Enforce the intended rule for different scenarios.

Signed-off-by: Pushpalanka Jayawardhana <[email protected]>
zalando · Dec 3, 2024 · 85dbae0 · 85dbae0
1 parent 2ce01cb
commit 85dbae0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 27 deletions.
diff --git a/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go b/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go
@@ -482,7 +482,8 @@ func TestAuthorizeRequestFilterOnRequestURL(t *testing.T) {
 						}
 
 						allow_with_path_having_fragment {
-							input.parsed_path == "/path-with-empty-query#fragment"
+							input.parsed_path == [ "path-with-empty-query" ]
+							input.attributes.request.http.path == "/path-with-empty-query"
 						}
 
 						allow {
@@ -610,23 +611,6 @@ func TestAuthorizeRequestFilterOnHeaders(t *testing.T) {
 			backendHeaders:    make(http.Header),
 			removeHeaders:     make(http.Header),
 		},
-		{
-			msg:           "Handle HTTP2 headers",
-			filterName:    "opaAuthorizeRequest",
-			bundleName:    "somebundle.tar.gz",
-			regoQuery:     "envoy/authz/allow_http2_headers",
-			requestPath:   "/allow-http2",
-			requestMethod: "GET",
-			requestHeaders: http.Header{
-				":path":      []string{"/some-path"},
-				":authority": []string{"example-app"}},
-			contextExtensions: "",
-			expectedStatus:    http.StatusInternalServerError,
-			expectedBody:      "",
-			expectedHeaders:   make(http.Header),
-			backendHeaders:    make(http.Header),
-			removeHeaders:     make(http.Header),
-		},
 		{
 			msg:               "Wrong Header Data Type",
 			filterName:        "opaAuthorizeRequest",
@@ -926,11 +910,6 @@ func TestAuthorizeRequestFilterOnBody(t *testing.T) {
 							input.parsed_path == [ "my path" ]
 						}
 
-						allow_with_path_having_empty_query {
-							input.parsed_path == [ "path-with-empty-query" ]
-							input.parsed_query == {}
-						}
-
 						allow {
 							input.parsed_path == [ "allow-with-query" ]
 							input.parsed_query.pass == ["yes"]

diff --git a/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go b/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go
@@ -77,7 +77,7 @@ func TestServerResponseFilter(t *testing.T) {
 			regoQuery:       "envoy/authz/allow_object",
 			requestPath:     "/allow/structured/with-empty-query-string?",
 			expectedStatus:  http.StatusOK,
-			expectedBody:    "Welcome from policy!",
+			expectedBody:    "Welcome from policy with empty query string!",
 			expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}},
 		},
 		{
@@ -87,7 +87,7 @@ func TestServerResponseFilter(t *testing.T) {
 			regoQuery:       "envoy/authz/allow_object",
 			requestPath:     "/allow/structured/with-query?pass=yes",
 			expectedStatus:  http.StatusOK,
-			expectedBody:    "Welcome from policy!",
+			expectedBody:    "Welcome from policy with query params!",
 			expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}},
 		},
 		{
@@ -201,7 +201,7 @@ func TestServerResponseFilter(t *testing.T) {
 							response := {
 								"allowed": true,
 								"headers": {"x-ext-auth-allow": "yes"},
-								"body": "Welcome from policy!",
+								"body": "Welcome from policy with empty query string!",
 								"http_status": 200
 							}
 						}
@@ -212,7 +212,7 @@ func TestServerResponseFilter(t *testing.T) {
 							response := {
 								"allowed": true,
 								"headers": {"x-ext-auth-allow": "yes"},
-								"body": "Welcome from policy!",
+								"body": "Welcome from policy with query params!",
 								"http_status": 200
 							}
 						}