MCPcopy
hub / github.com/openpubkey/opkssh / TestPluginUnsetsEnvVar

Function TestPluginUnsetsEnvVar

policy/plugins/plugins_test.go:385–419  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

383}
384
385func TestPluginUnsetsEnvVar(t *testing.T) {
386 mockFs := afero.NewMemMapFs()
387 tempDir, _ := afero.TempDir(mockFs, "", "policy_test")
388
389 enforcer := &PolicyPluginEnforcer{
390 Fs: mockFs,
391 cmdExecutor: func(name string, arg ...string) ([]byte, error) {
392 _, okTestValue := os.LookupEnv("OPKSSH_PLUGIN_TESTVALUE")
393 issValue, okIss := os.LookupEnv("OPKSSH_PLUGIN_ISS")
394 require.False(t, okTestValue, "OPKSSH_PLUGIN_TESTVALUE should have been unset before calling the command")
395 require.True(t, okIss, "OPKSSH_PLUGIN_ISS should still be set before calling the command")
396 require.Equal(t, issValue, "https://example.com")
397 return []byte("allow"), nil
398 },
399 permChecker: files.PermsChecker{
400 Fs: mockFs,
401 CmdRunner: func(name string, arg ...string) ([]byte, error) {
402 return []byte("root" + " " + "group"), nil
403 },
404 },
405 }
406
407 // Write test config plugins files
408 err := afero.WriteFile(mockFs, filepath.Join(tempDir, "policy.yml"), []byte(`
409name: Example Policy Command
410enforce_providers: true
411command: /usr/bin/local/opk/policy-cmd arg1 arg2 arg3`), 0640)
412 require.NoError(t, err)
413
414 os.Setenv("OPKSSH_PLUGIN_TESTVALUE", "testvalue")
415 os.Setenv("OPKSSH_PLUGIN_ISS", "should be overwritten")
416 res, err := enforcer.checkPolicies(tempDir, map[string]string{"OPKSSH_PLUGIN_ISS": "https://example.com"})
417 require.NoError(t, err)
418 require.NotNil(t, res)
419}
420
421func TestPublicCheckPolicy(t *testing.T) {
422 mockFs := afero.NewMemMapFs()

Callers

nothing calls this directly

Calls 2

checkPoliciesMethod · 0.95
WriteFileMethod · 0.65

Tested by

no test coverage detected