authz: Enable wildcard principal tests (#107)

grpc · Jul 29, 2024 · 3ad61fc · 3ad61fc
1 parent 323f424
commit 3ad61fc
Showing 1 changed file with 29 additions and 26 deletions.
diff --git a/tests/authz_test.py b/tests/authz_test.py
@@ -134,20 +134,19 @@ def authz_rules(self):
                     },
                 },
             },
-            # b/202058316. The wildcard principal is generating invalid config
-            # {
-            #     "sources": {
-            #         "principals": ["*"],
-            #     },
-            #     "destinations": {
-            #         "hosts": [f"*:{self.server_xds_port}"],
-            #         "ports": [self.server_port],
-            #         "httpHeaderMatch": {
-            #             "headerName": "test",
-            #             "regexMatch": "principal-present",
-            #         },
-            #     },
-            # },
+            {
+                "sources": {
+                    "principals": ["*"],
+                },
+                "destinations": {
+                    "hosts": [f"*:{self.server_xds_port}"],
+                    "ports": [self.server_port],
+                    "httpHeaderMatch": {
+                        "headerName": "test",
+                        "regexMatch": "principal-present",
+                    },
+                },
+            },
             {
                 "sources": [
                     {
@@ -294,10 +293,12 @@ def test_plaintext_allow(self) -> None:
                 grpc.StatusCode.PERMISSION_DENIED,
             )
 
-        # b/202058316
-        # with self.subTest('07_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.PERMISSION_DENIED)
+        with self.subTest("07_principal_present"):
+            self.configure_and_assert(
+                test_client,
+                "principal-present",
+                grpc.StatusCode.PERMISSION_DENIED,
+            )
 
     def test_tls_allow(self) -> None:
         self.setupTrafficDirectorGrpc()
@@ -324,10 +325,12 @@ def test_tls_allow(self) -> None:
                 test_client, None, grpc.StatusCode.PERMISSION_DENIED
             )
 
-        # b/202058316
-        # with self.subTest('03_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.PERMISSION_DENIED)
+        with self.subTest("03_principal_present"):
+            self.configure_and_assert(
+                test_client,
+                "principal-present",
+                grpc.StatusCode.PERMISSION_DENIED,
+            )
 
     def test_mtls_allow(self) -> None:
         self.setupTrafficDirectorGrpc()
@@ -351,10 +354,10 @@ def test_mtls_allow(self) -> None:
                 test_client, None, grpc.StatusCode.PERMISSION_DENIED
             )
 
-        # b/202058316
-        # with self.subTest('03_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.OK)
+        with self.subTest("03_principal_present"):
+            self.configure_and_assert(
+                test_client, "principal-present", grpc.StatusCode.OK
+            )
 
         with self.subTest("04_match_principal"):
             self.configure_and_assert(