package server import ( "bytes" "context" "net/http" "net/http/httptest" "testing" "github.com/stretchr/testify/assert" rulesengine "edge-infra.dev/pkg/sds/emergencyaccess/rules" ) var ( testRoleMap = map[string]map[string][]string{"ls": { "default": {"ea-read"}, "2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a": {"ea-write"}}, } ) type validateCommandMock struct { fakeData map[string]map[string][]string RulesEngine } func (mreng validateCommandMock) GetEARolesForCommand(_ context.Context, command rulesengine.Command, bannerID string) ([]string, error) { data := mreng.fakeData[command.Name]["default"] data = append(data, mreng.fakeData[command.Name][bannerID]...) return data, nil } func (mreng validateCommandMock) UserHasRoles(_ string, eaRoles []string, userEARoles []string) bool { for _, iRole := range eaRoles { for _, uRole := range userEARoles { if uRole == iRole { return true } } } return false } func TestValidateCommand(t *testing.T) { t.Parallel() tests := map[string]struct { data []byte expCode int expOutput StringAssertionFunc }{ "OK": { []byte(` { "command": { "name": "ls", "type": "command" }, "identity":{"userid":"user@ncr.com","earoles":["ea-read","ea-write"]}, "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}} `), 200, JSONEq(`{"valid":true}`), }, "No Command type specified": { []byte(` { "command": { "name": "ls", "type": "" }, "identity": { "userid": "user@ncr.com", "earoles": ["ea-read", "ea-write"] }, "target": {"bannerID": "2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"} } `), 400, JSONEmpty(), }, "No User specified": { []byte(` { "command": { "name": "ls", "type": "command" }, "identity":{"earoles":["ea-read","ea-write"]}, "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}} `), 200, JSONEq(`{"valid":true}`), }, "No Target": { []byte(`{ "command": { "name": "ls", "type": "command" }, "identity":{"userid":"user@ncr.com","earoles":["ea-read"]}} `), 400, JSONEmpty(), }, "No EARoles": { []byte(` { "command": { "name": "ls", "type": "command" }, "identity":{"userid":"user@ncr.com","earoles":[]}, "target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}} `), 200, JSONEq(`{"valid":false}`), }, "Malformed Target": { data: []byte(`{ "command": { "name": "ls", "type": "command" }, "identity":{"userid":"user@ncr.com","earoles":["ea-read"]}, "target":{"bannerID":"not-a-uuid"}}`), expCode: 400, expOutput: JSONEmpty()}, "Malformed Payload": { data: []byte(`{`), expCode: 400, expOutput: JSONEmpty()}, } log := newLogger() for name, tc := range tests { tc := tc t.Run(name, func(t *testing.T) { t.Parallel() ruleseng := validateCommandMock{fakeData: testRoleMap} r := httptest.NewRecorder() _, ginEngine := getTestGinContext(r) _, err := New(ginEngine, ruleseng, log) assert.Nil(t, err) url := "/validatecommand" data := tc.data req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(data)) assert.NoError(t, err) ginEngine.ServeHTTP(r, req) response := r.Result() assert.Equal(t, tc.expCode, response.StatusCode) tc.expOutput(t, r.Body.String(), r.Body.String()) }) } }