Add CLI tests for new policy options

Author: tpoliaw

Cargo.toml

@@ -30,6 +30,7 @@ tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 url = "2.5.2"
 
 [dev-dependencies]
+assert_matches = "1.5.0"
 async-std = { version = "1.13.0", features = ["attributes"], default-features = false }
 httpmock = { version = "0.7.0", default-features = false }
 rstest = "0.23.0"

src/cli.rs

@@ -77,7 +77,7 @@ pub struct PolicyOptions {
     ///
     /// eg. v1/data/diamond/policy/session/write_to_beamline_visit
     #[clap(long, required = false)]
-    pub visit_query: String,
+    pub access_query: String,
     /// The Rego rule used to generate admin access data
     ///
     /// eg. v1/data/diamond/policy/admin/configure_beamline
@@ -154,6 +154,7 @@ impl TracingOptions {
 mod tests {
     use std::path::PathBuf;
 
+    use assert_matches::assert_matches;
     use clap::error::ErrorKind;
     use clap::Parser;
     use tracing::Level;
@@ -176,6 +177,8 @@ mod tests {
         };
         assert_eq!(cmd.addr(), ("0.0.0.0".parse().unwrap(), 8000));
         assert_eq!(cmd.root_directory(), None);
+
+        assert_matches!(cmd.policy, None);
     }
 
     #[test]
@@ -196,6 +199,70 @@ mod tests {
         };
         assert_eq!(cmd.addr(), ("127.0.0.1".parse().unwrap(), 8765));
         assert_eq!(cmd.root_directory, Some("/tmp/trackers".into()));
+        assert_matches!(cmd.policy, None);
+    }
+
+    #[test]
+    fn policy_arguments() {
+        let cli = Cli::try_parse_from([
+            APP,
+            "serve",
+            "--policy",
+            "opa.example.com",
+            "--admin-query",
+            "demo/admin_check",
+            "--access-query",
+            "demo/access_check",
+        ])
+        .unwrap();
+        let cmd = assert_matches!(cli.command, Command::Serve(cmd) => cmd);
+        let policy = assert_matches!(cmd.policy, Some(plc) => plc);
+
+        assert_eq!(policy.policy_host, "opa.example.com");
+        assert_eq!(policy.admin_query, "demo/admin_check");
+        assert_eq!(policy.access_query, "demo/access_check");
+    }
+
+    #[test]
+    fn missing_admin_query() {
+        let err = Cli::try_parse_from([
+            APP,
+            "serve",
+            "--policy",
+            "opa.example.com",
+            "--access-query",
+            "demo/access-query",
+        ])
+        .unwrap_err();
+        assert_eq!(err.kind(), ErrorKind::MissingRequiredArgument);
+    }
+
+    #[test]
+    fn missing_access_query() {
+        let err = Cli::try_parse_from([
+            APP,
+            "serve",
+            "--policy",
+            "opa.example.com",
+            "--admin-query",
+            "demo/admin-query",
+        ])
+        .unwrap_err();
+        assert_eq!(err.kind(), ErrorKind::MissingRequiredArgument);
+    }
+
+    #[test]
+    fn policy_queries_without_host() {
+        let err = Cli::try_parse_from([
+            APP,
+            "serve",
+            "--access-query",
+            "demo/access-query",
+            "--admin-query",
+            "demo/admin-query",
+        ])
+        .unwrap_err();
+        assert_eq!(err.kind(), ErrorKind::MissingRequiredArgument);
     }
 
     #[test]

src/graphql/auth.rs

@@ -105,12 +105,12 @@ impl PolicyCheck {
     pub fn new(endpoint: PolicyOptions) -> Self {
         info!(
             "Checking authorization against {:?} using {:?} for admin and {:?} for access",
-            endpoint.policy_host, endpoint.admin_query, endpoint.visit_query
+            endpoint.policy_host, endpoint.admin_query, endpoint.access_query
         );
         Self {
             client: reqwest::Client::new(),
             admin: format!("{}/{}", endpoint.policy_host, endpoint.admin_query),
-            access: format!("{}/{}", endpoint.policy_host, &endpoint.visit_query),
+            access: format!("{}/{}", endpoint.policy_host, &endpoint.access_query),
         }
     }
     pub async fn check_access(
@@ -233,7 +233,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         check
@@ -260,7 +260,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         check
@@ -289,7 +289,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
 
@@ -319,7 +319,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         let result = check.check_admin(token("token").as_ref(), "i22").await;
@@ -339,7 +339,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         let result = check.check_access(None, "i22", "cm1234-4").await;
@@ -359,7 +359,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         let result = check.check_admin(None, "i22").await;
@@ -380,7 +380,7 @@ mod tests {
             .await;
         let check = PolicyCheck::new(PolicyOptions {
             policy_host: server.url(""),
-            visit_query: "demo/access".into(),
+            access_query: "demo/access".into(),
             admin_query: "demo/admin".into(),
         });
         let result = check.check_admin(token("token").as_ref(), "i22").await;