From 85dbae05d9a298cf717c857e68e1f4d44cca2ad0 Mon Sep 17 00:00:00 2001 From: Pushpalanka Jayawardhana Date: Wed, 20 Nov 2024 13:25:29 +0100 Subject: [PATCH] Enforce the intended rule for different scenarios. Signed-off-by: Pushpalanka Jayawardhana --- .../opaauthorizerequest_test.go | 25 ++----------------- .../opaserveresponse/opaserveresponse_test.go | 8 +++--- 2 files changed, 6 insertions(+), 27 deletions(-) diff --git a/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go b/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go index 745e20e700..1347b50b44 100644 --- a/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go +++ b/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go @@ -482,7 +482,8 @@ func TestAuthorizeRequestFilterOnRequestURL(t *testing.T) { } allow_with_path_having_fragment { - input.parsed_path == "/path-with-empty-query#fragment" + input.parsed_path == [ "path-with-empty-query" ] + input.attributes.request.http.path == "/path-with-empty-query" } allow { @@ -610,23 +611,6 @@ func TestAuthorizeRequestFilterOnHeaders(t *testing.T) { backendHeaders: make(http.Header), removeHeaders: make(http.Header), }, - { - msg: "Handle HTTP2 headers", - filterName: "opaAuthorizeRequest", - bundleName: "somebundle.tar.gz", - regoQuery: "envoy/authz/allow_http2_headers", - requestPath: "/allow-http2", - requestMethod: "GET", - requestHeaders: http.Header{ - ":path": []string{"/some-path"}, - ":authority": []string{"example-app"}}, - contextExtensions: "", - expectedStatus: http.StatusInternalServerError, - expectedBody: "", - expectedHeaders: make(http.Header), - backendHeaders: make(http.Header), - removeHeaders: make(http.Header), - }, { msg: "Wrong Header Data Type", filterName: "opaAuthorizeRequest", @@ -926,11 +910,6 @@ func TestAuthorizeRequestFilterOnBody(t *testing.T) { input.parsed_path == [ "my path" ] } - allow_with_path_having_empty_query { - input.parsed_path == [ "path-with-empty-query" ] - input.parsed_query == {} - } - allow { input.parsed_path == [ "allow-with-query" ] input.parsed_query.pass == ["yes"] diff --git a/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go b/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go index 89c4e611d8..681b954b96 100644 --- a/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go +++ b/filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go @@ -77,7 +77,7 @@ func TestServerResponseFilter(t *testing.T) { regoQuery: "envoy/authz/allow_object", requestPath: "/allow/structured/with-empty-query-string?", expectedStatus: http.StatusOK, - expectedBody: "Welcome from policy!", + expectedBody: "Welcome from policy with empty query string!", expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}}, }, { @@ -87,7 +87,7 @@ func TestServerResponseFilter(t *testing.T) { regoQuery: "envoy/authz/allow_object", requestPath: "/allow/structured/with-query?pass=yes", expectedStatus: http.StatusOK, - expectedBody: "Welcome from policy!", + expectedBody: "Welcome from policy with query params!", expectedHeaders: map[string][]string{"X-Ext-Auth-Allow": {"yes"}}, }, { @@ -201,7 +201,7 @@ func TestServerResponseFilter(t *testing.T) { response := { "allowed": true, "headers": {"x-ext-auth-allow": "yes"}, - "body": "Welcome from policy!", + "body": "Welcome from policy with empty query string!", "http_status": 200 } } @@ -212,7 +212,7 @@ func TestServerResponseFilter(t *testing.T) { response := { "allowed": true, "headers": {"x-ext-auth-allow": "yes"}, - "body": "Welcome from policy!", + "body": "Welcome from policy with query params!", "http_status": 200 } }