Skip to content

Commit

Permalink
fix tests
Browse files Browse the repository at this point in the history 
Signed-off-by: Leonardo Luz Almeida <[email protected]>
  • Loading branch information
@leoluz
leoluz committed Aug 15, 2024
1 parent 26180ed commit 25c7dad
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 29 deletions.
101 changes: 73 additions & 28 deletions internal/controller/accessrequest_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,24 @@ func newAccessRequest(name, namespace, appName, roleName, subject string) *api.A
}
}

func newRoleTemplate(templateName, namespace, roleName string, policies []string) *api.RoleTemplate {
return &api.RoleTemplate{
TypeMeta: metav1.TypeMeta{
Kind: "RoleTemplate",
APIVersion: "v1alpha1",
},
ObjectMeta: metav1.ObjectMeta{
Name: templateName,
Namespace: namespace,
},
Spec: api.RoleTemplateSpec{
Name: roleName,
Description: "",
Policies: policies,
},
}
}

var _ = Describe("AccessRequest Controller", func() {
const (
timeout = time.Second * 10
Expand All @@ -80,11 +98,13 @@ var _ = Describe("AccessRequest Controller", func() {

type fixture struct {
accessrequest *api.AccessRequest
roletemplate *api.RoleTemplate
appproj *unstructured.Unstructured
}

type resources struct {
arName, appName, namespace, appProjName, roleName, subject string
arName, appName, namespace, appProjName, roleTemplateName, subject, roleName string
policies []string
}

setup := func(r resources) *fixture {
Expand All @@ -105,20 +125,23 @@ var _ = Describe("AccessRequest Controller", func() {
By("Create the AppProject initial state")
appprojYaml := testdata.AppProjectYaml
appproj, err := utils.YamlToUnstructured(appprojYaml)
Expect(err).NotTo(HaveOccurred())
appproj.SetName(r.appProjName)
appproj.SetNamespace(r.namespace)
Expect(err).NotTo(HaveOccurred())
_, err = dynClient.Resource(appprojectResource).
Namespace(r.namespace).
Apply(ctx, r.appProjName, appproj, metav1.ApplyOptions{
FieldManager: "argocd-controller",
})
Expect(err).NotTo(HaveOccurred())

ar := newAccessRequest(r.arName, r.namespace, r.appName, r.roleName, r.subject)
By("Create the RoleTemplate initial state")
ar := newAccessRequest(r.arName, r.namespace, r.appName, r.roleTemplateName, r.subject)
rt := newRoleTemplate(r.roleTemplateName, r.namespace, r.roleName, r.policies)

return &fixture{
accessrequest: ar,
roletemplate: rt,
appproj: appproj,
}
}
Expand All @@ -136,33 +159,46 @@ var _ = Describe("AccessRequest Controller", func() {

Context("Reconciling an AccessRequest", Ordered, func() {
const (
namespace = "default"
arName = "test-ar-01"
appprojectName = "sample-test-project"
appName = "some-application"
roleName = "super-user"
subject = "some-user"
namespace = "default"
arName = "test-ar-01"
appprojectName = "sample-test-project"
appName = "some-application"
roleTemplateName = "some-role-template"
roleName = "super-user"
subject = "some-user"
)

var f *fixture
var r resources
policies := []string{
"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
}

When("The subject has the necessary access", func() {
AfterAll(func() {
tearDown(r, f)
})
BeforeAll(func() {
r = resources{
arName: arName,
appName: appName,
namespace: namespace,
appProjName: appprojectName,
roleName: roleName,
subject: subject,
arName: arName,
appName: appName,
namespace: namespace,
appProjName: appprojectName,
roleTemplateName: roleTemplateName,
roleName: roleName,
subject: subject,
policies: policies,
}
f = setup(r)
})
It("will applies the access request resource in k8s", func() {
It("will apply the roletemplate resource in k8s", func() {
err := k8sClient.Create(ctx, f.roletemplate)
Expect(err).NotTo(HaveOccurred())
})
It("will apply the access request resource in k8s", func() {
f.accessrequest.Spec.Duration = metav1.Duration{Duration: time.Second * 5}
err := k8sClient.Create(ctx, f.accessrequest)
Expect(err).NotTo(HaveOccurred())
Expand Down Expand Up @@ -239,29 +275,38 @@ var _ = Describe("AccessRequest Controller", func() {

Context("Reconciling an AccessRequest", Ordered, func() {
const (
namespace = "default"
arName = "test-ar-02"
appprojectName = "sample-test-project-02"
appName = "some-application"
roleName = "super-user"
subject = "some-user"
namespace = "default"
arName = "test-ar-02"
appprojectName = "sample-test-project-02"
appName = "some-application"
roleTemplateName = "some-role-template"
roleName = "super-user"
subject = "some-user"
)

var f *fixture
var r resources
policies := []string{
"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
}

When("protected fields values change after applied", func() {
AfterAll(func() {
tearDown(r, f)
})
BeforeAll(func() {
r = resources{
arName: arName,
appName: appName,
namespace: namespace,
appProjName: appprojectName,
roleName: roleName,
subject: subject,
arName: arName,
appName: appName,
namespace: namespace,
appProjName: appprojectName,
roleTemplateName: roleTemplateName,
roleName: roleName,
subject: subject,
policies: policies,
}
f = setup(r)
})
Expand Down
2 changes: 1 addition & 1 deletion internal/controller/testdata/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: some-application
spec:
destination:
namespace: some-namespace
namespace: dest-namespace
server: https://someserver.io
project: sample-test-project
source:
Expand Down

0 comments on commit 25c7dad

Please sign in to comment.