-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test(RHTAPWATCH-1068): Unit test for getNamespacesWithAccess
Add unit test for workspace-manager function getNamespacesWithAccess Jira-Url: https://issues.redhat.com/browse/RHTAPWATCH-1068 Signed-off-by: Homaja Marisetty <[email protected]>
- Loading branch information
Showing
1 changed file
with
106 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,10 +16,12 @@ import ( | |
"k8s.io/client-go/kubernetes" | ||
|
||
"context" | ||
"net/http/httptest" | ||
"os" | ||
"testing" | ||
|
||
crt "github.com/codeready-toolchain/api/api/v1alpha1" | ||
"github.com/labstack/echo/v4" | ||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
"k8s.io/client-go/rest" | ||
|
@@ -101,24 +103,27 @@ func createNamespace(k8sClient client.Client, name string) (k8sapi.Namespace, er | |
} | ||
|
||
func deleteRole(k8sClient client.Client, nsName string, roleName string) { | ||
role := &rbacv1.Role{} | ||
role.Name = roleName | ||
role.Namespace = nsName | ||
role := &rbacv1.Role{ | ||
Name: roleName, | ||
Namespace: nsName, | ||
} | ||
err := k8sClient.Delete(context.Background(), role) | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the role %s in namespace %s: %v\n", roleName, nsName, err)) | ||
} | ||
|
||
func deleteRoleBinding(k8sClient client.Client, nsName string, roleBindingName string) { | ||
roleBinding := &rbacv1.RoleBinding{} | ||
roleBinding.Name = roleBindingName | ||
roleBinding.Namespace = nsName | ||
roleBinding := &rbacv1.RoleBinding{ | ||
Name: roleBindingName, | ||
Namespace: nsName, | ||
} | ||
err := k8sClient.Delete(context.Background(), roleBinding) | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the role binding %s in namespace %s: %v\n", roleBindingName, nsName, err)) | ||
} | ||
|
||
func deleteNamespace(k8sClient client.Client, nsName string) { | ||
ns := &k8sapi.Namespace{} | ||
ns.Name = nsName | ||
ns := &k8sapi.Namespace{ | ||
Name: nsName | ||
Check failure on line 125 in cmd/main_test.go GitHub Actions / build
Check failure on line 125 in cmd/main_test.go GitHub Actions / build
|
||
} | ||
err := k8sClient.Delete(context.Background(), ns) | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error deleting the namespace: %s: %v\n", nsName, err)) | ||
} | ||
|
@@ -476,3 +481,96 @@ var _ = DescribeTable("GetWorkspacesWithAccess querying for workspaces with acce | |
}) | ||
}) | ||
}) | ||
|
||
var _ = DescribeTable("TestGetNamespacesWithAccess", func(allNamespaces []k8sapi.Namespace, | ||
expectedNs []k8sapi.Namespace, actualNs []k8sapi.Namespace, err error) { | ||
e := echo.New() | ||
cfg, _ := config.GetConfig() | ||
clientset, _ := kubernetes.NewForConfig(cfg) | ||
req := httptest.NewRequest(http.MethodGet, "/", nil) | ||
rec := httptest.NewRecorder() | ||
c := e.NewContext(req, rec) | ||
c.Request().Header.Set("X-Email", "[email protected]") | ||
authCl := clientset.AuthorizationV1() | ||
|
||
JustBeforeEach(func() { | ||
actualNs, err = getNamespacesWithAccess(e, c, authCl, allNamespaces) | ||
}) | ||
|
||
Context("When all the namespaces have all the necessary permissions like create, list, watch and delete", func() { | ||
namespaceNames := []string{"ns-test-tenant-1", "ns-test-tenant-2"} | ||
roleNames := []string{"ns-namespace-access-1", "ns-namespace-access-2"} | ||
roleBindingNames := []string{"ns-namespace-access-user-binding-1", "ns-namespace-access-user-binding-2"} | ||
BeforeEach(func() { | ||
for i, name := range namespaceNames { | ||
ns, err := createNamespace(k8sClient, name) | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace %s: %v", name, err)) | ||
allNamespaces = append(allNamespaces, ns) | ||
createRole(k8sClient, name, roleNames[i], []string{"create", "list", "watch", "delete"}) | ||
createRoleBinding(k8sClient, roleBindingNames[i], name, "[email protected]", roleNames[i]) | ||
} | ||
expectedNs = allNamespaces | ||
}) | ||
It("returns all namespaces in the list", func() { | ||
Expect(actualNs).To(Equal(expectedNs)) | ||
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess") | ||
}) | ||
AfterEach(func() { | ||
for i, name := range namespaceNames { | ||
deleteRoleBinding(k8sClient, name, roleBindingNames[i]) | ||
deleteRole(k8sClient, name, roleNames[i]) | ||
deleteNamespace(k8sClient, name) | ||
} | ||
}) | ||
}) | ||
|
||
Context("When namspace ns3 doesn't have necessary permissions", func() { | ||
BeforeEach(func() { | ||
var ns3 k8sapi.Namespace | ||
ns3, err = createNamespace(k8sClient, "ns-test-tenant-3") | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace ns3: %v", err)) | ||
allNamespaces = []k8sapi.Namespace{ns3} | ||
expectedNs = []k8sapi.Namespace{} | ||
}) | ||
It("doesn't return any namespace", func() { | ||
Expect(actualNs).To(Equal(expectedNs)) | ||
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess") | ||
}) | ||
AfterEach(func() { | ||
deleteNamespace(k8sClient, "ns-test-tenant-3") | ||
}) | ||
}) | ||
|
||
Context("When only namespaces ns-test-tenant-1 and ns-test-tenant-2 has all necessary permissions and other's don't", func() { | ||
namespaceNames := []string{"ns-test-tenant-1", "ns-test-tenant-2", "ns-test-tenant-3", "ns-test-tenant-4"} | ||
BeforeEach(func() { | ||
for _, name := range namespaceNames { | ||
ns, err := createNamespace(k8sClient, name) | ||
Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error while creating the namespace %s: %v", name, err)) | ||
allNamespaces = append(allNamespaces, ns) | ||
} | ||
createRole(k8sClient, "ns-test-tenant-1", "ns-namespace-access-1", []string{"create", "list", "watch", "delete"}) | ||
createRole(k8sClient, "ns-test-tenant-2", "ns-namespace-access-2", []string{"create", "list", "watch", "delete"}) | ||
createRole(k8sClient, "ns-test-tenant-3", "ns-namespace-access-3", []string{"create", "list", "watch"}) | ||
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-1", "ns-test-tenant-1", "[email protected]", "ns-namespace-access-1") | ||
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-2", "ns-test-tenant-2", "[email protected]", "ns-namespace-access-2") | ||
createRoleBinding(k8sClient, "ns-namespace-access-user-binding-3", "ns-test-tenant-3", "[email protected]", "ns-namespace-access-3") | ||
expectedNs = append(expectedNs, allNamespaces[0], allNamespaces[1]) | ||
}) | ||
It("returns only namespaces test-tenant and test-tenant-2", func() { | ||
Expect(actualNs).To(Equal(expectedNs)) | ||
Expect(err).NotTo(HaveOccurred(), "Unexpected error testing GetNamespacesWithAccess") | ||
}) | ||
AfterEach(func() { | ||
deleteRoleBinding(k8sClient, "ns-test-tenant-1", "ns-namespace-access-user-binding-1") | ||
deleteRoleBinding(k8sClient, "ns-test-tenant-2", "ns-namespace-access-user-binding-2") | ||
deleteRoleBinding(k8sClient, "ns-test-tenant-3", "ns-namespace-access-user-binding-3") | ||
deleteRole(k8sClient, "ns-test-tenant-1", "ns-namespace-access-1") | ||
deleteRole(k8sClient, "ns-test-tenant-2", "ns-namespace-access-2") | ||
deleteRole(k8sClient, "ns-test-tenant-3", "ns-namespace-access-3") | ||
for _, name := range namespaceNames { | ||
deleteNamespace(k8sClient, name) | ||
} | ||
}) | ||
}) | ||
}) |