mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-04-05 10:17:42 +00:00
a6b830b1af
* fix(controller): decode old object for delete requests Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * sec(ghsa-2ww6-hf35-mfjm): intercept namespace subresource Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
123 lines
2.4 KiB
Go
123 lines
2.4 KiB
Go
// Copyright 2020-2026 Project Capsule Authors
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package api_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/projectcapsule/capsule/pkg/api"
|
|
)
|
|
|
|
func TestForbiddenListSpec_ExactMatch(t *testing.T) {
|
|
type tc struct {
|
|
In []string
|
|
True []string
|
|
False []string
|
|
}
|
|
|
|
for _, tc := range []tc{
|
|
{
|
|
[]string{"foo", "bar", "bizz", "buzz"},
|
|
[]string{"foo", "bar", "bizz", "buzz"},
|
|
[]string{"bing", "bong"},
|
|
},
|
|
{
|
|
[]string{"one", "two", "three"},
|
|
[]string{"one", "two", "three"},
|
|
[]string{"a", "b", "c"},
|
|
},
|
|
{
|
|
nil,
|
|
nil,
|
|
[]string{"any", "value"},
|
|
},
|
|
} {
|
|
a := api.ForbiddenListSpec{
|
|
Exact: tc.In,
|
|
}
|
|
|
|
for _, ok := range tc.True {
|
|
assert.True(t, a.ExactMatch(ok))
|
|
}
|
|
|
|
for _, ko := range tc.False {
|
|
assert.False(t, a.ExactMatch(ko))
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestForbiddenListSpec_RegexMatch(t *testing.T) {
|
|
type tc struct {
|
|
Regex string
|
|
True []string
|
|
False []string
|
|
}
|
|
|
|
for _, tc := range []tc{
|
|
{`first-\w+-pattern`, []string{"first-date-pattern", "first-year-pattern"}, []string{"broken", "first-year", "second-date-pattern"}},
|
|
{``, nil, []string{"any", "value"}},
|
|
} {
|
|
a := api.ForbiddenListSpec{
|
|
Regex: tc.Regex,
|
|
}
|
|
|
|
for _, ok := range tc.True {
|
|
assert.True(t, a.RegexMatch(ok))
|
|
}
|
|
|
|
for _, ko := range tc.False {
|
|
assert.False(t, a.RegexMatch(ko))
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestValidateForbidden(t *testing.T) {
|
|
type tc struct {
|
|
Keys map[string]string
|
|
ForbiddenSpec api.ForbiddenListSpec
|
|
HasError bool
|
|
}
|
|
|
|
for _, tc := range []tc{
|
|
{
|
|
Keys: map[string]string{"foobar": "", "thesecondkey": "", "anotherkey": ""},
|
|
ForbiddenSpec: api.ForbiddenListSpec{
|
|
Exact: []string{"foobar", "somelabelkey1"},
|
|
},
|
|
HasError: true,
|
|
},
|
|
{
|
|
Keys: map[string]string{"foobar": ""},
|
|
ForbiddenSpec: api.ForbiddenListSpec{
|
|
Exact: []string{"foobar.io", "somelabelkey1", "test-exact"},
|
|
},
|
|
HasError: false,
|
|
},
|
|
{
|
|
Keys: map[string]string{"foobar": "", "barbaz": ""},
|
|
ForbiddenSpec: api.ForbiddenListSpec{
|
|
Regex: "foo.*",
|
|
},
|
|
HasError: true,
|
|
},
|
|
{
|
|
Keys: map[string]string{"foobar": "", "another-annotation-key": ""},
|
|
ForbiddenSpec: api.ForbiddenListSpec{
|
|
Regex: "foo1111",
|
|
},
|
|
HasError: false,
|
|
},
|
|
} {
|
|
if tc.HasError {
|
|
assert.Error(t, api.ValidateForbidden(tc.Keys, tc.ForbiddenSpec))
|
|
}
|
|
|
|
if !tc.HasError {
|
|
assert.NoError(t, api.ValidateForbidden(tc.Keys, tc.ForbiddenSpec))
|
|
}
|
|
}
|
|
}
|