Skip to content

Commit

Permalink
Add custom 'deny with' test and code range assert
Browse files Browse the repository at this point in the history
  • Loading branch information
azgabur committed Oct 31, 2023
1 parent 4a7b314 commit 3b5da48
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 1 deletion.
8 changes: 7 additions & 1 deletion testsuite/openshift/objects/auth_config/sections.py
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,13 @@ def set_deny_with(
headers: dict[str, ABCValue] = None,
body: ABCValue = None,
):
"""Set default deny code, message, headers, and body for 'unauthenticated' and 'unauthorized' error."""
"""
Set default deny `code`, `message`, `headers`, and `body` for 'unauthenticated' and 'unauthorized' error.
`code` is integer range [300, 600)
"""
if code:
assert 300 <= code < 600, "HTTP code should be in range [300, 600) for deny action."

asdict_message = asdict(message) if message else None
asdict_body = asdict(body) if body else None
asdict_headers = None
Expand Down
63 changes: 63 additions & 0 deletions testsuite/tests/kuadrant/authorino/response/test_deny_with.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
"""Test for custom deny responses."""
import pytest

from testsuite.objects import Value, ValueFrom, Rule

HEADERS = {
"x-string-header": Value("abc"),
"x-int-header": Value(16),
"x-list-header": Value([1, 2, 3]),
"x-dict-header": Value({"anything": "something"}),
"x-dynamic-header": ValueFrom("context.request.http.path"),
}

TESTING_PATH = "/deny"


@pytest.fixture(scope="module")
def authorization(authorization):
"""Set custom deny responses and auth rule with only allowed path '/allow'"""
authorization.responses.set_deny_with(
"unauthenticated",
code=333,
headers=HEADERS,
message=Value("Unauthenticated message"),
body=Value("You are unauthenticated."),
)
authorization.responses.set_deny_with(
"unauthorized",
code=444,
headers=HEADERS,
message=ValueFrom("My path is: " + "{context.request.http.path}"),
body=ValueFrom("You are unauthorized from path: " + "{context.request.http.path}"),
)
# Authorize only when url path is "/allow"
authorization.authorization.add_auth_rules("Whitelist", [Rule("context.request.http.path", "eq", "/allow")])
return authorization


def check_headers(response):
"""Check deny headers with normalization between HTTP strings and Python strings."""
assert response.headers["x-string-header"] == HEADERS["x-string-header"].value
assert response.headers["x-int-header"] == str(HEADERS["x-int-header"].value)
assert response.headers["x-list-header"] == str(HEADERS["x-list-header"].value).replace(" ", "")
assert response.headers["x-dict-header"] == str(HEADERS["x-dict-header"].value).replace(" ", "").replace("'", '"')
assert response.headers["x-dynamic-header"] == TESTING_PATH


def test_unauthenticated(client):
"""Test when no auth is passed results in custom unauthenticated response."""
response = client.get("/deny", auth=None)
assert response.status_code == 333
check_headers(response)
assert response.headers["x-ext-auth-reason"] == "Unauthenticated message"
assert response.content.decode() == "You are unauthenticated."


def test_unauthorized(client, auth):
"""Test when not allowed path is passed results in custom unauthorized response."""
response = client.get("/deny", auth=auth)
assert response.status_code == 444
check_headers(response)
assert response.headers["x-ext-auth-reason"] == f"My path is: {TESTING_PATH}"
assert response.content.decode() == f"You are unauthorized from path: {TESTING_PATH}"

0 comments on commit 3b5da48

Please sign in to comment.