add test cases

kondukto-io · Mar 28, 2024 · a545e0e · a545e0e
1 parent 10b7a86
commit a545e0e
Showing 1 changed file with 35 additions and 24 deletions.
diff --git a/pkg/policy/policy_test.go b/pkg/policy/policy_test.go
@@ -7,35 +7,46 @@ import (
 	"github.com/kondukto-io/kntrl/bundle"
 )
 
+var testCases = map[string]struct {
+	query    []byte
+	input    []byte
+	expected bool
+}{
+	"allow_local_ip_ranges": {
+		[]byte(`{"allowed_hosts":["foo.com"], "allowed_ip_addr":["1.1.1.1"], "allow_github_meta": false, "allow_local_ip_ranges": true}`),
+		[]byte(`{"pid": 2806,"task_name": "curl","proto": "tcp","daddr": "192.168.0.1","dport": 443,"domains": [".kondukto.io"]}`),
+		true,
+	},
+	"allow_ip_addr": {
+		[]byte(`{"allowed_hosts":["foo.com"], "allowed_ip_addr":["1.1.1.1"], "allow_github_meta": false, "allow_local_ip_ranges": true}`),
+		[]byte(`{"pid": 2806,"task_name": "curl","proto": "tcp","daddr": "1.1.1.1","dport": 443,"domains": [".kondukto.io"]}`),
+		true,
+	},
+	"allow_host": {
+		[]byte(`{"allowed_hosts":["foo.com"], "allowed_ip_addr":["1.1.1.1"], "allow_github_meta": false, "allow_local_ip_ranges": true}`),
+		[]byte(`{"pid": 2806,"task_name": "curl","proto": "tcp","daddr": "1.1.1.1","dport": 443,"domains": ["foo.com"]}`),
+		true,
+	},
+}
+
 func TestPolicyRawLocal(t *testing.T) {
 	var bundleFS = bundle.Bundle
 
-	raw := `{"allowed_hosts":["foo.com"], "allowed_ip_addr":["1.1.1.1"], "allow_github_meta": false, "allow_local_ip_ranges": true}`
-
-	input := `{
-    "pid": 2806,
-    "task_name": "curl",
-    "proto": "tcp",
-    "daddr": "192.168.0.1",
-    "dport": 443,
-    "domains": [
-        ".kondukto.io"
-    ]}`
-
-	p, err := New(bundleFS, []byte(raw))
-	if err != nil {
-		t.Errorf("policy init error: %v", err)
-	}
+	for name, test := range testCases {
+		p, err := New(bundleFS, test.query)
+		if err != nil {
+			t.Errorf("[%s] policy init error: %v", name, err)
+		}
+		p.AddQuery("data.kntrl.policy")
 
-	p.AddQuery("data.kntrl.policy")
+		result, err := p.Eval(context.Background(), test.input)
+		if err != nil {
+			t.Errorf("[%s] eval error: %v", name, err)
+		}
 
-	result, err := p.Eval(context.Background(), []byte(input))
-	if err != nil {
-		t.Errorf("eval error: %v", err)
-	}
+		if result != test.expected {
+			t.Errorf("[%s] expected policy status '%v', got %v", name, test.expected, result)
+		}
 
-	expected := true
-	if result != expected {
-		t.Errorf("expected policy status to be '%v', got %v", expected, result)
 	}
 }