pomerium/pkg/policy/generator/generator_test.go

package generator

import (
	"testing"

	"github.com/open-policy-agent/opa/ast"
	"github.com/open-policy-agent/opa/format"
	"github.com/stretchr/testify/assert"

	"github.com/pomerium/pomerium/pkg/policy/parser"
)

func Test(t *testing.T) {
	g := New(WithCriterion(func(g *Generator) Criterion {
		return NewCriterionFunc([]string{"accept"}, func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) {
			rule = g.NewRule("accept")
			rule.Body = append(rule.Body, ast.MustParseExpr("1 == 1"))
			return rule, nil, nil
		})
	}))

	mod, err := g.Generate(&parser.Policy{
		Rules: []parser.Rule{
			{
				Action: parser.ActionAllow,
				And: []parser.Criterion{
					{Name: "accept"},
					{Name: "accept"},
					{Name: "accept"},
				},
				Or: []parser.Criterion{
					{Name: "accept"},
					{Name: "accept"},
					{Name: "accept"},
				},
				Not: []parser.Criterion{
					{Name: "accept"},
					{Name: "accept"},
					{Name: "accept"},
				},
				Nor: []parser.Criterion{
					{Name: "accept"},
					{Name: "accept"},
					{Name: "accept"},
				},
			},
		},
	})
	assert.NoError(t, err)
	assert.Equal(t, `package pomerium.policy

default allow = false

default deny = false

accept_0 {
	1 == 1
}

accept_1 {
	1 == 1
}

accept_2 {
	1 == 1
}

and_0 {
	accept_0
	accept_1
	accept_2
}

accept_3 {
	1 == 1
}

accept_4 {
	1 == 1
}

accept_5 {
	1 == 1
}

or_0 {
	accept_3
}

else {
	accept_4
}

else {
	accept_5
}

accept_6 {
	1 == 1
}

accept_7 {
	1 == 1
}

accept_8 {
	1 == 1
}

not_0 {
	not accept_6
	not accept_7
	not accept_8
}

accept_9 {
	1 == 1
}

accept_10 {
	1 == 1
}

accept_11 {
	1 == 1
}

nor_0 {
	not accept_9
}

else {
	not accept_10
}

else {
	not accept_11
}

allow {
	and_0
	or_0
	not_0
	nor_0
}
`, string(format.MustAst(mod)))
}