google.golang.org/grpc@v1.62.1/authz/grpc_authz_server_interceptors_test.go (about) 1 /* 2 * 3 * Copyright 2021 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 package authz_test 20 21 import ( 22 "fmt" 23 "os" 24 "path" 25 "testing" 26 "time" 27 28 "google.golang.org/grpc/authz" 29 ) 30 31 func createTmpPolicyFile(t *testing.T, dirSuffix string, policy []byte) string { 32 t.Helper() 33 34 // Create a temp directory. Passing an empty string for the first argument 35 // uses the system temp directory. 36 dir, err := os.MkdirTemp("", dirSuffix) 37 if err != nil { 38 t.Fatalf("os.MkdirTemp() failed: %v", err) 39 } 40 t.Logf("Using tmpdir: %s", dir) 41 // Write policy into file. 42 filename := path.Join(dir, "policy.json") 43 if err := os.WriteFile(filename, policy, os.ModePerm); err != nil { 44 t.Fatalf("os.WriteFile(%q) failed: %v", filename, err) 45 } 46 t.Logf("Wrote policy %s to file at %s", string(policy), filename) 47 return filename 48 } 49 50 func (s) TestNewStatic(t *testing.T) { 51 tests := map[string]struct { 52 authzPolicy string 53 wantErr error 54 }{ 55 "InvalidPolicyFailsToCreateInterceptor": { 56 authzPolicy: `{}`, 57 wantErr: fmt.Errorf(`"name" is not present`), 58 }, 59 "ValidPolicyCreatesInterceptor": { 60 authzPolicy: `{ 61 "name": "authz", 62 "allow_rules": 63 [ 64 { 65 "name": "allow_all" 66 } 67 ] 68 }`, 69 }, 70 } 71 for name, test := range tests { 72 t.Run(name, func(t *testing.T) { 73 if _, err := authz.NewStatic(test.authzPolicy); fmt.Sprint(err) != fmt.Sprint(test.wantErr) { 74 t.Fatalf("NewStatic(%v) returned err: %v, want err: %v", test.authzPolicy, err, test.wantErr) 75 } 76 }) 77 } 78 } 79 80 func (s) TestNewFileWatcher(t *testing.T) { 81 tests := map[string]struct { 82 authzPolicy string 83 refreshDuration time.Duration 84 wantErr error 85 }{ 86 "InvalidRefreshDurationFailsToCreateInterceptor": { 87 refreshDuration: time.Duration(0), 88 wantErr: fmt.Errorf("requires refresh interval(0s) greater than 0s"), 89 }, 90 "InvalidPolicyFailsToCreateInterceptor": { 91 authzPolicy: `{}`, 92 refreshDuration: time.Duration(1), 93 wantErr: fmt.Errorf(`"name" is not present`), 94 }, 95 "ValidPolicyCreatesInterceptor": { 96 authzPolicy: `{ 97 "name": "authz", 98 "allow_rules": 99 [ 100 { 101 "name": "allow_all" 102 } 103 ] 104 }`, 105 refreshDuration: time.Duration(1), 106 }, 107 } 108 for name, test := range tests { 109 t.Run(name, func(t *testing.T) { 110 file := createTmpPolicyFile(t, name, []byte(test.authzPolicy)) 111 i, err := authz.NewFileWatcher(file, test.refreshDuration) 112 if fmt.Sprint(err) != fmt.Sprint(test.wantErr) { 113 t.Fatalf("NewFileWatcher(%v) returned err: %v, want err: %v", test.authzPolicy, err, test.wantErr) 114 } 115 if i != nil { 116 i.Close() 117 } 118 }) 119 } 120 }