(t *testing.T)
| 383 | } |
| 384 | |
| 385 | func TestPluginUnsetsEnvVar(t *testing.T) { |
| 386 | mockFs := afero.NewMemMapFs() |
| 387 | tempDir, _ := afero.TempDir(mockFs, "", "policy_test") |
| 388 | |
| 389 | enforcer := &PolicyPluginEnforcer{ |
| 390 | Fs: mockFs, |
| 391 | cmdExecutor: func(name string, arg ...string) ([]byte, error) { |
| 392 | _, okTestValue := os.LookupEnv("OPKSSH_PLUGIN_TESTVALUE") |
| 393 | issValue, okIss := os.LookupEnv("OPKSSH_PLUGIN_ISS") |
| 394 | require.False(t, okTestValue, "OPKSSH_PLUGIN_TESTVALUE should have been unset before calling the command") |
| 395 | require.True(t, okIss, "OPKSSH_PLUGIN_ISS should still be set before calling the command") |
| 396 | require.Equal(t, issValue, "https://example.com") |
| 397 | return []byte("allow"), nil |
| 398 | }, |
| 399 | permChecker: files.PermsChecker{ |
| 400 | Fs: mockFs, |
| 401 | CmdRunner: func(name string, arg ...string) ([]byte, error) { |
| 402 | return []byte("root" + " " + "group"), nil |
| 403 | }, |
| 404 | }, |
| 405 | } |
| 406 | |
| 407 | // Write test config plugins files |
| 408 | err := afero.WriteFile(mockFs, filepath.Join(tempDir, "policy.yml"), []byte(` |
| 409 | name: Example Policy Command |
| 410 | enforce_providers: true |
| 411 | command: /usr/bin/local/opk/policy-cmd arg1 arg2 arg3`), 0640) |
| 412 | require.NoError(t, err) |
| 413 | |
| 414 | os.Setenv("OPKSSH_PLUGIN_TESTVALUE", "testvalue") |
| 415 | os.Setenv("OPKSSH_PLUGIN_ISS", "should be overwritten") |
| 416 | res, err := enforcer.checkPolicies(tempDir, map[string]string{"OPKSSH_PLUGIN_ISS": "https://example.com"}) |
| 417 | require.NoError(t, err) |
| 418 | require.NotNil(t, res) |
| 419 | } |
| 420 | |
| 421 | func TestPublicCheckPolicy(t *testing.T) { |
| 422 | mockFs := afero.NewMemMapFs() |
nothing calls this directly
no test coverage detected