1 package server
2
3 import (
4 "bytes"
5 "context"
6 "net/http"
7 "net/http/httptest"
8 "testing"
9
10 "github.com/stretchr/testify/assert"
11
12 rulesengine "edge-infra.dev/pkg/sds/emergencyaccess/rules"
13 )
14
15 var (
16 testRoleMap = map[string]map[string][]string{"ls": {
17 "default": {"ea-read"},
18 "2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a": {"ea-write"}},
19 }
20 )
21
22 type validateCommandMock struct {
23 fakeData map[string]map[string][]string
24 RulesEngine
25 }
26
27 func (mreng validateCommandMock) GetEARolesForCommand(_ context.Context, command rulesengine.Command, bannerID string) ([]string, error) {
28 data := mreng.fakeData[command.Name]["default"]
29 data = append(data, mreng.fakeData[command.Name][bannerID]...)
30 return data, nil
31 }
32
33 func (mreng validateCommandMock) UserHasRoles(_ string, eaRoles []string, userEARoles []string) bool {
34 for _, iRole := range eaRoles {
35 for _, uRole := range userEARoles {
36 if uRole == iRole {
37 return true
38 }
39 }
40 }
41 return false
42 }
43 func TestValidateCommand(t *testing.T) {
44 t.Parallel()
45 tests := map[string]struct {
46 data []byte
47 expCode int
48 expOutput StringAssertionFunc
49 }{
50 "OK": {
51 []byte(`
52 {
53 "command": {
54 "name": "ls",
55 "type": "command"
56 },
57 "identity":{"userid":"user@ncr.com","earoles":["ea-read","ea-write"]},
58 "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
59 `),
60 200,
61 JSONEq(`{"valid":true}`),
62 },
63 "No Command type specified": {
64 []byte(`
65 {
66 "command": {
67 "name": "ls",
68 "type": ""
69 },
70 "identity": {
71 "userid": "user@ncr.com",
72 "earoles": ["ea-read", "ea-write"]
73 },
74 "target": {"bannerID": "2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}
75 }
76 `),
77 400,
78 JSONEmpty(),
79 },
80 "No User specified": {
81 []byte(`
82 {
83 "command": {
84 "name": "ls",
85 "type": "command"
86 },
87 "identity":{"earoles":["ea-read","ea-write"]},
88 "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
89 `),
90 200,
91 JSONEq(`{"valid":true}`),
92 },
93 "No Target": {
94 []byte(`{
95 "command": {
96 "name": "ls",
97 "type": "command"
98 },
99 "identity":{"userid":"user@ncr.com","earoles":["ea-read"]}}
100 `),
101 400,
102 JSONEmpty(),
103 },
104 "No EARoles": {
105 []byte(`
106 {
107 "command": {
108 "name": "ls",
109 "type": "command"
110 },
111 "identity":{"userid":"user@ncr.com","earoles":[]},
112 "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
113 `),
114 200,
115 JSONEq(`{"valid":false}`),
116 },
117 "Malformed Target": {
118 data: []byte(`{
119 "command": {
120 "name": "ls",
121 "type": "command"
122 },
123 "identity":{"userid":"user@ncr.com","earoles":["ea-read"]},
124 "target":{"bannerID":"not-a-uuid"}}`),
125 expCode: 400,
126 expOutput: JSONEmpty()},
127 "Malformed Payload": {
128 data: []byte(`{`),
129 expCode: 400,
130 expOutput: JSONEmpty()},
131 }
132 log := newLogger()
133 for name, tc := range tests {
134 tc := tc
135 t.Run(name, func(t *testing.T) {
136 t.Parallel()
137 ruleseng := validateCommandMock{fakeData: testRoleMap}
138 r := httptest.NewRecorder()
139 _, ginEngine := getTestGinContext(r)
140 _, err := New(ginEngine, ruleseng, log)
141 assert.Nil(t, err)
142
143 url := "/validatecommand"
144 data := tc.data
145 req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(data))
146 assert.NoError(t, err)
147 ginEngine.ServeHTTP(r, req)
148
149 response := r.Result()
150 assert.Equal(t, tc.expCode, response.StatusCode)
151
152 tc.expOutput(t, r.Body.String(), r.Body.String())
153 })
154 }
155 }
156
View as plain text