Skip to content

Commit

Permalink
test(RHTAPWATCH-1067): Unit tests for getUserNamespaces
Browse files Browse the repository at this point in the history
Add unit test for func
getUserNamespaces
  • Loading branch information
klakshma21 committed Jul 31, 2024
1 parent 53411f5 commit a294a97
Showing 1 changed file with 75 additions and 16 deletions.
91 changes: 75 additions & 16 deletions cmd/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,15 @@ import (
k8sapi "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/selection"
"k8s.io/client-go/kubernetes"

"context"
"os"
"testing"

"github.com/labstack/echo/v4"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"k8s.io/client-go/rest"
Expand All @@ -41,6 +44,12 @@ type HTTPheader struct {
var k8sClient client.Client
var testEnv *envtest.Environment

var (
ns1 = "test-tenant"
ns2 = "test-tenant-2"
ns3 = "test-tenant-3"
)

func createRole(k8sClient client.Client, nsName string, roleName string, verbs []string) {
role := &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -191,15 +200,15 @@ var _ = DescribeTable("Specific workspace endpoint", func(endpoint string, heade
},
Entry(
"Calling the workspace endpoint for the test-tenant workspace for user2",
"test-tenant",
ns1,
HTTPheader{"X-Email", "[email protected]"},
http.StatusOK,
`{"kind":"Workspace","apiVersion":"toolchain.dev.openshift.com/v1alpha1","metadata":`+
`{"name":"test-tenant","creationTimestamp":null},"status":{"namespaces":`+
`[{"name":"test-tenant","type":"default"}]}}`),
Entry(
"Specific workspace endpoint for test-tenant-2 for user1 only",
"test-tenant-2",
ns2,
HTTPheader{"X-Email", "[email protected]"},
404,
`{"message":"Not Found"}`),
Expand Down Expand Up @@ -248,14 +257,14 @@ var _ = BeforeSuite(func() {

user1 := "[email protected]"
user2 := "[email protected]"
createNamespace(k8sClient, "test-tenant")
createNamespace(k8sClient, "test-tenant-2")
createNamespace(k8sClient, "test-tenant-3")
createRole(k8sClient, "test-tenant", "namespace-access", []string{"create", "list", "watch", "delete"})
createRole(k8sClient, "test-tenant-2", "namespace-access-2", []string{"create", "list", "watch", "delete"})
createRoleBinding(k8sClient, "namespace-access-user-binding", "test-tenant", user1, "namespace-access")
createRoleBinding(k8sClient, "namespace-access-user-binding-2", "test-tenant", user2, "namespace-access")
createRoleBinding(k8sClient, "namespace-access-user-binding-3", "test-tenant-2", user2, "namespace-access-2")
createNamespace(k8sClient, ns1)
createNamespace(k8sClient, ns2)
createNamespace(k8sClient, ns3)
createRole(k8sClient, ns1, "namespace-access", []string{"create", "list", "watch", "delete"})
createRole(k8sClient, ns2, "namespace-access-2", []string{"create", "list", "watch", "delete"})
createRoleBinding(k8sClient, "namespace-access-user-binding", ns1, user1, "namespace-access")
createRoleBinding(k8sClient, "namespace-access-user-binding-2", ns1, user2, "namespace-access")
createRoleBinding(k8sClient, "namespace-access-user-binding-3", ns2, user2, "namespace-access-2")
serverProcess = exec.Command("go", "run", "main.go")
err = serverProcess.Start()
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error starting the server during test setup: %v", err))
Expand All @@ -280,24 +289,74 @@ var _ = DescribeTable("TestRunAccessCheck", func(user string, namespace string,
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing RunAccessCheck")
},
Entry(
"A user that has access to the resource should return true (user2 has permission to 'create' on test-tenant-1)",
"A user that has access to the resource should return true (user2 has permission to 'create' on ns1)",
"[email protected]",
"test-tenant",
ns1,
"applications",
"create",
true),
Entry(
"A user that does not have any premissions on the namespace should return false (user1 doesn't have access to test-tenant-2)",
"A user that does not have any premissions on the namespace should return false (user1 doesn't have access to ns2)",
"[email protected]",
"test-tenant-2",
ns2,
"applications",
"create",
false),
Entry(
"A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on test-tenant-1)",
"A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on ns3)",
"[email protected]",
"test-tenant-1",
ns3,
"applications",
"patch",
false),
)

var _ = DescribeTable("TestGetUserNamespaces",
func(labelKey string, labelValues []string, expectedNamespaces []string) {
e := echo.New()

var req *labels.Requirement
var err error

// Create the label requirement based on the input
if len(labelValues) > 0 {
req, err = labels.NewRequirement(labelKey, selection.In, labelValues)
} else {
req, err = labels.NewRequirement(labelKey, selection.Exists, []string{})
}
Expect(err).NotTo(HaveOccurred(), "Error creating label requirement")

namespaces, err := getUserNamespaces(e, *req)
Expect(err).NotTo(HaveOccurred(), "Error getting user namespaces")

var actualNamespaces []string
for _, ns := range namespaces {
actualNamespaces = append(actualNamespaces, ns.Name)
}

log.Printf("Expected Namespaces: %v, Actual Namespaces: %v", expectedNamespaces, actualNamespaces)

// Check if actual namespaces contain all expected namespaces
for _, expected := range expectedNamespaces {
Expect(actualNamespaces).To(ContainElement(expected))
}
},
Entry(
"Get specific user namespace",
"kubernetes.io/metadata.name",
[]string{ns1},
[]string{ns1},
),
Entry(
"Get multiple specific user namespaces",
"kubernetes.io/metadata.name",
[]string{ns1, ns2},
[]string{ns1, ns2},
),
Entry(
"Returns an empty string when the label mentions a namespace that does not exist",
"kubernetes.io/metadata.name",
[]string{"non-existent-namespace"},
[]string{},
),
)

0 comments on commit a294a97

Please sign in to comment.