From 001c0f08253f6926b231d44e4c12970efb23fe96 Mon Sep 17 00:00:00 2001 From: Alex Zgabur Date: Fri, 24 Nov 2023 17:16:01 +0100 Subject: [PATCH] Add test for patterns reference --- .../conditions/test_patternref_expressions.py | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 testsuite/tests/kuadrant/authorino/conditions/test_patternref_expressions.py diff --git a/testsuite/tests/kuadrant/authorino/conditions/test_patternref_expressions.py b/testsuite/tests/kuadrant/authorino/conditions/test_patternref_expressions.py new file mode 100644 index 00000000..c5f9d1b3 --- /dev/null +++ b/testsuite/tests/kuadrant/authorino/conditions/test_patternref_expressions.py @@ -0,0 +1,80 @@ +"""Test patterns reference functionality and All/Any logical expressions.""" +import pytest + +from testsuite.objects import Pattern, PatternRef, AnyPatterns, AllPatterns + + +@pytest.fixture(scope="module") +def authorization(authorization): + """ + Add multiple named patterns to AuthConfig to be referenced in later authorization rules. + Create authorization rule which: + 1. For a GET requests allows only paths "/anything/dog" and "/anything/cat" + 2. For a POST requests allows only paths "/anything/apple" and "/anything/pear" + 3. For requests that contain header "x-special" than it is authorized regardless. + """ + authorization.add_patterns( + { + "apple": [Pattern("context.request.http.path", "eq", "/anything/apple")], + "pear": [Pattern("context.request.http.path", "eq", "/anything/pear")], + "dog": [Pattern("context.request.http.path", "eq", "/anything/dog")], + "cat": [Pattern("context.request.http.path", "eq", "/anything/cat")], + "get": [Pattern("context.request.http.method", "eq", "GET")], + "post": [Pattern("context.request.http.method", "eq", "POST")], + } + ) + + authorization.authorization.add_auth_rules( + "auth_rules", + [ + AnyPatterns( + [ + AllPatterns([AnyPatterns([PatternRef("dog"), PatternRef("cat")]), PatternRef("get")]), + AllPatterns([AnyPatterns([PatternRef("apple"), PatternRef("pear")]), PatternRef("post")]), + Pattern("context.request.http.headers.@keys", "incl", "x-special"), + ] + ) + ], + ) + + return authorization + + +def get_evaluator(suffix: str): + """Expected return value for suffix in /anything/{suffix} with GET request.""" + if suffix in {"dog", "cat"}: + return 200 + return 403 + + +def post_evaluator(suffix: str): + """Expected return value for suffix in /anything/{suffix} with POST request.""" + if suffix in {"apple", "pear"}: + return 200 + return 403 + + +@pytest.fixture(params=["apple", "pear", "dog", "cat", "rock"]) +def suffix(request): + """Parametrize over every suffix""" + return request.param + + +def test_get_rule(client, auth, suffix): + """Test if doing GET request adheres to specified auth rule.""" + path = f"/anything/{suffix}" + assert client.get("/get", auth=auth).status_code == 403 + assert client.get(path, auth=auth).status_code == get_evaluator(suffix) + + +def test_post_rule(client, auth, suffix): + """Test if doing POST request adheres to specified auth rule.""" + path = f"/anything/{suffix}" + assert client.post("/get", auth=auth).status_code == 403 + assert client.post(path, auth=auth).status_code == post_evaluator(suffix) + + +def test_special_header_rule(client, auth): + """Test if using the "x-special" header adheres to specified auth rule.""" + assert client.get("/get", auth=auth, headers={"x-special": "value"}).status_code == 200 + assert client.post("/post", auth=auth, headers={"x-special": "value"}).status_code == 200