stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1c782897f762f04b9ed69aed534a03dbe2893039
git.stella-ops.org/src/Policy/__Tests/StellaOps.Policy.Tests/SplMigrationToolTests.cs
StellaOps Bot 1c782897f7
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
up
2025-11-26 07:47:08 +02:00

76 lines
3.0 KiB
C#
Raw Blame History

using System.Collections.Immutable;
using StellaOps.Policy;
using Xunit;
namespace StellaOps.Policy.Tests;
public class SplMigrationToolTests
{
[Fact]
public void ToSplPolicyJson_ConvertsRulesAndMetadata()
{
var rule = PolicyRule.Create(
name: "Block CVE",
action: new PolicyAction(PolicyActionType.Block, null, null, null, false),
severities: ImmutableArray.Create(PolicySeverity.Critical),
environments: ImmutableArray<string>.Empty,
sources: ImmutableArray<string>.Empty,
vendors: ImmutableArray<string>.Empty,
licenses: ImmutableArray<string>.Empty,
tags: ImmutableArray<string>.Empty,
match: PolicyRuleMatchCriteria.Create(
ImmutableArray<string>.Empty,
ImmutableArray<string>.Empty,
ImmutableArray<string>.Empty,
ImmutableArray<string>.Empty,
ImmutableArray<string>.Empty,
ImmutableArray.Create("/app"),
ImmutableArray<string>.Empty,
ImmutableArray<string>.Empty),
expires: null,
justification: "block it",
identifier: "RULE-1");
var document = new PolicyDocument(
PolicySchema.CurrentVersion,
ImmutableArray.Create(rule),
ImmutableDictionary<string, string>.Empty.Add("name", "demo"),
PolicyExceptionConfiguration.Empty);
var spl = SplMigrationTool.ToSplPolicyJson(document);
const string expected = "{\"apiVersion\":\"spl.stellaops/v1\",\"kind\":\"Policy\",\"metadata\":{\"labels\":{\"name\":\"demo\"},\"name\":\"demo\"},\"spec\":{\"defaultEffect\":\"deny\",\"statements\":[{\"effect\":\"deny\",\"id\":\"RULE-1\",\"match\":{\"actions\":[\"access\"],\"resource\":\"/app\"}}]}}";
Assert.Equal(expected, spl);
}
[Fact]
public void ToSplPolicyJson_UsesOverlaySafeIdsAndAudits()
{
var rule = PolicyRule.Create(
name: "Warn entrypoint",
action: new PolicyAction(PolicyActionType.Warn, null, null, null, true),
severities: ImmutableArray.Create(PolicySeverity.Low),
environments: ImmutableArray<string>.Empty,
sources: ImmutableArray<string>.Empty,
vendors: ImmutableArray<string>.Empty,
licenses: ImmutableArray<string>.Empty,
tags: ImmutableArray<string>.Empty,
match: PolicyRuleMatchCriteria.Empty,
expires: null,
justification: "soft warning");
var document = new PolicyDocument(
PolicySchema.CurrentVersion,
ImmutableArray.Create(rule),
ImmutableDictionary<string, string>.Empty,
PolicyExceptionConfiguration.Empty);
var spl = SplMigrationTool.ToSplPolicyJson(document);
const string expectedId = "warn-entrypoint";
Assert.Contains(expectedId, spl);
Assert.Contains("\"audit\":{\"message\":\"soft warning\",\"severity\":\"warn\"}", spl);
}
}
Reference in New Issue View Git Blame Copy Permalink