mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3762 Commits
34 Branches
98 Tags
72 MiB
 
 
 
 
 
 
Tree: 175dc57a3b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '175dc57a3b'
${ noResults }
dex/pkg/cel/library/groups_test.go

141 lines
3.7 KiB
Raw Blame History

package library_test
import (
"context"
"reflect"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
dexcel "github.com/dexidp/dex/pkg/cel"
)
func TestGroupMatches(t *testing.T) {
vars := dexcel.IdentityVariables()
compiler, err := dexcel.NewCompiler(vars)
require.NoError(t, err)
tests := map[string]struct {
expr string
groups []string
want []string
}{
"wildcard pattern": {
expr: `dex.groupMatches(identity.groups, "team:*")`,
groups: []string{"team:dev", "team:ops", "admin"},
want: []string{"team:dev", "team:ops"},
},
"exact match": {
expr: `dex.groupMatches(identity.groups, "admin")`,
groups: []string{"team:dev", "admin", "user"},
want: []string{"admin"},
},
"no matches": {
expr: `dex.groupMatches(identity.groups, "nonexistent")`,
groups: []string{"team:dev", "admin"},
want: []string{},
},
"question mark pattern": {
expr: `dex.groupMatches(identity.groups, "team?")`,
groups: []string{"teamA", "teamB", "teams-long"},
want: []string{"teamA", "teamB"},
},
"match all": {
expr: `dex.groupMatches(identity.groups, "*")`,
groups: []string{"a", "b", "c"},
want: []string{"a", "b", "c"},
},
}
for name, tc := range tests {
t.Run(name, func(t *testing.T) {
prog, err := compiler.CompileStringList(tc.expr)
require.NoError(t, err)
out, err := dexcel.Eval(context.Background(), prog, map[string]any{
"identity": dexcel.IdentityVal{Groups: tc.groups},
})
require.NoError(t, err)
nativeVal, err := out.ConvertToNative(reflect.TypeOf([]string{}))
require.NoError(t, err)
got, ok := nativeVal.([]string)
require.True(t, ok, "expected []string, got %T", nativeVal)
assert.Equal(t, tc.want, got)
})
}
}
func TestGroupMatchesInvalidPattern(t *testing.T) {
vars := dexcel.IdentityVariables()
compiler, err := dexcel.NewCompiler(vars)
require.NoError(t, err)
prog, err := compiler.CompileStringList(`dex.groupMatches(identity.groups, "[invalid")`)
require.NoError(t, err)
_, err = dexcel.Eval(context.Background(), prog, map[string]any{
"identity": dexcel.IdentityVal{Groups: []string{"admin"}},
})
require.Error(t, err)
assert.Contains(t, err.Error(), "invalid pattern")
}
func TestGroupFilter(t *testing.T) {
vars := dexcel.IdentityVariables()
compiler, err := dexcel.NewCompiler(vars)
require.NoError(t, err)
tests := map[string]struct {
expr string
groups []string
want []string
}{
"filter to allowed": {
expr: `dex.groupFilter(identity.groups, ["admin", "ops"])`,
groups: []string{"admin", "dev", "ops"},
want: []string{"admin", "ops"},
},
"no overlap": {
expr: `dex.groupFilter(identity.groups, ["marketing"])`,
groups: []string{"admin", "dev"},
want: []string{},
},
"all allowed": {
expr: `dex.groupFilter(identity.groups, ["a", "b", "c"])`,
groups: []string{"a", "b", "c"},
want: []string{"a", "b", "c"},
},
"empty allowed list": {
expr: `dex.groupFilter(identity.groups, [])`,
groups: []string{"admin", "dev"},
want: []string{},
},
"preserves order": {
expr: `dex.groupFilter(identity.groups, ["z", "a"])`,
groups: []string{"a", "b", "z"},
want: []string{"a", "z"},
},
}
for name, tc := range tests {
t.Run(name, func(t *testing.T) {
prog, err := compiler.CompileStringList(tc.expr)
require.NoError(t, err)
out, err := dexcel.Eval(context.Background(), prog, map[string]any{
"identity": dexcel.IdentityVal{Groups: tc.groups},
})
require.NoError(t, err)
nativeVal, err := out.ConvertToNative(reflect.TypeOf([]string{}))
require.NoError(t, err)
got, ok := nativeVal.([]string)
require.True(t, ok, "expected []string, got %T", nativeVal)
assert.Equal(t, tc.want, got)
})
}
}