Test that the namespaces can be configured through the Ory Permission Language.
(t *testing.T)
| 191 | // Test that the namespaces can be configured through the Ory Permission |
| 192 | // Language. |
| 193 | func TestRewritesNamespaceConfig(t *testing.T) { |
| 194 | oplContent := ` |
| 195 | class User implements Namespace { |
| 196 | related: { |
| 197 | manager: User[] |
| 198 | } |
| 199 | } |
| 200 | |
| 201 | class Group implements Namespace { |
| 202 | related: { |
| 203 | members: (User | Group)[] |
| 204 | } |
| 205 | }` |
| 206 | |
| 207 | oplConfigFile := createFile(t, oplContent) |
| 208 | |
| 209 | srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { |
| 210 | _, err := w.Write([]byte(oplContent)) |
| 211 | if err != nil { |
| 212 | t.Fatal(err) |
| 213 | } |
| 214 | })) |
| 215 | t.Cleanup(func() { srv.Close() }) |
| 216 | |
| 217 | cases := []struct { |
| 218 | name string |
| 219 | location string |
| 220 | disallowPrivateIPRanges bool |
| 221 | expectErr bool |
| 222 | }{{ |
| 223 | name: "local file", |
| 224 | location: "file://" + oplConfigFile, |
| 225 | }, { |
| 226 | name: "HTTP url forbidden", |
| 227 | location: srv.URL, |
| 228 | disallowPrivateIPRanges: true, |
| 229 | expectErr: true, |
| 230 | }, { |
| 231 | name: "HTTP url allowed", |
| 232 | location: srv.URL, |
| 233 | }} |
| 234 | |
| 235 | for _, tc := range cases { |
| 236 | t.Run("case="+tc.name, func(t *testing.T) { |
| 237 | config := createFileF(t, ` |
| 238 | dsn: memory |
| 239 | clients: |
| 240 | http: |
| 241 | disallow_private_ip_ranges: %v |
| 242 | namespaces: |
| 243 | location: %s`, tc.disallowPrivateIPRanges, tc.location) |
| 244 | |
| 245 | _, p := setup(t, config) |
| 246 | nm, err := p.NamespaceManager() |
| 247 | if tc.expectErr { |
| 248 | assert.Error(t, err) |
| 249 | return |
| 250 | } |
nothing calls this directly
no test coverage detected