Skip to content
This repository was archived by the owner on Nov 14, 2024. It is now read-only.

chore: rbac: speed up tests by using fake k8s Clientset #24

Merged
merged 2 commits into from
Sep 20, 2021
Merged

chore: rbac: speed up tests by using fake k8s Clientset #24

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
91967bd
chore: rbac: speed up tests by using fake k8s Clientset
johnstcn Sep 20, 2021
15fa0aa
Update internal/checks/kube/rbac_test.go
johnstcn Sep 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 29 additions & 17 deletions internal/checks/kube/rbac_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,16 @@ package kube

import (
"context"
"net/http"
"testing"

"golang.org/x/xerrors"
authorizationv1 "k8s.io/api/authorization/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
fake "k8s.io/client-go/kubernetes/fake"
"k8s.io/client-go/rest"
k8stesting "k8s.io/client-go/testing"

"cdr.dev/slog/sloggers/slogtest/assert"

Expand All @@ -17,7 +20,6 @@ import (

func Test_CheckRBAC_Error(t *testing.T) {
t.Parallel()

srv := newTestHTTPServer(t, 500, nil)
defer srv.Close()
client, err := kubernetes.NewForConfig(&rest.Config{Host: srv.URL})
Expand All @@ -28,6 +30,7 @@ func Test_CheckRBAC_Error(t *testing.T) {
assert.True(t, "should contain one result", len(results) == 1)
assert.True(t, "result should be failed", results[0].State == api.StateFailed)
}

func Test_CheckRBACFallback(t *testing.T) {
t.Parallel()

Expand All @@ -42,7 +45,7 @@ func Test_CheckRBACFallback(t *testing.T) {
F: func(t *testing.T, results []*api.CheckResult) {
assert.False(t, "results should not be empty", len(results) == 0)
for _, result := range results {
assert.True(t, result.Name+" should not error", result.Details["error"] == nil)
assert.Equal(t, result.Name+" should not error", result.Details["error"], nil)
assert.True(t, result.Name+" should pass", result.State == api.StatePassed)
}
},
Expand All @@ -65,11 +68,13 @@ func Test_CheckRBACFallback(t *testing.T) {
t.Run(test.Name, func(t *testing.T) {
t.Parallel()

server := newTestHTTPServer(t, http.StatusOK, test.Response)
defer server.Close()

client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
assert.Success(t, "failed to create client", err)
client := fake.NewSimpleClientset()
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
return true, test.Response, nil
}
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
// which by default includes a "catch-all" action which is not what we want here!
client.Fake.PrependReactor("create", "selfsubjectaccessreviews", fakeAction)

checker := NewKubernetesChecker(client)
results := checker.checkRBACFallback(context.Background())
Expand All @@ -80,11 +85,13 @@ func Test_CheckRBACFallback(t *testing.T) {

func Test_CheckRBACFallback_ClientError(t *testing.T) {
t.Parallel()

server := newTestHTTPServer(t, http.StatusInternalServerError, nil)

client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
assert.Success(t, "failed to create client", err)
client := fake.NewSimpleClientset()
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
return true, nil, xerrors.New("ouch")
}
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
// which by default includes a "catch-all" action which is not what we want here!
client.Fake.PrependReactor("create", "selfsubjectaccessreviews", fakeAction)

checker := NewKubernetesChecker(client)
results := checker.checkRBACFallback(context.Background())
Expand All @@ -97,12 +104,14 @@ func Test_CheckRBACFallback_ClientError(t *testing.T) {
var selfSubjectAccessReviewAllowed authorizationv1.SelfSubjectAccessReview = authorizationv1.SelfSubjectAccessReview{
Status: authorizationv1.SubjectAccessReviewStatus{
Allowed: true,
Reason: "test says yes",
},
}

var selfSubjectAccessReviewDenied authorizationv1.SelfSubjectAccessReview = authorizationv1.SelfSubjectAccessReview{
Status: authorizationv1.SubjectAccessReviewStatus{
Allowed: false,
Reason: "test says no",
},
}

Expand Down Expand Up @@ -133,11 +142,14 @@ func Test_CheckRBACDefault(t *testing.T) {
t.Run(test.Name, func(t *testing.T) {
t.Parallel()

server := newTestHTTPServer(t, http.StatusOK, test.Response)
defer server.Close()
client := fake.NewSimpleClientset()

client, err := kubernetes.NewForConfig(&rest.Config{Host: server.URL})
assert.Success(t, "failed to create client", err)
fakeAction := func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
return true, test.Response, nil
}
// NOTE: Use PrependReactor! AddReactor appends the action after the reaction chain
// which by default includes a "catch-all" action which is not what we want here!
client.Fake.PrependReactor("create", "selfsubjectrulesreviews", fakeAction)

checker := NewKubernetesChecker(client)
results, err := checker.checkRBACDefault(context.Background())
Expand Down