summaryrefslogtreecommitdiff
path: root/internal/configuration/validator/access_control_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/configuration/validator/access_control_test.go')
-rw-r--r--internal/configuration/validator/access_control_test.go16
1 files changed, 16 insertions, 0 deletions
diff --git a/internal/configuration/validator/access_control_test.go b/internal/configuration/validator/access_control_test.go
index ae7dabb18..0671455a1 100644
--- a/internal/configuration/validator/access_control_test.go
+++ b/internal/configuration/validator/access_control_test.go
@@ -88,6 +88,22 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidNetworkGroupNetwork() {
suite.Assert().EqualError(suite.validator.Errors()[0], "access control: networks: network group 'internal' is invalid: the network 'abc.def.ghi.jkl' is not a valid IP or CIDR notation")
}
+func (suite *AccessControl) TestShouldRaiseWarningOnBadDomain() {
+ suite.config.AccessControl.Rules = []schema.ACLRule{
+ {
+ Domains: []string{"*example.com"},
+ Policy: "one_factor",
+ },
+ }
+
+ ValidateRules(suite.config, suite.validator)
+
+ suite.Assert().Len(suite.validator.Warnings(), 1)
+ suite.Require().Len(suite.validator.Errors(), 0)
+
+ suite.Assert().EqualError(suite.validator.Warnings()[0], "access control: rule #1: domain #1: domain '*example.com' is ineffective and should probably be '*.example.com' instead")
+}
+
func (suite *AccessControl) TestShouldRaiseErrorWithNoRulesDefined() {
suite.config.AccessControl.Rules = []schema.ACLRule{}