mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-02-14 18:09:58 +00:00
730151cb44
* chore: improve dev targets Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): implement deterministic rolebinding reflection Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): capsule users are determined from configuration status Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowners): added agreggate option - tenantowners are always considered capsule users Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowner): add implicit aggregation for tenants Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: remove helm flags Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
106 lines
1.9 KiB
Go
106 lines
1.9 KiB
Go
package api_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
|
|
"github.com/projectcapsule/capsule/pkg/api"
|
|
)
|
|
|
|
func TestUserSpec_Subject_ServiceAccount(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
in api.UserSpec
|
|
want rbacv1.Subject
|
|
}{
|
|
{
|
|
name: "system serviceaccount format",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "system:serviceaccount:capsule-system:capsule",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "capsule-system",
|
|
Name: "capsule",
|
|
},
|
|
},
|
|
{
|
|
name: "minimal ns:name style (still splits from end)",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "ns:sa",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "ns",
|
|
Name: "sa",
|
|
},
|
|
},
|
|
{
|
|
name: "extra segments (uses last two)",
|
|
in: api.UserSpec{
|
|
Kind: api.ServiceAccountOwner,
|
|
Name: "a:b:c:d",
|
|
},
|
|
want: rbacv1.Subject{
|
|
Kind: "ServiceAccount",
|
|
Namespace: "c",
|
|
Name: "d",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := tt.in.Subject()
|
|
if got != tt.want {
|
|
t.Fatalf("expected %#v, got %#v", tt.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestUserSpec_Subject_UserAndGroup(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
in api.UserSpec
|
|
want rbacv1.Subject
|
|
}{
|
|
{
|
|
name: "user subject",
|
|
in: api.UserSpec{
|
|
Kind: api.UserOwner,
|
|
Name: "alice",
|
|
},
|
|
want: rbacv1.Subject{
|
|
APIGroup: rbacv1.GroupName,
|
|
Kind: "User",
|
|
Name: "alice",
|
|
},
|
|
},
|
|
{
|
|
name: "group subject",
|
|
in: api.UserSpec{
|
|
Kind: api.GroupOwner,
|
|
Name: "devops",
|
|
},
|
|
want: rbacv1.Subject{
|
|
APIGroup: rbacv1.GroupName,
|
|
Kind: "Group",
|
|
Name: "devops",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := tt.in.Subject()
|
|
if got != tt.want {
|
|
t.Fatalf("expected %#v, got %#v", tt.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|