Skip to content

Commit

Permalink
refactor can_do_action to return boolean and shift error reporting to…
Browse files Browse the repository at this point in the history 
… validate_resource
  • Loading branch information
@tsatam
tsatam committed Feb 9, 2024
1 parent 43f4ed2 commit e495642
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 16 deletions.
9 changes: 4 additions & 5 deletions python/az/aro/azext_aro/_dynamic_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ def can_do_action(perms, action):
break

if matched:
return None
return True

return f"{action} permission is missing"
return False


def validate_resource(client, key, resource, actions):
Expand All @@ -62,9 +62,8 @@ def validate_resource(client, key, resource, actions):
for action in actions:
perms, perms_copy = tee(perms)
perms_list = list(perms_copy)
error = can_do_action(perms_list, action)
if error is not None:
row = [key, resource['name'], log_entry_type["error"], error]
if not can_do_action(perms_list, action):
row = [key, resource['name'], log_entry_type["error"], f"{action} permission is missing"]
errors.append(row)

return errors
Expand Down
22 changes: 11 additions & 11 deletions python/az/aro/azext_aro/tests/latest/unit/test_dynamic_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"empty permissions list",
[],
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action permission is missing"
False
),
(
"has permission - exact",
Expand All @@ -28,15 +28,15 @@
Permission(actions=["Microsoft.Network/virtualNetworks/subnets/join/action"], not_actions=[]),
],
"Microsoft.Network/virtualNetworks/subnets/join/action",
None
True
),
(
"has permission - wildcard",
[
Permission(actions=["Microsoft.Network/virtualNetworks/subnets/*/action"], not_actions=[]),
],
"Microsoft.Network/virtualNetworks/subnets/join/action",
None
True
),
(
"has permission - exact, conflict",
Expand All @@ -45,39 +45,39 @@
Permission(actions=["Microsoft.Network/virtualNetworks/subnets/join/action"], not_actions=[]),
],
"Microsoft.Network/virtualNetworks/subnets/join/action",
None
True
),
(
"has permission excluded - exact",
[
Permission(actions=["Microsoft.Network/*"], not_actions=["Microsoft.Network/virtualNetworks/subnets/join/action"]),
],
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action permission is missing"
False
),
(
"has permission excluded - wildcard",
[
Permission(actions=["Microsoft.Network/*"], not_actions=["Microsoft.Network/virtualNetworks/subnets/*/action"]),
],
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action permission is missing"
False
)
]


@pytest.mark.parametrize(
"test_description, perms, action, expected_error",
"test_description, perms, action, expected",
test_can_do_action_data,
ids=[i[0] for i in test_can_do_action_data]
)
def test_can_do_action(
test_description, perms, action, expected_error
test_description, perms, action, expected
):
error = can_do_action(perms, action)
actual = can_do_action(perms, action)

if error != expected_error:
raise Exception(f"Error mismatch, expected: {expected_error}, actual: {error}")
if actual != expected:
raise Exception(f"Error mismatch, expected: {expected}, actual: {actual}")


test_validate_cidr_data = [
Expand Down

0 comments on commit e495642

Please sign in to comment.