move directory providers (#3633)

* remove directory providers and support for groups * idp: remove directory providers * better error messages * fix errors * restore postgres * fix test
2025-06-25 14:08:09 +02:00 · 2022-11-03 11:33:56 -06:00 · 2022-11-03 11:33:56 -06:00 · c178819875
commit c178819875
parent bb5c80bae9
78 changed files with 723 additions and 8703 deletions
--- a/pkg/policy/criteria/groups_test.go
+++ b/pkg/policy/criteria/groups_test.go
@ -1,100 +0,0 @@
-package criteria
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/pomerium/pomerium/pkg/grpc/directory"
-	"github.com/pomerium/pomerium/pkg/grpc/session"
-)
-
-func TestGroups(t *testing.T) {
-	t.Run("no session", func(t *testing.T) {
-		res, err := evaluate(t, `
-allow:
-  and:
-    - groups:
-        has: group1
-    - groups:
-        has: group2
-`, []dataBrokerRecord{}, Input{Session: InputSession{ID: "SESSION_ID"}})
-		require.NoError(t, err)
-		require.Equal(t, A{false, A{ReasonUserUnauthenticated}, M{}}, res["allow"])
-		require.Equal(t, A{false, A{}}, res["deny"])
-	})
-	t.Run("by id", func(t *testing.T) {
-		res, err := evaluate(t, `
-allow:
-  and:
-    - groups:
-        has: group1
-`,
-			[]dataBrokerRecord{
-				&session.Session{
-					Id:     "SESSION_ID",
-					UserId: "USER_ID",
-				},
-				&directory.User{
-					Id:       "USER_ID",
-					GroupIds: []string{"group1"},
-				},
-			},
-			Input{Session: InputSession{ID: "SESSION_ID"}})
-		require.NoError(t, err)
-		require.Equal(t, A{true, A{ReasonGroupsOK}, M{}}, res["allow"])
-		require.Equal(t, A{false, A{}}, res["deny"])
-	})
-	t.Run("by email", func(t *testing.T) {
-		res, err := evaluate(t, `
-allow:
-  and:
-    - groups:
-        has: "group1@example.com"
-`,
-			[]dataBrokerRecord{
-				&session.Session{
-					Id:     "SESSION_ID",
-					UserId: "USER_ID",
-				},
-				&directory.User{
-					Id:       "USER_ID",
-					GroupIds: []string{"group1"},
-				},
-				&directory.Group{
-					Id:    "group1",
-					Email: "group1@example.com",
-				},
-			},
-			Input{Session: InputSession{ID: "SESSION_ID"}})
-		require.NoError(t, err)
-		require.Equal(t, A{true, A{ReasonGroupsOK}, M{}}, res["allow"])
-		require.Equal(t, A{false, A{}}, res["deny"])
-	})
-	t.Run("by name", func(t *testing.T) {
-		res, err := evaluate(t, `
-allow:
-  and:
-    - groups:
-        has: "Group 1"
-`,
-			[]dataBrokerRecord{
-				&session.Session{
-					Id:     "SESSION_ID",
-					UserId: "USER_ID",
-				},
-				&directory.User{
-					Id:       "USER_ID",
-					GroupIds: []string{"group1"},
-				},
-				&directory.Group{
-					Id:   "group1",
-					Name: "Group 1",
-				},
-			},
-			Input{Session: InputSession{ID: "SESSION_ID"}})
-		require.NoError(t, err)
-		require.Equal(t, A{true, A{ReasonGroupsOK}, M{}}, res["allow"])
-		require.Equal(t, A{false, A{}}, res["deny"])
-	})
-}