-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgithub_test.go
More file actions
114 lines (96 loc) · 2.75 KB
/
Copy pathgithub_test.go
File metadata and controls
114 lines (96 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package githubloader
import (
"encoding/json"
"net/http"
"net/http/httptest"
"strings"
"sync/atomic"
"testing"
"time"
aegis "github.com/goaegis/goaegis-core/aegis/core"
)
func TestGitHubAddon_LoadAndWatch(t *testing.T) {
// 1. Thread-safe commit SHA mock control
var commitSHA atomic.Value
commitSHA.Store("sha_initial")
var loadCount int32
configContent := `
resources:
posts:
name: posts
roles:
viewer:
name: viewer
permissions:
- resource: posts
actions: [read]
effect: allow
subjects:
user:alice:
id: user:alice
roles: [viewer]
`
// 2. Setup local mock GitHub API server
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if strings.Contains(r.URL.Path, "/commits") {
sha := commitSHA.Load().(string)
commits := []GitHubCommit{{SHA: sha}}
_ = json.NewEncoder(w).Encode(commits)
return
}
if strings.Contains(r.URL.Path, "/contents/auth/config.yaml") {
w.Header().Set("Content-Type", "application/octet-stream")
_, _ = w.Write([]byte(configContent))
return
}
if strings.Contains(r.URL.Path, "/contents/auth") {
atomic.AddInt32(&loadCount, 1)
downloadURL := "http://" + r.Host + "/contents/auth/config.yaml"
contents := []GitHubContent{
{
Name: "config.yaml",
Path: "auth/config.yaml",
Type: "file",
DownloadURL: downloadURL,
},
}
_ = json.NewEncoder(w).Encode(contents)
return
}
w.WriteHeader(http.StatusNotFound)
}))
defer server.Close()
// 3. Create addon and set local server base URL
addon := New("goaegis", "test-repo", "auth", "main", "dummy_token", 20*time.Millisecond)
addon.apiBaseURL = server.URL // Point to mock HTTP test server
// 4. Test Aegis integration
authz := aegis.New()
defer authz.Shutdown()
err := authz.Use(addon)
if err != nil {
t.Fatalf("Failed to register github addon: %v", err)
}
// Load config from addon
err = authz.LoadConfigFromAddon()
if err != nil {
t.Fatalf("Failed to load config from github addon: %v", err)
}
// Validate authorization decision
allowed, err := authz.Can("user:alice", "posts", "read", nil)
if err != nil {
t.Fatalf("Can() failed: %v", err)
}
if !allowed {
t.Errorf("expected allowed, got denied")
}
// 5. Test Hot Reload via commit polling
initialLoads := atomic.LoadInt32(&loadCount)
commitSHA.Store("sha_new") // Update SHA
// Wait for background polling to detect change and call ReloadConfig
time.Sleep(100 * time.Millisecond)
finalLoads := atomic.LoadInt32(&loadCount)
if finalLoads <= initialLoads {
t.Errorf("Expected configuration to reload (load count to increase), but got loads initial=%d, final=%d", initialLoads, finalLoads)
}
}