github.com/verrazzano/verrazzano@v1.7.1/platform-operator/internal/vzconfig/validate_test.go (about) 1 // Copyright (c) 2021, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 package vzconfig 4 5 import ( 6 "github.com/stretchr/testify/assert" 7 v1 "k8s.io/api/rbac/v1" 8 "testing" 9 ) 10 11 // TestValidateRoleBindingSubject tests the ValidateRoleBindingSubject 12 // GIVEN a call to ValidateRoleBindingSubject 13 // WHEN for valid and invalid inputs 14 // THEN an error is returned when appropriate 15 func TestValidateRoleBindingSubject(t *testing.T) { 16 tests := []struct { 17 name string 18 description string 19 inputSubject v1.Subject 20 expectedErr bool 21 }{ 22 { 23 name: "NoSubjectName", 24 description: "Tests that a Subject with no name returns an error", 25 inputSubject: v1.Subject{}, 26 expectedErr: true, 27 }, 28 { 29 name: "UserSubjectNoAPIGroupValid", 30 description: "Tests that no error is returned with a User subject with no API group is specified", 31 inputSubject: v1.Subject{Name: "user-subject-0", Kind: "Group"}, 32 }, 33 { 34 name: "UserSubjectValidAPIGroup", 35 description: "Tests a valid User subject and the API group is specified that it is valid", 36 inputSubject: v1.Subject{Name: "user-subject-0", Kind: "Group", APIGroup: "rbac.authorization.k8s.io"}, 37 }, 38 { 39 name: "UserSubjectInvalidAPIGroup", 40 description: "Tests a valid User subject with an invalid API group", 41 inputSubject: v1.Subject{Name: "user-subject-0", Kind: "Group", APIGroup: "myrbac.authorization.k8s.io"}, 42 expectedErr: true, 43 }, 44 { 45 name: "GroupSubjectNoAPIGroupValid", 46 description: "Tests that no error is returned with a Group subject with no API group is specified", 47 inputSubject: v1.Subject{Name: "group-subject-0", Kind: "Group"}, 48 }, 49 { 50 name: "GroupSubjectValidAPIGroup", 51 description: "Tests a valid Group subject and the API group is specified that it is correct", 52 inputSubject: v1.Subject{Name: "group-subject-0", Kind: "Group", APIGroup: "rbac.authorization.k8s.io"}, 53 }, 54 { 55 name: "GroupSubjectInvalidAPIGroup", 56 description: "Tests a valid Group subject and the API group is specified that it is correct", 57 inputSubject: v1.Subject{Name: "group-subject-0", Kind: "Group", APIGroup: "myrbac.authorization.k8s.io"}, 58 expectedErr: true, 59 }, 60 { 61 name: "ServiceAccountSubjectNoAPIGroupOrNamespace", 62 description: "Tests no error is returned with a valid ServiceAccount subject with a namespace", 63 inputSubject: v1.Subject{Name: "sa-subject-0", Kind: "ServiceAccount", Namespace: "mynamespace"}, 64 }, 65 { 66 name: "ServiceAccountSubjectNoNamespace", 67 description: "Tests an error is returned with a ServiceAccount subject when no namespace is specified", 68 inputSubject: v1.Subject{Name: "sa-subject-0", Kind: "ServiceAccount"}, 69 expectedErr: true, 70 }, 71 { 72 name: "ServiceAccountSubjectWithAPIGroupNoNamespace", 73 description: "Tests an error is returned with a ServiceAccount subject when no namespace is specified", 74 inputSubject: v1.Subject{Name: "sa-subject-0", Kind: "ServiceAccount", APIGroup: "my.apigroup.io"}, 75 expectedErr: true, 76 }, 77 { 78 name: "ServiceAccountSubjectInvalidAPIGroup", 79 description: "Tests an error is returned with for a ServiceAccount subject where an API Group is specified", 80 inputSubject: v1.Subject{Name: "sa-subject-0", Kind: "ServiceAccount", Namespace: "mynamespace", APIGroup: "my.apigroup.io"}, 81 expectedErr: true, 82 }, 83 { 84 name: "InvalidSubjectKind", 85 description: "Tests an error is returned with an unexpected subject Kind", 86 inputSubject: v1.Subject{Name: "custom-subject-0", Kind: "MySubjectKind"}, 87 expectedErr: true, 88 }, 89 } 90 for _, test := range tests { 91 t.Run(test.name, func(t *testing.T) { 92 assert := assert.New(t) 93 t.Log(test.description) 94 95 err := ValidateRoleBindingSubject(test.inputSubject, "test-subject") 96 if test.expectedErr { 97 assert.Error(err) 98 return 99 } 100 assert.NoError(err) 101 }) 102 } 103 }