From e9def271833bcc09f1d3a1715d7de0e00c924886 Mon Sep 17 00:00:00 2001
From: Johan Fylling <johan.dev@fylling.se>
Date: Thu, 19 Sep 2024 11:23:11 +0200
Subject: [PATCH] rego-v1: Future-proofing `download` pkg tests to be 1.0
 compatible (#7035)

Signed-off-by: Johan Fylling <johan.dev@fylling.se>
---
 download/oci_download_test.go                 |   3 ++-
 download/testdata/latest.manifest             |   4 +--
 download/testdata/latest.tar.gz               | Bin 568 -> 610 bytes
 .../testdata/latest_bundle_data/.manifest     |   1 +
 .../testdata/latest_bundle_data/data.json     |   1 +
 .../src/policies/__id/delete.rego             |  23 ++++++++++++++++++
 .../src/policies/__id/get.rego                |   7 ++++++
 .../src/policies/__id/post.rego               |  18 ++++++++++++++
 .../src/policies/__id/put.rego                |  18 ++++++++++++++
 .../latest_bundle_data/src/policies/get.rego  |   7 ++++++
 .../latest_bundle_data/src/policies/post.rego |  23 ++++++++++++++++++
 11 files changed, 102 insertions(+), 3 deletions(-)
 create mode 100644 download/testdata/latest_bundle_data/.manifest
 create mode 100644 download/testdata/latest_bundle_data/data.json
 create mode 100644 download/testdata/latest_bundle_data/src/policies/__id/delete.rego
 create mode 100644 download/testdata/latest_bundle_data/src/policies/__id/get.rego
 create mode 100644 download/testdata/latest_bundle_data/src/policies/__id/post.rego
 create mode 100644 download/testdata/latest_bundle_data/src/policies/__id/put.rego
 create mode 100644 download/testdata/latest_bundle_data/src/policies/get.rego
 create mode 100644 download/testdata/latest_bundle_data/src/policies/post.rego

diff --git a/download/oci_download_test.go b/download/oci_download_test.go
index 86b68c1cc2..a3c2910dcf 100644
--- a/download/oci_download_test.go
+++ b/download/oci_download_test.go
@@ -20,7 +20,8 @@ import (
 	"github.com/open-policy-agent/opa/plugins/rest"
 )
 
-// when changed the layer hash & size should be updated in signed.manifest
+// when changed the layer hash & size should be updated in .manifest files
+//go:generate go run github.com/open-policy-agent/opa build -b --signing-alg HS256 testdata/latest_bundle_data --output testdata/latest.tar.gz
 //go:generate go run github.com/open-policy-agent/opa build -b --signing-alg HS256 --signing-key secret testdata/signed_bundle_data --output testdata/signed.tar.gz
 //go:generate go run github.com/open-policy-agent/opa build --v1-compatible -b --signing-alg HS256 --signing-key secret testdata/rego_v1_bundle_data --output testdata/rego_v1.tar.gz
 
diff --git a/download/testdata/latest.manifest b/download/testdata/latest.manifest
index c83b4b361d..852adf9eef 100644
--- a/download/testdata/latest.manifest
+++ b/download/testdata/latest.manifest
@@ -8,8 +8,8 @@
    "layers":[
       {
          "mediaType":"application/vnd.oci.image.layer.v1.tar+gzip",
-         "digest":"sha256:b206ac766b0f3f880f6a62c4bb5ba5192d29deaefd989a1961603346a7555bdd",
-         "size":568,
+         "digest":"sha256:d85a3b7072e295a091f4ec50e85fefcd5285a1e2c60c298c0b87c498f1cb0613",
+         "size":610,
          "annotations":{
             "org.opencontainers.image.created":"2022-02-11T09:00:07Z",
             "org.opencontainers.image.title":"dani/testpol"
diff --git a/download/testdata/latest.tar.gz b/download/testdata/latest.tar.gz
index ed4ab46d7f21c106bc58ca149c37a2e52ae0b595..eb8e15283b73d8d239870d169b3749dfc7fc9d27 100644
GIT binary patch
literal 610
zcmV-o0-gOIiwFP!00000|LmDvi{d;KfW3Y5D?+Y^G_9=z1Kz!|EbKB1JA1V(CEBB8
zH`9b9oxKqM`_ek1)<Ug=b#(IFwB(~nvClcDHORQ*^tV;{;A}9)*od*}$PSN;vEj}+
z8?Z2BNjSjld|TR5SjWwPy?L$r&0Pu06}t2mJQpNzU|ksl0?EtMbXw$@gtTh1W)^5A
z#Y}(=(o|$Y1`-@l0}FNh8g2e33ETHSiiY9P``-te&;IZQU=2!3n2S6EL;s(AnLJG>
z*Mb%njHTsokC1rQ$~Y`?UAU@)a_5Yg77i@cMrklkfW_S6vNtW8>}FQ^$k3M%p$z7{
zkPdSx)nCZ)!x+!Gw6N`Y5mrnkH1t5ur*d!3<|<;2m*~IkvNQwDjeCaN;qe%gM-7HM
zp>j+1hB@IRR3kn=;jcXB3orz&5ZY{_%Y|16ZFabx_PRUteuHdB{}<po%729a;i&F^
zIEoVQe;+jZ|7r4cAb(xkF?ObCkhb2w5#qJ|()a7xr=$N`+3o?L&Hp%z>-nDzz5l(?
z=>NCJ?}q{40@=SglDsYXUtx|uCtdw7&XE7(I627wquBf32hINfc;EW3J5IEJf7;Id
zh^!pGZZKd~VP-(ZjR%I~{XePnuV}6RliK&ch~4}A-w*Bezc2l7ndALGsr0XC^FOJ7
z|Bu2jj=cYUa76w8p+Ed>-wtl`wIQI-JQs7Y?tE*s`Oog7ga7|V-v3@$5(DKEuX6H0
w$Q?0CIZGaXlHGtne%+B$<Maj0dMLZ{$KK=dcs@M;0ssL2|K@n5XaFPt07foK4*&oF

literal 568
zcmV-80>}LyiwFP!00000|LmE~irX*{fOB0vh0wXk@;dgyLT(ME(6WW5r&59vPl8&<
z5|Z2=Lf*YN+u+~gu(h3TqVM7$*&Z44&5Ud>=9bg%My8X&V2rVdvEz|7kBqUP^qWnX
z@3YXKU^d*63NmB4p0Iz8Re!iw!v26Ry#&Vv@r+)3N+x10z<A50h`ksRus}6zWj`^x
z{15%G=KnN`Lg)V&D8Bx|w}2H$mB2=%F=+aB{$akDQ?3Nf3}{31{{=!~r=+%6q$;z=
z3CgY2VwG7iRB5R|TLA`hgY(&CK4cJzVZ*b;VxA=O7sPmmH#{*=O#Bo^tP*HWK+0E1
z`HIsm_UNvNKx0r`+a079&t{lBDbU;snHo|#%?g_bnPKvNfj{z;Z$T4uK<E_z?7JQi
zIxTIF?*1$ay~<45;{O(GkMf`4zaO!>|NcYd{2zl>|KH6Q4f&fETb;E^TpceQK8|1d
zc^y?+{8!TSn*h4}529(^|EYiP{2zl>|35u_ZYF@?tN-5;$4iU<6_x41X!AcCx&BX^
z{r`R7{2zsO|G)fC`ah4q#QxGXrFDxqKlgb+gOQnD0~I%#7^?pF-ufTu?El01`@bMy
zuKyo}?*8Ak{?|;^|K3~wBc1g>tndGW(4RX0$KZ_q|0Z7i6}yAm+B0}`$5XKZV~2~;
z<v$Dk=J&q`=l>Y&iH2MQnUY6B-ViONHRSOtDJKN-?Ro`pI2?`}<#zx80RR8)SRBFt
GBme*o?JWiX

diff --git a/download/testdata/latest_bundle_data/.manifest b/download/testdata/latest_bundle_data/.manifest
new file mode 100644
index 0000000000..b5328cf446
--- /dev/null
+++ b/download/testdata/latest_bundle_data/.manifest
@@ -0,0 +1 @@
+{"revision":"","roots":["peoplefinder"]}
diff --git a/download/testdata/latest_bundle_data/data.json b/download/testdata/latest_bundle_data/data.json
new file mode 100644
index 0000000000..0967ef424b
--- /dev/null
+++ b/download/testdata/latest_bundle_data/data.json
@@ -0,0 +1 @@
+{}
diff --git a/download/testdata/latest_bundle_data/src/policies/__id/delete.rego b/download/testdata/latest_bundle_data/src/policies/__id/delete.rego
new file mode 100644
index 0000000000..b6135ddc89
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/__id/delete.rego
@@ -0,0 +1,23 @@
+package peoplefinder.DELETE.api.users.__id
+
+import rego.v1
+import input.user.attributes.properties as user_props
+
+default allowed = false
+
+default visible = false
+
+default enabled = false
+
+allowed if {
+	user_props.department == "Operations"
+	user_props.title == "IT Manager"
+}
+
+visible if {
+	user_props.department == "Operations"
+}
+
+enabled if {
+	allowed
+}
diff --git a/download/testdata/latest_bundle_data/src/policies/__id/get.rego b/download/testdata/latest_bundle_data/src/policies/__id/get.rego
new file mode 100644
index 0000000000..0fa021e6ad
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/__id/get.rego
@@ -0,0 +1,7 @@
+package peoplefinder.GET.api.users.__id
+
+default allowed = true
+
+default visible = true
+
+default enabled = true
diff --git a/download/testdata/latest_bundle_data/src/policies/__id/post.rego b/download/testdata/latest_bundle_data/src/policies/__id/post.rego
new file mode 100644
index 0000000000..918641e3f1
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/__id/post.rego
@@ -0,0 +1,18 @@
+package peoplefinder.POST.api.users.__id
+
+import rego.v1
+import input.user.attributes.properties as user_props
+
+default allowed = false
+
+default visible = true
+
+default enabled = false
+
+allowed if {
+	user_props.department == "Operations"
+}
+
+enabled if {
+	allowed
+}
diff --git a/download/testdata/latest_bundle_data/src/policies/__id/put.rego b/download/testdata/latest_bundle_data/src/policies/__id/put.rego
new file mode 100644
index 0000000000..cc89326d28
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/__id/put.rego
@@ -0,0 +1,18 @@
+package peoplefinder.PUT.api.users.__id
+
+import rego.v1
+import input.user.attributes.properties as user_props
+
+default allowed = false
+
+default visible = true
+
+default enabled = true
+
+allowed if {
+	user_props.department == "Operations"
+}
+
+allowed if {
+	input.user.id == input.resource.id
+}
diff --git a/download/testdata/latest_bundle_data/src/policies/get.rego b/download/testdata/latest_bundle_data/src/policies/get.rego
new file mode 100644
index 0000000000..bd8302b3c6
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/get.rego
@@ -0,0 +1,7 @@
+package peoplefinder.GET.api.users
+
+default allowed = true
+
+default visible = true
+
+default enabled = true
diff --git a/download/testdata/latest_bundle_data/src/policies/post.rego b/download/testdata/latest_bundle_data/src/policies/post.rego
new file mode 100644
index 0000000000..5c86b2aa80
--- /dev/null
+++ b/download/testdata/latest_bundle_data/src/policies/post.rego
@@ -0,0 +1,23 @@
+package peoplefinder.POST.api.users
+
+import rego.v1
+import input.user.attributes.properties as user_props
+
+default allowed = false
+
+default visible = false
+
+default enabled = false
+
+allowed if {
+	user_props.department == "Operations"
+	user_props.title == "IT Manager"
+}
+
+visible if {
+	allowed
+}
+
+enabled if {
+	allowed
+}