[Command] Generate Check Combinations for Integration Testing

[gemanor]

These commands should iterate the configured policy rules and generate all the check function configurations and needed baseline data (users with assigned roles/resource instances with relationships) for all the available edge cases. The intent behind this command is to create a configuration file with all the possible check functions on the policy table.

Implementation details

• Command name is: permit test generate e2e
• Command flow is:
  1. Iterate all the "checkboxes" in the policy table, and for each checkbox, generate check function configuration (user, action, resource) for all the possible edge cases
  2. Generate the relevant data for the check configuration created (users, role assignment, resource instances, relationship tuples)
  3. Print the user (or export to a file) the generated configuration of the check functions
• The data created as part of the auto-generation will have a tag that will help differentiate it from other users/resource instances
• Command arguments:
  • --dry-run will generate all the test cases without data creation. The user details and resource instances will use placeholder. Default is false
  • --model - an array of all the models the user wants to generate. Can be RBAC, ABAC, and ReBAC. Default is all the models
  • --code-sample - a test code sample that iterates the config file and asserts the results.
    • Value is an enum of languages/test frameworks.
    • If value isn't appear, there's no print of the code sample
    • The first to support is pytest and jest
• The work on the feature should be done in a TDD way when the PRs include an example of a policy configured per use case and the generated edge cases

Sub Tasks

• Generate check configurations for all the RBAC use cases
  • Generate two users, one with all roles and one without any role
• Generate the check configurations for all the ABAC edge cases
  • All the attribute values (both of users and resources) should pass as part of the check configuration. The only data needed here is one user to pass in the check function.
• Generate all check configurations for ReBAC edge cases
  • Here the data generation gets complex and should be done in two iterations
    1. Generate users that are assigned directly to resource instances for all the edge cases
    2. Generate also relationship tuples between the resources and check relationship-based permissions

Example of configuration file

[
  // RBAC
  {
    user: 'generated_allowed_user',
    action: 'read',
    resource: 'document',
    result: true
  },
  // ABAC
  {
    user: {
      key: 'generated_user',
      attributes: {
        tier: 'paid'
      }
    },
    action: 'read',
    resource: {
      key: 'premium_document',
      attributes: {
        created_at: '23.3.25'
      }
    },
    result: true
  },
  // ReBAC
  {
    user: 'generated_user',
    action: 'read',
    resource: 'document:confidential_doc',
    result: false
  }, 
]

💡 Before participating in the issue or offering a bounty, please make sure you carefully read the contribution guidelines. PRs that do not adhere to the guidelines will be closed with no further notice.

[35C4n0r]

@gemanor can I get assigned !

[algora-pbc]

🎉🎈 @35C4n0r has been awarded $1,850 by Permit.io! 🎈🎊

[nehaaprasad]

is still this PR is open?