mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-05 05:16:04 +02:00
c13459bb88
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details. * docs: updated `env.example` to include a `POLICY` setting example. * docs: added `IDP_SERVICE_ACCOUNT` to `env.example` . * docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`. * all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files. * proxy: `ROUTES` settings which has been replaced by `POLICY`. * internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one. Closes #54 Closes #41 Closes #61 Closes #58
47 lines
995 B
Go
47 lines
995 B
Go
package clients
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/pomerium/pomerium/internal/sessions"
|
|
pb "github.com/pomerium/pomerium/proto/authorize"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func TestAuthorizeGRPC_Authorize(t *testing.T) {
|
|
type fields struct {
|
|
Conn *grpc.ClientConn
|
|
client pb.AuthorizerClient
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
route string
|
|
s *sessions.SessionState
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want bool
|
|
wantErr bool
|
|
}{
|
|
// TODO: Add test cases.
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := &AuthorizeGRPC{
|
|
Conn: tt.fields.Conn,
|
|
client: tt.fields.client,
|
|
}
|
|
got, err := a.Authorize(tt.args.ctx, tt.args.route, tt.args.s)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("AuthorizeGRPC.Authorize() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if got != tt.want {
|
|
t.Errorf("AuthorizeGRPC.Authorize() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|