mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 02:46:30 +02:00
69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package criteria
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/pomerium/datasource/pkg/directory"
|
|
"github.com/pomerium/pomerium/pkg/grpc/databroker"
|
|
"github.com/pomerium/pomerium/pkg/grpc/session"
|
|
)
|
|
|
|
func TestGroups(t *testing.T) {
|
|
t.Run("no session", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- groups:
|
|
has: group1
|
|
- groups:
|
|
has: group2
|
|
`, []*databroker.Record{}, Input{Session: InputSession{ID: "session1"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, A{false, A{ReasonUserUnauthenticated}, M{}}, res["allow"])
|
|
require.Equal(t, A{false, A{}}, res["deny"])
|
|
})
|
|
t.Run("by id", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- groups:
|
|
has: group1
|
|
`,
|
|
[]*databroker.Record{
|
|
makeRecord(&session.Session{
|
|
Id: "session1",
|
|
UserId: "user1",
|
|
}),
|
|
makeStructRecord(directory.UserRecordType, "user1", map[string]any{
|
|
"group_ids": []any{"group1", "group2"},
|
|
}),
|
|
},
|
|
Input{Session: InputSession{ID: "session1"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, A{true, A{ReasonGroupsOK}, M{}}, res["allow"])
|
|
require.Equal(t, A{false, A{}}, res["deny"])
|
|
})
|
|
t.Run("not allowed", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- groups:
|
|
has: group1
|
|
`,
|
|
[]*databroker.Record{
|
|
makeRecord(&session.Session{
|
|
Id: "session1",
|
|
UserId: "user1",
|
|
}),
|
|
makeStructRecord(directory.UserRecordType, "user1", map[string]any{
|
|
"group_ids": []any{"group2"},
|
|
}),
|
|
},
|
|
Input{Session: InputSession{ID: "session1"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, A{false, A{ReasonGroupsUnauthorized}, M{}}, res["allow"])
|
|
require.Equal(t, A{false, A{}}, res["deny"])
|
|
})
|
|
}
|