Skip to content
This repository was archived by the owner on Nov 14, 2024. It is now read-only.

Commit 4ebd64c

Browse files
johnstcnjohnstcn
authored
chore: rbac: speed up tests by using fake k8s Clientset (#24)
Mocking the Kubernetes clientset instead of using `httptest` makes this test run in approx 100ms instead of approx 50s.
1 parent 3c80a35 commit 4ebd64c

File tree

1 file changed

+29
-17
lines changed

1 file changed

+29
-17
lines changed

internal/checks/kube/rbac_test.go

Lines changed: 29 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,16 @@ package kube
22

33
import (
44
"context"
5-
"net/http"
65
"testing"
76

7+
"golang.org/x/xerrors"
88
authorizationv1 "k8s.io/api/authorization/v1"
99
rbacv1 "k8s.io/api/rbac/v1"
10+
"k8s.io/apimachinery/pkg/runtime"
1011
"k8s.io/client-go/kubernetes"
12+
fake "k8s.io/client-go/kubernetes/fake"
1113
"k8s.io/client-go/rest"
14+
k8stesting "k8s.io/client-go/testing"
1215

1316
"cdr.dev/slog/sloggers/slogtest/assert"
1417

@@ -17,7 +20,6 @@ import (
1720

1821
func Test_CheckRBAC_Error(t *testing.T) {
1922
t.Parallel()
20-
2123
srv := newTestHTTPServer(t, 500, nil)
2224
defer srv.Close()
2325
client, err := kubernetes.NewForConfig(&rest.Config{Host: srv.URL})
@@ -28,6 +30,7 @@ func Test_CheckRBAC_Error(t *testing.T) {
2830
assert.True(t, "should contain one result", len(results) == 1)
2931
assert.True(t, "result should be failed", results[0].State == api.StateFailed)
3032
}
33+
3134
func Test_CheckRBACFallback(t *testing.T) {
3235
t.Parallel()
3336

@@ -42,7 +45,7 @@ func Test_CheckRBACFallback(t *testing.T) {
4245
F: func(t *testing.T, results []*api.CheckResult) {
4346
assert.False(t, "results should not be empty", len(results) == 0)
4447
for _, result := range results {
45-
assert.True(t, result.Name+" should not error", result.Details["error"] == nil)
48+
assert.Equal(t, result.Name+" should not error", result.Details["error"], nil)
4649
assert.True(t, result.Name+" should pass", result.State == api.StatePassed)
4750
}
4851
},
@@ -65,11 +68,13 @@ func Test_CheckRBACFallback(t *testing.T) {
6568
t.Run(test.Name, func(t *testing.T) {
6669
t.Parallel()
6770

68-
server := newTestHTTPServer(t, http.StatusOK, test.Response)
69-
defer server.Close()
70-
71-
client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
72-
assert.Success(t, "failed to create client", err)
71+
client := fake.NewSimpleClientset()
72+
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
73+
return true, test.Response, nil
74+
}
75+
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
76+
// which by default includes a "catch-all" action which is not what we want here!
77+
client.Fake.PrependReactor("create", "selfsubjectaccessreviews", fakeAction)
7378

7479
checker := NewKubernetesChecker(client)
7580
results := checker.checkRBACFallback(context.Background())
@@ -80,11 +85,13 @@ func Test_CheckRBACFallback(t *testing.T) {
8085

8186
func Test_CheckRBACFallback_ClientError(t *testing.T) {
8287
t.Parallel()
83-
84-
server := newTestHTTPServer(t, http.StatusInternalServerError, nil)
85-
86-
client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
87-
assert.Success(t, "failed to create client", err)
88+
client := fake.NewSimpleClientset()
89+
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
90+
return true, nil, xerrors.New("ouch")
91+
}
92+
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
93+
// which by default includes a "catch-all" action which is not what we want here!
94+
client.Fake.PrependReactor("create", "selfsubjectaccessreviews", fakeAction)
8895

8996
checker := NewKubernetesChecker(client)
9097
results := checker.checkRBACFallback(context.Background())
@@ -97,12 +104,14 @@ func Test_CheckRBACFallback_ClientError(t *testing.T) {
97104
var selfSubjectAccessReviewAllowed authorizationv1.SelfSubjectAccessReview = authorizationv1.SelfSubjectAccessReview{
98105
Status: authorizationv1.SubjectAccessReviewStatus{
99106
Allowed: true,
107+
Reason: "test says yes",
100108
},
101109
}
102110

103111
var selfSubjectAccessReviewDenied authorizationv1.SelfSubjectAccessReview = authorizationv1.SelfSubjectAccessReview{
104112
Status: authorizationv1.SubjectAccessReviewStatus{
105113
Allowed: false,
114+
Reason: "test says no",
106115
},
107116
}
108117

@@ -133,11 +142,14 @@ func Test_CheckRBACDefault(t *testing.T) {
133142
t.Run(test.Name, func(t *testing.T) {
134143
t.Parallel()
135144

136-
server := newTestHTTPServer(t, http.StatusOK, test.Response)
137-
defer server.Close()
145+
client := fake.NewSimpleClientset()
138146

139-
client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
140-
assert.Success(t, "failed to create client", err)
147+
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
148+
return true, test.Response, nil
149+
}
150+
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
151+
// which by default includes a "catch-all" action which is not what we want here!
152+
client.Fake.PrependReactor("create", "selfsubjectrulesreviews", fakeAction)
141153

142154
checker := NewKubernetesChecker(client)
143155
results, err := checker.checkRBACDefault(context.Background())

0 commit comments

Comments
 (0)