github.com/chenbh/concourse/v6@v6.4.2/atc/policy/opa/opa_test.go (about)

     1  package opa_test
     2  
     3  import (
     4  	"code.cloudfoundry.org/lager/lagertest"
     5  	"fmt"
     6  	"github.com/chenbh/concourse/v6/atc/policy"
     7  	"github.com/chenbh/concourse/v6/atc/policy/opa"
     8  	"net/http"
     9  	"net/http/httptest"
    10  	"time"
    11  
    12  	. "github.com/onsi/ginkgo"
    13  	. "github.com/onsi/gomega"
    14  )
    15  
    16  var _ = Describe("Policy checker", func() {
    17  
    18  	var (
    19  		logger = lagertest.NewTestLogger("opa-test")
    20  		fakeOpa *httptest.Server
    21  		agent policy.Agent
    22  		err error
    23  	)
    24  
    25  	AfterEach(func() {
    26  		if fakeOpa != nil {
    27  			fakeOpa.Close()
    28  		}
    29  	})
    30  
    31  	JustBeforeEach(func() {
    32  		fakeOpa.Start()
    33  		agent, err = (&opa.OpaConfig{fakeOpa.URL, time.Second*2}).NewAgent(logger)
    34  		Expect(err).ToNot(HaveOccurred())
    35  		Expect(agent).ToNot(BeNil())
    36  	})
    37  
    38  	Context("when OPA returns no result", func() {
    39  		BeforeEach(func() {
    40  			fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    41  				fmt.Fprint(w, "{}")
    42  			}))
    43  		})
    44  
    45  		It("should pass", func() {
    46  			pass, err := agent.Check(policy.PolicyCheckInput{})
    47  			Expect(err).ToNot(HaveOccurred())
    48  			Expect(pass).To(BeTrue())
    49  		})
    50  	})
    51  
    52  	Context("when OPA returns pass", func() {
    53  		BeforeEach(func() {
    54  			fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    55  				fmt.Fprint(w, `{"result": true}`)
    56  			}))
    57  		})
    58  
    59  		It("should pass", func() {
    60  			pass, err := agent.Check(policy.PolicyCheckInput{})
    61  			Expect(err).ToNot(HaveOccurred())
    62  			Expect(pass).To(BeTrue())
    63  		})
    64  	})
    65  
    66  	Context("when OPA returns not-pass", func() {
    67  		BeforeEach(func() {
    68  			fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    69  				fmt.Fprint(w, `{"result": false}`)
    70  			}))
    71  		})
    72  
    73  		It("should not pass", func() {
    74  			pass, err := agent.Check(policy.PolicyCheckInput{})
    75  			Expect(err).ToNot(HaveOccurred())
    76  			Expect(pass).To(BeFalse())
    77  		})
    78  	})
    79  
    80  	Context("when OPA is unreachable", func() {
    81  		BeforeEach(func() {
    82  			fakeOpa = httptest.NewUnstartedServer(http.NotFoundHandler())
    83  		})
    84  
    85  		JustBeforeEach(func() {
    86  			fakeOpa.Close()
    87  			fakeOpa = nil
    88  		})
    89  
    90  		It("should return error", func() {
    91  			pass, err := agent.Check(policy.PolicyCheckInput{})
    92  			Expect(err).To(HaveOccurred())
    93  			Expect(err.Error()).To(MatchRegexp("connection refused"))
    94  			Expect(pass).To(BeFalse())
    95  		})
    96  	})
    97  
    98  	Context("when OPA returns http error", func() {
    99  		BeforeEach(func() {
   100  			fakeOpa = httptest.NewUnstartedServer(http.NotFoundHandler())
   101  		})
   102  
   103  		It("should return error", func() {
   104  			pass, err := agent.Check(policy.PolicyCheckInput{})
   105  			Expect(err).To(HaveOccurred())
   106  			Expect(err.Error()).To(Equal("opa returned status: 404"))
   107  			Expect(pass).To(BeFalse())
   108  		})
   109  	})
   110  
   111  	Context("when OPA returns bad response", func() {
   112  		BeforeEach(func() {
   113  			fakeOpa = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
   114  				fmt.Fprint(w, `hello`)
   115  			}))
   116  		})
   117  
   118  		It("should return error", func() {
   119  			pass, err := agent.Check(policy.PolicyCheckInput{})
   120  			Expect(err).To(HaveOccurred())
   121  			Expect(err.Error()).To(Equal("opa returned bad response: invalid character 'h' looking for beginning of value"))
   122  			Expect(pass).To(BeFalse())
   123  		})
   124  	})
   125  })