Skip to content

Commit

Permalink
object is a child of request
Browse files Browse the repository at this point in the history
  • Loading branch information
dtandersen committed Jul 18, 2023
1 parent 50c48e8 commit 4546901
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 51 deletions.
4 changes: 2 additions & 2 deletions src/dsmlp/app/validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,13 @@ class Object:
@dataclass
class Request:
namespace: str
object: Object


@dataclass_json
@dataclass
class AdmissionReview:
request: Request
object: Object


class UidValidator:
Expand Down Expand Up @@ -88,7 +88,7 @@ def validate_request(self, request):
user_uid = user.uid

namespace = self.kube.get_namespace(username)
spec = review.object.spec
spec = review.request.object.spec
uid = spec.securityContext.runAsUser

if user_uid != uid:
Expand Down
95 changes: 46 additions & 49 deletions tests/app/test_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ def test_pod_security_context(self):
{
"request": {
"namespace": "user1",
},
"object": {
"spec": {
"securityContext": {
"runAsUser": 1
"object": {
"spec": {
"securityContext": {
"runAsUser": 1
},
"containers": []
},
"containers": []
},
}
}
}
)
Expand All @@ -49,19 +49,19 @@ def test_security_context(self):
{
"request": {
"namespace": "user1",
},
"object": {
"spec": {
"securityContext": {
"runAsUser": 1
},
"containers": [
{
"securityContext": {
"runAsUser": 1
"object": {
"spec": {
"securityContext": {
"runAsUser": 1
},
"containers": [
{
"securityContext": {
"runAsUser": 1
}
}
}
]
]
}
}
}
}
Expand All @@ -78,14 +78,13 @@ def test_deny_security_context(self):
{
"request": {
"namespace": "user2",
},
"object": {
"spec": {
"containers": [],
"securityContext": {"runAsUser": 3}},
"object": {
"spec": {
"containers": [],
"securityContext": {"runAsUser": 3}},

}
}
}
}}
)

assert_that(response, equal_to({"response": {"allowed": False, "status": {
Expand All @@ -101,14 +100,13 @@ def test_deny_unknown_user(self):
{
"request": {
"namespace": "user2",
},
"object": {
"spec": {
"containers": [],
"securityContext": {"runAsUser": 3}},
"object": {
"spec": {
"containers": [],
"securityContext": {"runAsUser": 3}},

}
}
}
}}
)

assert_that(response, equal_to({"response": {"allowed": False, "status": {
Expand All @@ -124,19 +122,18 @@ def test_deny_pod_security_context(self):
{
"request": {
"namespace": "user2",
},
"object": {
"kind": "Pod",
"spec": {
"object": {
"kind": "Pod",
"spec": {
"securityContext": {"runAsUser": 2},
"containers": [
{
"securityContext": {"runAsUser": 3}
}
]
}
}
}
}
}}
)

assert_that(response, equal_to({"response": {"allowed": False, "status": {
Expand All @@ -151,16 +148,16 @@ def test_unlabelled_namespace_can_use_any_uid(self):
{
"request": {
"namespace": "kube-system",
},
"object": {
# "kind": "Pod",
"spec": {
# "securityContext": {"runAsUser": 2},
"containers": [
{
# "securityContext": {"runAsUser": 3}
}
]
"object": {
# "kind": "Pod",
"spec": {
# "securityContext": {"runAsUser": 2},
"containers": [
{
# "securityContext": {"runAsUser": 3}
}
]
}
}
}
}
Expand Down

0 comments on commit 4546901

Please sign in to comment.