flex-auth/internal/markitect/check_fixtures_test.go

package markitect_test

import (
	"context"
	"path/filepath"
	"testing"

	"github.com/netkingdom/flex-auth/internal/policy"
	"github.com/netkingdom/flex-auth/pkg/api"
)

func TestMarkitectCheckFixturePackageValidates(t *testing.T) {
	pkg, err := policy.LoadAndValidateFile(context.Background(), filepath.Join("..", "..", "examples", "markitect", "check_policy_package.md"))
	if err != nil {
		t.Fatalf("LoadAndValidateFile: %v", err)
	}
	if !pkg.Valid {
		t.Fatalf("pkg.Valid = false: %+v", pkg.Validation)
	}
	if len(pkg.Fixtures) != 5 {
		t.Fatalf("Fixtures len = %d; want 5", len(pkg.Fixtures))
	}

	wantEffects := map[string]api.DecisionEffect{
		"fixture:markitect-public-document-allow":          api.DecisionEffectAllow,
		"fixture:markitect-internal-document-deny":         api.DecisionEffectDeny,
		"fixture:markitect-internal-document-reader-allow": api.DecisionEffectAllow,
		"fixture:markitect-restricted-export-steward-mfa":  api.DecisionEffectAllow,
		"fixture:markitect-context-package-activation":     api.DecisionEffectAllow,
	}
	for _, fixture := range pkg.Fixtures {
		if fixture.Expect.Effect != wantEffects[fixture.ID] {
			t.Fatalf("%s effect = %q; want %q", fixture.ID, fixture.Expect.Effect, wantEffects[fixture.ID])
		}
		assertFixtureMetadata(t, fixture)
	}

	for _, result := range pkg.Validation.Fixtures {
		if !result.Passed {
			t.Fatalf("fixture %s failed: %s actual=%+v", result.ID, result.Error, result.Actual)
		}
	}
}

func assertFixtureMetadata(t *testing.T, fixture api.PolicyFixture) {
	t.Helper()

	if _, ok := fixture.Metadata["expected_caring_descriptor"]; !ok {
		t.Fatalf("%s missing expected_caring_descriptor metadata", fixture.ID)
	}
	if _, ok := fixture.Metadata["expected_exposure_modes"]; !ok {
		t.Fatalf("%s missing expected_exposure_modes metadata", fixture.ID)
	}
	if _, ok := fixture.Metadata["expected_audit_behavior"]; !ok {
		t.Fatalf("%s missing expected_audit_behavior metadata", fixture.ID)
	}
}