From aec3d55c324c6e1360c097aaa599fff0bf22df8b Mon Sep 17 00:00:00 2001 From: WanLinghao Date: Fri, 2 Feb 2018 16:40:34 +0800 Subject: [PATCH] add UT test to PolicyRuleBuilder in file ./pkg/apis/rbac/helpers_test.go --- pkg/apis/rbac/helpers_test.go | 129 ++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) diff --git a/pkg/apis/rbac/helpers_test.go b/pkg/apis/rbac/helpers_test.go index 8723796e84..d6e7593bcc 100644 --- a/pkg/apis/rbac/helpers_test.go +++ b/pkg/apis/rbac/helpers_test.go @@ -175,3 +175,132 @@ func TestResourceMatches(t *testing.T) { }) } } + +func TestPolicyRuleBuilder(t *testing.T) { + tests := []struct { + testName string + verbs []string + groups []string + resources []string + names []string + urls []string + expected bool + policyRule rbac.PolicyRule + }{ + { + testName: "all empty", + verbs: nil, + groups: nil, + resources: nil, + names: nil, + urls: nil, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "normal resource case", + verbs: []string{"get"}, + groups: []string{""}, + resources: []string{"pod"}, + names: []string{"gakki"}, + urls: nil, + expected: true, + policyRule: rbac.PolicyRule{ + Verbs: []string{"get"}, + APIGroups: []string{""}, + Resources: []string{"pod"}, + ResourceNames: []string{"gakki"}, + NonResourceURLs: []string{}, + }, + }, + { + testName: "normal noResourceURLs case", + verbs: []string{"get"}, + groups: nil, + resources: nil, + names: nil, + urls: []string{"/api/registry/healthz"}, + expected: true, + policyRule: rbac.PolicyRule{ + Verbs: []string{"get"}, + APIGroups: []string{}, + Resources: []string{}, + ResourceNames: []string{}, + NonResourceURLs: []string{"/api/registry/healthz"}, + }, + }, + { + testName: "nonResourceURLs with no-empty groups", + verbs: []string{"get"}, + groups: []string{""}, + resources: nil, + names: nil, + urls: []string{"/api/registry/healthz"}, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "nonResourceURLs with no-empty resources", + verbs: []string{"get"}, + groups: nil, + resources: []string{"deployments", "secrets"}, + names: nil, + urls: []string{"/api/registry/healthz"}, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "nonResourceURLs with no-empty resourceNames", + verbs: []string{"get"}, + groups: nil, + resources: nil, + names: []string{"gakki"}, + urls: []string{"/api/registry/healthz"}, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "resource without apiGroups", + verbs: []string{"get"}, + groups: nil, + resources: []string{"pod"}, + names: []string{""}, + urls: nil, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "resourceNames with illegal verb", + verbs: []string{"list", "watch", "create", "deletecollection"}, + groups: []string{""}, + resources: []string{"pod"}, + names: []string{"gakki"}, + urls: nil, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + { + testName: "no nonResourceURLs nor resources", + verbs: []string{"get"}, + groups: []string{"rbac.authorization.k8s.io"}, + resources: nil, + names: []string{"gakki"}, + urls: nil, + expected: false, + policyRule: rbac.PolicyRule{}, + }, + } + for _, tc := range tests { + actual, err := rbac.NewRule(tc.verbs...).Groups(tc.groups...).Resources(tc.resources...).Names(tc.names...).URLs(tc.urls...).Rule() + if err != nil { + if tc.expected { + t.Error(err) + } else { + continue + } + } + if !reflect.DeepEqual(actual, tc.policyRule) { + t.Errorf("Expected %s got %s.", tc.policyRule, actual) + } + } +}