mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-06-25 11:45:32 +02:00
46 lines
1.4 KiB
Python
46 lines
1.4 KiB
Python
import os
|
|
import yaml
|
|
import unittest
|
|
from pathlib import Path
|
|
|
|
ROLES_DIR = Path(__file__).resolve().parent.parent.parent / "roles"
|
|
|
|
class TestOauth2AclMutualExclusion(unittest.TestCase):
|
|
def test_acl_has_either_whitelist_or_blacklist(self):
|
|
failures = []
|
|
|
|
for role_path in ROLES_DIR.iterdir():
|
|
vars_file = role_path / "vars" / "configuration.yml"
|
|
if not vars_file.exists():
|
|
continue
|
|
|
|
# open the YAML file instead of passing the Path object
|
|
try:
|
|
with open(vars_file) as f:
|
|
data = yaml.safe_load(f) or {}
|
|
except yaml.YAMLError as e:
|
|
failures.append(f"{role_path.name}: failed to parse YAML ({e})")
|
|
continue
|
|
|
|
oauth2 = data.get("oauth2_proxy", {})
|
|
acl = oauth2.get("acl", None)
|
|
if acl is None:
|
|
continue
|
|
|
|
has_wl = "whitelist" in acl
|
|
has_bl = "blacklist" in acl
|
|
|
|
if has_wl and has_bl:
|
|
failures.append(
|
|
f"{role_path.name}: both 'whitelist' and 'blacklist' are defined"
|
|
)
|
|
|
|
if failures:
|
|
self.fail(
|
|
"The following roles define both whitelist and blacklist under oauth2_proxy.acl:\n"
|
|
+ "\n".join(failures)
|
|
)
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|