-
Notifications
You must be signed in to change notification settings - Fork 10
/
policy_test.go
127 lines (104 loc) · 2.7 KB
/
policy_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package cedar_test
import (
"bytes"
"encoding/json"
"testing"
"github.com/cedar-policy/cedar-go"
"github.com/cedar-policy/cedar-go/ast"
"github.com/cedar-policy/cedar-go/internal/testutil"
)
func prettifyJson(in []byte) []byte {
var buf bytes.Buffer
_ = json.Indent(&buf, in, "", " ")
return buf.Bytes()
}
func TestPolicyJSON(t *testing.T) {
t.Parallel()
// Taken from https://docs.cedarpolicy.com/policies/json-format.html
jsonEncodedPolicy := prettifyJson([]byte(`
{
"effect": "permit",
"principal": {
"op": "==",
"entity": { "type": "User", "id": "12UA45" }
},
"action": {
"op": "==",
"entity": { "type": "Action", "id": "view" }
},
"resource": {
"op": "in",
"entity": { "type": "Folder", "id": "abc" }
},
"conditions": [
{
"kind": "when",
"body": {
"==": {
"left": {
".": {
"left": {
"Var": "context"
},
"attr": "tls_version"
}
},
"right": {
"Value": "1.3"
}
}
}
}
]
}`,
))
var policy cedar.Policy
testutil.OK(t, policy.UnmarshalJSON(jsonEncodedPolicy))
output, err := policy.MarshalJSON()
testutil.OK(t, err)
testutil.Equals(t, string(prettifyJson(output)), string(jsonEncodedPolicy))
}
func TestPolicyCedar(t *testing.T) {
t.Parallel()
// Taken from https://docs.cedarpolicy.com/policies/syntax-policy.html
policyStr := `permit (
principal,
action == Action::"editPhoto",
resource
)
when { resource.owner == principal };`
var policy cedar.Policy
testutil.OK(t, policy.UnmarshalCedar([]byte(policyStr)))
testutil.Equals(t, string(policy.MarshalCedar()), policyStr)
}
func TestPolicyAST(t *testing.T) {
t.Parallel()
astExample := ast.Permit().
ActionEq(cedar.NewEntityUID("Action", "editPhoto")).
When(ast.Resource().Access("owner").Equal(ast.Principal()))
_ = cedar.NewPolicyFromAST(astExample)
}
func TestUnmarshalJSONPolicyErr(t *testing.T) {
t.Parallel()
var p cedar.Policy
err := p.UnmarshalJSON([]byte("!@#$"))
testutil.Error(t, err)
}
func TestUnmarshalCedarPolicyErr(t *testing.T) {
t.Parallel()
var p cedar.Policy
err := p.UnmarshalCedar([]byte("!@#$"))
testutil.Error(t, err)
}
func TestPositionJSON(t *testing.T) {
t.Parallel()
p := cedar.Position{Filename: "foo.cedar", Offset: 1, Line: 2, Column: 3}
marshaled, err := json.MarshalIndent(p, "", "\t")
testutil.OK(t, err)
var want bytes.Buffer
_ = json.Indent(&want, []byte(`{ "filename": "foo.cedar", "offset": 1, "line": 2, "column": 3 }`), "", "\t")
testutil.Equals(t, string(marshaled), want.String())
var unmarshaled cedar.Position
testutil.OK(t, json.Unmarshal(want.Bytes(), &unmarshaled))
testutil.Equals(t, unmarshaled, p)
}