Documentation
¶
Overview ¶
Package authz provides helper APIs to simplify writing authz test cases. It also packs authz rotate and get operations with the corresponding verifications to prevent code duplications and increase the test code readability.
Index ¶
- func LoadPolicyFromJSONFile(t *testing.T, filePath string) map[string]AuthorizationPolicy
- func Verify(t testing.TB, dut *ondatra.DUTDevice, spiffe *Spiffe, rpc *gnxi.RPC, ...)
- type AuthorizationPolicy
- func (p *AuthorizationPolicy) AddAllowRules(name string, users []string, rpcs []*gnxi.RPC)
- func (p *AuthorizationPolicy) AddDenyRules(name string, users []string, rpcs []*gnxi.RPC)
- func (p *AuthorizationPolicy) Marshal() ([]byte, error)
- func (p *AuthorizationPolicy) PrettyPrint(t *testing.T) string
- func (p *AuthorizationPolicy) Rotate(t *testing.T, dut *ondatra.DUTDevice, createdOn uint64, version string, ...)
- func (p *AuthorizationPolicy) Unmarshal(jsonString string) error
- type ExceptDeny
- type HardVerify
- type Rule
- type Spiffe
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadPolicyFromJSONFile ¶
func LoadPolicyFromJSONFile(t *testing.T, filePath string) map[string]AuthorizationPolicy
LoadPolicyFromJSONFile Loads Policy from a JSON File.
Types ¶
type AuthorizationPolicy ¶
type AuthorizationPolicy struct {
// name of policy.
Name string `json:"name"`
// rules that specify what are allowed by users.
AllowRules []Rule `json:"allow_rules,omitempty"`
// rules that specify what are denied for users.
DenyRules []Rule `json:"deny_rules,omitempty"`
}
AuthorizationPolicy is an struct to save an authz policy.
func Get ¶
func Get(t testing.TB, dut *ondatra.DUTDevice) (*authzpb.GetResponse, *AuthorizationPolicy)
Get read the applied policy from device dut. this is test api and fails the test when it fails.
func NewAuthorizationPolicy ¶
func NewAuthorizationPolicy(name string) *AuthorizationPolicy
NewAuthorizationPolicy creates an empty policy.
func (*AuthorizationPolicy) AddAllowRules ¶
func (p *AuthorizationPolicy) AddAllowRules(name string, users []string, rpcs []*gnxi.RPC)
AddAllowRules adds an allow rule for policy p.
func (*AuthorizationPolicy) AddDenyRules ¶
func (p *AuthorizationPolicy) AddDenyRules(name string, users []string, rpcs []*gnxi.RPC)
AddDenyRules adds an allow rule for policy p.
func (*AuthorizationPolicy) Marshal ¶
func (p *AuthorizationPolicy) Marshal() ([]byte, error)
Marshal marshal a policy from json string.
func (*AuthorizationPolicy) PrettyPrint ¶
func (p *AuthorizationPolicy) PrettyPrint(t *testing.T) string
PrettyPrint prints policy p in a pretty format.
func (*AuthorizationPolicy) Rotate ¶
func (p *AuthorizationPolicy) Rotate(t *testing.T, dut *ondatra.DUTDevice, createdOn uint64, version string, forcOverwrite bool)
Rotate apply policy p on device dut, this is test api for positive testing and it fails the test on failure.
func (*AuthorizationPolicy) Unmarshal ¶
func (p *AuthorizationPolicy) Unmarshal(jsonString string) error
Unmarshal unmarshal policy p to json string.
type ExceptDeny ¶
type ExceptDeny struct {
}
ExceptDeny is passed to verify function when failure is expected.
type HardVerify ¶
type HardVerify struct {
}
HardVerify is passed to verify function when verification is carried out via execution on the RPC using the user svid.
type Rule ¶
type Rule struct {
// name of the rule.
Name string `json:"name"`
// the users that rule defined for.
Source struct {
Principals []string `json:"principals"`
} `json:"source"`
// rpc for which the rule is specified.
Request struct {
Paths []string `json:"paths"`
} `json:"request"`
}
Rule represent the structure for an authz rule.
Source Files