You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

117 lines
2.5 KiB

  1. package config_test
  2. import (
  3. "testing"
  4. "github.com/stretchr/testify/assert"
  5. "gerrit.wikimedia.org/r/blubber/config"
  6. )
  7. func TestPolicyRead(t *testing.T) {
  8. policy, err := config.ReadYAMLPolicy([]byte(`---
  9. enforcements:
  10. - path: variants.production.runs.as
  11. rule: ne=root
  12. - path: base
  13. rule: oneof=debian:jessie debian:stretch`))
  14. if assert.NoError(t, err) {
  15. if assert.Len(t, policy.Enforcements, 2) {
  16. assert.Equal(t, "variants.production.runs.as", policy.Enforcements[0].Path)
  17. assert.Equal(t, "ne=root", policy.Enforcements[0].Rule)
  18. assert.Equal(t, "base", policy.Enforcements[1].Path)
  19. assert.Equal(t, "oneof=debian:jessie debian:stretch", policy.Enforcements[1].Rule)
  20. }
  21. }
  22. }
  23. func TestPolicyValidate(t *testing.T) {
  24. cfg := config.Config{
  25. CommonConfig: config.CommonConfig{
  26. Base: "foo:tag",
  27. },
  28. Variants: map[string]config.VariantConfig{
  29. "foo": config.VariantConfig{
  30. CommonConfig: config.CommonConfig{
  31. Runs: config.RunsConfig{
  32. UserConfig: config.UserConfig{
  33. As: "root",
  34. },
  35. },
  36. },
  37. },
  38. },
  39. }
  40. policy := config.Policy{
  41. Enforcements: []config.Enforcement{
  42. {Path: "variants.foo.runs.as", Rule: "ne=root"},
  43. },
  44. }
  45. assert.EqualError(t,
  46. policy.Validate(cfg),
  47. `value for "variants.foo.runs.as" violates policy rule "ne=root"`,
  48. )
  49. policy = config.Policy{
  50. Enforcements: []config.Enforcement{
  51. {Path: "base", Rule: "oneof=debian:jessie debian:stretch"},
  52. },
  53. }
  54. assert.EqualError(t,
  55. policy.Validate(cfg),
  56. `value for "base" violates policy rule "oneof=debian:jessie debian:stretch"`,
  57. )
  58. }
  59. func TestEnforcementOnFlag(t *testing.T) {
  60. cfg := config.Config{
  61. Variants: map[string]config.VariantConfig{
  62. "production": config.VariantConfig{
  63. CommonConfig: config.CommonConfig{
  64. Runs: config.RunsConfig{
  65. Insecurely: config.Flag{True: true},
  66. },
  67. },
  68. },
  69. },
  70. }
  71. policy := config.Policy{
  72. Enforcements: []config.Enforcement{
  73. {Path: "variants.production.runs.insecurely", Rule: "isfalse"},
  74. },
  75. }
  76. assert.Error(t,
  77. policy.Validate(cfg),
  78. `value for "variants.production.runs.insecurely" violates policy rule "isfalse"`,
  79. )
  80. }
  81. func TestResolveJSONPath(t *testing.T) {
  82. cfg := config.Config{
  83. Variants: map[string]config.VariantConfig{
  84. "foo": config.VariantConfig{
  85. CommonConfig: config.CommonConfig{
  86. Runs: config.RunsConfig{
  87. UserConfig: config.UserConfig{
  88. As: "root",
  89. },
  90. },
  91. },
  92. },
  93. },
  94. }
  95. val, err := config.ResolveJSONPath("variants.foo.runs.as", cfg)
  96. if assert.NoError(t, err) {
  97. assert.Equal(t, "root", val)
  98. }
  99. }