3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/pkg/policy/criteria/invalid_client_certificate_test.go
Caleb Doxsey 6a833b365a
core/ppl: add groups criterion (#4916) 
* core/ppl: add groups criterion

* remove dead code

* add additional test
2024-01-30 09:40:15 -07:00

62 lines
1.1 KiB
Go
Raw Permalink Blame History

package criteria
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/pomerium/pomerium/pkg/grpc/databroker"
)
func TestInvalidClientCertificate(t *testing.T) {
t.Parallel()
cases := []struct {
label string
input Input
expected A
}{
{
"not presented",
Input{},
A{true, A{ReasonClientCertificateRequired}, M{}},
},
{
"invalid",
Input{
HTTP: InputHTTP{
ClientCertificate: ClientCertificateInfo{Presented: true},
},
},
A{true, A{ReasonInvalidClientCertificate}, M{}},
},
{
"valid",
Input{
HTTP: InputHTTP{
ClientCertificate: ClientCertificateInfo{Presented: true},
},
IsValidClientCertificate: true,
},
A{false, A{ReasonValidClientCertificate}, M{}},
},
}
const policy = `
deny:
or:
- invalid_client_certificate: true`
for i := range cases {
c := cases[i]
t.Run(c.label, func(t *testing.T) {
t.Parallel()
res, err := evaluate(t, policy, []*databroker.Record{}, c.input)
require.NoError(t, err)
assert.Equal(t, A{false, A{}}, res["allow"])
assert.Equal(t, c.expected, res["deny"])
})
}
}
Reference in a new issue View git blame Copy permalink