-
Notifications
You must be signed in to change notification settings - Fork 0
/
cedar_testrunner.sh
executable file
·156 lines (134 loc) · 4.37 KB
/
cedar_testrunner.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/bin/bash
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
SECONDS=0
declare -i rc=0
declare -i tests=0
declare -i failures=0
declare -i errors=0
declare -a testsuites
function passed() {
local message=$1
echo " ✅ PASS: $message"
tests=$tests+1
}
function failed() {
local message=$1
echo " ❌ FAIL: $message"
tests=$tests+1
failures=$failures+1
rc=1
}
function errored() {
local message=$1
echo " ❌ ERROR: $message"
tests=$tests+1
errors=$errors+1
rc=1
}
# https://github.com/testmoapp/junitxml
declare -r JUNITREPORT='junitreport.xml'
declare -r TESTSUITE=' <testsuite name="%s" tests="%s" failures="%s" errors="%s">
%s
</testsuite>'
declare -r TESTCASE=' <testcase name="%s" />'
declare -r ERRORCASE=' <testcase name="%s">
<error type="validate" >
<![CDATA[
%s
]]>
</error>
</testcase>'
declare -r FAILURECASE=' <testcase name="%s">
<failure message="unexpected %s" />
</testcase>'
function buildpolicies() {
local policies=$1
local schema=$2
local -i ltests=0
local -i lerrors=0
local testsuite=""
echo " Running validation on ${policies} and ${schema}"
echo "// "$policies" generated by cedartest.sh" > $policies
regex="\.\.\/(.*)\.cedar"
for file in ../*.cedar
do
res=$(cedar validate -f plain --policies $file --schema $schema)
if [[ $? == 0 ]]
then
echo -e "// file: "$file"" >> $policies
if [[ $file =~ $regex ]]
then
name="${BASH_REMATCH[1]}"
echo -e "@id(\""$name"\")" >> $policies
fi
cat $file >> $policies
echo -e "\n" >> $policies
passed "validate $file"
testsuite+=$(printf "$TESTCASE\n" "validate ${file:3}")$'\n'
else
errored "validate $file: $res"
lerrors=$lerrors+1
testsuite+=$(printf "$ERRORCASE\n" "validate ${file:3}" "$res")$'\n'
fi
ltests=$ltests+1
done
testsuites+=$(printf "$TESTSUITE\n" "validate" "$ltests" "0" "$lerrors" "${testsuite%?}")$'\n'
}
function authorize() {
local folder=$1
local policies=$2
local -i ltests=0
local -i lfailures=0
local testsuite=""
echo " Running tests in \"${folder}\""
for decision in ALLOW DENY
do
for file in "$folder"/$decision/*.json
do
IFS=$'\n' read -r -d '' -a tmp_array < <(cedar authorize -f plain --policies $policies --entities cedarentities.json --request-json "$file" --template-linked ../cedartemplatelinks.json -v && printf $'\n')
res="${tmp_array[0]}"
# everything after "note: " line are determining policies
for i in "${!tmp_array[@]}";
do
line="${tmp_array[i]}"
unset tmp_array[i]
if [[ $line =~ ^note.* ]]
then
break
fi
done
policyIds="$(IFS=\;; echo "${tmp_array[*]}")"
jsonfile="$(echo "$file" | cut -d '/' -f 3 | cut -d '.' -f 1)"
if [ "$res" != "$decision" ]
then
failed "decision \"${res}\" (expected \"${decision}\") for ${jsonfile} determined by policy id(s):${policyIds}"
lfailures=$lfailures+1
testsuite+=$(printf "$FAILURECASE\n" "$decision $jsonfile" "$res")$'\n'
else
passed "decision \"${decision}\" for ${jsonfile} determined by policy id(s):${policyIds}"
testsuite+=$(printf "$TESTCASE\n" "$decision $jsonfile")$'\n'
fi
ltests=$ltests+1
done
done
testsuites+=$(printf "$TESTSUITE\n" "$folder" "$ltests" "$lfailures" "0" "${testsuite%?}")$'\n'
}
function junitreport() {
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" > "$JUNITREPORT"
echo "<testsuites tests=\"${tests}\" failures=\"${failures}\" errors=\"${errors}\" time=\"${SECONDS}\">" >> "$JUNITREPORT"
echo "${testsuites%?}" >> "$JUNITREPORT"
echo "</testsuites>" >> "$JUNITREPORT"
}
echo "Using $(cedar --version)"
# PhotoApp
echo -e "\nTesting PhotoApp..."
buildpolicies "temppolicies.cedar" "../cedarschema.json"
# loop over "testsuite" folders
for folder in */
do
authorize "${folder%/}" "temppolicies.cedar"
done
# generate test report
junitreport
exit $rc