Merge pull request #99 from Kuadrant/auth-tests

Auth and multi-extension integration tests
Kuadrant · Oct 8, 2024 · fd09258 · fd09258
2 parents 8b27b6f + ccf0d7f
commit fd09258
Show file tree

Hide file tree

Showing 10 changed files with 835 additions and 50 deletions.
diff --git a/src/configuration.rs b/src/configuration.rs
@@ -541,7 +541,7 @@ pub struct Extension {
 pub struct Action {
     pub extension: String,
     pub scope: String,
-    #[allow(dead_code)]
+    #[serde(default)]
     pub data: Vec<DataItem>,
 }
 
@@ -624,10 +624,15 @@ mod test {
 
     const CONFIG: &str = r#"{
         "extensions": {
+            "authorino": {
+                "type": "auth",
+                "endpoint": "authorino-cluster",
+                "failureMode": "deny"
+            },
             "limitador": {
                 "type": "ratelimit",
                 "endpoint": "limitador-cluster",
-                "failureMode": "deny"
+                "failureMode": "allow"
             }
         },
         "policies": [
@@ -656,6 +661,10 @@ mod test {
                     }]
                 }],
                 "actions": [
+                {
+                    "extension": "authorino",
+                    "scope": "authconfig-A"
+                },
                 {
                     "extension": "limitador",
                     "scope": "rlp-ns-A/rlp-name-A",
@@ -687,6 +696,25 @@ mod test {
         let filter_config = res.unwrap();
         assert_eq!(filter_config.policies.len(), 1);
 
+        let extensions = &filter_config.extensions;
+        assert_eq!(extensions.len(), 2);
+
+        if let Some(auth_extension) = extensions.get("authorino") {
+            assert_eq!(auth_extension.extension_type, ExtensionType::Auth);
+            assert_eq!(auth_extension.endpoint, "authorino-cluster");
+            assert_eq!(auth_extension.failure_mode, FailureMode::Deny);
+        } else {
+            panic!()
+        }
+
+        if let Some(rl_extension) = extensions.get("limitador") {
+            assert_eq!(rl_extension.extension_type, ExtensionType::RateLimit);
+            assert_eq!(rl_extension.endpoint, "limitador-cluster");
+            assert_eq!(rl_extension.failure_mode, FailureMode::Allow);
+        } else {
+            panic!()
+        }
+
         let rules = &filter_config.policies[0].rules;
         assert_eq!(rules.len(), 1);
 
@@ -697,10 +725,21 @@ mod test {
         assert_eq!(all_of_conditions.len(), 3);
 
         let actions = &rules[0].actions;
-        assert_eq!(actions.len(), 1);
+        assert_eq!(actions.len(), 2);
 
-        let data_items = &actions[0].data;
-        assert_eq!(data_items.len(), 2);
+        let auth_action = &actions[0];
+        assert_eq!(auth_action.extension, "authorino");
+        assert_eq!(auth_action.scope, "authconfig-A");
+
+        let rl_action = &actions[1];
+        assert_eq!(rl_action.extension, "limitador");
+        assert_eq!(rl_action.scope, "rlp-ns-A/rlp-name-A");
+
+        let auth_data_items = &auth_action.data;
+        assert_eq!(auth_data_items.len(), 0);
+
+        let rl_data_items = &rl_action.data;
+        assert_eq!(rl_data_items.len(), 2);
 
         // TODO(eastizle): DataItem does not implement PartialEq, add it only for testing?
         //assert_eq!(
@@ -713,14 +752,14 @@ mod test {
         //    }
         //);
 
-        if let DataType::Static(static_item) = &data_items[0].item {
+        if let DataType::Static(static_item) = &rl_data_items[0].item {
             assert_eq!(static_item.key, "rlp-ns-A/rlp-name-A");
             assert_eq!(static_item.value, "1");
         } else {
             panic!();
         }
 
-        if let DataType::Selector(selector_item) = &data_items[1].item {
+        if let DataType::Selector(selector_item) = &rl_data_items[1].item {
             assert_eq!(selector_item.selector, "auth.metadata.username");
             assert!(selector_item.key.is_none());
             assert!(selector_item.default.is_none());

diff --git a/src/operation_dispatcher.rs b/src/operation_dispatcher.rs
@@ -10,15 +10,13 @@ use std::collections::HashMap;
 use std::rc::Rc;
 use std::time::Duration;
 
-#[allow(dead_code)]
 #[derive(PartialEq, Debug, Clone, Copy)]
 pub(crate) enum State {
     Pending,
     Waiting,
     Done,
 }
 
-#[allow(dead_code)]
 impl State {
     fn next(&mut self) {
         match self {
@@ -33,7 +31,6 @@ impl State {
     }
 }
 
-#[allow(dead_code)]
 #[derive(Clone)]
 pub(crate) struct Operation {
     state: RefCell<State>,
@@ -46,7 +43,6 @@ pub(crate) struct Operation {
     grpc_message_build_fn: GrpcMessageBuildFn,
 }
 
-#[allow(dead_code)]
 impl Operation {
     pub fn new(extension: Rc<Extension>, action: Action, service: Rc<GrpcServiceHandler>) -> Self {
         Self {
@@ -105,22 +101,13 @@ impl Operation {
     }
 }
 
-#[allow(dead_code)]
 pub struct OperationDispatcher {
     operations: Vec<Rc<Operation>>,
     waiting_operations: HashMap<u32, Rc<Operation>>,
     service_handlers: HashMap<String, Rc<GrpcServiceHandler>>,
 }
 
-#[allow(dead_code)]
 impl OperationDispatcher {
-    pub fn default() -> Self {
-        OperationDispatcher {
-            operations: vec![],
-            waiting_operations: HashMap::default(),
-            service_handlers: HashMap::default(),
-        }
-    }
     pub fn new(service_handlers: HashMap<String, Rc<GrpcServiceHandler>>) -> Self {
         Self {
             service_handlers,
@@ -152,12 +139,6 @@ impl OperationDispatcher {
         self.operations.extend(operations);
     }
 
-    pub fn get_current_operation_state(&self) -> Option<State> {
-        self.operations
-            .first()
-            .map(|operation| operation.get_state())
-    }
-
     pub fn next(&mut self) -> Option<Rc<Operation>> {
         if let Some((i, operation)) = self.operations.iter_mut().enumerate().next() {
             match operation.get_state() {
@@ -199,6 +180,21 @@ impl OperationDispatcher {
             None
         }
     }
+
+    #[cfg(test)]
+    pub fn default() -> Self {
+        OperationDispatcher {
+            operations: vec![],
+            waiting_operations: HashMap::default(),
+            service_handlers: HashMap::default(),
+        }
+    }
+    #[cfg(test)]
+    pub fn get_current_operation_state(&self) -> Option<State> {
+        self.operations
+            .first()
+            .map(|operation| operation.get_state())
+    }
 }
 
 fn grpc_call_fn(

diff --git a/src/service.rs b/src/service.rs
@@ -19,7 +19,6 @@ use std::time::Duration;
 
 #[derive(Default)]
 pub struct GrpcService {
-    #[allow(dead_code)]
     extension: Rc<Extension>,
     name: &'static str,
     method: &'static str,
@@ -50,10 +49,6 @@ impl GrpcService {
     fn method(&self) -> &str {
         self.method
     }
-    #[allow(dead_code)]
-    pub fn failure_mode(&self) -> &FailureMode {
-        &self.extension.failure_mode
-    }
 
     pub fn process_grpc_response(
         operation: Rc<Operation>,

diff --git a/src/service/auth.rs b/src/service/auth.rs
@@ -20,7 +20,6 @@ pub const AUTH_METHOD_NAME: &str = "Check";
 
 pub struct AuthService;
 
-#[allow(dead_code)]
 impl AuthService {
     pub fn request_message(ce_host: String) -> CheckRequest {
         AuthService::build_check_req(ce_host)