brennen
/
blubber
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 Commits
2 Branches
713 KiB
 
 
 
Branch: zuultest
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'zuultest'
${ noResults }
blubber/config/policy_test.go

117 lines
2.5 KiB
Raw Permalink Blame History

package config_test
import (
"testing"
"github.com/stretchr/testify/assert"
"gerrit.wikimedia.org/r/blubber/config"
)
func TestPolicyRead(t *testing.T) {
policy, err := config.ReadYAMLPolicy([]byte(`---
enforcements:
- path: variants.production.runs.as
rule: ne=root
- path: base
rule: oneof=debian:jessie debian:stretch`))
if assert.NoError(t, err) {
if assert.Len(t, policy.Enforcements, 2) {
assert.Equal(t, "variants.production.runs.as", policy.Enforcements[0].Path)
assert.Equal(t, "ne=root", policy.Enforcements[0].Rule)
assert.Equal(t, "base", policy.Enforcements[1].Path)
assert.Equal(t, "oneof=debian:jessie debian:stretch", policy.Enforcements[1].Rule)
}
}
}
func TestPolicyValidate(t *testing.T) {
cfg := config.Config{
CommonConfig: config.CommonConfig{
Base: "foo:tag",
},
Variants: map[string]config.VariantConfig{
"foo": config.VariantConfig{
CommonConfig: config.CommonConfig{
Runs: config.RunsConfig{
UserConfig: config.UserConfig{
As: "root",
},
},
},
},
},
}
policy := config.Policy{
Enforcements: []config.Enforcement{
{Path: "variants.foo.runs.as", Rule: "ne=root"},
},
}
assert.EqualError(t,
policy.Validate(cfg),
`value for "variants.foo.runs.as" violates policy rule "ne=root"`,
)
policy = config.Policy{
Enforcements: []config.Enforcement{
{Path: "base", Rule: "oneof=debian:jessie debian:stretch"},
},
}
assert.EqualError(t,
policy.Validate(cfg),
`value for "base" violates policy rule "oneof=debian:jessie debian:stretch"`,
)
}
func TestEnforcementOnFlag(t *testing.T) {
cfg := config.Config{
Variants: map[string]config.VariantConfig{
"production": config.VariantConfig{
CommonConfig: config.CommonConfig{
Runs: config.RunsConfig{
Insecurely: config.Flag{True: true},
},
},
},
},
}
policy := config.Policy{
Enforcements: []config.Enforcement{
{Path: "variants.production.runs.insecurely", Rule: "isfalse"},
},
}
assert.Error(t,
policy.Validate(cfg),
`value for "variants.production.runs.insecurely" violates policy rule "isfalse"`,
)
}
func TestResolveJSONPath(t *testing.T) {
cfg := config.Config{
Variants: map[string]config.VariantConfig{
"foo": config.VariantConfig{
CommonConfig: config.CommonConfig{
Runs: config.RunsConfig{
UserConfig: config.UserConfig{
As: "root",
},
},
},
},
},
}
val, err := config.ResolveJSONPath("variants.foo.runs.as", cfg)
if assert.NoError(t, err) {
assert.Equal(t, "root", val)
}
}