kubelatte-ce
Форк от sbertech/kubelatte-ce
118 строк · 3.4 Кб
1package validation
2
3import (
4"context"
5"github.com/stretchr/testify/assert"
6"gitverse.ru/ktrntrsv/kubelatte-ce/pkg/api/v1alpha1"
7"gitverse.ru/ktrntrsv/kubelatte-ce/pkg/observability/logger/lib"
8"gitverse.ru/ktrntrsv/kubelatte-ce/pkg/storage"
9"go.uber.org/zap"
10"os"
11"testing"
12)
13
14func TestMain(m *testing.M) {
15// test context initialization here
16lib.ZapLogger = zap.NewNop()
17os.Exit(m.Run())
18}
19
20func Test_checkScopeNewLogic(t *testing.T) {
21type args struct {
22result interface{}
23simple v1alpha1.Simple
24action string
25}
26tests := []struct {
27name string
28args args
29result bool
30}{
31{
32name: ".* 1",
33args: args{
34result: []string{"annot", "key"},
35simple: v1alpha1.Simple{
36Name: "disallowed-containers",
37Path: "spec.containers",
38Value: ".*",
39},
40action: Deny,
41},
42result: false,
43},
44{
45name: ".* 2",
46args: args{
47result: []string{"annot", "key"},
48simple: v1alpha1.Simple{
49Name: "disallowed-containers",
50Path: "spec.containers",
51Value: ".*",
52},
53action: Allow,
54},
55result: true,
56},
57{
58name: "empty res",
59args: args{
60result: nil,
61simple: v1alpha1.Simple{
62Name: "disallowed-containers",
63Path: "spec.containers",
64Value: ".*",
65},
66action: Deny,
67},
68result: true,
69},
70}
71for _, tt := range tests {
72t.Run(tt.name, func(t *testing.T) {
73assert.Equalf(t, tt.result, validateValue(context.Background(), tt.args.result, tt.args.simple.Path, tt.args.simple.Value, tt.args.action),
74"validateValue(%v, %v, %v)", tt.args.result, tt.args.simple, tt.args.action)
75})
76}
77}
78
79func TestCheckRegoRule(t *testing.T) {
80t.Run("with rule", func(t *testing.T) {
81storage.Storage = &storage.StorageController{}
82storage.Storage.Start(true, false)
83orig := map[string]interface{}{
84"apiVersion": "v1",
85"kind": "Pod",
86"metadata": map[string]interface{}{
87"name": "test",
88"namespace": "test"},
89}
90item := v1alpha1.Item{
91Name: "rule",
92Match: v1alpha1.Match{
93Kinds: []v1alpha1.Kind{{
94Kind: []string{"Pod"},
95ApiGroups: []string{"*"},
96}},
97},
98Rule: v1alpha1.Rule{
99Rego: v1alpha1.Rego{
100Template: "import future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nviolation contains {\"msg\": msg} if {\n params := object.get(input, \"parameters\", {})\n name := object.get(params, \"name\", [])\n objName := input.review.name\n objName == name\n msg := sprintf(\"Creating this pod is prohibited! Do not create %v\", [objName])\n}",
101Parameters: "name: test",
102},
103},
104}
105if gotErr := CheckRegoRule(context.Background(), orig, item); gotErr == nil {
106t.Errorf("CheckRegoRule() error: %v, expected nil", gotErr)
107}
108storage.Storage.UpdateRegoRule("test", v1alpha1.TemplateSpec{
109Kind: "Scope",
110ApiVersion: "test",
111Data: "import future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nviolation contains {\"msg\": msg} if {\n params := object.get(input, \"parameters\", {})\n name := object.get(params, \"name\", [])\n objName := input.review.name\n objName == name\n msg := sprintf(\"Creating this pod is prohibited! Do not create %v\", [objName])\n}",
112Type: "rego",
113})
114if gotErr := CheckRegoRule(context.Background(), orig, item); gotErr == nil {
115t.Errorf("CheckRegoRule() error: %v, expected nil", gotErr)
116}
117})
118}
119