Issue #69, Added tests for new load/show/validate commands

hexa-org · Oct 29, 2024 · 2152ada · 2152ada
1 parent c7deea9
commit 2152ada
Show file tree

Hide file tree

Showing 6 changed files with 274 additions and 73 deletions.
diff --git a/cmd/hexa/hexa_test.go b/cmd/hexa/hexa_test.go
@@ -546,6 +546,43 @@ func (suite *testSuite) Test10_Export() {
 	_ = os.Remove("test10.json")
 }
 
+func (suite *testSuite) Test11_LoadShowAndValidateModel() {
+
+	cmdLoad := "load model ./test/photoSchema.json"
+	cmdShow := "show model PhotoApp"
+	cmdValidate := "validate policy PhotoApp ./test/photoidql.json"
+
+	// First try show and validate. They should return errors
+	res, err := suite.executeCommand(cmdShow, 0)
+	assert.Error(suite.T(), err, "no namespaces loaded. Use the `load model` command")
+
+	res, err = suite.executeCommand(cmdValidate, 0)
+	assert.Error(suite.T(), err, "no namespaces loaded. Use the `load model` command")
+
+	// Now perform the load
+	res, err = suite.executeCommand(cmdLoad, 0)
+	assert.NoError(suite.T(), err, "Check no error after load model")
+	testLog.Println(string(res))
+	assert.Contains(suite.T(), string(res), "PhotoApp")
+
+	// Perform show
+	res, err = suite.executeCommand(cmdShow, 0)
+	assert.NoError(suite.T(), err, "Check no error after show model")
+	testLog.Println(string(res))
+
+	match := `listPhotos, applies to
+ Subjects:	User, UserGroup
+ Objects:	Photo`
+	assert.Contains(suite.T(), string(res), match)
+
+	// Perform validate
+	res, err = suite.executeCommand(cmdValidate, 0)
+	assert.NoError(suite.T(), err, "Check no error after validate policy")
+	testLog.Println(string(res))
+	assert.Contains(suite.T(), string(res), ".Valid")
+	assert.Contains(suite.T(), string(res), "invalid condition entity type: PhotoApp:BadAccount:\"stacey\"")
+}
+
 func (suite *testSuite) Test99_ConfigSave() {
 
 	config := suite.pd.cli.Data

diff --git a/cmd/hexa/policyInfoModel.go b/cmd/hexa/policyInfoModel.go
@@ -167,12 +167,15 @@ func (s *ShowModelCmd) Run(cli *CLI) error {
 }
 
 type ValidatePolicyCmd struct {
-	Namespace string `arg:"" help:"Default namespace for the policy (e.g. PhotoApp)"`
+	Namespace string `arg:"" required:"" help:"Default namespace for the policy (e.g. PhotoApp)"`
 	File      string `arg:"" required:"" type:"path" help:"A json file containing an IDQL Policy to be validated"`
 }
 
 func (v *ValidatePolicyCmd) Run(cli *CLI) error {
 	ow := cli.GetOutputWriter()
+	if cli.Namespaces == nil {
+		return errors.New("no namespaces loaded. Use the `load model` command")
+	}
 	validator := pimValidate.GetValidator(*cli.Namespaces, v.Namespace)
 
 	policies, err := hexapolicysupport.ParsePolicyFile(v.File)

diff --git a/cmd/hexa/test/photoSchema.json b/cmd/hexa/test/photoSchema.json
@@ -0,0 +1,131 @@
+{
+  "PhotoApp": {
+    "commonTypes": {
+      "PersonType": {
+        "type": "Record",
+        "attributes": {
+          "age": {
+            "type": "Long"
+          },
+          "name": {
+            "type": "String"
+          }
+        }
+      },
+      "ContextType": {
+        "type": "Record",
+        "attributes": {
+          "ip": {
+            "type": "Extension",
+            "name": "ipaddr",
+            "required": false
+          },
+          "authenticated": {
+            "type": "Boolean",
+            "required": true
+          }
+        }
+      }
+    },
+    "entityTypes": {
+      "User": {
+        "shape": {
+          "type": "Record",
+          "attributes": {
+            "userId": {
+              "type": "String"
+            },
+            "personInformation": {
+              "type": "PersonType"
+            }
+          }
+        },
+        "memberOfTypes": [
+          "UserGroup"
+        ]
+      },
+      "UserGroup": {
+        "shape": {
+          "type": "Record",
+          "attributes": {}
+        }
+      },
+      "Photo": {
+        "shape": {
+          "type": "Record",
+          "attributes": {
+            "account": {
+              "type": "Entity",
+              "name": "Account",
+              "required": true
+            },
+            "private": {
+              "type": "Boolean",
+              "required": true
+            }
+          }
+        },
+        "memberOfTypes": [
+          "Album",
+          "Account"
+        ]
+      },
+      "Album": {
+        "shape": {
+          "type": "Record",
+          "attributes": {}
+        }
+      },
+      "Account": {
+        "shape": {
+          "type": "Record",
+          "attributes": {}
+        }
+      }
+    },
+    "actions": {
+      "viewPhoto": {
+        "appliesTo": {
+          "principalTypes": [
+            "User",
+            "UserGroup"
+          ],
+          "resourceTypes": [
+            "Photo"
+          ],
+          "context": {
+            "type": "ContextType"
+          }
+        }
+      },
+      "createPhoto": {
+        "appliesTo": {
+          "principalTypes": [
+            "User",
+            "UserGroup"
+          ],
+          "resourceTypes": [
+            "Photo"
+          ],
+          "context": {
+            "type": "ContextType"
+          }
+        }
+      },
+      "listPhotos": {
+        "appliesTo": {
+          "principalTypes": [
+            "User",
+            "UserGroup"
+          ],
+          "resourceTypes": [
+            "Photo"
+          ],
+          "context": {
+            "type": "ContextType"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/cmd/hexa/test/photoidql.json b/cmd/hexa/test/photoidql.json
@@ -0,0 +1,30 @@
+[
+  {
+    "meta": {
+      "version": "0.7"
+    },
+    "subjects": [
+      "PhotoApp:User:\"alice\""
+    ],
+    "actions": [
+      "PhotoApp:Action:\"viewPhoto\""
+    ],
+    "object": "PhotoApp:Photo:\"vacationPhoto.jpg\""
+  },
+  {
+    "meta": {
+      "version": "0.7"
+    },
+    "subjects": [
+      "PhotoApp:User:\"stacey\""
+    ],
+    "actions": [
+      "PhotoApp:Action:\"viewPhoto\""
+    ],
+    "object": "",
+    "condition": {
+      "Rule": "resource in PhotoApp:BadAccount:\"stacey\"",
+      "Action": "allow"
+    }
+  }
+]
diff --git a/go.mod b/go.mod
@@ -9,18 +9,18 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/MicahParks/jwkset v0.5.20
 	github.com/MicahParks/keyfunc/v3 v3.3.5
-	github.com/alecthomas/assert/v2 v2.10.0
+	github.com/alecthomas/assert/v2 v2.11.0
 	github.com/alecthomas/kong v1.2.1
 	github.com/alecthomas/participle/v2 v2.1.1
 	github.com/alexedwards/scs/v2 v2.8.0
-	github.com/aws/aws-sdk-go-v2 v1.32.2
-	github.com/aws/aws-sdk-go-v2/config v1.28.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.41
-	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.12
-	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.46.2
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.36.2
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0
-	github.com/aws/aws-sdk-go-v2/service/verifiedpermissions v1.19.2
+	github.com/aws/aws-sdk-go-v2 v1.32.3
+	github.com/aws/aws-sdk-go-v2/config v1.28.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.13
+	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.46.3
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.36.3
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.2
+	github.com/aws/aws-sdk-go-v2/service/verifiedpermissions v1.19.3
 	github.com/cedar-policy/cedar-go v0.4.0
 	github.com/chzyer/readline v1.5.1
 	github.com/coreos/go-oidc/v3 v3.11.0
@@ -38,33 +38,33 @@ require (
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
 	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.201.0
+	google.golang.org/api v0.203.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38
 )
 
 require (
-	cloud.google.com/go/auth v0.9.8 // indirect
+	cloud.google.com/go/auth v0.9.9 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/alecthomas/repr v0.4.0 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -90,7 +90,7 @@ require (
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.60.0 // indirect
+	github.com/prometheus/common v0.60.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect