MCPcopy Index your code
hub / github.com/coder/coder / TestRegoInputValue

Function TestRegoInputValue

coderd/rbac/roles_internal_test.go:72–171  ·  view source on GitHub ↗

TestRegoInputValue ensures the custom rego input parser returns the same value as the default json parser. The json parser is always correct, and the custom parser is used to reduce allocations. This optimization should yield the same results. Anything different is a bug.

(t *testing.T)

Source from the content-addressed store, hash-verified

70// and the custom parser is used to reduce allocations. This optimization
71// should yield the same results. Anything different is a bug.
72func TestRegoInputValue(t *testing.T) {
73 t.Parallel()
74
75 // Expand all roles and make sure we have a good copy.
76 // This is because these tests modify the roles, and we don't want to
77 // modify the original roles.
78 roles, err := RoleIdentifiers{ScopedRoleOrgAuditor(uuid.New()), ScopedRoleOrgAdmin(uuid.New()), RoleMember()}.Expand()
79 require.NoError(t, err, "failed to expand roles")
80 for i := range roles {
81 // If all cached values are nil, then the role will not use
82 // the shared cached value.
83 roles[i].cachedRegoValue = nil
84 }
85
86 actor := Subject{
87 Roles: Roles(roles),
88 ID: uuid.NewString(),
89 Scope: ScopeAll,
90 Groups: []string{uuid.NewString(), uuid.NewString(), uuid.NewString()},
91 }
92
93 obj := ResourceTemplate.
94 WithID(uuid.New()).
95 InOrg(uuid.New()).
96 WithOwner(uuid.NewString()).
97 WithGroupACL(map[string][]policy.Action{
98 uuid.NewString(): {policy.ActionRead, policy.ActionCreate},
99 uuid.NewString(): {policy.ActionRead, policy.ActionCreate},
100 uuid.NewString(): {policy.ActionRead, policy.ActionCreate},
101 }).WithACLUserList(map[string][]policy.Action{
102 uuid.NewString(): {policy.ActionRead, policy.ActionCreate},
103 uuid.NewString(): {policy.ActionRead, policy.ActionCreate},
104 })
105
106 action := policy.ActionRead
107
108 t.Run("InputValue", func(t *testing.T) {
109 t.Parallel()
110
111 // This is the input that would be passed to the rego policy.
112 jsonInput := map[string]any{
113 "subject": authSubject{
114 ID: actor.ID,
115 Roles: must(actor.Roles.Expand()),
116 Groups: actor.Groups,
117 Scope: must(actor.Scope.Expand()),
118 },
119 "action": action,
120 "object": obj,
121 }
122
123 manual, err := regoInputValue(actor, action, obj)
124 require.NoError(t, err)
125
126 general, err := ast.InterfaceToValue(jsonInput)
127 require.NoError(t, err)
128
129 // The custom parser does not set these fields because they are not needed.

Callers

nothing calls this directly

Calls 15

ScopedRoleOrgAuditorFunction · 0.85
ScopedRoleOrgAdminFunction · 0.85
RoleMemberFunction · 0.85
regoInputValueFunction · 0.85
ignoreNamesFunction · 0.85
regoPartialInputValueFunction · 0.85
WithACLUserListMethod · 0.80
WithGroupACLMethod · 0.80
WithOwnerMethod · 0.80
InOrgMethod · 0.80
CompareMethod · 0.80
RolesTypeAlias · 0.70

Tested by

no test coverage detected