Skip to content

Commit

Permalink
fix implementation
Browse files Browse the repository at this point in the history
Signed-off-by: Leonardo Luz Almeida <[email protected]>
  • Loading branch information
leoluz committed Nov 1, 2024
1 parent acc5500 commit 7998750
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 24 deletions.
18 changes: 6 additions & 12 deletions api/ephemeral-access/v1alpha1/roletemplate_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,21 +87,15 @@ func (rt *RoleTemplate) Render(projName, appName, appNs string) (*RoleTemplate,
}

func (rt *RoleTemplate) execTemplate(tmpl *template.Template, projName, appName, appNs string) (string, error) {
type vars struct {
role string
project string
application string
namespace string
}
roleName := rt.AppProjectRoleName(appName, appNs)
v := vars{
role: fmt.Sprintf("proj:%s:%s", projName, roleName),
project: projName,
application: appName,
namespace: appNs,
vars := map[string]string{
"role": fmt.Sprintf("proj:%s:%s", projName, roleName),
"project": projName,
"application": appName,
"namespace": appNs,
}
var s strings.Builder
err := tmpl.Execute(&s, v)
err := tmpl.Execute(&s, vars)
if err != nil {
return "", err
}
Expand Down
24 changes: 12 additions & 12 deletions internal/controller/accessrequest_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,10 +155,10 @@ var _ = Describe("AccessRequest Controller", func() {
var f *fixture
var r resources
policies := []string{
"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
}

When("The subject has the necessary access", func() {
Expand Down Expand Up @@ -278,10 +278,10 @@ var _ = Describe("AccessRequest Controller", func() {
var f *fixture
var r resources
policies := []string{
"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
}

When("protected fields values change after applied", func() {
Expand Down Expand Up @@ -383,10 +383,10 @@ var _ = Describe("AccessRequest Controller", func() {
var f *fixture
var r resources
policies := []string{
"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
}

When("used by multiple AccessRequests", func() {
Expand Down

0 comments on commit 7998750

Please sign in to comment.