139 lines
3.4 KiB
Ruby
139 lines
3.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
|
|
class ExpiredRulesCleanupJobTest < ActiveJob::TestCase
|
|
test "disables expired rules" do
|
|
expired_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
expires_at: 1.hour.ago,
|
|
enabled: true
|
|
)
|
|
|
|
active_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "192.168.0.0/16" },
|
|
expires_at: 1.hour.from_now,
|
|
enabled: true
|
|
)
|
|
|
|
count = ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert_equal 1, count
|
|
assert_not expired_rule.reload.enabled?
|
|
assert active_rule.reload.enabled?
|
|
end
|
|
|
|
test "does not affect rules without expiration" do
|
|
permanent_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
expires_at: nil,
|
|
enabled: true
|
|
)
|
|
|
|
ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert permanent_rule.reload.enabled?
|
|
end
|
|
|
|
test "does not affect already disabled rules" do
|
|
disabled_expired_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
expires_at: 1.hour.ago,
|
|
enabled: false
|
|
)
|
|
|
|
count = ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert_equal 0, count
|
|
assert_not disabled_expired_rule.reload.enabled?
|
|
end
|
|
|
|
test "updates updated_at timestamp when disabling" do
|
|
expired_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
expires_at: 1.hour.ago,
|
|
enabled: true
|
|
)
|
|
|
|
original_updated_at = expired_rule.updated_at
|
|
|
|
sleep 0.01 # Ensure time passes
|
|
|
|
ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert expired_rule.reload.updated_at > original_updated_at
|
|
end
|
|
|
|
test "deletes old disabled rules when running at 1am" do
|
|
old_disabled_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
enabled: false
|
|
)
|
|
old_disabled_rule.update_column(:updated_at, 31.days.ago)
|
|
|
|
recent_disabled_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "192.168.0.0/16" },
|
|
enabled: false
|
|
)
|
|
|
|
Time.stub :current, Time.current.change(hour: 1) do
|
|
ExpiredRulesCleanupJob.perform_now
|
|
end
|
|
|
|
assert_raises(ActiveRecord::RecordNotFound) { old_disabled_rule.reload }
|
|
assert_nothing_raised { recent_disabled_rule.reload }
|
|
end
|
|
|
|
test "does not delete old rules when not running at 1am" do
|
|
old_disabled_rule = Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.0.0.0/8" },
|
|
enabled: false
|
|
)
|
|
old_disabled_rule.update_column(:updated_at, 31.days.ago)
|
|
|
|
Time.stub :current, Time.current.change(hour: 10) do
|
|
ExpiredRulesCleanupJob.perform_now
|
|
end
|
|
|
|
assert_nothing_raised { old_disabled_rule.reload }
|
|
end
|
|
|
|
test "returns count of disabled rules" do
|
|
3.times do |i|
|
|
Rule.create!(
|
|
rule_type: "network_v4",
|
|
action: "deny",
|
|
conditions: { cidr: "10.#{i}.0.0/16" },
|
|
expires_at: 1.hour.ago,
|
|
enabled: true
|
|
)
|
|
end
|
|
|
|
count = ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert_equal 3, count
|
|
end
|
|
|
|
test "returns zero when no expired rules" do
|
|
count = ExpiredRulesCleanupJob.perform_now
|
|
|
|
assert_equal 0, count
|
|
end
|
|
end
|