diff --git a/cmd/main_test.go b/cmd/main_test.go index 382d855..9bec26b 100644 --- a/cmd/main_test.go +++ b/cmd/main_test.go @@ -12,12 +12,15 @@ import ( k8sapi "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" "k8s.io/client-go/kubernetes" "context" "os" "testing" + "github.com/labstack/echo/v4" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/client-go/rest" @@ -96,6 +99,16 @@ func createNamespace(k8sClient client.Client, name string) { Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error creating 'Namespace' resource: %v", err)) } +func createNamespaceWithoutLabels(k8sClient client.Client, name string) { + namespaced := &k8sapi.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + } + err := k8sClient.Create(context.Background(), namespaced) + Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error creating 'Namespace' resource without labels: %v", err)) +} + func performHTTPGetCall(url string, header HTTPheader) (*HTTPResponse, error) { req, err := http.NewRequest("GET", url, nil) if err != nil { @@ -251,6 +264,7 @@ var _ = BeforeSuite(func() { createNamespace(k8sClient, "test-tenant") createNamespace(k8sClient, "test-tenant-2") createNamespace(k8sClient, "test-tenant-3") + createNamespaceWithoutLabels(k8sClient, "test-tenant-no-labels") createRole(k8sClient, "test-tenant", "namespace-access", []string{"create", "list", "watch", "delete"}) createRole(k8sClient, "test-tenant-2", "namespace-access-2", []string{"create", "list", "watch", "delete"}) createRoleBinding(k8sClient, "namespace-access-user-binding", "test-tenant", user1, "namespace-access") @@ -301,3 +315,63 @@ var _ = DescribeTable("TestRunAccessCheck", func(user string, namespace string, "patch", false), ) + +var _ = DescribeTable("TestGetUserNamespaces", + func(labelKey string, labelValues []string, expectedNamespaces []string) { + e := echo.New() + + var req *labels.Requirement + var err error + + // Create the label requirement based on the input + if len(labelValues) > 0 { + req, err = labels.NewRequirement(labelKey, selection.In, labelValues) + } else { + req, err = labels.NewRequirement(labelKey, selection.Exists, []string{}) + } + Expect(err).NotTo(HaveOccurred(), "Error creating label requirement") + + namespaces, err := getUserNamespaces(e, *req) + Expect(err).NotTo(HaveOccurred(), "Error getting user namespaces") + + var actualNamespaces []string + for _, ns := range namespaces { + actualNamespaces = append(actualNamespaces, ns.Name) + } + + log.Printf("Expected Namespaces: %v, Actual Namespaces: %v", expectedNamespaces, actualNamespaces) + + // Check if actual namespaces contain all expected namespaces + for _, expected := range expectedNamespaces { + Expect(actualNamespaces).To(ContainElement(expected)) + } + }, + Entry( + "Get all user namespaces", + "konflux.ci/type", + []string{"user"}, + []string{"test-tenant", "test-tenant-2", "test-tenant-3"}, + ), + // This test checks if we can retrieve all namespaces labeled as `user` namespaces. + Entry( + "Get specific user namespace", + "kubernetes.io/metadata.name", + []string{"test-tenant"}, + []string{"test-tenant"}, + ), + // This test checks if we can retrieve a single specific namespace by its name given. + Entry( + "Get multiple specific user namespaces", + "kubernetes.io/metadata.name", + []string{"test-tenant", "test-tenant-2"}, + []string{"test-tenant", "test-tenant-2"}, + ), + // This test checks if we can retrieve multiple specific namespaces by their names given. + Entry( + "Get non-existent namespace", + "kubernetes.io/metadata.name", + []string{"non-existent-namespace"}, + []string{}, + ), + // This test checks the behavior when we try to retrieve a namespace that doesn't exist. +)