mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 02:16:28 +02:00
69316d2d99
* ppl: use session.user_id instead of user.id for user criterion * fix test Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
65 lines
1.4 KiB
Go
65 lines
1.4 KiB
Go
package criteria
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
"google.golang.org/protobuf/proto"
|
|
|
|
"github.com/pomerium/pomerium/pkg/grpc/session"
|
|
)
|
|
|
|
func TestUser(t *testing.T) {
|
|
t.Run("no session", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- user:
|
|
is: USER_ID
|
|
`, []dataBrokerRecord{}, Input{Session: InputSession{ID: "SESSION_ID"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, false, res["allow"])
|
|
require.Equal(t, false, res["deny"])
|
|
})
|
|
t.Run("by user id", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- user:
|
|
is: USER_ID
|
|
`,
|
|
[]dataBrokerRecord{
|
|
&session.Session{
|
|
Id: "SESSION_ID",
|
|
UserId: "USER_ID",
|
|
},
|
|
},
|
|
Input{Session: InputSession{ID: "SESSION_ID"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, true, res["allow"])
|
|
require.Equal(t, false, res["deny"])
|
|
})
|
|
t.Run("by impersonate session id", func(t *testing.T) {
|
|
res, err := evaluate(t, `
|
|
allow:
|
|
and:
|
|
- user:
|
|
is: USER2
|
|
`,
|
|
[]dataBrokerRecord{
|
|
&session.Session{
|
|
Id: "SESSION1",
|
|
UserId: "USER1",
|
|
ImpersonateSessionId: proto.String("SESSION2"),
|
|
},
|
|
&session.Session{
|
|
Id: "SESSION2",
|
|
UserId: "USER2",
|
|
},
|
|
},
|
|
Input{Session: InputSession{ID: "SESSION1"}})
|
|
require.NoError(t, err)
|
|
require.Equal(t, true, res["allow"])
|
|
require.Equal(t, false, res["deny"])
|
|
})
|
|
}
|