Skip to content

Commit

Permalink
test(RHTAPWATCH-1068): Unit test for getNamespacesWithAccess
Browse files Browse the repository at this point in the history
Add unit test for workspace-manager function
getNamespacesWithAccess

Jira-Url: https://issues.redhat.com/browse/RHTAPWATCH-1068
Signed-off-by: Homaja Marisetty <[email protected]>
  • Loading branch information
hmariset committed Aug 14, 2024
1 parent 4194cb1 commit ed4cd38
Showing 1 changed file with 147 additions and 8 deletions.
155 changes: 147 additions & 8 deletions cmd/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"k8s.io/client-go/kubernetes"

"context"
"net/http/httptest"
"os"
"testing"

Expand All @@ -40,6 +41,12 @@ type HTTPheader struct {
value string
}

type NamespaceRoleBinding struct {
Namespace string
Role string
RoleBinding string
}

var k8sClient client.Client
var testEnv *envtest.Environment

Expand Down Expand Up @@ -101,24 +108,33 @@ func createNamespace(k8sClient client.Client, name string) (k8sapi.Namespace, er
}

func deleteRole(k8sClient client.Client, nsName string, roleName string) {
role := &rbacv1.Role{}
role.Name = roleName
role.Namespace = nsName
role := &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Name: roleName,
Namespace: nsName,
},
}
err := k8sClient.Delete(context.Background(), role)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the role %s in namespace %s: %v\n", roleName, nsName, err))
}

func deleteRoleBinding(k8sClient client.Client, nsName string, roleBindingName string) {
roleBinding := &rbacv1.RoleBinding{}
roleBinding.Name = roleBindingName
roleBinding.Namespace = nsName
roleBinding := &rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: roleBindingName,
Namespace: nsName,
},
}
err := k8sClient.Delete(context.Background(), roleBinding)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the role binding %s in namespace %s: %v\n", roleBindingName, nsName, err))
}

func deleteNamespace(k8sClient client.Client, nsName string) {
ns := &k8sapi.Namespace{}
ns.Name = nsName
ns := &k8sapi.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: nsName,
},
}
err := k8sClient.Delete(context.Background(), ns)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the namespace: %s: %v\n", nsName, err))
}
Expand Down Expand Up @@ -476,3 +492,126 @@ var _ = DescribeTable("GetWorkspacesWithAccess querying for workspaces with acce
})
})
})

var _ = DescribeTable("TestGetNamespacesWithAccess", func(allNamespaces []k8sapi.Namespace,
expectedNs []k8sapi.Namespace, actualNs []k8sapi.Namespace, err error) {
e := echo.New()
cfg, _ := config.GetConfig()
clientset, _ := kubernetes.NewForConfig(cfg)
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
c.Request().Header.Set("X-Email", "[email protected]")
authCl := clientset.AuthorizationV1()

JustBeforeEach(func() {
actualNs, err = getNamespacesWithAccess(e, c, authCl, allNamespaces)
})

Context("When all the namespaces have all the necessary permissions like create, list, watch and delete", func() {
mappings := []NamespaceRoleBinding{
{
Namespace: "ns-test-tenant-1",
Role: "ns-namespace-access-1",
RoleBinding: "ns-namespace-access-user-binding-1",
},
{
Namespace: "ns-test-tenant-2",
Role: "ns-namespace-access-2",
RoleBinding: "ns-namespace-access-user-binding-2",
},
}
BeforeEach(func() {
for _, name := range mappings {
ns, err := createNamespace(k8sClient, name.Namespace)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace %s: %v", name.Namespace, err))
allNamespaces = append(allNamespaces, ns)
createRole(k8sClient, name.Namespace, name.Role, []string{"create", "list", "watch", "delete"})
createRoleBinding(k8sClient, name.RoleBinding, name.Namespace, "[email protected]", name.Role)
}
expectedNs = allNamespaces
})
It("returns all namespaces in the list", func() {
Expect(actualNs).To(Equal(expectedNs))
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess")
})
AfterEach(func() {
for _, name := range mappings {
deleteRoleBinding(k8sClient, name.Namespace, name.RoleBinding)
deleteRole(k8sClient, name.Namespace, name.Role)
deleteNamespace(k8sClient, name.Namespace)
}
})
})

Context("When namspace ns3 doesn't have necessary permissions", func() {
BeforeEach(func() {
var ns3 k8sapi.Namespace
ns3, err = createNamespace(k8sClient, "ns-test-tenant-3")
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace ns3: %v", err))
allNamespaces = []k8sapi.Namespace{ns3}
expectedNs = []k8sapi.Namespace{}
})
It("doesn't return any namespace", func() {
Expect(actualNs).To(Equal(expectedNs))
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess")
})
AfterEach(func() {
deleteNamespace(k8sClient, "ns-test-tenant-3")
})
})

Context("When only namespaces ns-test-tenant-1 and ns-test-tenant-2 has all necessary permissions and other's don't", func() {
mappings := []NamespaceRoleBinding{
{
Namespace: "ns-test-tenant-1",
Role: "ns-namespace-access-1",
RoleBinding: "ns-namespace-access-user-binding-1",
},
{
Namespace: "ns-test-tenant-2",
Role: "ns-namespace-access-2",
RoleBinding: "ns-namespace-access-user-binding-2",
},
{
Namespace: "ns-test-tenant-3",
Role: "ns-namespace-access-3",
RoleBinding: "ns-namespace-access-user-binding-3",
},
{
Namespace: "ns-test-tenant-4",
Role: "",
RoleBinding: "",
},
}
BeforeEach(func() {
for _, name := range mappings {
ns, err := createNamespace(k8sClient, name.Namespace)
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace %s: %v", name.Namespace, err))
allNamespaces = append(allNamespaces, ns)
}
createRole(k8sClient, "ns-test-tenant-1", "ns-namespace-access-1", []string{"create", "list", "watch", "delete"})
createRole(k8sClient, "ns-test-tenant-2", "ns-namespace-access-2", []string{"create", "list", "watch", "delete"})
createRole(k8sClient, "ns-test-tenant-3", "ns-namespace-access-3", []string{"create", "list", "watch"})
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-1", "ns-test-tenant-1", "[email protected]", "ns-namespace-access-1")
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-2", "ns-test-tenant-2", "[email protected]", "ns-namespace-access-2")
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-3", "ns-test-tenant-3", "[email protected]", "ns-namespace-access-3")
expectedNs = append(expectedNs, allNamespaces[0], allNamespaces[1])
})
It("returns only namespaces test-tenant and test-tenant-2", func() {
Expect(actualNs).To(Equal(expectedNs))
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess")
})
AfterEach(func() {
deleteRoleBinding(k8sClient, "ns-test-tenant-1", "ns-namespace-access-user-binding-1")
deleteRoleBinding(k8sClient, "ns-test-tenant-2", "ns-namespace-access-user-binding-2")
deleteRoleBinding(k8sClient, "ns-test-tenant-3", "ns-namespace-access-user-binding-3")
deleteRole(k8sClient, "ns-test-tenant-1", "ns-namespace-access-1")
deleteRole(k8sClient, "ns-test-tenant-2", "ns-namespace-access-2")
deleteRole(k8sClient, "ns-test-tenant-3", "ns-namespace-access-3")
for _, name := range mappings {
deleteNamespace(k8sClient, name.Namespace)
}
})
})
})

0 comments on commit ed4cd38

Please sign in to comment.