Skip to content

Improved testing around yaml expirations 🧪 #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
GrantBirki merged 1 commit into from
Jul 16, 2025
Merged

Improved testing around yaml expirations 🧪 #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 106 additions & 1 deletion spec/unit/entitlements/data/groups/calculated/yaml_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# frozen_string_literal: true
require_relative "../../../../spec_helper"

# NOTE: The test suite mocks all dates with allow(Time).to receive(:now).and_return(Time.utc(2018, 4, 1, 12, 0, 0))

describe Entitlements::Data::Groups::Calculated::YAML do
let(:people_obj) { Entitlements::Data::People::YAML.new(filename: fixture("people.yaml")) }
let(:cache) { { people_obj: people_obj } }
Expand Down Expand Up @@ -283,7 +285,12 @@
context "complex structure" do
let(:filename) { fixture("ldap-config/yaml/expiration-complex.yaml") }

it "constructs the correct rule set" do
it "constructs the correct rule set with complex nested expiration" do
# Expected results based on expiration-complex.yaml:
# - username: peterbald (no expiration) -> kept
# - and: group foo/bar (Sept 2018, not expired) and foo/baz (March 2018, expired) -> only foo/bar kept
# - or: all usernames expired (March 2018) -> empty array
# - or: cheetoh (March 2018, expired) and nebelung (Sept 2018, not expired) -> only nebelung kept
answer = {
"or"=>[
{"username"=>"peterbald"},
Expand All @@ -296,6 +303,104 @@
expect(result).to eq(answer)
end
end

context "individual username expiration" do
let(:filename) { fixture("ldap-config/yaml/expiration-individual-usernames.yaml") }

it "filters out expired usernames while keeping non-expired ones" do
answer = {
"or" => [
{ "username" => "alice" },
{ "username" => "charlie" },
{ "username" => "diana" }
]
}
result = subject.send(:rules)
expect(result).to eq(answer)
end
end

context "group expiration" do
let(:filename) { fixture("ldap-config/yaml/expiration-groups.yaml") }

it "filters out expired groups while keeping non-expired ones" do
answer = {
"or" => [
{ "group" => "team/active" },
{ "group" => "team/future" },
{ "username" => "standalone" }
]
}
result = subject.send(:rules)
expect(result).to eq(answer)
end
end

context "mixed expiration with nested structures" do
let(:filename) { fixture("ldap-config/yaml/expiration-mixed-nested.yaml") }

it "correctly handles expiration in nested and/or structures" do
answer = {
"or" => [
{ "username" => "always-active" },
{ "and" => [
{ "group" => "team/core" }
]
},
{ "or" => [
{ "username" => "still-active" }
]
}
]
}
result = subject.send(:rules)
expect(result).to eq(answer)
end
end

context "all individual entries expired" do
let(:filename) { fixture("ldap-config/yaml/expiration-all-individual-expired.yaml") }

it "returns empty arrays for containers with all expired entries" do
answer = {
"or" => []
}
result = subject.send(:rules)
expect(result).to eq(answer)
end
end

context "expired entries but expirations are disabled" do
let(:filename) { fixture("ldap-config/yaml/expiration-ignore-test.yaml") }

it "ignores all expiration dates when ignore_expirations is true" do
begin
Entitlements.config["ignore_expirations"] = true

answer = {
"or" => [
{ "username" => "active-user" },
{ "username" => "expired-user" },
{ "group" => "expired-group" }
]
}
result = subject.send(:rules)
expect(result).to eq(answer)
ensure
Entitlements.config.delete("ignore_expirations")
end
end
end

context "invalid expiration date" do
let(:filename) { fixture("ldap-config/yaml/expiration-invalid-date.yaml") }

it "raises an error for invalid expiration date format" do
expect do
subject.send(:rules)
end.to raise_error(ArgumentError, /Invalid expiration date "not-a-date"/)
end
end
end
end
end
10 changes: 10 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-all-individual-expired.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
description: All individual entries expired
rules:
or:
- username: expired1
expiration: "2018-02-01"
- username: expired2
expiration: "2018-02-01"
- group: team/expired
expiration: "2018-02-01"
10 changes: 10 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-groups.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
description: Group expiration test
rules:
or:
- group: team/active
- group: team/expired
expiration: "2018-02-01"
- group: team/future
expiration: "2018-06-01"
- username: standalone
9 changes: 9 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-ignore-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
description: Test with expired entries but ignoring expiration
rules:
or:
- username: active-user
- username: expired-user
expiration: "2018-02-01"
- group: expired-group
expiration: "2018-02-01"
10 changes: 10 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-individual-usernames.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
description: Individual username expiration test
rules:
or:
- username: alice
- username: bob
expiration: "2018-02-01"
- username: charlie
expiration: "2018-06-01"
- username: diana
7 changes: 7 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-invalid-date.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
description: Test with invalid expiration date
rules:
or:
- username: valid-user
- username: invalid-expiry
expiration: "not-a-date"
16 changes: 16 additions & 0 deletions spec/unit/fixtures/ldap-config/yaml/expiration-mixed-nested.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
description: Mixed expiration test with nested structures
rules:
or:
- username: always-active
- and:
- group: team/core
- username: temp-user
expiration: "2018-02-01"
- or:
- username: expired1
expiration: "2018-02-01"
- username: expired2
expiration: "2018-02-01"
- username: still-active
expiration: "2018-06-01"
Loading