From f6f5ef61284ff9f1437fa75d58962647c52ced28 Mon Sep 17 00:00:00 2001 From: Cowan Macady Date: Thu, 20 Jun 2024 16:22:37 +0200 Subject: [PATCH] feat: remove authz token implement ENG-3799 --- .../authorization_integration_test.go | 155 ------------------ test/constants.go | 6 - 2 files changed, 161 deletions(-) diff --git a/authorization/authorization_integration_test.go b/authorization/authorization_integration_test.go index 790d9460..dcafbfa7 100644 --- a/authorization/authorization_integration_test.go +++ b/authorization/authorization_integration_test.go @@ -891,86 +891,6 @@ var _ = Describe("Authorized", func() { }), }))) }) - - It("IsAuthorizedTokenNonValid", func() { - var err error - authorizationClient, err := integration.InitConfigAuthorization() - Expect(err).To(Succeed()) - - token := integration.TokenBad - resources := integration.Resource1 - // To make sure that the proper audit log was queried from BigQuery, need to add a unique identifier. - noAuditLogEntry = true - inputParams := map[string]*authorizationpb.InputParam{ - "auditLog": { - Value: &authorizationpb.InputParam_StringValue{ - StringValue: fmt.Sprintf("\"%v\"", auditLogIdentifier), - }, - }, - } - var policyTags []string - - resp, err := authorizationClient.IsAuthorizedByToken( - context.Background(), - token, - resources, - inputParams, - policyTags, - retry.WithMax(5), - ) - Expect(err).To(MatchError(ContainSubstring("invalid JWT"))) - Expect(resp).To(BeNil()) - }) - - It("IsAuthorizedTokenNotInDB", func() { - var err error - authorizationClient, err := integration.InitConfigAuthorization() - Expect(err).To(Succeed()) - - token := integration.TokenGoodFormat - resources := integration.Resource1 - // To make sure that the proper audit log was queried from BigQuery, need to add a unique identifier. - inputParams := map[string]*authorizationpb.InputParam{ - "auditLog": { - Value: &authorizationpb.InputParam_StringValue{ - StringValue: fmt.Sprintf("\"%v\"", auditLogIdentifier), - }, - }, - } - var policyTags []string - - resp, err := authorizationClient.IsAuthorizedByToken( - context.Background(), - token, - resources, - inputParams, - policyTags, - retry.WithMax(5), - ) - Expect(err).To(Succeed()) - Expect(resp).NotTo(BeNil()) - - decision := resources[0].Type - resource := resources[0].ExternalId - action := resources[0].Actions[0] - - Expect(resp).To(PointTo(MatchFields(IgnoreExtras, Fields{ - "DecisionTime": Not(BeNil()), - "Decisions": MatchAllKeys(Keys{ - decision: PointTo(MatchFields(IgnoreExtras, Fields{ - "Resources": MatchAllKeys(Keys{ - resource: PointTo(MatchFields(IgnoreExtras, Fields{ - "Actions": MatchAllKeys(Keys{ - action: PointTo(MatchFields(IgnoreExtras, Fields{ - "Allow": Equal(false), - })), - }), - })), - }), - })), - }), - }))) - }) }) Describe("WhatAuthorized", func() { @@ -1453,81 +1373,6 @@ var _ = Describe("Authorized", func() { }), }))) }) - - It("WhatAuthorizedTokenNonValid", func() { - var err error - authorizationClient, err := integration.InitConfigAuthorization() - Expect(err).To(Succeed()) - - resourcesTypes := integration.ResourceType1 - // To make sure that the proper audit log was queried from BigQuery, need to add a unique identifier. - noAuditLogEntry = true - inputParams := map[string]*authorizationpb.InputParam{ - "auditLog": { - Value: &authorizationpb.InputParam_StringValue{ - StringValue: fmt.Sprintf("\"%v\"", auditLogIdentifier), - }, - }, - } - var policyTags []string - - resp, err := authorizationClient.WhatAuthorizedByToken( - context.Background(), - integration.TokenBad, - resourcesTypes, - inputParams, - policyTags, - retry.WithMax(5), - ) - - Expect(err).To(MatchError(ContainSubstring("invalid JWT"))) - Expect(resp).To(BeNil()) - }) - - It("WhatAuthorizedPropertyNotInDB", func() { - var err error - authorizationClient, err := integration.InitConfigAuthorization() - Expect(err).To(Succeed()) - - resourcesTypes := integration.ResourceType1 - // To make sure that the proper audit log was queried from BigQuery, need to add a unique identifier. - inputParams := map[string]*authorizationpb.InputParam{ - "auditLog": { - Value: &authorizationpb.InputParam_StringValue{ - StringValue: fmt.Sprintf("\"%v\"", auditLogIdentifier), - }, - }, - } - var policyTags []string - - resp, err := authorizationClient.WhatAuthorizedByToken( - context.Background(), - integration.TokenGoodFormat, - resourcesTypes, - inputParams, - policyTags, - retry.WithMax(5), - ) - - Expect(err).To(Succeed()) - Expect(resp).NotTo(BeNil()) - - decision := resourcesTypes[0].Type - action := resourcesTypes[0].Actions[0] - - Expect(resp).To(PointTo(MatchFields(IgnoreExtras, Fields{ - "DecisionTime": Not(BeNil()), - "Decisions": MatchAllKeys(Keys{ - decision: PointTo(MatchFields(IgnoreExtras, Fields{ - "Actions": MatchAllKeys(Keys{ - action: PointTo(MatchFields(IgnoreExtras, Fields{ - "Resources": BeEmpty(), - })), - }), - })), - }), - }))) - }) }) Describe("WhoAuthorized", func() { diff --git a/test/constants.go b/test/constants.go index 2be9068c..b62d7d84 100644 --- a/test/constants.go +++ b/test/constants.go @@ -172,12 +172,6 @@ var ( Subject2 = "fVcaUxJqmOkyOTX" Subject3 = "lSPmCXIPRXppszf" Subject4 = "NACTFFKUCcceDIz" - - // TokenGoodFormat is a valid format for jwt. - TokenGoodFormat = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + - "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9." + - "dyt0CoTl4WoVjAHI9Q_CwSKhl6d_9rhM3NrXuJttkao" // #nosec G101 - TokenBad = "token_invalid_format" ) func GenerateRandomString(length int) string {