@@ -51,24 +51,28 @@ policy_eval :={"name":namespace_name,"match":allow_policy} {
5151func TestEvalPolicy (t * testing.T ) {
5252 res := NewEvalCmd ()
5353 tests := []struct {
54- name string
55- cmd []string
56- evalExpr string
57- policy string
58- want bool
54+ name string
55+ cmd []string
56+ evalExpr string
57+ policy string
58+ want bool
59+ returnKeys string
5960 }{
6061 {name : "two command and deny policy match" , evalExpr : "'${0}' != '';&& [${1} MATCH no_permission.policy QUERY itsio.policy_eval RETURN match,name]" , cmd : []string {"kubectl get pods --no-headers -o custom-columns=\" :metadata.name\" " ,
6162 "kubectl get pod ${0} -o json" },
62- policy : AllowPolicy , want : true },
63+ policy : AllowPolicy , want : true , returnKeys : "match" },
6364 {name : "two command and deny policy expr not match" , evalExpr : "'${0}' == '';&& [${1} MATCH no_permission.policy QUERY itsio.policy_eval RETURN match,name]" , cmd : []string {"kubectl get pods --no-headers -o custom-columns=\" :metadata.name\" " ,
6465 "kubectl get pod ${0} -o json" },
65- policy : NotAllowPolicy , want : false },
66+ policy : NotAllowPolicy , want : false , returnKeys : "match" },
6667 }
6768 for _ , tt := range tests {
6869 t .Run (tt .name , func (t * testing.T ) {
6970 if got := res .EvalCommandPolicy (tt .cmd , tt .evalExpr , tt .policy ); got .Match != tt .want {
7071 t .Errorf ("TestEvalPolicy() = %v, want %v err %v" , got , tt .want , got .Error )
7172 }
73+ if got := res .EvalCommandPolicy (tt .cmd , tt .evalExpr , tt .policy ); got .ReturnKeys [0 ] == tt .returnKeys {
74+ t .Errorf ("TestEvalPolicy() = %v, want %v err %v" , got , tt .want , got .Error )
75+ }
7276 })
7377 }
7478}
0 commit comments