k8s.io/apiserver@v0.31.1/pkg/authentication/group/group_adder_test.go (about) 1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package group 18 19 import ( 20 "net/http" 21 "reflect" 22 "testing" 23 24 "k8s.io/apiserver/pkg/authentication/authenticator" 25 "k8s.io/apiserver/pkg/authentication/user" 26 ) 27 28 func TestGroupAdder(t *testing.T) { 29 capacity := make([]string, 0, 1024) 30 response := &authenticator.Response{User: &user.DefaultInfo{Name: "user", Groups: append(capacity, "original")}} 31 orig := toJson(response) 32 33 adder := authenticator.Request( 34 NewGroupAdder( 35 authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { 36 return response, true, nil 37 }), 38 []string{"added"}, 39 ), 40 ) 41 42 r, _, _ := adder.AuthenticateRequest(nil) 43 if want := []string{"original", "added"}; !reflect.DeepEqual(r.User.GetGroups(), want) { 44 t.Errorf("Unexpected groups\ngot:\t%#v\nwant:\t%#v", r.User.GetGroups(), want) 45 } 46 47 if got := toJson(response); got != orig { 48 t.Errorf("Expected response from delegate to be unmodified: orig=%v got=%v", orig, got) 49 } 50 } 51 52 func TestAuthenticatedGroupAdder(t *testing.T) { 53 tests := []struct { 54 name string 55 inputUser *user.DefaultInfo 56 expectedUser user.Info 57 }{ 58 { 59 name: "add", 60 inputUser: &user.DefaultInfo{ 61 Name: "user", 62 Groups: []string{"some-group"}, 63 }, 64 expectedUser: &user.DefaultInfo{ 65 Name: "user", 66 Groups: []string{"some-group", user.AllAuthenticated}, 67 }, 68 }, 69 { 70 name: "don't double add", 71 inputUser: &user.DefaultInfo{ 72 Name: "user", 73 Groups: []string{user.AllAuthenticated, "some-group"}, 74 }, 75 expectedUser: &user.DefaultInfo{ 76 Name: "user", 77 Groups: []string{user.AllAuthenticated, "some-group"}, 78 }, 79 }, 80 { 81 name: "don't add for anon", 82 inputUser: &user.DefaultInfo{ 83 Name: user.Anonymous, 84 Groups: []string{"some-group"}, 85 }, 86 expectedUser: &user.DefaultInfo{ 87 Name: user.Anonymous, 88 Groups: []string{"some-group"}, 89 }, 90 }, 91 { 92 name: "don't add for unauthenticated group", 93 inputUser: &user.DefaultInfo{ 94 Name: "user", 95 Groups: []string{user.AllUnauthenticated, "some-group"}, 96 }, 97 expectedUser: &user.DefaultInfo{ 98 Name: "user", 99 Groups: []string{user.AllUnauthenticated, "some-group"}, 100 }, 101 }, 102 } 103 104 for _, test := range tests { 105 capacity := make([]string, 0, 1024) 106 user := test.inputUser 107 user.Groups = append(capacity, user.Groups...) // make sure there is capacity in the groups array to trigger potential mutation 108 response := &authenticator.Response{User: user} 109 orig := toJson(response) 110 111 adder := authenticator.Request( 112 NewAuthenticatedGroupAdder( 113 authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { 114 return response, true, nil 115 }), 116 ), 117 ) 118 119 r, _, _ := adder.AuthenticateRequest(nil) 120 if !reflect.DeepEqual(r.User, test.expectedUser) { 121 t.Errorf("Unexpected user\ngot:\t%#v\nwant:\t%#v", r.User, test.expectedUser) 122 } 123 124 if got := toJson(response); got != orig { 125 t.Errorf("Expected response from delegate to be unmodified: orig=%v got=%v", orig, got) 126 } 127 } 128 129 }