summaryrefslogtreecommitdiff
path: root/internal/configuration/validator/access_control_test.go
diff options
context:
space:
mode:
authorJames Elliott <james-d-elliott@users.noreply.github.com>2023-10-07 20:42:14 +1100
committerGitHub <noreply@github.com>2023-10-07 19:42:14 +1000
commit82935c700edc9d01919f2fdfbdfb0f093da796cb (patch)
tree22ec165c1f89500807928bb94bb2dd84c152e352 /internal/configuration/validator/access_control_test.go
parenteed8ac12bab750e8a2f4396cd430511ae20fd3ec (diff)
refactor: fix acl log message consistency (#6097)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/configuration/validator/access_control_test.go')
-rw-r--r--internal/configuration/validator/access_control_test.go46
1 files changed, 23 insertions, 23 deletions
diff --git a/internal/configuration/validator/access_control_test.go b/internal/configuration/validator/access_control_test.go
index f440393ba..ad38ec9a0 100644
--- a/internal/configuration/validator/access_control_test.go
+++ b/internal/configuration/validator/access_control_test.go
@@ -59,7 +59,7 @@ func (suite *AccessControl) TestShouldValidateEitherDomainsOrDomainsRegex() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- assert.EqualError(suite.T(), suite.validator.Errors()[0], "access control: rule #3: option 'domain' or 'domain_regex' must be present but are both absent")
+ assert.EqualError(suite.T(), suite.validator.Errors()[0], "access_control: rule #3: option 'domain' or 'domain_regex' must be present but are both absent")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidDefaultPolicy() {
@@ -70,7 +70,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidDefaultPolicy() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: option 'default_policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'invalid'")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: option 'default_policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'invalid'")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidNetworkGroupNetwork() {
@@ -86,7 +86,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidNetworkGroupNetwork() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: networks: network group 'internal' is invalid: the network 'abc.def.ghi.jkl' is not a valid IP or CIDR notation")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: networks: network group 'internal' is invalid: the network 'abc.def.ghi.jkl' is not a valid IP or CIDR notation")
}
func (suite *AccessControl) TestShouldRaiseWarningOnBadDomain() {
@@ -102,7 +102,7 @@ func (suite *AccessControl) TestShouldRaiseWarningOnBadDomain() {
suite.Assert().Len(suite.validator.Warnings(), 1)
suite.Require().Len(suite.validator.Errors(), 0)
- suite.Assert().EqualError(suite.validator.Warnings()[0], "access control: rule #1: domain #1: domain '*example.com' is ineffective and should probably be '*.example.com' instead")
+ suite.Assert().EqualError(suite.validator.Warnings()[0], "access_control: rule #1: domain #1: domain '*example.com' is ineffective and should probably be '*.example.com' instead")
}
func (suite *AccessControl) TestShouldRaiseErrorWithNoRulesDefined() {
@@ -113,7 +113,7 @@ func (suite *AccessControl) TestShouldRaiseErrorWithNoRulesDefined() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'")
}
func (suite *AccessControl) TestShouldRaiseWarningWithNoRulesDefined() {
@@ -126,7 +126,7 @@ func (suite *AccessControl) TestShouldRaiseWarningWithNoRulesDefined() {
suite.Assert().Len(suite.validator.Errors(), 0)
suite.Require().Len(suite.validator.Warnings(), 1)
- suite.Assert().EqualError(suite.validator.Warnings()[0], "access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests")
+ suite.Assert().EqualError(suite.validator.Warnings()[0], "access_control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests")
}
func (suite *AccessControl) TestShouldRaiseErrorsWithEmptyRules() {
@@ -142,10 +142,10 @@ func (suite *AccessControl) TestShouldRaiseErrorsWithEmptyRules() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 4)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1: option 'domain' or 'domain_regex' must be present but are both absent")
- suite.Assert().EqualError(suite.validator.Errors()[1], "access control: rule #1: option 'policy' must be present but it's absent")
- suite.Assert().EqualError(suite.validator.Errors()[2], "access control: rule #2: option 'domain' or 'domain_regex' must be present but are both absent")
- suite.Assert().EqualError(suite.validator.Errors()[3], "access control: rule #2: option 'policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'wrong'")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1: option 'domain' or 'domain_regex' must be present but are both absent")
+ suite.Assert().EqualError(suite.validator.Errors()[1], "access_control: rule #1: option 'policy' must be present but it's absent")
+ suite.Assert().EqualError(suite.validator.Errors()[2], "access_control: rule #2: option 'domain' or 'domain_regex' must be present but are both absent")
+ suite.Assert().EqualError(suite.validator.Errors()[3], "access_control: rule #2: option 'policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'wrong'")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidPolicy() {
@@ -161,7 +161,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidPolicy() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): option 'policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'invalid'")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): option 'policy' must be one of 'bypass', 'one_factor', 'two_factor', or 'deny' but it's configured as 'invalid'")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidNetwork() {
@@ -178,7 +178,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidNetwork() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): the network 'abc.def.ghi.jkl/32' is not a valid Group Name, IP, or CIDR notation")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): the network 'abc.def.ghi.jkl/32' is not a valid Group Name, IP, or CIDR notation")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
@@ -195,7 +195,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): option 'methods' must only have the values 'GET', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE', 'TRACE', 'CONNECT', 'OPTIONS', 'COPY', 'LOCK', 'MKCOL', 'MOVE', 'PROPFIND', 'PROPPATCH', or 'UNLOCK' but the values 'HOP' are present")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): option 'methods' must only have the values 'GET', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE', 'TRACE', 'CONNECT', 'OPTIONS', 'COPY', 'LOCK', 'MKCOL', 'MOVE', 'PROPFIND', 'PROPPATCH', or 'UNLOCK' but the values 'HOP' are present")
}
func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
@@ -212,7 +212,7 @@ func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): option 'methods' must have unique values but the values 'GET' are duplicated")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): option 'methods' must have unique values but the values 'GET' are duplicated")
}
func (suite *AccessControl) TestShouldRaiseErrorInvalidSubject() {
@@ -231,7 +231,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidSubject() {
suite.Require().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 2)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): 'subject' option 'invalid' is invalid: must start with 'user:' or 'group:'")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): 'subject' option 'invalid' is invalid: must start with 'user:' or 'group:'")
suite.Assert().EqualError(suite.validator.Errors()[1], fmt.Sprintf(errAccessControlRuleBypassPolicyInvalidWithSubjects, ruleDescriptor(1, suite.config.AccessControl.Rules[0])))
}
@@ -248,7 +248,7 @@ func (suite *AccessControl) TestShouldRaiseErrorBypassWithSubjectDomainRegexGrou
suite.Require().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 1)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1: 'policy' option 'bypass' is not supported when 'domain_regex' option contains the user or group named matches. For more information see: https://www.authelia.com/c/acl-match-concept-2")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1: 'policy' option 'bypass' is not supported when 'domain_regex' option contains the user or group named matches. For more information see: https://www.authelia.com/c/acl-match-concept-2")
}
func (suite *AccessControl) TestShouldSetQueryDefaults() {
@@ -385,13 +385,13 @@ func (suite *AccessControl) TestShouldErrorOnInvalidRulesQuery() {
suite.Assert().Len(suite.validator.Warnings(), 0)
suite.Require().Len(suite.validator.Errors(), 7)
- suite.Assert().EqualError(suite.validator.Errors()[0], "access control: rule #1 (domain 'public.example.com'): query: option 'value' must be present when the option 'operator' is 'equal' but it's absent")
- suite.Assert().EqualError(suite.validator.Errors()[1], "access control: rule #2 (domain 'public.example.com'): query: option 'key' is required but it's absent")
- suite.Assert().EqualError(suite.validator.Errors()[2], "access control: rule #5 (domain 'public.example.com'): query: option 'key' is required but it's absent")
- suite.Assert().EqualError(suite.validator.Errors()[3], "access control: rule #6 (domain 'public.example.com'): query: option 'operator' must be one of 'present', 'absent', 'equal', 'not equal', 'pattern', or 'not pattern' but it's configured as 'not'")
- suite.Assert().EqualError(suite.validator.Errors()[4], "access control: rule #7 (domain 'public.example.com'): query: option 'value' is invalid: error parsing regexp: missing closing ): `(bad pattern`")
- suite.Assert().EqualError(suite.validator.Errors()[5], "access control: rule #8 (domain 'public.example.com'): query: option 'value' must not be present when the option 'operator' is 'present' but it's present")
- suite.Assert().EqualError(suite.validator.Errors()[6], "access control: rule #9 (domain 'public.example.com'): query: option 'value' is invalid: expected type was string but got int")
+ suite.Assert().EqualError(suite.validator.Errors()[0], "access_control: rule #1 (domain 'public.example.com'): query: option 'value' must be present when the option 'operator' is 'equal' but it's absent")
+ suite.Assert().EqualError(suite.validator.Errors()[1], "access_control: rule #2 (domain 'public.example.com'): query: option 'key' is required but it's absent")
+ suite.Assert().EqualError(suite.validator.Errors()[2], "access_control: rule #5 (domain 'public.example.com'): query: option 'key' is required but it's absent")
+ suite.Assert().EqualError(suite.validator.Errors()[3], "access_control: rule #6 (domain 'public.example.com'): query: option 'operator' must be one of 'present', 'absent', 'equal', 'not equal', 'pattern', or 'not pattern' but it's configured as 'not'")
+ suite.Assert().EqualError(suite.validator.Errors()[4], "access_control: rule #7 (domain 'public.example.com'): query: option 'value' is invalid: error parsing regexp: missing closing ): `(bad pattern`")
+ suite.Assert().EqualError(suite.validator.Errors()[5], "access_control: rule #8 (domain 'public.example.com'): query: option 'value' must not be present when the option 'operator' is 'present' but it's present")
+ suite.Assert().EqualError(suite.validator.Errors()[6], "access_control: rule #9 (domain 'public.example.com'): query: option 'value' is invalid: expected type was string but got int")
}
func TestAccessControl(t *testing.T) {