migrating execpolicy -> execpolicy-legacy and execpolicy2 -> execpolicy (#6956)

codex-rs/execpolicy-legacy/tests/suite/literal.rs

@@ -0,0 +1,50 @@
+use codex_execpolicy_legacy::ArgType;
+use codex_execpolicy_legacy::Error;
+use codex_execpolicy_legacy::ExecCall;
+use codex_execpolicy_legacy::MatchedArg;
+use codex_execpolicy_legacy::MatchedExec;
+use codex_execpolicy_legacy::PolicyParser;
+use codex_execpolicy_legacy::Result;
+use codex_execpolicy_legacy::ValidExec;
+
+extern crate codex_execpolicy_legacy;
+
+#[test]
+fn test_invalid_subcommand() -> Result<()> {
+    let unparsed_policy = r#"
+define_program(
+    program="fake_executable",
+    args=["subcommand", "sub-subcommand"],
+)
+"#;
+    let parser = PolicyParser::new("test_invalid_subcommand", unparsed_policy);
+    let policy = parser.parse().expect("failed to parse policy");
+    let valid_call = ExecCall::new("fake_executable", &["subcommand", "sub-subcommand"]);
+    assert_eq!(
+        Ok(MatchedExec::Match {
+            exec: ValidExec::new(
+                "fake_executable",
+                vec![
+                    MatchedArg::new(0, ArgType::Literal("subcommand".to_string()), "subcommand")?,
+                    MatchedArg::new(
+                        1,
+                        ArgType::Literal("sub-subcommand".to_string()),
+                        "sub-subcommand"
+                    )?,
+                ],
+                &[]
+            )
+        }),
+        policy.check(&valid_call)
+    );
+
+    let invalid_call = ExecCall::new("fake_executable", &["subcommand", "not-a-real-subcommand"]);
+    assert_eq!(
+        Err(Error::LiteralValueDidNotMatch {
+            expected: "sub-subcommand".to_string(),
+            actual: "not-a-real-subcommand".to_string()
+        }),
+        policy.check(&invalid_call)
+    );
+    Ok(())
+}