From 3ad61fc22e8b7d9932a73e3260e6a8c0f31e4efd Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 29 Jul 2024 13:28:44 -0700
Subject: [PATCH] authz: Enable wildcard principal tests (#107)

---
 tests/authz_test.py | 55 ++++++++++++++++++++++++---------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/tests/authz_test.py b/tests/authz_test.py
index e3c3bff8..e13ef1da 100644
--- a/tests/authz_test.py
+++ b/tests/authz_test.py
@@ -134,20 +134,19 @@ def authz_rules(self):
                     },
                 },
             },
-            # b/202058316. The wildcard principal is generating invalid config
-            # {
-            #     "sources": {
-            #         "principals": ["*"],
-            #     },
-            #     "destinations": {
-            #         "hosts": [f"*:{self.server_xds_port}"],
-            #         "ports": [self.server_port],
-            #         "httpHeaderMatch": {
-            #             "headerName": "test",
-            #             "regexMatch": "principal-present",
-            #         },
-            #     },
-            # },
+            {
+                "sources": {
+                    "principals": ["*"],
+                },
+                "destinations": {
+                    "hosts": [f"*:{self.server_xds_port}"],
+                    "ports": [self.server_port],
+                    "httpHeaderMatch": {
+                        "headerName": "test",
+                        "regexMatch": "principal-present",
+                    },
+                },
+            },
             {
                 "sources": [
                     {
@@ -294,10 +293,12 @@ def test_plaintext_allow(self) -> None:
                 grpc.StatusCode.PERMISSION_DENIED,
             )
 
-        # b/202058316
-        # with self.subTest('07_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.PERMISSION_DENIED)
+        with self.subTest("07_principal_present"):
+            self.configure_and_assert(
+                test_client,
+                "principal-present",
+                grpc.StatusCode.PERMISSION_DENIED,
+            )
 
     def test_tls_allow(self) -> None:
         self.setupTrafficDirectorGrpc()
@@ -324,10 +325,12 @@ def test_tls_allow(self) -> None:
                 test_client, None, grpc.StatusCode.PERMISSION_DENIED
             )
 
-        # b/202058316
-        # with self.subTest('03_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.PERMISSION_DENIED)
+        with self.subTest("03_principal_present"):
+            self.configure_and_assert(
+                test_client,
+                "principal-present",
+                grpc.StatusCode.PERMISSION_DENIED,
+            )
 
     def test_mtls_allow(self) -> None:
         self.setupTrafficDirectorGrpc()
@@ -351,10 +354,10 @@ def test_mtls_allow(self) -> None:
                 test_client, None, grpc.StatusCode.PERMISSION_DENIED
             )
 
-        # b/202058316
-        # with self.subTest('03_principal_present'):
-        #     self.configure_and_assert(test_client, 'principal-present',
-        #                               grpc.StatusCode.OK)
+        with self.subTest("03_principal_present"):
+            self.configure_and_assert(
+                test_client, "principal-present", grpc.StatusCode.OK
+            )
 
         with self.subTest("04_match_principal"):
             self.configure_and_assert(