forked from oasdiff/oasdiff
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck-components-security-updated_test.go
160 lines (139 loc) · 6.44 KB
/
check-components-security-updated_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package checker_test
import (
"testing"
"github.com/stretchr/testify/require"
"github.com/tufin/oasdiff/checker"
"github.com/tufin/oasdiff/diff"
)
// CL: Changing security component oauth's url
func TestComponentSecurityOauthURLUpdated(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2.Spec.Components.SecuritySchemes["petstore_auth"].Value.Flows.Implicit.AuthorizationURL = "http://example.new.org/api/oauth/dialog"
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-oauth-url-changed",
Text: "the component security scheme 'petstore_auth' oauth url changed from 'http://example.org/api/oauth/dialog' to 'http://example.new.org/api/oauth/dialog'",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Changing security component type
func TestComponentSecurityTypeUpdated(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2.Spec.Components.SecuritySchemes["petstore_auth"].Value.Type = "http"
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-type-changed",
Text: "the component security scheme 'petstore_auth' type changed from 'oauth2' to 'http'",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Adding a new security component
func TestComponentSecurityAdded(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_revision.yaml")
require.NoError(t, err)
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-added",
Text: "the component security scheme 'BasicAuth' was added",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Removing a new security component
func TestComponentSecurityRemoved(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_revision.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-removed",
Text: "the component security scheme 'BasicAuth' was removed",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Adding a new oauth security scope
func TestComponentSecurityOauthScopeAdded(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2.Spec.Components.SecuritySchemes["petstore_auth"].Value.Flows.Implicit.Scopes["admin:pets"] = "grants access to admin operations"
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-oauth-scope-added",
Text: "the component security scheme 'petstore_auth' oauth scope 'admin:pets' was added",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Removing a new oauth security scope
func TestComponentSecurityOauthScopeRemoved(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
// Add to s1 so that it's deletion is identified
s1.Spec.Components.SecuritySchemes["petstore_auth"].Value.Flows.Implicit.Scopes["admin:pets"] = "grants access to admin operations"
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-oauth-scope-removed",
Text: "the component security scheme 'petstore_auth' oauth scope 'admin:pets' was removed",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}
// CL: Removing a new oauth security scope
func TestComponentSecurityOauthScopeUpdated(t *testing.T) {
s1, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2, err := open("../data/checker/component_security_updated_base.yaml")
require.NoError(t, err)
s2.Spec.Components.SecuritySchemes["petstore_auth"].Value.Flows.Implicit.Scopes["read:pets"] = "grants access to pets (deprecated)"
d, osm, err := diff.GetWithOperationsSourcesMap(getConfig(), s1, s2)
require.NoError(t, err)
errs := checker.CheckBackwardCompatibilityUntilLevel(singleCheckConfig(checker.APIComponentsSecurityUpdatedCheck), d, osm, checker.INFO)
require.Len(t, errs, 1)
require.Equal(t, checker.ComponentChange{
Id: "api-security-component-oauth-scope-changed",
Text: "the component security scheme 'petstore_auth' oauth scope 'read:pets' was updated from 'read your pets' to 'grants access to pets (deprecated)'",
Comment: "",
Level: checker.INFO,
Source: "",
}, errs[0])
}