Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RA: Make ProfileSelectionAllowList test clearer #7981

Merged
merged 3 commits into from
Jan 28, 2025
Merged

RA: Make ProfileSelectionAllowList test clearer #7981

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
05dd31f
RA: Make ProfileSelectionAllowList test clearer
beautifulentropy Jan 27, 2025
4c05a84
Update ra/ra_test.go
beautifulentropy Jan 28, 2025
502750c
Fix suggestion syntax
beautifulentropy Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 26 additions & 17 deletions ra/ra_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1665,46 +1665,55 @@ func TestNewOrder_AuthzReuse_NoPending(t *testing.T) {
}

func TestNewOrder_ProfileSelectionAllowList(t *testing.T) {
t.Parallel()

_, _, ra, _, _, cleanUp := initAuthorities(t)
defer cleanUp()

testCases := []struct {
name string
allowList *allowlist.List[int64]
expectErr bool
expectErrContains string
name string
validationProfiles map[string]*ValidationProfile
expectErr bool
expectErrContains string
}{
{
name: "Allow All Account IDs",
allowList: nil,
name: "Allow all account IDs regardless of profile",
validationProfiles: nil,
expectErr: false,
},
{
name: "Allow all account IDs for this specific profile",
validationProfiles: map[string]*ValidationProfile{
"test": NewValidationProfile(nil),
},
expectErr: false,
},
{
name: "Deny all but account Id 1337",
allowList: allowlist.NewList([]int64{1337}),
name: "Deny all but account Id 1337",
validationProfiles: map[string]*ValidationProfile{
"test": NewValidationProfile(allowlist.NewList([]int64{1337})),
},
expectErr: true,
expectErrContains: "not permitted to use certificate profile",
},
{
name: "Deny all",
allowList: allowlist.NewList([]int64{}),
name: "Deny all",
validationProfiles: map[string]*ValidationProfile{
"test": NewValidationProfile(allowlist.NewList([]int64{})),
},
expectErr: true,
expectErrContains: "not permitted to use certificate profile",
},
{
name: "Allow Registration.Id",
allowList: allowlist.NewList([]int64{Registration.Id}),
name: "Allow Registration.Id",
validationProfiles: map[string]*ValidationProfile{
"test": NewValidationProfile(allowlist.NewList([]int64{Registration.Id})),
},
expectErr: false,
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
ra.validationProfiles = map[string]*ValidationProfile{
"test": NewValidationProfile(tc.allowList),
}
ra.validationProfiles = tc.validationProfiles

orderReq := &rapb.NewOrderRequest{
RegistrationID: Registration.Id,
Expand Down
Loading