(t *testing.T)
| 30 | } |
| 31 | |
| 32 | func TestCheckAllowlist(t *testing.T) { |
| 33 | ctx := t.Context() |
| 34 | dbClient := getDBClient(t, ctx) |
| 35 | |
| 36 | allowlist, err := dbClient.CreateAllowList(ctx, "test", "test", "", false) |
| 37 | |
| 38 | require.NoError(t, err) |
| 39 | |
| 40 | added, err := dbClient.AddToAllowlist(ctx, allowlist, []*models.AllowlistItem{ |
| 41 | { |
| 42 | CreatedAt: strfmt.DateTime(time.Now()), |
| 43 | Value: "1.2.3.4", |
| 44 | }, |
| 45 | { |
| 46 | CreatedAt: strfmt.DateTime(time.Now()), |
| 47 | Value: "8.0.0.0/8", |
| 48 | Description: "range allowlist", |
| 49 | }, |
| 50 | { |
| 51 | CreatedAt: strfmt.DateTime(time.Now()), |
| 52 | Value: "2001:db8::/32", |
| 53 | }, |
| 54 | { |
| 55 | CreatedAt: strfmt.DateTime(time.Now()), |
| 56 | Value: "2.3.4.5", |
| 57 | Expiration: strfmt.DateTime(time.Now().Add(-time.Hour)), // expired item |
| 58 | }, |
| 59 | { |
| 60 | CreatedAt: strfmt.DateTime(time.Now()), |
| 61 | Value: "8a95:c186:9f96:4c75:0dad:49c6:ff62:94b8", |
| 62 | }, |
| 63 | }) |
| 64 | |
| 65 | require.NoError(t, err) |
| 66 | assert.Equal(t, 5, added) |
| 67 | |
| 68 | // Exatch match |
| 69 | allowlisted, reason, err := dbClient.IsAllowlisted(ctx, "1.2.3.4") |
| 70 | require.NoError(t, err) |
| 71 | require.True(t, allowlisted) |
| 72 | require.Equal(t, "1.2.3.4 from test", reason) |
| 73 | |
| 74 | // CIDR match |
| 75 | allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "8.8.8.8") |
| 76 | require.NoError(t, err) |
| 77 | require.True(t, allowlisted) |
| 78 | require.Equal(t, "8.0.0.0/8 from test (range allowlist)", reason) |
| 79 | |
| 80 | // IPv6 match |
| 81 | allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "2001:db8::1") |
| 82 | require.NoError(t, err) |
| 83 | require.True(t, allowlisted) |
| 84 | require.Equal(t, "2001:db8::/32 from test", reason) |
| 85 | |
| 86 | // Expired item |
| 87 | allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "2.3.4.5") |
| 88 | require.NoError(t, err) |
| 89 | require.False(t, allowlisted) |
nothing calls this directly
no test coverage detected
searching dependent graphs…