-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test(RHTAPWATCH-1067): Unit tests for getUserNamespaces
Add unit test for func getUserNamespaces
- Loading branch information
1 parent
53411f5
commit a294a97
Showing
1 changed file
with
75 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,12 +12,15 @@ import ( | |
k8sapi "k8s.io/api/core/v1" | ||
rbacv1 "k8s.io/api/rbac/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/labels" | ||
"k8s.io/apimachinery/pkg/selection" | ||
"k8s.io/client-go/kubernetes" | ||
|
||
"context" | ||
"os" | ||
"testing" | ||
|
||
"github.com/labstack/echo/v4" | ||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
"k8s.io/client-go/rest" | ||
|
@@ -41,6 +44,12 @@ type HTTPheader struct { | |
var k8sClient client.Client | ||
var testEnv *envtest.Environment | ||
|
||
var ( | ||
ns1 = "test-tenant" | ||
ns2 = "test-tenant-2" | ||
ns3 = "test-tenant-3" | ||
) | ||
|
||
func createRole(k8sClient client.Client, nsName string, roleName string, verbs []string) { | ||
role := &rbacv1.Role{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
|
@@ -191,15 +200,15 @@ var _ = DescribeTable("Specific workspace endpoint", func(endpoint string, heade | |
}, | ||
Entry( | ||
"Calling the workspace endpoint for the test-tenant workspace for user2", | ||
"test-tenant", | ||
ns1, | ||
HTTPheader{"X-Email", "[email protected]"}, | ||
http.StatusOK, | ||
`{"kind":"Workspace","apiVersion":"toolchain.dev.openshift.com/v1alpha1","metadata":`+ | ||
`{"name":"test-tenant","creationTimestamp":null},"status":{"namespaces":`+ | ||
`[{"name":"test-tenant","type":"default"}]}}`), | ||
Entry( | ||
"Specific workspace endpoint for test-tenant-2 for user1 only", | ||
"test-tenant-2", | ||
ns2, | ||
HTTPheader{"X-Email", "[email protected]"}, | ||
404, | ||
`{"message":"Not Found"}`), | ||
|
@@ -248,14 +257,14 @@ var _ = BeforeSuite(func() { | |
|
||
user1 := "[email protected]" | ||
user2 := "[email protected]" | ||
createNamespace(k8sClient, "test-tenant") | ||
createNamespace(k8sClient, "test-tenant-2") | ||
createNamespace(k8sClient, "test-tenant-3") | ||
createRole(k8sClient, "test-tenant", "namespace-access", []string{"create", "list", "watch", "delete"}) | ||
createRole(k8sClient, "test-tenant-2", "namespace-access-2", []string{"create", "list", "watch", "delete"}) | ||
createRoleBinding(k8sClient, "namespace-access-user-binding", "test-tenant", user1, "namespace-access") | ||
createRoleBinding(k8sClient, "namespace-access-user-binding-2", "test-tenant", user2, "namespace-access") | ||
createRoleBinding(k8sClient, "namespace-access-user-binding-3", "test-tenant-2", user2, "namespace-access-2") | ||
createNamespace(k8sClient, ns1) | ||
createNamespace(k8sClient, ns2) | ||
createNamespace(k8sClient, ns3) | ||
createRole(k8sClient, ns1, "namespace-access", []string{"create", "list", "watch", "delete"}) | ||
createRole(k8sClient, ns2, "namespace-access-2", []string{"create", "list", "watch", "delete"}) | ||
createRoleBinding(k8sClient, "namespace-access-user-binding", ns1, user1, "namespace-access") | ||
createRoleBinding(k8sClient, "namespace-access-user-binding-2", ns1, user2, "namespace-access") | ||
createRoleBinding(k8sClient, "namespace-access-user-binding-3", ns2, user2, "namespace-access-2") | ||
serverProcess = exec.Command("go", "run", "main.go") | ||
err = serverProcess.Start() | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error starting the server during test setup: %v", err)) | ||
|
@@ -280,24 +289,74 @@ var _ = DescribeTable("TestRunAccessCheck", func(user string, namespace string, | |
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing RunAccessCheck") | ||
}, | ||
Entry( | ||
"A user that has access to the resource should return true (user2 has permission to 'create' on test-tenant-1)", | ||
"A user that has access to the resource should return true (user2 has permission to 'create' on ns1)", | ||
"[email protected]", | ||
"test-tenant", | ||
ns1, | ||
"applications", | ||
"create", | ||
true), | ||
Entry( | ||
"A user that does not have any premissions on the namespace should return false (user1 doesn't have access to test-tenant-2)", | ||
"A user that does not have any premissions on the namespace should return false (user1 doesn't have access to ns2)", | ||
"[email protected]", | ||
"test-tenant-2", | ||
ns2, | ||
"applications", | ||
"create", | ||
false), | ||
Entry( | ||
"A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on test-tenant-1)", | ||
"A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on ns3)", | ||
"[email protected]", | ||
"test-tenant-1", | ||
ns3, | ||
"applications", | ||
"patch", | ||
false), | ||
) | ||
|
||
var _ = DescribeTable("TestGetUserNamespaces", | ||
func(labelKey string, labelValues []string, expectedNamespaces []string) { | ||
e := echo.New() | ||
|
||
var req *labels.Requirement | ||
var err error | ||
|
||
// Create the label requirement based on the input | ||
if len(labelValues) > 0 { | ||
req, err = labels.NewRequirement(labelKey, selection.In, labelValues) | ||
} else { | ||
req, err = labels.NewRequirement(labelKey, selection.Exists, []string{}) | ||
} | ||
Expect(err).NotTo(HaveOccurred(), "Error creating label requirement") | ||
|
||
namespaces, err := getUserNamespaces(e, *req) | ||
Expect(err).NotTo(HaveOccurred(), "Error getting user namespaces") | ||
|
||
var actualNamespaces []string | ||
for _, ns := range namespaces { | ||
actualNamespaces = append(actualNamespaces, ns.Name) | ||
} | ||
|
||
log.Printf("Expected Namespaces: %v, Actual Namespaces: %v", expectedNamespaces, actualNamespaces) | ||
|
||
// Check if actual namespaces contain all expected namespaces | ||
for _, expected := range expectedNamespaces { | ||
Expect(actualNamespaces).To(ContainElement(expected)) | ||
} | ||
}, | ||
Entry( | ||
"Get specific user namespace", | ||
"kubernetes.io/metadata.name", | ||
[]string{ns1}, | ||
[]string{ns1}, | ||
), | ||
Entry( | ||
"Get multiple specific user namespaces", | ||
"kubernetes.io/metadata.name", | ||
[]string{ns1, ns2}, | ||
[]string{ns1, ns2}, | ||
), | ||
Entry( | ||
"Returns an empty string when the label mentions a namespace that does not exist", | ||
"kubernetes.io/metadata.name", | ||
[]string{"non-existent-namespace"}, | ||
[]string{}, | ||
), | ||
) |