|
1 | 1 | // |
2 | | -// Copyright 2024-2025 The Chainloop Authors. |
| 2 | +// Copyright 2024-2026 The Chainloop Authors. |
3 | 3 | // |
4 | 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
5 | 5 | // you may not use this file except in compliance with the License. |
@@ -129,6 +129,36 @@ func TestDoSync(t *testing.T) { |
129 | 129 | assert.Equal(t, "delete", got[0][2]) |
130 | 130 | } |
131 | 131 |
|
| 132 | +func TestRequiresExternalAuthz(t *testing.T) { |
| 133 | + testCases := []struct { |
| 134 | + name string |
| 135 | + operation string |
| 136 | + want bool |
| 137 | + }{ |
| 138 | + { |
| 139 | + name: "CAS backend creation is forwarded to the external authorizer", |
| 140 | + operation: "/controlplane.v1.CASBackendService/Create", |
| 141 | + want: true, |
| 142 | + }, |
| 143 | + { |
| 144 | + name: "operations without external authz flag are not forwarded", |
| 145 | + operation: "/controlplane.v1.WorkflowService/List", |
| 146 | + want: false, |
| 147 | + }, |
| 148 | + { |
| 149 | + name: "unknown operations are not forwarded", |
| 150 | + operation: "/controlplane.v1.UnknownService/Unknown", |
| 151 | + want: false, |
| 152 | + }, |
| 153 | + } |
| 154 | + |
| 155 | + for _, tc := range testCases { |
| 156 | + t.Run(tc.name, func(t *testing.T) { |
| 157 | + assert.Equal(t, tc.want, RequiresExternalAuthz(tc.operation)) |
| 158 | + }) |
| 159 | + } |
| 160 | +} |
| 161 | + |
132 | 162 | func testEnforcer(t *testing.T) (*CasbinEnforcer, io.Closer) { |
133 | 163 | f, err := os.CreateTemp(t.TempDir(), "policy*.csv") |
134 | 164 | if err != nil { |
|
0 commit comments