This is an automated email from the ASF dual-hosted git repository. JiriOndrusek pushed a commit to branch camel-main in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit 32244af139fb024a6e6224582397896230e98b91 Author: Guillaume Nodet <[email protected]> AuthorDate: Tue Apr 28 16:58:41 2026 +0200 Add security-policy integration test for CAMEL-23250 Fixes #8584 Co-authored-by: Claude Opus 4.6 <[email protected]> --- integration-test-groups/foundation/pom.xml | 1 + .../foundation/security-policy/pom.xml | 131 +++++++++++++++++++++ .../camel/quarkus/security/policy/Routes.java | 28 +++++ .../security/policy/SecurityPolicyResource.java | 90 ++++++++++++++ .../src/main/resources/application.properties | 18 +++ .../security/policy/SecurityPolicyAllowIT.java | 23 ++++ .../security/policy/SecurityPolicyAllowTest.java | 44 +++++++ .../policy/SecurityPolicyAllowedPropertiesIT.java | 23 ++++ .../SecurityPolicyAllowedPropertiesTest.java | 44 +++++++ .../policy/SecurityPolicyCategoryOverrideIT.java | 23 ++++ .../policy/SecurityPolicyCategoryOverrideTest.java | 44 +++++++ .../security/policy/SecurityPolicyWarnIT.java | 23 ++++ .../security/policy/SecurityPolicyWarnTest.java | 48 ++++++++ 13 files changed, 540 insertions(+) diff --git a/integration-test-groups/foundation/pom.xml b/integration-test-groups/foundation/pom.xml index 6c937f1c0f..3d2a6d8c6c 100644 --- a/integration-test-groups/foundation/pom.xml +++ b/integration-test-groups/foundation/pom.xml @@ -50,6 +50,7 @@ <module>ref</module> <module>route-configurations</module> <module>scheduler</module> + <module>security-policy</module> <module>seda</module> <module>stream</module> <module>timer</module> diff --git a/integration-test-groups/foundation/security-policy/pom.xml b/integration-test-groups/foundation/security-policy/pom.xml new file mode 100644 index 0000000000..6d4e775dd9 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/pom.xml @@ -0,0 +1,131 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-build-parent-it</artifactId> + <version>3.35.0-SNAPSHOT</version> + <relativePath>../../../poms/build-parent-it/pom.xml</relativePath> + </parent> + + <artifactId>camel-quarkus-integration-test-security-policy</artifactId> + <name>Camel Quarkus :: Integration Tests :: Security Policy</name> + + <dependencies> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-log</artifactId> + </dependency> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-timer</artifactId> + </dependency> + <dependency> + <groupId>io.quarkus</groupId> + <artifactId>quarkus-resteasy</artifactId> + </dependency> + + <!-- test dependencies --> + <dependency> + <groupId>io.quarkus</groupId> + <artifactId>quarkus-junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>io.rest-assured</groupId> + <artifactId>rest-assured</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.assertj</groupId> + <artifactId>assertj-core</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <profiles> + <profile> + <id>native</id> + <activation> + <property> + <name>native</name> + </property> + </activation> + <properties> + <quarkus.native.enabled>true</quarkus.native.enabled> + </properties> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-failsafe-plugin</artifactId> + <executions> + <execution> + <goals> + <goal>integration-test</goal> + <goal>verify</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> + <id>virtualDependencies</id> + <activation> + <property> + <name>!noVirtualDependencies</name> + </property> + </activation> + <dependencies> + <!-- The following dependencies guarantee that this module is built after them. You can update them by running `mvn process-resources -Pformat -N` from the source tree root directory --> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-log-deployment</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>*</groupId> + <artifactId>*</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-timer-deployment</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>*</groupId> + <artifactId>*</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + </profile> + </profiles> + +</project> diff --git a/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/Routes.java b/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/Routes.java new file mode 100644 index 0000000000..54f1bd4be3 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/Routes.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import org.apache.camel.builder.RouteBuilder; + +public class Routes extends RouteBuilder { + + @Override + public void configure() { + from("timer:tick?repeatCount=1") + .log("Timer tick!"); + } +} diff --git a/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/SecurityPolicyResource.java b/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/SecurityPolicyResource.java new file mode 100644 index 0000000000..4bbf9a4430 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/main/java/org/apache/camel/quarkus/security/policy/SecurityPolicyResource.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import java.util.stream.Collectors; + +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.core.MediaType; +import org.apache.camel.CamelContext; +import org.apache.camel.main.SecurityPolicyResult; + +@Path("/security-policy") +@ApplicationScoped +public class SecurityPolicyResource { + + @Inject + CamelContext camelContext; + + @GET + @Path("/has-violations") + @Produces(MediaType.TEXT_PLAIN) + public String hasViolations() { + SecurityPolicyResult result = camelContext.getCamelContextExtension() + .getContextPlugin(SecurityPolicyResult.class); + if (result == null) { + return "null"; + } + return String.valueOf(result.hasViolations()); + } + + @GET + @Path("/violation-categories") + @Produces(MediaType.TEXT_PLAIN) + public String violationCategories() { + SecurityPolicyResult result = camelContext.getCamelContextExtension() + .getContextPlugin(SecurityPolicyResult.class); + if (result == null) { + return ""; + } + return result.getViolations().stream() + .map(v -> v.category()) + .collect(Collectors.joining(",")); + } + + @GET + @Path("/violation-property-keys") + @Produces(MediaType.TEXT_PLAIN) + public String violationPropertyKeys() { + SecurityPolicyResult result = camelContext.getCamelContextExtension() + .getContextPlugin(SecurityPolicyResult.class); + if (result == null) { + return ""; + } + return result.getViolations().stream() + .map(v -> v.propertyKey()) + .collect(Collectors.joining(",")); + } + + @GET + @Path("/violation-policies") + @Produces(MediaType.TEXT_PLAIN) + public String violationPolicies() { + SecurityPolicyResult result = camelContext.getCamelContextExtension() + .getContextPlugin(SecurityPolicyResult.class); + if (result == null) { + return ""; + } + return result.getViolations().stream() + .map(v -> v.policy()) + .collect(Collectors.joining(",")); + } +} diff --git a/integration-test-groups/foundation/security-policy/src/main/resources/application.properties b/integration-test-groups/foundation/security-policy/src/main/resources/application.properties new file mode 100644 index 0000000000..2bb5afa830 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/main/resources/application.properties @@ -0,0 +1,18 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- + +camel.main.devConsoleEnabled = true diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowIT.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowIT.java new file mode 100644 index 0000000000..a3fab445d2 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowIT.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +class SecurityPolicyAllowIT extends SecurityPolicyAllowTest { +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowTest.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowTest.java new file mode 100644 index 0000000000..84323a2f6e --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import java.util.Map; + +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.junit.QuarkusTestProfile; +import io.quarkus.test.junit.TestProfile; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import static org.hamcrest.Matchers.is; + +@QuarkusTest +@TestProfile(SecurityPolicyAllowTest.Profile.class) +class SecurityPolicyAllowTest { + + @Test + void allowPolicySuppressesAllViolations() { + RestAssured.when().get("/security-policy/has-violations").then().body(is("false")); + } + + public static class Profile implements QuarkusTestProfile { + @Override + public Map<String, String> getConfigOverrides() { + return Map.of("camel.security.policy", "allow"); + } + } +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesIT.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesIT.java new file mode 100644 index 0000000000..1de5c8bb0c --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesIT.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +class SecurityPolicyAllowedPropertiesIT extends SecurityPolicyAllowedPropertiesTest { +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesTest.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesTest.java new file mode 100644 index 0000000000..5b4da1c562 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyAllowedPropertiesTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import java.util.Map; + +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.junit.QuarkusTestProfile; +import io.quarkus.test.junit.TestProfile; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import static org.hamcrest.Matchers.is; + +@QuarkusTest +@TestProfile(SecurityPolicyAllowedPropertiesTest.Profile.class) +class SecurityPolicyAllowedPropertiesTest { + + @Test + void allowedPropertiesExcludesViolations() { + RestAssured.when().get("/security-policy/has-violations").then().body(is("false")); + } + + public static class Profile implements QuarkusTestProfile { + @Override + public Map<String, String> getConfigOverrides() { + return Map.of("camel.security.allowed-properties", "camel.main.devConsoleEnabled"); + } + } +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideIT.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideIT.java new file mode 100644 index 0000000000..e3d65c8865 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideIT.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +class SecurityPolicyCategoryOverrideIT extends SecurityPolicyCategoryOverrideTest { +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideTest.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideTest.java new file mode 100644 index 0000000000..b941a0024c --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyCategoryOverrideTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import java.util.Map; + +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.junit.QuarkusTestProfile; +import io.quarkus.test.junit.TestProfile; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import static org.hamcrest.Matchers.is; + +@QuarkusTest +@TestProfile(SecurityPolicyCategoryOverrideTest.Profile.class) +class SecurityPolicyCategoryOverrideTest { + + @Test + void categoryOverrideSuppressesViolations() { + RestAssured.when().get("/security-policy/has-violations").then().body(is("false")); + } + + public static class Profile implements QuarkusTestProfile { + @Override + public Map<String, String> getConfigOverrides() { + return Map.of("camel.security.insecure-dev-policy", "allow"); + } + } +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnIT.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnIT.java new file mode 100644 index 0000000000..267aa6c9e8 --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnIT.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +class SecurityPolicyWarnIT extends SecurityPolicyWarnTest { +} diff --git a/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnTest.java b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnTest.java new file mode 100644 index 0000000000..cc6f221cfa --- /dev/null +++ b/integration-test-groups/foundation/security-policy/src/test/java/org/apache/camel/quarkus/security/policy/SecurityPolicyWarnTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.security.policy; + +import io.quarkus.test.junit.QuarkusTest; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.is; + +@QuarkusTest +class SecurityPolicyWarnTest { + + @Test + void warnPolicyDetectsViolations() { + RestAssured.when().get("/security-policy/has-violations").then().body(is("true")); + } + + @Test + void warnPolicyReportsInsecureDevCategory() { + RestAssured.when().get("/security-policy/violation-categories").then().body(containsString("insecure:dev")); + } + + @Test + void warnPolicyReportsDevConsoleEnabledProperty() { + RestAssured.when().get("/security-policy/violation-property-keys").then().body(containsString("devConsoleEnabled")); + } + + @Test + void warnPolicyReportsWarnLevel() { + RestAssured.when().get("/security-policy/violation-policies").then().body(containsString("warn")); + } +}
