From dbd7d283304f0d9ab8dd93fc9dbc33b7c63fabf5 Mon Sep 17 00:00:00 2001 From: Fabrizio Sestito Date: Mon, 23 Oct 2023 09:31:02 +0200 Subject: [PATCH] test: add e2e tests Signed-off-by: Fabrizio Sestito --- e2e-tests/07-raw-policies.yml | 115 ++++++++++++++++++++++++ e2e-tests/test_data/policies.yaml | 43 +++++++++ e2e-tests/test_data/raw_mutation.json | 3 + e2e-tests/test_data/raw_validation.json | 3 + 4 files changed, 164 insertions(+) create mode 100644 e2e-tests/07-raw-policies.yml create mode 100644 e2e-tests/test_data/raw_mutation.json create mode 100644 e2e-tests/test_data/raw_validation.json diff --git a/e2e-tests/07-raw-policies.yml b/e2e-tests/07-raw-policies.yml new file mode 100644 index 00000000..32b3a27c --- /dev/null +++ b/e2e-tests/07-raw-policies.yml @@ -0,0 +1,115 @@ +name: Raw policies execution + +testcases: + - name: fixtures + steps: + - type: readfile + path: ./test_data/raw_validation.json + assertions: + - result.err ShouldBeEmpty + vars: + raw_validation: + from: result.content + - type: readfile + path: ./test_data/raw_mutation.json + assertions: + - result.err ShouldBeEmpty + vars: + raw_mutation: + from: result.content + + - name: Raw waPC validation policy works as expected + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-validation + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_validation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldNotContainKey patch + - result.bodyjson.response ShouldNotContainKey patchType + + - name: Raw waPC mutation policy accepts without mutating + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-mutation + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_validation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldNotContainKey patch + - result.bodyjson.response ShouldNotContainKey patchType + + - name: Raw waPC mutation policy mutates the request + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-mutation + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_mutation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldContainKey patch + - result.bodyjson.response ShouldContainKey patchType + + - name: Raw OPA validation policy works as expected + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-validation-opa + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_validation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldNotContainKey patch + - result.bodyjson.response ShouldNotContainKey patchType + + - name: Raw WASI validation policy works as expected + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-validation-wasi + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_validation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldNotContainKey patch + - result.bodyjson.response ShouldNotContainKey patchType + + - name: Raw WASI mutation policy mutates the request + steps: + - name: Accept + type: http + method: POST + url: http://localhost:3000/validate_raw/raw-mutation-wasi + headers: + Content-Type: application/json + body: "{{ .fixtures.raw_mutation }}" + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson.response.allowed ShouldEqual true + - result.bodyjson.response.status.code ShouldNotEqual 500 + - result.bodyjson.response ShouldContainKey patch + - result.bodyjson.response ShouldContainKey patchType diff --git a/e2e-tests/test_data/policies.yaml b/e2e-tests/test_data/policies.yaml index 7d9e2254..03a37b59 100644 --- a/e2e-tests/test_data/policies.yaml +++ b/e2e-tests/test_data/policies.yaml @@ -29,3 +29,46 @@ flux: settings: requiredAnnotations: "fluxcd.io/cat": "felix" + +raw-validation: + url: ghcr.io/kubewarden/tests/raw-validation-policy:v0.1.0 + settings: + validUsers: + - "tonio" + - "wanda" + validActions: + - "eats" + - "likes" + validResources: + - "banana" + - "hay" + +raw-mutation: + url: ghcr.io/kubewarden/tests/raw-mutation-policy:v0.1.0 + allowedToMutate: true + settings: {} + +raw-validation-opa: + url: ghcr.io/kubewarden/tests/raw-validation-opa-policy:v0.1.0 + settings: {} + +raw-validation-wasi: + url: ghcr.io/kubewarden/tests/raw-validation-wasi-policy:v0.1.0 + settings: + validUsers: + - "tonio" + - "wanda" + validActions: + - "eats" + - "likes" + validResources: + - "banana" + - "hay" + +raw-mutation-wasi: + url: ghcr.io/kubewarden/tests/raw-mutation-wasi-policy:v0.1.0 + allowedToMutate: true + settings: + forbiddenResources: + - "banana" + - "carrot" diff --git a/e2e-tests/test_data/raw_mutation.json b/e2e-tests/test_data/raw_mutation.json new file mode 100644 index 00000000..821009bb --- /dev/null +++ b/e2e-tests/test_data/raw_mutation.json @@ -0,0 +1,3 @@ +{ + "request": { "user": "tonio", "action": "eats", "resource": "banana" } +} diff --git a/e2e-tests/test_data/raw_validation.json b/e2e-tests/test_data/raw_validation.json new file mode 100644 index 00000000..d7744ae4 --- /dev/null +++ b/e2e-tests/test_data/raw_validation.json @@ -0,0 +1,3 @@ +{ + "request": { "user": "tonio", "action": "eats", "resource": "hay" } +}