github.com/outbrain/consul@v1.4.5/agent/connect/uri_service_test.go (about) 1 package connect 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/consul/agent/structs" 7 "github.com/stretchr/testify/assert" 8 ) 9 10 func TestSpiffeIDServiceAuthorize(t *testing.T) { 11 ns := structs.IntentionDefaultNamespace 12 serviceWeb := &SpiffeIDService{ 13 Host: "1234.consul", 14 Namespace: structs.IntentionDefaultNamespace, 15 Datacenter: "dc01", 16 Service: "web", 17 } 18 19 cases := []struct { 20 Name string 21 URI *SpiffeIDService 22 Ixn *structs.Intention 23 Auth bool 24 Match bool 25 }{ 26 { 27 "exact source, not matching namespace", 28 serviceWeb, 29 &structs.Intention{ 30 SourceNS: "different", 31 SourceName: "db", 32 }, 33 false, 34 false, 35 }, 36 37 { 38 "exact source, not matching name", 39 serviceWeb, 40 &structs.Intention{ 41 SourceNS: ns, 42 SourceName: "db", 43 }, 44 false, 45 false, 46 }, 47 48 { 49 "exact source, allow", 50 serviceWeb, 51 &structs.Intention{ 52 SourceNS: serviceWeb.Namespace, 53 SourceName: serviceWeb.Service, 54 Action: structs.IntentionActionAllow, 55 }, 56 true, 57 true, 58 }, 59 60 { 61 "exact source, deny", 62 serviceWeb, 63 &structs.Intention{ 64 SourceNS: serviceWeb.Namespace, 65 SourceName: serviceWeb.Service, 66 Action: structs.IntentionActionDeny, 67 }, 68 false, 69 true, 70 }, 71 72 { 73 "exact namespace, wildcard service, deny", 74 serviceWeb, 75 &structs.Intention{ 76 SourceNS: serviceWeb.Namespace, 77 SourceName: structs.IntentionWildcard, 78 Action: structs.IntentionActionDeny, 79 }, 80 false, 81 true, 82 }, 83 84 { 85 "exact namespace, wildcard service, allow", 86 serviceWeb, 87 &structs.Intention{ 88 SourceNS: serviceWeb.Namespace, 89 SourceName: structs.IntentionWildcard, 90 Action: structs.IntentionActionAllow, 91 }, 92 true, 93 true, 94 }, 95 } 96 97 for _, tc := range cases { 98 t.Run(tc.Name, func(t *testing.T) { 99 auth, match := tc.URI.Authorize(tc.Ixn) 100 assert.Equal(t, tc.Auth, auth) 101 assert.Equal(t, tc.Match, match) 102 }) 103 } 104 }