-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrbac_authorizer_test.go
96 lines (77 loc) · 2.64 KB
/
rbac_authorizer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package main_test
import (
"context"
"io"
"log/slog"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
namespacelister "github.com/konflux-ci/namespace-lister"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
)
var _ = Describe("CRAuthRetriever", func() {
var (
logger *slog.Logger
)
BeforeEach(func() {
logger = slog.New(slog.NewTextHandler(io.Discard, &slog.HandlerOptions{}))
})
It("retrieves clusterrole", func(ctx context.Context) {
// given
cr := &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{Name: "ns-get"},
}
cli := fake.NewClientBuilder().WithObjects(cr).Build()
authRetriever := namespacelister.NewCRAuthRetriever(ctx, cli, logger)
// when
acr, err := authRetriever.GetClusterRole(cr.Name)
// then
Expect(err).NotTo(HaveOccurred())
Expect(acr).To(Equal(acr))
})
It("retrieves role", func(ctx context.Context) {
// given
r := &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{Name: "ns-get", Namespace: "myns"},
}
cli := fake.NewClientBuilder().WithObjects(r).Build()
authRetriever := namespacelister.NewCRAuthRetriever(ctx, cli, logger)
// when
ar, err := authRetriever.GetRole(r.Namespace, r.Name)
// then
Expect(err).NotTo(HaveOccurred())
Expect(ar).To(Equal(ar))
})
It("retrieves rolebinding", func(ctx context.Context) {
// given
rbl := []client.Object{
&rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-0-0", Namespace: "myns-0"}},
&rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-0-1", Namespace: "myns-0"}},
&rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-1-0", Namespace: "myns-1"}},
}
cli := fake.NewClientBuilder().WithObjects(rbl...).Build()
authRetriever := namespacelister.NewCRAuthRetriever(ctx, cli, logger)
// when
arbl, err := authRetriever.ListRoleBindings("myns-0")
// then
Expect(err).NotTo(HaveOccurred())
Expect(arbl).To(ConsistOf(rbl[0:2]))
})
It("retrieves clusterrolebinding", func(ctx context.Context) {
// given
crbl := []client.Object{
&rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-0"}},
&rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-1"}},
&rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "ns-get-2"}},
}
cli := fake.NewClientBuilder().WithObjects(crbl...).Build()
authRetriever := namespacelister.NewCRAuthRetriever(ctx, cli, logger)
// when
acrbl, err := authRetriever.ListClusterRoleBindings()
// then
Expect(err).NotTo(HaveOccurred())
Expect(acrbl).To(ConsistOf(crbl))
})
})