != "markitect-tool" { t.Fatalf("ID = %q; want markitect-tool", got.ID) } if len(got.ResourceTypes) != 8 { t.Fatalf("ResourceTypes len = %d; want 8", len(got.ResourceTypes)) } if len(got.Actions) != 8 { t.Fatalf("Actions len = %d; want 8", len(got.Actions)) } if got.Actions[0].Name != "read" || got.Actions[0].Capabilities[0] != api.CapabilityView { t.Fatalf("first Action = %+v; want read/View", got.Actions[0]) } if got.Actions[5].Name != "export" || got.Actions[5].Capabilities[0] != api.CapabilityExport { t.Fatalf("export Action = %+v; want export/Export", got.Actions[5]) } if got.ResourceTypes[0].Name != "knowledge_base" || got.ResourceTypes[0].ScopeLevel != api.ScopeLevelWorkspace { t.Fatalf("first ResourceType = %+v; want knowledge_base Workspace", got.ResourceTypes[0]) } if got.ResourceTypes[7].Name != "export" || got.ResourceTypes[7].ScopeLevel != api.ScopeLevelRecord { t.Fatalf("last ResourceType = %+v; want export Record", got.ResourceTypes[7]) } } func TestMarkitectNamespaceResourceManifestExampleParses(t *testing.T) { path := filepath.Join("..", "..", "examples", "markitect", "namespace_resource_manifest.yaml") data, err := os.ReadFile(path) if err != nil { t.Fatalf("read %s: %v", path, err) } var got api.ResourceManifest if err := yaml.Unmarshal(data, &got); err != nil { t.Fatalf("unmarshal: %v", err) } if got.CaringProfile != api.CaringProfileCaring040RC2 { t.Fatalf("CaringProfile = %q; want %q", got.CaringProfile, api.CaringProfileCaring040RC2) } if len(got.Resources) != 8 { t.Fatalf("Resources len = %d; want 8", len(got.Resources)) } if got.Resources[4].Type != "span" || got.Resources[4].TrustZone != "restricted" { t.Fatalf("resources[4] = %+v; want restricted span", got.Resources[4]) } if got.Resources[7].Type != "export" || got.Resources[7].Parent != "workflow-artifact:internal-note-review-run" { t.Fatalf("resources[7] = %+v; want export child of workflow artifact", got.Resources[7]) } }