MCPcopy
hub / github.com/grpc/grpc-go / TestAuditLogger

Method TestAuditLogger

authz/audit/audit_logging_test.go:90–319  ·  view source on GitHub ↗

TestAuditLogger examines audit logging invocations using four different authorization policies. It covers scenarios including a disabled audit, auditing both 'allow' and 'deny' outcomes, and separately auditing 'allow' and 'deny' outcomes. Additionally, it checks if SPIFFE ID from a certificate is p

(t *testing.T)

Source from the content-addressed store, hash-verified

88// and 'deny' outcomes. Additionally, it checks if SPIFFE ID from a certificate
89// is propagated correctly.
90func (s) TestAuditLogger(t *testing.T) {
91 // Each test data entry contains an authz policy for a grpc server,
92 // how many 'allow' and 'deny' outcomes we expect (each test case makes 2
93 // unary calls and one client-streaming call), and a structure to check if
94 // the audit.Event fields are properly populated. Additionally, we specify
95 // directly which authz outcome we expect from each type of call.
96 tests := []struct {
97 name string
98 authzPolicy string
99 wantAuthzOutcomes map[bool]int
100 eventContent *audit.Event
101 wantUnaryCallCode codes.Code
102 wantStreamingCallCode codes.Code
103 }{
104 {
105 name: "No audit",
106 authzPolicy: `{
107 "name": "authz",
108 "allow_rules": [
109 {
110 "name": "allow_UnaryCall",
111 "request": {
112 "paths": [
113 "/grpc.testing.TestService/UnaryCall"
114 ]
115 }
116 }
117 ],
118 "audit_logging_options": {
119 "audit_condition": "NONE",
120 "audit_loggers": [
121 {
122 "name": "stat_logger",
123 "config": {},
124 "is_optional": false
125 }
126 ]
127 }
128 }`,
129 wantAuthzOutcomes: map[bool]int{true: 0, false: 0},
130 wantUnaryCallCode: codes.OK,
131 wantStreamingCallCode: codes.PermissionDenied,
132 },
133 {
134 name: "Allow All Deny Streaming - Audit All",
135 authzPolicy: `{
136 "name": "authz",
137 "allow_rules": [
138 {
139 "name": "allow_all",
140 "request": {
141 "paths": [
142 "*"
143 ]
144 }
145 }
146 ],
147 "deny_rules": [

Callers

nothing calls this directly

Calls 15

UnaryCallMethod · 0.95
StreamingInputCallMethod · 0.95
RegisterLoggerBuilderFunction · 0.92
NewStaticFunction · 0.92
NewServerFunction · 0.92
CredsFunction · 0.92
ChainUnaryInterceptorFunction · 0.92
ChainStreamInterceptorFunction · 0.92
StartTestServiceFunction · 0.92
NewClientFunction · 0.92
WithTransportCredentialsFunction · 0.92
CodeFunction · 0.92

Tested by

no test coverage detected