Skip to content

Commit

Permalink
add tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@elizabethhealy
elizabethhealy committed Dec 5, 2024
1 parent 31422cd commit c974e86
Show file tree
Hide file tree
Showing 8 changed files with 771 additions and 0 deletions.
46 changes: 46 additions & 0 deletions service/pkg/server/start_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,3 +142,49 @@ func (suite *StartTestSuite) Test_Start_When_Extra_Service_Registered_Expect_Res
require.NoError(t, err)
assert.Equal(t, "hello from test service!", string(respBody))
}

func (suite *StartTestSuite) Test_Start_Mode_Config_Errors() {
t := suite.T()
testCases := []struct {
name string
configFile string
expErrorContains string
}{
{"core without sdk_config", "testdata/err-core-no-config.yaml", "no sdk config provided"},
{"kas without sdk_config", "testdata/err-core-no-config.yaml", "no sdk config provided"},
{"core with sdk_config without ers endpoint", "testdata/err-core-w-config-no-ers.yaml", "entityresolution endpoint must be provided in core mode"},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := Start(
WithWaitForShutdownSignal(),
WithConfigFile(tc.configFile),
)
require.Error(t, err)
require.ErrorContains(t, err, tc.expErrorContains)
})
}
}

func (suite *StartTestSuite) Test_Start_Mode_Config_Success() {
t := suite.T()
testCases := []struct {
name string
configFile string
}{
{"core with sdk_config", "testdata/core-correct-sdk-config.yaml"},
{"core,entityresolution no sdk_config", "testdata/core-ers-no-config.yaml"},
{"core,entityresolution,kas no sdk_config", "testdata/core-ers-kas-no-config.yaml"},
{"all no sdk_config", "testdata/all-no-config.yaml"},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := Start(
WithConfigFile(tc.configFile),
)
require.NoError(t, err)
})
}
}
100 changes: 100 additions & 0 deletions service/pkg/server/testdata/all-no-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@

mode: all
logger:
level: debug
type: text
output: stdout
services:
kas:
keyring:
- kid: e1
alg: ec:secp256r1
- kid: e1
alg: ec:secp256r1
legacy: true
- kid: r1
alg: rsa:2048
- kid: r1
alg: rsa:2048
legacy: true
entityresolution:
log_level: info
url: http://localhost:8888/auth
clientid: 'tdf-entity-resolution'
clientsecret: 'secret'
realm: 'opentdf'
legacykeycloak: true
inferid:
from:
email: true
username: true
server:
tls:
enabled: false
cert: ./keys/platform.crt
key: ./keys/platform-key.pem
auth:
enabled: true
enforceDPoP: false
public_client_id: 'opentdf-public'
audience: 'http://localhost:8080'
issuer: http://localhost:8888/auth/realms/opentdf
policy:
## Dot notation is used to access nested claims (i.e. realm_access.roles)
# Claim that represents the user (i.e. email)
username_claim: # preferred_username
# That claim to access groups (i.e. realm_access.roles)
groups_claim: # realm_access.roles
## Extends the builtin policy
extension: |
g, opentdf-admin, role:admin
g, opentdf-standard, role:standard
## Custom policy that overrides builtin policy (see examples https://github.com/casbin/casbin/tree/master/examples)
csv: #|
# p, role:admin, *, *, allow
## Custom model (see https://casbin.org/docs/syntax-for-models/)
model: #|
# [request_definition]
# r = sub, res, act, obj
#
# [policy_definition]
# p = sub, res, act, obj, eft
#
# [role_definition]
# g = _, _
#
# [policy_effect]
# e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
#
# [matchers]
# m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj)
cors:
enabled: false
# "*" to allow any origin or a specific domain like "https://yourdomain.com"
allowedorigins:
- '*'
# List of methods. Examples: "GET,POST,PUT"
allowedmethods:
- GET
- POST
- PATCH
- PUT
- DELETE
- OPTIONS
# List of headers that are allowed in a request
allowedheaders:
- ACCEPT
- Authorization
- Content-Type
- X-CSRF-Token
- X-Request-ID
# List of response headers that browsers are allowed to access
exposedheaders:
- Link
# Sets whether credentials are included in the CORS request
allowcredentials: true
# Sets the maximum age (in seconds) of a specific CORS preflight request
maxage: 3600
grpc:
reflectionEnabled: true # Default is false
port: 8080
111 changes: 111 additions & 0 deletions service/pkg/server/testdata/core-correct-sdk-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@

mode: core
sdk_config:
entityresolution:
endpoint: http://localhost:8181
plaintext: true
client_id: opentdf
client_secret: secret
logger:
level: debug
type: text
output: stdout
services:
kas:
keyring:
- kid: e1
alg: ec:secp256r1
- kid: e1
alg: ec:secp256r1
legacy: true
- kid: r1
alg: rsa:2048
- kid: r1
alg: rsa:2048
legacy: true
entityresolution:
log_level: info
url: http://localhost:8888/auth
clientid: 'tdf-entity-resolution'
clientsecret: 'secret'
realm: 'opentdf'
legacykeycloak: true
inferid:
from:
email: true
username: true
# policy is enabled by default in mode 'all'
# policy:
# enabled: true
# list_request_limit_default: 1000
# list_request_limit_max: 2500
server:
tls:
enabled: false
cert: ./keys/platform.crt
key: ./keys/platform-key.pem
auth:
enabled: true
enforceDPoP: false
public_client_id: 'opentdf-public'
audience: 'http://localhost:8080'
issuer: http://localhost:8888/auth/realms/opentdf
policy:
## Dot notation is used to access nested claims (i.e. realm_access.roles)
# Claim that represents the user (i.e. email)
username_claim: # preferred_username
# That claim to access groups (i.e. realm_access.roles)
groups_claim: # realm_access.roles
## Extends the builtin policy
extension: |
g, opentdf-admin, role:admin
g, opentdf-standard, role:standard
## Custom policy that overrides builtin policy (see examples https://github.com/casbin/casbin/tree/master/examples)
csv: #|
# p, role:admin, *, *, allow
## Custom model (see https://casbin.org/docs/syntax-for-models/)
model: #|
# [request_definition]
# r = sub, res, act, obj
#
# [policy_definition]
# p = sub, res, act, obj, eft
#
# [role_definition]
# g = _, _
#
# [policy_effect]
# e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
#
# [matchers]
# m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj)
cors:
enabled: false
# "*" to allow any origin or a specific domain like "https://yourdomain.com"
allowedorigins:
- '*'
# List of methods. Examples: "GET,POST,PUT"
allowedmethods:
- GET
- POST
- PATCH
- PUT
- DELETE
- OPTIONS
# List of headers that are allowed in a request
allowedheaders:
- ACCEPT
- Authorization
- Content-Type
- X-CSRF-Token
- X-Request-ID
# List of response headers that browsers are allowed to access
exposedheaders:
- Link
# Sets whether credentials are included in the CORS request
allowcredentials: true
# Sets the maximum age (in seconds) of a specific CORS preflight request
maxage: 3600
grpc:
reflectionEnabled: true # Default is false
port: 8080
100 changes: 100 additions & 0 deletions service/pkg/server/testdata/core-ers-kas-no-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@

mode: core,kas,entityresolution
logger:
level: debug
type: text
output: stdout
services:
kas:
keyring:
- kid: e1
alg: ec:secp256r1
- kid: e1
alg: ec:secp256r1
legacy: true
- kid: r1
alg: rsa:2048
- kid: r1
alg: rsa:2048
legacy: true
entityresolution:
log_level: info
url: http://localhost:8888/auth
clientid: 'tdf-entity-resolution'
clientsecret: 'secret'
realm: 'opentdf'
legacykeycloak: true
inferid:
from:
email: true
username: true
server:
tls:
enabled: false
cert: ./keys/platform.crt
key: ./keys/platform-key.pem
auth:
enabled: true
enforceDPoP: false
public_client_id: 'opentdf-public'
audience: 'http://localhost:8080'
issuer: http://localhost:8888/auth/realms/opentdf
policy:
## Dot notation is used to access nested claims (i.e. realm_access.roles)
# Claim that represents the user (i.e. email)
username_claim: # preferred_username
# That claim to access groups (i.e. realm_access.roles)
groups_claim: # realm_access.roles
## Extends the builtin policy
extension: |
g, opentdf-admin, role:admin
g, opentdf-standard, role:standard
## Custom policy that overrides builtin policy (see examples https://github.com/casbin/casbin/tree/master/examples)
csv: #|
# p, role:admin, *, *, allow
## Custom model (see https://casbin.org/docs/syntax-for-models/)
model: #|
# [request_definition]
# r = sub, res, act, obj
#
# [policy_definition]
# p = sub, res, act, obj, eft
#
# [role_definition]
# g = _, _
#
# [policy_effect]
# e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
#
# [matchers]
# m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj)
cors:
enabled: false
# "*" to allow any origin or a specific domain like "https://yourdomain.com"
allowedorigins:
- '*'
# List of methods. Examples: "GET,POST,PUT"
allowedmethods:
- GET
- POST
- PATCH
- PUT
- DELETE
- OPTIONS
# List of headers that are allowed in a request
allowedheaders:
- ACCEPT
- Authorization
- Content-Type
- X-CSRF-Token
- X-Request-ID
# List of response headers that browsers are allowed to access
exposedheaders:
- Link
# Sets whether credentials are included in the CORS request
allowcredentials: true
# Sets the maximum age (in seconds) of a specific CORS preflight request
maxage: 3600
grpc:
reflectionEnabled: true # Default is false
port: 8080
Loading

0 comments on commit c974e86

Please sign in to comment.