chore: dirty commit

coderbirju · coderbirju · commit f7bbab5ddb7e · 2025-05-17T07:46:46.000Z
Signed-off-by: Arjun Raja Yogidas &lt;arjunry@amazon.com&gt;
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -105,17 +105,19 @@ jobs:
         run: |
           sudo ls /etc/cni/net.d
           sudo rm /etc/cni/net.d/87-podman-bridge.conflist
-      - name: Start finch-daemon
-        run: sudo bin/finch-daemon  --debug --socket-owner $UID &
-      - name: Run e2e test
-        run: sudo make test-e2e
-      - name: Clean up Daemon socket
-        run: sudo rm /var/run/finch.sock && sudo rm /run/finch.pid
       - name: Verify Rego file presence
         run: ls -l ${{ github.workspace }}/docs/sample-rego-policies/default.rego
       - name: Set Rego file path
         run: echo "REGO_FILE_PATH=${{ github.workspace }}/docs/sample-rego-policies/default.rego" >> $GITHUB_ENV
       - name: Start finch-daemon with opa Authz
-        run: sudo bin/finch-daemon --debug --enable-middleware --rego-file ${{ github.workspace }}/docs/sample-rego-policies/default.rego --socket-owner $UID --socket-addr /run/test.sock --pidfile /run/test.pid &
+        run: sudo bin/finch-daemon --debug --enable-middleware --rego-file ${{ github.workspace }}/docs/sample-rego-policies/default.rego --skip-rego-perm-check --socket-owner $UID --socket-addr /run/finch.sock --pidfile /run/finch.pid &
       - name: Run opa e2e tests
         run: sudo -E make test-e2e-opa
+      - name: Clean up Daemon socket
+        run: sudo rm /run/finch.sock && sudo rm /run/finch.pid
+      - name: Start finch-daemon
+        run: sudo bin/finch-daemon  --debug --socket-owner $UID &
+      - name: Run e2e test
+        run: sudo make test-e2e
+      - name: Clean up Daemon socket
+        run: sudo rm /var/run/finch.sock && sudo rm /run/finch.pid
diff --git a/e2e/tests/opa_middleware.go b/e2e/tests/opa_middleware.go
@@ -8,6 +8,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -105,49 +109,49 @@ func OpaMiddlewareTest(opt *option.Option) {
 		})
 
 		// Add this test to OpaMiddlewareTest function
-		// It("should handle rego file permissions correctly", func() {
-		// 	// Create a temporary rego file with overly permissive permissions
-		// 	tmpDir, err := os.MkdirTemp("", "rego_test")
-		// 	Expect(err).NotTo(HaveOccurred())
-		// 	defer os.RemoveAll(tmpDir)
-
-		// 	regoPath := filepath.Join(tmpDir, "test.rego")
-		// 	regoContent := []byte(`package finch.authz
-		// 	default allow = false`)
-
-		// 	err = os.WriteFile(regoPath, regoContent, 0644)
-		// 	Expect(err).NotTo(HaveOccurred())
-
-		// 	// Try to start daemon with overly permissive file
-		// 	cmd := exec.Command(GetFinchDaemonExe(), //nolint:gosec // G204: This is a test file with controlled inputs
-		// 		"--socket-addr", "/run/test.sock",
-		// 		"--pidfile", "/run/test.pid",
-		// 		"--rego-file", regoPath,
-		// 		"--enable-middleware")
-		// 	output, err := cmd.CombinedOutput()
-
-		// 	// Should fail due to permissions
-		// 	Expect(err).To(HaveOccurred())
-		// 	Expect(string(output)).To(ContainSubstring("rego file permissions 644 are too permissive - must be no more permissive than 0600"))
-
-		// 	// For the second test with skip-check:
-		// 	cmd = exec.Command(GetFinchDaemonExe(), //nolint:gosec // G204: This is a test file with controlled inputs
-		// 		"--socket-addr", "/run/test.sock",
-		// 		"--pidfile", "/run/test.pid",
-		// 		"--rego-file", regoPath,
-		// 		"--enable-middleware",
-		// 		"--skip-rego-perm-check")
-
-		// 	// Start the process in background
-		// 	err = cmd.Start()
-		// 	Expect(err).NotTo(HaveOccurred())
-
-		// 	// Give it a moment to initialize
-		// 	time.Sleep(1 * time.Second)
-
-		// 	// Kill the process
-		// 	err = cmd.Process.Kill()
-		// 	Expect(err).NotTo(HaveOccurred())
-		// })
+		It("should handle rego file permissions correctly", func() {
+			// Create a temporary rego file with overly permissive permissions
+			tmpDir, err := os.MkdirTemp("", "rego_test")
+			Expect(err).NotTo(HaveOccurred())
+			defer os.RemoveAll(tmpDir)
+
+			regoPath := filepath.Join(tmpDir, "test.rego")
+			regoContent := []byte(`package finch.authz
+			default allow = false`)
+
+			err = os.WriteFile(regoPath, regoContent, 0644)
+			Expect(err).NotTo(HaveOccurred())
+
+			// Try to start daemon with overly permissive file
+			cmd := exec.Command(GetFinchDaemonExe(), //nolint:gosec // G204: This is a test file with controlled inputs
+				"--socket-addr", "/run/test.sock",
+				"--pidfile", "/run/test.pid",
+				"--rego-file", regoPath,
+				"--enable-middleware")
+			output, err := cmd.CombinedOutput()
+
+			// Should fail due to permissions
+			Expect(err).To(HaveOccurred())
+			Expect(string(output)).To(ContainSubstring("rego file permissions 644 are too permissive - must be no more permissive than 0600"))
+
+			// For the second test with skip-check:
+			cmd = exec.Command(GetFinchDaemonExe(), //nolint:gosec // G204: This is a test file with controlled inputs
+				"--socket-addr", "/run/test.sock",
+				"--pidfile", "/run/test.pid",
+				"--rego-file", regoPath,
+				"--enable-middleware",
+				"--skip-rego-perm-check")
+
+			// Start the process in background
+			err = cmd.Start()
+			Expect(err).NotTo(HaveOccurred())
+
+			// Give it a moment to initialize
+			time.Sleep(1 * time.Second)
+
+			// Kill the process
+			err = cmd.Process.Kill()
+			Expect(err).NotTo(HaveOccurred())
+		})
 	})
 }
