github.com/chenbh/concourse/v6@v6.4.2/atc/policy/opa/opa_test.go (about) 1 package opa_test 2 3 import ( 4 "code.cloudfoundry.org/lager/lagertest" 5 "fmt" 6 "github.com/chenbh/concourse/v6/atc/policy" 7 "github.com/chenbh/concourse/v6/atc/policy/opa" 8 "net/http" 9 "net/http/httptest" 10 "time" 11 12 . "github.com/onsi/ginkgo" 13 . "github.com/onsi/gomega" 14 ) 15 16 var _ = Describe("Policy checker", func() { 17 18 var ( 19 logger = lagertest.NewTestLogger("opa-test") 20 fakeOpa *httptest.Server 21 agent policy.Agent 22 err error 23 ) 24 25 AfterEach(func() { 26 if fakeOpa != nil { 27 fakeOpa.Close() 28 } 29 }) 30 31 JustBeforeEach(func() { 32 fakeOpa.Start() 33 agent, err = (&opa.OpaConfig{fakeOpa.URL, time.Second*2}).NewAgent(logger) 34 Expect(err).ToNot(HaveOccurred()) 35 Expect(agent).ToNot(BeNil()) 36 }) 37 38 Context("when OPA returns no result", func() { 39 BeforeEach(func() { 40 fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 41 fmt.Fprint(w, "{}") 42 })) 43 }) 44 45 It("should pass", func() { 46 pass, err := agent.Check(policy.PolicyCheckInput{}) 47 Expect(err).ToNot(HaveOccurred()) 48 Expect(pass).To(BeTrue()) 49 }) 50 }) 51 52 Context("when OPA returns pass", func() { 53 BeforeEach(func() { 54 fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 55 fmt.Fprint(w, `{"result": true}`) 56 })) 57 }) 58 59 It("should pass", func() { 60 pass, err := agent.Check(policy.PolicyCheckInput{}) 61 Expect(err).ToNot(HaveOccurred()) 62 Expect(pass).To(BeTrue()) 63 }) 64 }) 65 66 Context("when OPA returns not-pass", func() { 67 BeforeEach(func() { 68 fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 69 fmt.Fprint(w, `{"result": false}`) 70 })) 71 }) 72 73 It("should not pass", func() { 74 pass, err := agent.Check(policy.PolicyCheckInput{}) 75 Expect(err).ToNot(HaveOccurred()) 76 Expect(pass).To(BeFalse()) 77 }) 78 }) 79 80 Context("when OPA is unreachable", func() { 81 BeforeEach(func() { 82 fakeOpa = httptest.NewUnstartedServer(http.NotFoundHandler()) 83 }) 84 85 JustBeforeEach(func() { 86 fakeOpa.Close() 87 fakeOpa = nil 88 }) 89 90 It("should return error", func() { 91 pass, err := agent.Check(policy.PolicyCheckInput{}) 92 Expect(err).To(HaveOccurred()) 93 Expect(err.Error()).To(MatchRegexp("connection refused")) 94 Expect(pass).To(BeFalse()) 95 }) 96 }) 97 98 Context("when OPA returns http error", func() { 99 BeforeEach(func() { 100 fakeOpa = httptest.NewUnstartedServer(http.NotFoundHandler()) 101 }) 102 103 It("should return error", func() { 104 pass, err := agent.Check(policy.PolicyCheckInput{}) 105 Expect(err).To(HaveOccurred()) 106 Expect(err.Error()).To(Equal("opa returned status: 404")) 107 Expect(pass).To(BeFalse()) 108 }) 109 }) 110 111 Context("when OPA returns bad response", func() { 112 BeforeEach(func() { 113 fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 114 fmt.Fprint(w, `hello`) 115 })) 116 }) 117 118 It("should return error", func() { 119 pass, err := agent.Check(policy.PolicyCheckInput{}) 120 Expect(err).To(HaveOccurred()) 121 Expect(err.Error()).To(Equal("opa returned bad response: invalid character 'h' looking for beginning of value")) 122 Expect(pass).To(BeFalse()) 123 }) 124 }) 125 })