github.com/kiali/kiali@v1.84.0/business/checkers/authorization/namespace_method_checker_test.go

github.com/kiali/kiali@v1.84.0/business/checkers/authorization/namespace_method_checker_test.go (about)

     1  package authorization
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  	security_v1beta "istio.io/client-go/pkg/apis/security/v1beta1"
     9  
    10  	"github.com/kiali/kiali/models"
    11  	"github.com/kiali/kiali/tests/data"
    12  	"github.com/kiali/kiali/tests/testutils/validations"
    13  )
    14  
    15  func TestSourceNamespaceExisting(t *testing.T) {
    16  	assert := assert.New(t)
    17  
    18  	validations, valid := NamespaceMethodChecker{
    19  		AuthorizationPolicy: sourceNamespaceAuthPolicy([]string{"bookinfo", "bookinfo2"}),
    20  		Namespaces:          []string{"bookinfo", "bookinfo2"},
    21  	}.Check()
    22  
    23  	// Well configured object
    24  	assert.True(valid)
    25  	assert.Empty(validations)
    26  }
    27  
    28  func TestSourceNamespaceNotFound(t *testing.T) {
    29  	assert := assert.New(t)
    30  
    31  	vals, valid := NamespaceMethodChecker{
    32  		AuthorizationPolicy: sourceNamespaceAuthPolicy([]string{"wrong1", "wrong2"}),
    33  		Namespaces:          []string{"bookinfo"},
    34  	}.Check()
    35  
    36  	assert.True(valid)
    37  	assert.NotEmpty(vals)
    38  	assert.Len(vals, 2)
    39  	assert.NoError(validations.ConfirmIstioCheckMessage("authorizationpolicy.source.namespacenotfound", vals[0]))
    40  	assert.Equal(vals[0].Severity, models.WarningSeverity)
    41  	assert.Equal(vals[0].Path, "spec/rules[0]/from[0]/source/namespaces[0]")
    42  	assert.NoError(validations.ConfirmIstioCheckMessage("authorizationpolicy.source.namespacenotfound", vals[1]))
    43  	assert.Equal(vals[1].Severity, models.WarningSeverity)
    44  	assert.Equal(vals[1].Path, "spec/rules[0]/from[0]/source/namespaces[1]")
    45  }
    46  
    47  func TestToMethodWrongHTTP(t *testing.T) {
    48  	assert := assert.New(t)
    49  
    50  	vals, valid := NamespaceMethodChecker{
    51  		AuthorizationPolicy: toMethodsAuthPolicy([]string{
    52  			"GET", "/grpc.package/method", "/grpc.package/subpackage/subpackage/method",
    53  			"GOT", "WRONG", "/grpc.pkg/hello.method", "grpc.pkg/noinitialslash",
    54  		}),
    55  		Namespaces: []string{"bookinfo"},
    56  	}.Check()
    57  
    58  	assert.True(valid)
    59  	assert.NotEmpty(vals)
    60  	assert.Len(vals, 4)
    61  	for i, m := range []int{3, 4, 5} {
    62  		assert.NoError(validations.ConfirmIstioCheckMessage("authorizationpolicy.to.wrongmethod", vals[i]))
    63  		assert.Equal(vals[i].Severity, models.WarningSeverity)
    64  		assert.Equal(vals[i].Path, fmt.Sprintf("spec/rules[0]/to[0]/operation/methods[%d]", m))
    65  	}
    66  }
    67  
    68  func sourceNamespaceAuthPolicy(nss []string) *security_v1beta.AuthorizationPolicy {
    69  	methods := []string{"GET", "PUT", "PATCH"}
    70  	selector := map[string]string{"app": "details"}
    71  	hosts := []string{"details"}
    72  	return data.CreateAuthorizationPolicy(nss, methods, hosts, selector)
    73  }
    74  
    75  func toMethodsAuthPolicy(methods []string) *security_v1beta.AuthorizationPolicy {
    76  	nss := []string{"bookinfo"}
    77  	selector := map[string]string{"app": "details"}
    78  	hosts := []string{"details"}
    79  	return data.CreateAuthorizationPolicy(nss, methods, hosts, selector)
    80  }