test: add e2e tests

Signed-off-by: Fabrizio Sestito <[email protected]>
kubewarden · Oct 26, 2023 · dbd7d28 · dbd7d28
1 parent ca5e6dd
commit dbd7d28
Show file tree

Hide file tree

Showing 4 changed files with 164 additions and 0 deletions.
diff --git a/e2e-tests/07-raw-policies.yml b/e2e-tests/07-raw-policies.yml
@@ -0,0 +1,115 @@
+name: Raw policies execution
+
+testcases:
+  - name: fixtures
+    steps:
+      - type: readfile
+        path: ./test_data/raw_validation.json
+        assertions:
+          - result.err ShouldBeEmpty
+        vars:
+          raw_validation:
+            from: result.content
+      - type: readfile
+        path: ./test_data/raw_mutation.json
+        assertions:
+          - result.err ShouldBeEmpty
+        vars:
+          raw_mutation:
+            from: result.content
+
+  - name: Raw waPC validation policy works as expected
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-validation
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_validation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldNotContainKey patch
+          - result.bodyjson.response ShouldNotContainKey patchType
+
+  - name: Raw waPC mutation policy accepts without mutating
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-mutation
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_validation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldNotContainKey patch
+          - result.bodyjson.response ShouldNotContainKey patchType
+
+  - name: Raw waPC mutation policy mutates the request
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-mutation
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_mutation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldContainKey patch
+          - result.bodyjson.response ShouldContainKey patchType
+
+  - name: Raw OPA validation policy works as expected
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-validation-opa
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_validation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldNotContainKey patch
+          - result.bodyjson.response ShouldNotContainKey patchType
+
+  - name: Raw WASI validation policy works as expected
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-validation-wasi
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_validation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldNotContainKey patch
+          - result.bodyjson.response ShouldNotContainKey patchType
+
+  - name: Raw WASI mutation policy mutates the request
+    steps:
+      - name: Accept
+        type: http
+        method: POST
+        url: http://localhost:3000/validate_raw/raw-mutation-wasi
+        headers:
+          Content-Type: application/json
+        body: "{{ .fixtures.raw_mutation }}"
+        assertions:
+          - result.statuscode ShouldEqual 200
+          - result.bodyjson.response.allowed ShouldEqual true
+          - result.bodyjson.response.status.code ShouldNotEqual 500
+          - result.bodyjson.response ShouldContainKey patch
+          - result.bodyjson.response ShouldContainKey patchType
diff --git a/e2e-tests/test_data/policies.yaml b/e2e-tests/test_data/policies.yaml
@@ -29,3 +29,46 @@ flux:
   settings:
     requiredAnnotations:
       "fluxcd.io/cat": "felix"
+
+raw-validation:
+  url: ghcr.io/kubewarden/tests/raw-validation-policy:v0.1.0
+  settings:
+    validUsers:
+      - "tonio"
+      - "wanda"
+    validActions:
+      - "eats"
+      - "likes"
+    validResources:
+      - "banana"
+      - "hay"
+
+raw-mutation:
+  url: ghcr.io/kubewarden/tests/raw-mutation-policy:v0.1.0
+  allowedToMutate: true
+  settings: {}
+
+raw-validation-opa:
+  url: ghcr.io/kubewarden/tests/raw-validation-opa-policy:v0.1.0
+  settings: {}
+
+raw-validation-wasi:
+  url: ghcr.io/kubewarden/tests/raw-validation-wasi-policy:v0.1.0
+  settings:
+    validUsers:
+      - "tonio"
+      - "wanda"
+    validActions:
+      - "eats"
+      - "likes"
+    validResources:
+      - "banana"
+      - "hay"
+
+raw-mutation-wasi:
+  url: ghcr.io/kubewarden/tests/raw-mutation-wasi-policy:v0.1.0
+  allowedToMutate: true
+  settings:
+    forbiddenResources:
+      - "banana"
+      - "carrot"
diff --git a/e2e-tests/test_data/raw_mutation.json b/e2e-tests/test_data/raw_mutation.json
@@ -0,0 +1,3 @@
+{
+  "request": { "user": "tonio", "action": "eats", "resource": "banana" }
+}
diff --git a/e2e-tests/test_data/raw_validation.json b/e2e-tests/test_data/raw_validation.json
@@ -0,0 +1,3 @@
+{
+  "request": { "user": "tonio", "action": "eats", "resource": "hay" }
+}