Skip to content

Commit

Permalink
chore(RHTAPATCH-1069): unit-tests for runAccessCheck
Browse files Browse the repository at this point in the history
Add unit-tests to `runAccessCheck`.
We decided to perform the tests using the same test suite
we are using for the functional tests, using testenv.
It is setting up a real environment for us, and we don't
have to deal with ugly fakes when using the k8s authorization.

Signed-off-by: Omer Turner <[email protected]>
  • Loading branch information
Omeramsc committed Jul 15, 2024
1 parent e17d6bc commit 3264d4a
Show file tree
Hide file tree
Showing 4 changed files with 178 additions and 471 deletions.
2 changes: 0 additions & 2 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,6 @@ func getNamespacesWithAccess(
for _, verb := range []string{"create", "list", "watch", "delete"} {
for _, resource := range []string{"applications", "components"} {
allowed, err := runAccessCheck(
e,
authCl,
c.Request().Header["X-Email"][0],
ns.Name,
Expand Down Expand Up @@ -169,7 +168,6 @@ func getUserNamespaces(e *echo.Echo, nameReq labels.Requirement) ([]core.Namespa

// check if a user can perform a specific verb on a specific resource in namespace
func runAccessCheck(
e *echo.Echo,
authCl authorizationv1Client.AuthorizationV1Interface,
user string,
namespace string,
Expand Down
25 changes: 25 additions & 0 deletions cmd/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
k8sapi "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"

"context"
"os"
Expand All @@ -23,6 +24,7 @@ import (
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/config"
"sigs.k8s.io/controller-runtime/pkg/envtest"
)

Expand Down Expand Up @@ -267,3 +269,26 @@ var _ = AfterSuite(func() {
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error killing the server during test teardown: %v", err))
}
})

var _ = DescribeTable("TestRunAccessCheck", func(user string, namespace string, resource string, expectedResult bool) {
cfg, _ := config.GetConfig()
clientset, _ := kubernetes.NewForConfig(cfg)
authCl := clientset.AuthorizationV1()

boolresult, err := runAccessCheck(authCl, user, namespace, "appstudio.redhat.com", resource, "create")
Expect(boolresult).To(Equal(expectedResult))
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing RunAccessCheck")
},
Entry(
"A user that has access to the resource should return true (user1 have access to test-tenant-1)",
"[email protected]",
"test-tenant-2",
"applications",
true),
Entry(
"A user that does not have access to the resource should return false (user1 don't have access to test-tenant-2)",
"[email protected]",
"test-tenant-2",
"applications",
false),
)
73 changes: 39 additions & 34 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,38 +1,42 @@
module github.com/konflux-ci/workspace-manager

go 1.20
go 1.22.0

toolchain go1.22.3

require (
github.com/codeready-toolchain/api v0.0.0-20240322110702-5ab3840476e9
github.com/labstack/echo/v4 v4.11.4
github.com/onsi/ginkgo/v2 v2.1.4
github.com/onsi/gomega v1.19.0
k8s.io/api v0.25.0
k8s.io/apimachinery v0.25.0
k8s.io/client-go v0.25.0
sigs.k8s.io/controller-runtime v0.13.0
github.com/codeready-toolchain/api v0.0.0-20240708122235-0af5a9a178bb
github.com/labstack/echo/v4 v4.12.0
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
k8s.io/api v0.30.2
k8s.io/apimachinery v0.30.2
k8s.io/client-go v0.30.2
sigs.k8s.io/controller-runtime v0.18.4
)

require (
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.5 // indirect
github.com/go-openapi/swag v0.19.14 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/labstack/gommon v0.4.2 // indirect
github.com/mailru/easyjson v0.7.6 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
Expand All @@ -43,23 +47,24 @@ require (
github.com/spf13/pflag v1.0.5 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v1.2.2 // indirect
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/net v0.19.0 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/crypto v0.23.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.21.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.25.0 // indirect
k8s.io/klog/v2 v2.70.1 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
k8s.io/apiextensions-apiserver v0.30.1 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)
Loading

0 comments on commit 3264d4a

Please sign in to comment.