Skip to content

Commit 9ef82fc

Browse files
oluwole.fadeyihawksight
oluwole.fadeyi
authored and
hawksight
committed
Add rbac generate unit tests
Adds another test to test the RBAC generate function Related #250 Signed-off-by: oluwole.fadeyi <oluwole.fadeyi@jetstack.io>
1 parent 1411468 commit 9ef82fc

File tree

2 files changed

+97
-0
lines changed

2 files changed

+97
-0
lines changed

pkg/permissions/generate.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,3 +113,7 @@ func GenerateAgentRBACManifests(dataGatherers []agent.DataGatherer) AgentRBACMan
113113

114114
return AgentRBACManifests
115115
}
116+
117+
func generateFullManifest(dataGatherers []agent.DataGatherer) string {
118+
119+
}

pkg/permissions/generate_test.go

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,99 @@ import (
1111
"k8s.io/apimachinery/pkg/runtime/schema"
1212
)
1313

14+
func TestGenerateAgentRBACManifestsString(t *testing.T) {
15+
testCases := []struct {
16+
description string
17+
dataGatherers []agent.DataGatherer
18+
expectedRBACManifests string
19+
}{
20+
{
21+
description: "Generate ClusterRole and ClusterRoleBinding for simple pod dg use case",
22+
dataGatherers: []agent.DataGatherer{
23+
{
24+
Name: "k8s/pods",
25+
Kind: "k8s-dynamic",
26+
Config: &k8s.ConfigDynamic{
27+
GroupVersionResource: schema.GroupVersionResource{
28+
Version: "v1",
29+
Resource: "pods",
30+
},
31+
},
32+
},
33+
},
34+
expectedRBACManifests: `
35+
apiVersion: rbac.authorization.k8s.io/v1
36+
kind: ClusterRole
37+
metadata:
38+
name: jetstack-secure-agent-pods-reader
39+
rules:
40+
- apiGroups: [""]
41+
resources: ["pods"]
42+
verbs: ["get", "list", "watch"]
43+
---
44+
apiVersion: rbac.authorization.k8s.io/v1
45+
kind: ClusterRoleBinding
46+
metadata:
47+
name: jetstack-secure-agent-pods-reader
48+
roleRef:
49+
kind: ClusterRole
50+
name: jetstack-secure-agent-pods-reader
51+
apiGroup: rbac.authorization.k8s.io
52+
subjects:
53+
- kind: ServiceAccount
54+
name: agent
55+
namespace: jetstack-secure
56+
`,
57+
},
58+
{
59+
description: "Generate ClusterRole and RoleBinding for simple pod dg with include namespace \"foobar\"",
60+
dataGatherers: []agent.DataGatherer{
61+
{
62+
Name: "k8s/pods",
63+
Kind: "k8s-dynamic",
64+
Config: &k8s.ConfigDynamic{
65+
IncludeNamespaces: []string{"foobar"},
66+
GroupVersionResource: schema.GroupVersionResource{
67+
Version: "v1",
68+
Resource: "pods",
69+
},
70+
},
71+
},
72+
},
73+
expectedRBACManifests: `
74+
apiVersion: rbac.authorization.k8s.io/v1
75+
kind: ClusterRole
76+
metadata:
77+
name: jetstack-secure-agent-pods-reader
78+
rules:
79+
- apiGroups: [""]
80+
resources: ["pods"]
81+
verbs: ["get", "list", "watch"]
82+
---
83+
apiVersion: rbac.authorization.k8s.io/v1
84+
kind: RoleBinding
85+
metadata:
86+
name: jetstack-secure-agent-pods-reader
87+
namespace: foobar
88+
roleRef:
89+
kind: ClusterRole
90+
name: jetstack-secure-agent-pods-reader
91+
apiGroup: rbac.authorization.k8s.io
92+
subjects:
93+
- kind: ServiceAccount
94+
name: agent
95+
namespace: jetstack-secure
96+
`,
97+
},
98+
}
99+
100+
for _, input := range testCases {
101+
got := generateFullManifest(input.dataGatherers)
102+
103+
td.Cmp(t, input.expectedRBACManifests, got)
104+
}
105+
}
106+
14107
func TestGenerateAgentRBACManifests(t *testing.T) {
15108
testCases := []struct {
16109
description string

0 commit comments

Comments
 (0)