mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-02-14 18:09:58 +00:00
a6b830b1af
* fix(controller): decode old object for delete requests Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: modernize golang Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * sec(ghsa-2ww6-hf35-mfjm): intercept namespace subresource Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: conflicts Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(api): add rulestatus api Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
109 lines
2.0 KiB
Go
109 lines
2.0 KiB
Go
// Copyright 2020-2026 Project Capsule Authors
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package api_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
|
|
"github.com/projectcapsule/capsule/pkg/api"
|
|
)
|
|
|
|
func TestUserSpec_Subject_ServiceAccount(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
in api.UserSpec
|
|
want rbacv1.Subject
|
|
}{
|
|
{
|
|
name: "system serviceaccount format",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "system:serviceaccount:capsule-system:capsule",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "capsule-system",
|
|
Name: "capsule",
|
|
},
|
|
},
|
|
{
|
|
name: "minimal ns:name style (still splits from end)",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "ns:sa",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "ns",
|
|
Name: "sa",
|
|
},
|
|
},
|
|
{
|
|
name: "extra segments (uses last two)",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "a:b:c:d",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "c",
|
|
Name: "d",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := tt.in.Subject()
|
|
if got != tt.want {
|
|
t.Fatalf("expected %#v, got %#v", tt.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestUserSpec_Subject_UserAndGroup(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
in api.UserSpec
|
|
want rbacv1.Subject
|
|
}{
|
|
{
|
|
name: "user subject",
|
|
in: api.UserSpec{
|
|
Kind: api.UserOwner,
|
|
Name: "alice",
|
|
},
|
|
want: rbacv1.Subject{
|
|
APIGroup: rbacv1.GroupName,
|
|
Kind: "User",
|
|
Name: "alice",
|
|
},
|
|
},
|
|
{
|
|
name: "group subject",
|
|
in: api.UserSpec{
|
|
Kind: api.GroupOwner,
|
|
Name: "devops",
|
|
},
|
|
want: rbacv1.Subject{
|
|
APIGroup: rbacv1.GroupName,
|
|
Kind: "Group",
|
|
Name: "devops",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := tt.in.Subject()
|
|
if got != tt.want {
|
|
t.Fatalf("expected %#v, got %#v", tt.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|