github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/namespace/caveats_test.go (about) 1 package namespace 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/require" 7 8 "github.com/authzed/spicedb/pkg/caveats" 9 caveattypes "github.com/authzed/spicedb/pkg/caveats/types" 10 ns "github.com/authzed/spicedb/pkg/namespace" 11 core "github.com/authzed/spicedb/pkg/proto/core/v1" 12 ) 13 14 func TestValidateCaveatDefinition(t *testing.T) { 15 tcs := []struct { 16 caveat *core.CaveatDefinition 17 expectedError string 18 }{ 19 { 20 ns.MustCaveatDefinition(caveats.MustEnvForVariables( 21 map[string]caveattypes.VariableType{ 22 "someCondition": caveattypes.IntType, 23 }, 24 ), "valid", "someCondition == 42"), 25 "", 26 }, 27 { 28 ns.MustCaveatDefinition(caveats.MustEnvForVariables( 29 map[string]caveattypes.VariableType{ 30 "someCondition": caveattypes.IntType, 31 }, 32 ), "test", "true"), 33 "parameter `someCondition` for caveat `test` is unused", 34 }, 35 { 36 ns.MustCaveatDefinition(caveats.MustEnvForVariables( 37 map[string]caveattypes.VariableType{}, 38 ), "test", "true"), 39 "caveat `test` must have at least one parameter defined", 40 }, 41 { 42 &core.CaveatDefinition{ 43 SerializedExpression: []byte("123"), 44 }, 45 "could not decode caveat", 46 }, 47 } 48 49 for _, tc := range tcs { 50 tc := tc 51 t.Run(tc.caveat.Name, func(t *testing.T) { 52 err := ValidateCaveatDefinition(tc.caveat) 53 if tc.expectedError != "" { 54 require.NotNil(t, err) 55 require.Contains(t, err.Error(), tc.expectedError) 56 } else { 57 require.NoError(t, err) 58 } 59 }) 60 } 61 }