Spaces:
No application file
No application file
| // SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. | |
| // SPDX-License-Identifier: Apache-2.0 | |
| const { describe, it } = require("node:test"); | |
| const assert = require("node:assert/strict"); | |
| const path = require("path"); | |
| const policies = require("../bin/lib/policies"); | |
| describe("policies", () => { | |
| describe("listPresets", () => { | |
| it("returns all 9 presets", () => { | |
| const presets = policies.listPresets(); | |
| assert.equal(presets.length, 9); | |
| }); | |
| it("each preset has name and description", () => { | |
| for (const p of policies.listPresets()) { | |
| assert.ok(p.name, `preset missing name: ${p.file}`); | |
| assert.ok(p.description, `preset missing description: ${p.file}`); | |
| } | |
| }); | |
| it("returns expected preset names", () => { | |
| const names = policies.listPresets().map((p) => p.name).sort(); | |
| const expected = ["discord", "docker", "huggingface", "jira", "npm", "outlook", "pypi", "slack", "telegram"]; | |
| assert.deepEqual(names, expected); | |
| }); | |
| }); | |
| describe("loadPreset", () => { | |
| it("loads existing preset", () => { | |
| const content = policies.loadPreset("outlook"); | |
| assert.ok(content); | |
| assert.ok(content.includes("network_policies:")); | |
| }); | |
| it("returns null for nonexistent preset", () => { | |
| assert.equal(policies.loadPreset("nonexistent"), null); | |
| }); | |
| }); | |
| describe("getPresetEndpoints", () => { | |
| it("extracts hosts from outlook preset", () => { | |
| const content = policies.loadPreset("outlook"); | |
| const hosts = policies.getPresetEndpoints(content); | |
| assert.ok(hosts.includes("graph.microsoft.com")); | |
| assert.ok(hosts.includes("login.microsoftonline.com")); | |
| assert.ok(hosts.includes("outlook.office365.com")); | |
| assert.ok(hosts.includes("outlook.office.com")); | |
| }); | |
| it("extracts hosts from telegram preset", () => { | |
| const content = policies.loadPreset("telegram"); | |
| const hosts = policies.getPresetEndpoints(content); | |
| assert.deepEqual(hosts, ["api.telegram.org"]); | |
| }); | |
| it("every preset has at least one endpoint", () => { | |
| for (const p of policies.listPresets()) { | |
| const content = policies.loadPreset(p.name); | |
| const hosts = policies.getPresetEndpoints(content); | |
| assert.ok(hosts.length > 0, `${p.name} has no endpoints`); | |
| } | |
| }); | |
| }); | |
| describe("preset YAML schema", () => { | |
| it("no preset has rules at NetworkPolicyRuleDef level", () => { | |
| // rules must be inside endpoints, not as sibling of endpoints/binaries | |
| for (const p of policies.listPresets()) { | |
| const content = policies.loadPreset(p.name); | |
| const lines = content.split("\n"); | |
| for (let i = 0; i < lines.length; i++) { | |
| const line = lines[i]; | |
| // rules: at 4-space indent (same level as endpoints:) is wrong | |
| // rules: at 8+ space indent (inside an endpoint) is correct | |
| if (/^\s{4}rules:/.test(line)) { | |
| assert.fail(`${p.name} line ${i + 1}: rules at policy level (should be inside endpoint)`); | |
| } | |
| } | |
| } | |
| }); | |
| it("every preset has network_policies section", () => { | |
| for (const p of policies.listPresets()) { | |
| const content = policies.loadPreset(p.name); | |
| assert.ok(content.includes("network_policies:"), `${p.name} missing network_policies`); | |
| } | |
| }); | |
| }); | |
| }); | |