testing

package
v0.2.0-g958cdc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	YamlGlob     = "*.yaml"
	PoliciesGlob = "*.rego"
)

Variables

View Source 
var Log = logging.NewLog("testgen")
View Source 
var (
	SecretKey = []byte("doe5n7matter")
)

Functions

func NewToken 

func NewToken(body *JwtBody) string

Types

type BundleManifest 

type BundleManifest struct {
	Revision string            `json:"revision"`
	Roots    []string          `json:"roots"`
	Metadata map[string]string `json:"metadata"`
}

A BundleManifest describes the `Bundle` to the OPA server We only use it for informational purposes during tests execution.

func ReadManifest 

func ReadManifest(path string) *BundleManifest

type JwtBody 

type JwtBody struct {
	Subject string                 `json:"sub" yaml:"sub"`
	Roles   []string               `json:"roles" yaml:"roles"`
	Issuer  string                 `json:"iss" yaml:"iss"`
	Claims  map[string]interface{} `json:"claims,omitempty" yaml:"claims,omitempty"`
}

A JwtBody describes the contents ("claims") that will be included in the JSON body, and that will be part of the OPA Request: the Token (encoded as a JWT) describes the Subject ( "sub") who acts as the original sender of the request, who has been assigned a number of Roles.

Based on the Policy, one (or more) of the Roles may allow permissions to access the Resource, and the Test asserts truth of falsity of this statement.

type Request 

type Request struct {
	// A base-64-encoded JWT
	Token string `json:"api_token"`

	// The Resource that the Token's Subject is trying to access
	Resource Resource `json:"resource"`
}

A Request is what is typically sent from a REST API server that requires the user (authenticated by the `Token`) to be authorized to access the `Resource`

func NewRequest 

func NewRequest(t *Test) Request

type Resource 

type Resource struct {
	Path   string `json:"path"`
	Method string `json:"method"`
}

A Resource describes the access request from the test users ( the "sub") as the tuple of a Method (the action on the resource) and the Path ( the actual entity being accessed). This is what the Rego policies will evaluate, against the user Roles (carried in the Token) to assess whether to allow or deny access ( and that the Test asserts against its Expectation)

type Target 

type Target struct {
	// Package matches the Rego module `package` keyword
	Package string `yaml:"package"`

	// The Policy matches the Rego module rule that we are testing; there
	// can only be one Policy per Testcase, hence to test different rules
	// in the same Package, you will need to create several Testcase
	Policy string `yaml:"policy"`
}

Target defines the policy that we want to test with the Testcase and will be ultimately used to construct the OPA endpoint to use for the Test

type Test 

type Test struct {
	Name     string   `yaml:"name"`
	Expect   bool     `yaml:"expect"`
	Token    JwtBody  `yaml:"token"`
	Resource Resource `yaml:"resource"`
}

A Test is a single assertion made against the Rego policies, with an expectation of success or failure ( depending on whether we are testing an `allow` or `deny` scenario).

Test are grouped in Testcase units and will map one-to-one to OPA server HTTP Request objects, invoked against the Target (policy).

type TestBody 

type TestBody struct {
	Input Request `json:"input"`
}

A TestBody is the JSON that will be sent to OPA to evaluate the Policy.

type TestReport 

type TestReport struct {
	Succeeded uint
	Failed    uint
	Total     uint

	FailedNames []string
	// contains filtered or unexported fields
}

TestReport will collect and report all test results, including failures TODO: need a much better reporting

func (*TestReport) IncSuccess 

func (r *TestReport) IncSuccess()

func (*TestReport) ReportFailure 

func (r *TestReport) ReportFailure(name string)

type TestUnit 

type TestUnit struct {
	Name        string
	Endpoint    string
	Body        TestBody
	Expectation bool
}

The TestUnit is the culmination of the test generation, and is the unit that is evaluated by each of the workers, run in parallel as goroutines. The TestUnit unifies the test subject (the Endpoint), the Body of the test (what we are evaluating against the policy defined for the Endpoint) and the Expectation (whether this is expected to succeed or fail).

func Generate 

func Generate(SourceDir string) ([]TestUnit, error)

Generate all the test cases from the `SourceDir`

type Testcase 

type Testcase struct {
	Name string `yaml:"name"`
	Desc string `yaml:"description"`

	// The "iss" claim for the JWT to be generated; can be overridden in a `Test`
	// using the `Token.Issuer` field, if needed.
	Iss    string `yaml:"iss"`
	Target Target `yaml:"target"`
	Tests  []Test `yaml:"tests"`
}

A Testcase is the central part of the application: it describes a coherent set of `Tests` that will be evaluated against the deployed `Bundle` of policies The `expect` outcome will be validated once the tests are executed, against the actual result returned by the OPA server.

func ReadTestcase 

func ReadTestcase(path string) (*Testcase, error)

type TestcaseTemplate 

type TestcaseTemplate struct {
	Body Testcase `yaml:"testcase"`
}

A TestcaseTemplate is the contents of a YAML ( or a section thereof) and contains the full description of a `Testcase` that will be generated.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.