From a294a97aa7127aca1f592dac7f9f88f8cc789ef4 Mon Sep 17 00:00:00 2001 From: klakshma21 Date: Tue, 23 Jul 2024 15:30:48 -0500 Subject: [PATCH] test(RHTAPWATCH-1067): Unit tests for getUserNamespaces Add unit test for func getUserNamespaces --- cmd/main_test.go | 91 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 75 insertions(+), 16 deletions(-) diff --git a/cmd/main_test.go b/cmd/main_test.go index 382d855..a4d6312 100644 --- a/cmd/main_test.go +++ b/cmd/main_test.go @@ -12,12 +12,15 @@ import ( k8sapi "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" "k8s.io/client-go/kubernetes" "context" "os" "testing" + "github.com/labstack/echo/v4" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/client-go/rest" @@ -41,6 +44,12 @@ type HTTPheader struct { var k8sClient client.Client var testEnv *envtest.Environment +var ( + ns1 = "test-tenant" + ns2 = "test-tenant-2" + ns3 = "test-tenant-3" +) + func createRole(k8sClient client.Client, nsName string, roleName string, verbs []string) { role := &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ @@ -191,7 +200,7 @@ var _ = DescribeTable("Specific workspace endpoint", func(endpoint string, heade }, Entry( "Calling the workspace endpoint for the test-tenant workspace for user2", - "test-tenant", + ns1, HTTPheader{"X-Email", "user2@konflux.dev"}, http.StatusOK, `{"kind":"Workspace","apiVersion":"toolchain.dev.openshift.com/v1alpha1","metadata":`+ @@ -199,7 +208,7 @@ var _ = DescribeTable("Specific workspace endpoint", func(endpoint string, heade `[{"name":"test-tenant","type":"default"}]}}`), Entry( "Specific workspace endpoint for test-tenant-2 for user1 only", - "test-tenant-2", + ns2, HTTPheader{"X-Email", "user1@konflux.dev"}, 404, `{"message":"Not Found"}`), @@ -248,14 +257,14 @@ var _ = BeforeSuite(func() { user1 := "user1@konflux.dev" user2 := "user2@konflux.dev" - createNamespace(k8sClient, "test-tenant") - createNamespace(k8sClient, "test-tenant-2") - createNamespace(k8sClient, "test-tenant-3") - createRole(k8sClient, "test-tenant", "namespace-access", []string{"create", "list", "watch", "delete"}) - createRole(k8sClient, "test-tenant-2", "namespace-access-2", []string{"create", "list", "watch", "delete"}) - createRoleBinding(k8sClient, "namespace-access-user-binding", "test-tenant", user1, "namespace-access") - createRoleBinding(k8sClient, "namespace-access-user-binding-2", "test-tenant", user2, "namespace-access") - createRoleBinding(k8sClient, "namespace-access-user-binding-3", "test-tenant-2", user2, "namespace-access-2") + createNamespace(k8sClient, ns1) + createNamespace(k8sClient, ns2) + createNamespace(k8sClient, ns3) + createRole(k8sClient, ns1, "namespace-access", []string{"create", "list", "watch", "delete"}) + createRole(k8sClient, ns2, "namespace-access-2", []string{"create", "list", "watch", "delete"}) + createRoleBinding(k8sClient, "namespace-access-user-binding", ns1, user1, "namespace-access") + createRoleBinding(k8sClient, "namespace-access-user-binding-2", ns1, user2, "namespace-access") + createRoleBinding(k8sClient, "namespace-access-user-binding-3", ns2, user2, "namespace-access-2") serverProcess = exec.Command("go", "run", "main.go") err = serverProcess.Start() Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error starting the server during test setup: %v", err)) @@ -280,24 +289,74 @@ var _ = DescribeTable("TestRunAccessCheck", func(user string, namespace string, Expect(err).NotTo(HaveOccurred(), "Unexpected error testing RunAccessCheck") }, Entry( - "A user that has access to the resource should return true (user2 has permission to 'create' on test-tenant-1)", + "A user that has access to the resource should return true (user2 has permission to 'create' on ns1)", "user2@konflux.dev", - "test-tenant", + ns1, "applications", "create", true), Entry( - "A user that does not have any premissions on the namespace should return false (user1 doesn't have access to test-tenant-2)", + "A user that does not have any premissions on the namespace should return false (user1 doesn't have access to ns2)", "user1@konflux.dev", - "test-tenant-2", + ns2, "applications", "create", false), Entry( - "A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on test-tenant-1)", + "A user that does not have the permissions to perform the specific action on the namespace should return false (user1 doesn't have permission to 'patch' on ns3)", "user1@konflux.dev", - "test-tenant-1", + ns3, "applications", "patch", false), ) + +var _ = DescribeTable("TestGetUserNamespaces", + func(labelKey string, labelValues []string, expectedNamespaces []string) { + e := echo.New() + + var req *labels.Requirement + var err error + + // Create the label requirement based on the input + if len(labelValues) > 0 { + req, err = labels.NewRequirement(labelKey, selection.In, labelValues) + } else { + req, err = labels.NewRequirement(labelKey, selection.Exists, []string{}) + } + Expect(err).NotTo(HaveOccurred(), "Error creating label requirement") + + namespaces, err := getUserNamespaces(e, *req) + Expect(err).NotTo(HaveOccurred(), "Error getting user namespaces") + + var actualNamespaces []string + for _, ns := range namespaces { + actualNamespaces = append(actualNamespaces, ns.Name) + } + + log.Printf("Expected Namespaces: %v, Actual Namespaces: %v", expectedNamespaces, actualNamespaces) + + // Check if actual namespaces contain all expected namespaces + for _, expected := range expectedNamespaces { + Expect(actualNamespaces).To(ContainElement(expected)) + } + }, + Entry( + "Get specific user namespace", + "kubernetes.io/metadata.name", + []string{ns1}, + []string{ns1}, + ), + Entry( + "Get multiple specific user namespaces", + "kubernetes.io/metadata.name", + []string{ns1, ns2}, + []string{ns1, ns2}, + ), + Entry( + "Returns an empty string when the label mentions a namespace that does not exist", + "kubernetes.io/metadata.name", + []string{"non-existent-namespace"}, + []string{}, + ), +)