Skip to content

Commit 9ae3a77

Browse files
committed
Merge branch 'per-15315/vitest-event-based-tests' into per-15317/comprehensive-sdk-tests
* per-15315/vitest-event-based-tests: test: make rbac useOpa checks opt-in and widen rebac CI budget
2 parents 696f446 + 42ad33f commit 9ae3a77

3 files changed

Lines changed: 65 additions & 54 deletions

File tree

src/tests/e2e/rbac.e2e.spec.ts

Lines changed: 62 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ import { UserRead } from '../../openapi';
55
import { createTestClient, printBreak } from '../fixtures';
66
import { waitForCheck } from '../helpers/wait-for';
77

8+
// Direct-OPA (`useOpa`) checks require a reachable standalone OPA (port 8181),
9+
// which the dockerized PDP in CI does not expose. Opt in by setting
10+
// PERMIT_RUN_OPA_E2E=true when running against an OPA-exposed setup.
11+
const RUN_OPA_E2E = process.env.PERMIT_RUN_OPA_E2E === 'true';
12+
813
let permit: IPermitClient;
914
let logger: pino.Logger;
1015

@@ -199,51 +204,55 @@ it('Permission check e2e test', async () => {
199204

200205
printBreak();
201206

202-
// use opa directly
203-
expect(
204-
await permit.check(
205-
'auth0|elon',
206-
'read',
207-
// a 'document' belonging to 'tesla' (ownership based on tenant)
208-
{ type: 'document', tenant: 'tesla', attributes: resourceAttributes },
209-
{},
210-
{ useOpa: true },
211-
),
212-
).toBe(true);
213-
214-
printBreak();
215-
216-
expect(
217-
await permit.check(
218-
'auth0|elon',
219-
'control the usa',
220-
// a 'document' belonging to 'tesla' (ownership based on tenant)
221-
{ type: 'document', tenant: 'tesla', attributes: resourceAttributes },
222-
{},
223-
{ useOpa: true },
224-
),
225-
).toBe(false);
226-
227-
printBreak();
207+
if (RUN_OPA_E2E) {
208+
// use opa directly
209+
expect(
210+
await permit.check(
211+
'auth0|elon',
212+
'read',
213+
// a 'document' belonging to 'tesla' (ownership based on tenant)
214+
{ type: 'document', tenant: 'tesla', attributes: resourceAttributes },
215+
{},
216+
{ useOpa: true },
217+
),
218+
).toBe(true);
219+
220+
printBreak();
221+
222+
expect(
223+
await permit.check(
224+
'auth0|elon',
225+
'control the usa',
226+
// a 'document' belonging to 'tesla' (ownership based on tenant)
227+
{ type: 'document', tenant: 'tesla', attributes: resourceAttributes },
228+
{},
229+
{ useOpa: true },
230+
),
231+
).toBe(false);
232+
233+
printBreak();
234+
}
228235

229236
logger.info('testing positive permission check with complete user object');
230237
expect(await permit.check(user, 'read', { type: document.key, tenant: tenant.key })).toBe(true);
231238

232239
printBreak();
233240

234-
// use opa directly
235-
logger.info('testing positive permission check with complete user object');
236-
expect(
237-
await permit.check(
238-
user,
239-
'read',
240-
{ type: document.key, tenant: tenant.key },
241-
{},
242-
{ useOpa: true },
243-
),
244-
).toBe(true);
245-
246-
printBreak();
241+
if (RUN_OPA_E2E) {
242+
// use opa directly
243+
logger.info('testing positive permission check with complete user object');
244+
expect(
245+
await permit.check(
246+
user,
247+
'read',
248+
{ type: document.key, tenant: tenant.key },
249+
{},
250+
{ useOpa: true },
251+
),
252+
).toBe(true);
253+
254+
printBreak();
255+
}
247256

248257
// negative permission check (will be false because a viewer cannot create a document)
249258
logger.info('testing negative permission check');
@@ -303,18 +312,20 @@ it('Permission check e2e test', async () => {
303312
expect(await permit.check(user, 'create', { type: document.key, tenant: tenant.key })).toBe(
304313
true,
305314
);
306-
//use opa directly
307-
expect(
308-
await permit.check(
309-
user,
310-
'create',
311-
{ type: document.key, tenant: tenant.key },
312-
{},
313-
{ useOpa: true },
314-
),
315-
).toBe(true);
316-
317-
printBreak();
315+
if (RUN_OPA_E2E) {
316+
//use opa directly
317+
expect(
318+
await permit.check(
319+
user,
320+
'create',
321+
{ type: document.key, tenant: tenant.key },
322+
{},
323+
{ useOpa: true },
324+
),
325+
).toBe(true);
326+
327+
printBreak();
328+
}
318329
} finally {
319330
// Leave the shared env empty for the next spec. Each delete is tolerant so a
320331
// missing entity (e.g. the body threw before creating it) neither throws nor

src/tests/e2e/rebac.e2e.spec.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -581,7 +581,7 @@ it('Permission check e2e test', async () => {
581581
);
582582
return results.every((res, i) => res === testStep.assertions[i].result);
583583
},
584-
{ timeoutMs: 60_000, intervalMs: 1_000, message: 'rebac step did not converge' },
584+
{ timeoutMs: 150_000, intervalMs: 1_000, message: 'rebac step did not converge' },
585585
);
586586
for (const assertion of testStep.assertions) {
587587
await assertPermitCheck(permit, assertion, testStep.assignments);

vitest.config.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@ const serialBackend = {
2121
pool: 'forks' as const,
2222
maxWorkers: 1,
2323
isolate: true,
24-
testTimeout: 120_000,
25-
hookTimeout: 120_000,
24+
testTimeout: 300_000,
25+
hookTimeout: 300_000,
2626
};
2727

2828
export default defineConfig({

0 commit comments

Comments
 (0)