summaryrefslogtreecommitdiff
path: root/internal/authorization/util_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/authorization/util_test.go')
-rw-r--r--internal/authorization/util_test.go179
1 files changed, 0 insertions, 179 deletions
diff --git a/internal/authorization/util_test.go b/internal/authorization/util_test.go
index 811509b30..8b241084f 100644
--- a/internal/authorization/util_test.go
+++ b/internal/authorization/util_test.go
@@ -59,151 +59,6 @@ func TestShouldSplitDomainCorrectly(t *testing.T) {
assert.Equal(t, "com", suffix)
}
-func TestShouldParseRuleNetworks(t *testing.T) {
- schemaNetworks := []schema.AccessControlNetwork{
- {
- Name: "desktop",
- Networks: []string{
- "10.0.0.1",
- },
- },
- {
- Name: "lan",
- Networks: []string{
- "10.0.0.0/8",
- "172.16.0.0/12",
- "192.168.0.0/16",
- },
- },
- }
-
- _, firstNetwork, err := net.ParseCIDR("192.168.1.20/32")
- require.NoError(t, err)
-
- networksMap, networksCacheMap := parseSchemaNetworks(schemaNetworks)
-
- assert.Len(t, networksCacheMap, 5)
-
- networks := []string{"192.168.1.20", "lan"}
-
- acl := schemaNetworksToACL(networks, networksMap, networksCacheMap)
-
- assert.Len(t, networksCacheMap, 7)
-
- require.Len(t, acl, 4)
- assert.Equal(t, firstNetwork, acl[0])
- assert.Equal(t, networksMap["lan"][0], acl[1])
- assert.Equal(t, networksMap["lan"][1], acl[2])
- assert.Equal(t, networksMap["lan"][2], acl[3])
-
- // Check they are the same memory address.
- assert.True(t, networksMap["lan"][0] == acl[1])
- assert.True(t, networksMap["lan"][1] == acl[2])
- assert.True(t, networksMap["lan"][2] == acl[3])
-
- assert.False(t, firstNetwork == acl[0])
-}
-
-func TestShouldParseACLNetworks(t *testing.T) {
- schemaNetworks := []schema.AccessControlNetwork{
- {
- Name: "test",
- Networks: []string{
- "10.0.0.1",
- },
- },
- {
- Name: "second",
- Networks: []string{
- "10.0.0.1",
- },
- },
- {
- Name: "duplicate",
- Networks: []string{
- "10.0.0.1",
- },
- },
- {
- Name: "duplicate",
- Networks: []string{
- "10.0.0.1",
- },
- },
- {
- Name: "ipv6",
- Networks: []string{
- "fec0::1",
- },
- },
- {
- Name: "ipv6net",
- Networks: []string{
- "fec0::1/64",
- },
- },
- {
- Name: "net",
- Networks: []string{
- "10.0.0.0/8",
- },
- },
- {
- Name: "badnet",
- Networks: []string{
- "bad/8",
- },
- },
- }
-
- _, firstNetwork, err := net.ParseCIDR("10.0.0.1/32")
- require.NoError(t, err)
-
- _, secondNetwork, err := net.ParseCIDR("10.0.0.0/8")
- require.NoError(t, err)
-
- _, thirdNetwork, err := net.ParseCIDR("fec0::1/64")
- require.NoError(t, err)
-
- _, fourthNetwork, err := net.ParseCIDR("fec0::1/128")
- require.NoError(t, err)
-
- networksMap, networksCacheMap := parseSchemaNetworks(schemaNetworks)
-
- require.Len(t, networksMap, 6)
- require.Contains(t, networksMap, "test")
- require.Contains(t, networksMap, "second")
- require.Contains(t, networksMap, "duplicate")
- require.Contains(t, networksMap, "ipv6")
- require.Contains(t, networksMap, "ipv6net")
- require.Contains(t, networksMap, "net")
- require.Len(t, networksMap["test"], 1)
-
- require.Len(t, networksCacheMap, 7)
- require.Contains(t, networksCacheMap, "10.0.0.1")
- require.Contains(t, networksCacheMap, "10.0.0.1/32")
- require.Contains(t, networksCacheMap, "10.0.0.1/32")
- require.Contains(t, networksCacheMap, "10.0.0.0/8")
- require.Contains(t, networksCacheMap, "fec0::1")
- require.Contains(t, networksCacheMap, "fec0::1/128")
- require.Contains(t, networksCacheMap, "fec0::1/64")
-
- assert.Equal(t, firstNetwork, networksMap["test"][0])
- assert.Equal(t, secondNetwork, networksMap["net"][0])
- assert.Equal(t, thirdNetwork, networksMap["ipv6net"][0])
- assert.Equal(t, fourthNetwork, networksMap["ipv6"][0])
-
- assert.Equal(t, firstNetwork, networksCacheMap["10.0.0.1"])
- assert.Equal(t, firstNetwork, networksCacheMap["10.0.0.1/32"])
-
- assert.Equal(t, secondNetwork, networksCacheMap["10.0.0.0/8"])
-
- assert.Equal(t, thirdNetwork, networksCacheMap["fec0::1/64"])
-
- assert.Equal(t, fourthNetwork, networksCacheMap["fec0::1"])
- assert.Equal(t, fourthNetwork, networksCacheMap["fec0::1/128"])
-}
-
func TestIsAuthLevelSufficient(t *testing.T) {
assert.False(t, IsAuthLevelSufficient(authentication.NotAuthenticated, Denied))
assert.False(t, IsAuthLevelSufficient(authentication.OneFactor, Denied))
@@ -249,40 +104,6 @@ func TestStringSliceToRegexpSlice(t *testing.T) {
}
}
-func TestSchemaNetworksToACL(t *testing.T) {
- testCases := []struct {
- name string
- have []string
- globals map[string][]*net.IPNet
- cache map[string]*net.IPNet
- expected []*net.IPNet
- }{
- {
- "ShouldLoadFromCache",
- []string{"192.168.0.0/24"},
- nil,
- map[string]*net.IPNet{"192.168.0.0/24": MustParseCIDR("192.168.0.0/24")},
- []*net.IPNet{MustParseCIDR("192.168.0.0/24")},
- },
- }
-
- for _, tc := range testCases {
- t.Run(tc.name, func(t *testing.T) {
- if tc.globals == nil {
- tc.globals = map[string][]*net.IPNet{}
- }
-
- if tc.cache == nil {
- tc.cache = map[string]*net.IPNet{}
- }
-
- actual := schemaNetworksToACL(tc.have, tc.globals, tc.cache)
-
- assert.Equal(t, tc.expected, actual)
- })
- }
-}
-
func TestIsOpenIDConnectMFA(t *testing.T) {
testCases := []struct {
name string