extend script test to two read two write to ensure script continues running
This commit is contained in:
@@ -19,12 +19,16 @@ test-docker-policy/
|
||||
## What the Test Does
|
||||
|
||||
1. **Builds** an Ubuntu 22.04.5 Docker image with ORLY relay
|
||||
2. **Configures** the policy engine with `cs-policy.js`
|
||||
2. **Configures** the policy engine with `cs-policy-daemon.js`
|
||||
3. **Starts** the relay with policy engine enabled
|
||||
4. **Tests EVENT messages** (write control) using the `policytest` tool
|
||||
5. **Tests REQ messages** (read control) using the `policytest` tool
|
||||
6. **Verifies** that `cs-policy.js` created `/home/orly/cs-policy-output.txt`
|
||||
7. **Reports** success or failure
|
||||
4. **Publishes 2 events** to test write control (EVENT messages)
|
||||
5. **Queries for those events** to test read control (REQ messages)
|
||||
6. **Verifies** that:
|
||||
- Both events were published successfully
|
||||
- Events can be queried and retrieved
|
||||
- Policy script processed both write and read operations
|
||||
- Policy script logged to both file and relay log (stderr)
|
||||
7. **Reports** detailed results with policy invocation counts
|
||||
|
||||
## How cs-policy-daemon.js Works
|
||||
|
||||
@@ -61,15 +65,39 @@ The `policytest` tool is a command-line utility for testing policy enforcement:
|
||||
|
||||
# Test both write and read control
|
||||
./policytest -url ws://localhost:8777 -type both -kind 1
|
||||
|
||||
# Publish multiple events and query for them (full integration test)
|
||||
./policytest -url ws://localhost:8777 -type publish-and-query -kind 1 -count 2
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
- `-url` - Relay WebSocket URL (default: `ws://127.0.0.1:3334`)
|
||||
- `-type` - Test type: `event` for write control, `req` for read control, `both` for both (default: `event`)
|
||||
- `-type` - Test type:
|
||||
- `event` - Test write control only
|
||||
- `req` - Test read control only
|
||||
- `both` - Test write then read
|
||||
- `publish-and-query` - Publish events then query for them (full test)
|
||||
- `-kind` - Event kind to test (default: `4678`)
|
||||
- `-count` - Number of events to publish for `publish-and-query` (default: `2`)
|
||||
- `-timeout` - Operation timeout (default: `20s`)
|
||||
|
||||
### Output
|
||||
|
||||
The `publish-and-query` test provides detailed output:
|
||||
|
||||
```
|
||||
Publishing 2 events of kind 1...
|
||||
Event 1/2 published successfully (id: a1b2c3d4...)
|
||||
Event 2/2 published successfully (id: e5f6g7h8...)
|
||||
PUBLISH: 2 accepted, 0 rejected out of 2 total
|
||||
|
||||
Querying for events of kind 1...
|
||||
Query returned 2 events
|
||||
QUERY: found 2/2 published events (total returned: 2)
|
||||
SUCCESS: All published events were retrieved
|
||||
```
|
||||
|
||||
## Manual Testing
|
||||
|
||||
### 1. Build and Start Container
|
||||
@@ -156,15 +184,50 @@ docker exec orly-policy-test netstat -tlnp | grep 8777
|
||||
When successful, you should see:
|
||||
|
||||
```
|
||||
=== Step 9: Publishing 2 events and querying for them ===
|
||||
|
||||
--- Publishing and querying events ---
|
||||
Publishing 2 events of kind 1...
|
||||
Event 1/2 published successfully (id: abc12345...)
|
||||
Event 2/2 published successfully (id: def67890...)
|
||||
PUBLISH: 2 accepted, 0 rejected out of 2 total
|
||||
|
||||
Querying for events of kind 1...
|
||||
Query returned 2 events
|
||||
QUERY: found 2/2 published events (total returned: 2)
|
||||
SUCCESS: All published events were retrieved
|
||||
|
||||
=== Step 10: Checking relay logs ===
|
||||
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Policy script started
|
||||
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event abc12345, kind: 1, access: write
|
||||
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event def67890, kind: 1, access: write
|
||||
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event abc12345, kind: 1, access: read
|
||||
INFO [policy script /home/orly/cs-policy-daemon.js] [cs-policy] Processing event def67890, kind: 1, access: read
|
||||
|
||||
=== Step 12: Checking output file ===
|
||||
✓ SUCCESS: cs-policy-output.txt file exists!
|
||||
|
||||
Output file contents:
|
||||
1704123456789: Hey there!
|
||||
1234567890123: Policy script started
|
||||
1234567890456: Event ID: abc12345..., Kind: 1, Access: write
|
||||
1234567890789: Event ID: def67890..., Kind: 1, Access: write
|
||||
1234567891012: Event ID: abc12345..., Kind: 1, Access: read
|
||||
1234567891234: Event ID: def67890..., Kind: 1, Access: read
|
||||
|
||||
✓ Policy script is working correctly!
|
||||
Policy invocations summary:
|
||||
- Write operations (EVENT): 2 (expected: 2)
|
||||
- Read operations (REQ): 2 (expected: >=1)
|
||||
|
||||
✓ SUCCESS: Policy script processed both write and read operations!
|
||||
- Published 2 events (write control)
|
||||
- Queried events (read control)
|
||||
```
|
||||
|
||||
Each line in the output file represents one execution of the policy script, with a Unix timestamp.
|
||||
The test verifies:
|
||||
- **Write Control**: Policy script processes EVENT messages (2 publications)
|
||||
- **Read Control**: Policy script processes REQ messages (query retrieves events)
|
||||
- **Dual Logging**: Script output appears in both file and relay log (stderr)
|
||||
- **Event Lifecycle**: Events are stored and can be retrieved
|
||||
|
||||
## Configuration Files
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@ echo -e "${YELLOW}Step 8: Building policytest tool...${NC}"
|
||||
cd "$REPO_ROOT" && CGO_ENABLED=0 go build -o policytest ./cmd/policytest
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Step 9: Testing EVENT message (write control)...${NC}"
|
||||
echo -e "${YELLOW}Step 9: Publishing 2 events and querying for them...${NC}"
|
||||
|
||||
# Check which port the relay is listening on
|
||||
RELAY_PORT=$(docker logs orly-policy-test 2>&1 | grep "starting listener" | grep -oP ':\K[0-9]+' | head -1)
|
||||
@@ -62,27 +62,19 @@ if [ -z "$RELAY_PORT" ]; then
|
||||
fi
|
||||
echo "Relay is listening on port: $RELAY_PORT"
|
||||
|
||||
# Test EVENT message
|
||||
# Test publish and query - this will publish 2 events and query for them
|
||||
cd "$REPO_ROOT"
|
||||
./policytest -url "ws://localhost:$RELAY_PORT" -type event -kind 1 2>&1 || echo "EVENT test completed"
|
||||
echo ""
|
||||
echo "--- Publishing and querying events ---"
|
||||
./policytest -url "ws://localhost:$RELAY_PORT" -type publish-and-query -kind 1 -count 2 2>&1
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Relay logs after EVENT test:${NC}"
|
||||
docker logs orly-policy-test 2>&1 | tail -10
|
||||
echo -e "${YELLOW}Step 10: Checking relay logs...${NC}"
|
||||
docker logs orly-policy-test 2>&1 | tail -20
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Step 10: Testing REQ message (read control)...${NC}"
|
||||
|
||||
# Test REQ message
|
||||
./policytest -url "ws://localhost:$RELAY_PORT" -type req -kind 1 2>&1 || echo "REQ test completed"
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Relay logs after REQ test:${NC}"
|
||||
docker logs orly-policy-test 2>&1 | tail -10
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Step 11: Waiting for policy script to execute (5 seconds)...${NC}"
|
||||
sleep 5
|
||||
echo -e "${YELLOW}Step 11: Waiting for policy script to process (3 seconds)...${NC}"
|
||||
sleep 3
|
||||
|
||||
echo ""
|
||||
echo -e "${YELLOW}Step 12: Checking if cs-policy.js created output file...${NC}"
|
||||
@@ -99,19 +91,28 @@ if docker exec orly-policy-test test -f /home/orly/cs-policy-output.txt; then
|
||||
WRITE_COUNT=$(docker exec orly-policy-test cat /home/orly/cs-policy-output.txt | grep -c "Access: write" || echo "0")
|
||||
READ_COUNT=$(docker exec orly-policy-test cat /home/orly/cs-policy-output.txt | grep -c "Access: read" || echo "0")
|
||||
|
||||
echo "Policy invocations:"
|
||||
echo " - Write operations: $WRITE_COUNT"
|
||||
echo " - Read operations: $READ_COUNT"
|
||||
echo "Policy invocations summary:"
|
||||
echo " - Write operations (EVENT): $WRITE_COUNT (expected: 2)"
|
||||
echo " - Read operations (REQ): $READ_COUNT (expected: >=1)"
|
||||
echo ""
|
||||
|
||||
if [ "$WRITE_COUNT" -gt 0 ] && [ "$READ_COUNT" -gt 0 ]; then
|
||||
echo -e "${GREEN}✓ Policy script processed both write and read operations!${NC}"
|
||||
# Analyze results
|
||||
if [ "$WRITE_COUNT" -ge 2 ] && [ "$READ_COUNT" -ge 1 ]; then
|
||||
echo -e "${GREEN}✓ SUCCESS: Policy script processed both write and read operations!${NC}"
|
||||
echo -e "${GREEN} - Published 2 events (write control)${NC}"
|
||||
echo -e "${GREEN} - Queried events (read control)${NC}"
|
||||
EXIT_CODE=0
|
||||
elif [ "$WRITE_COUNT" -gt 0 ] && [ "$READ_COUNT" -gt 0 ]; then
|
||||
echo -e "${YELLOW}⚠ PARTIAL: Policy invoked but counts don't match expected${NC}"
|
||||
echo -e "${YELLOW} - Write count: $WRITE_COUNT (expected 2)${NC}"
|
||||
echo -e "${YELLOW} - Read count: $READ_COUNT (expected >=1)${NC}"
|
||||
EXIT_CODE=0
|
||||
elif [ "$WRITE_COUNT" -gt 0 ]; then
|
||||
echo -e "${YELLOW}⚠ Policy script only processed write operations (read operations may not have been tested)${NC}"
|
||||
echo -e "${YELLOW}⚠ WARNING: Policy script only processed write operations${NC}"
|
||||
echo -e "${YELLOW} Read operations may not have been tested or logged${NC}"
|
||||
EXIT_CODE=0
|
||||
else
|
||||
echo -e "${YELLOW}⚠ Policy script is working but access types may not be logged correctly${NC}"
|
||||
echo -e "${YELLOW}⚠ WARNING: Policy script is working but access types may not be logged correctly${NC}"
|
||||
EXIT_CODE=0
|
||||
fi
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user