-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The tests verify that * Authorised users can list resources * Unauthorised users get empty resources list but no error issue #3636 Co-authored-by: Georgi Sabev <[email protected]>
- Loading branch information
1 parent
ff4d08a
commit afae96a
Showing
7 changed files
with
143 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package helpers | ||
|
||
import ( | ||
"github.com/gofrs/flock" | ||
. "github.com/onsi/ginkgo/v2" //lint:ignore ST1001 this is a test file | ||
. "github.com/onsi/gomega" //lint:ignore ST1001 this is a test file | ||
) | ||
|
||
type FLock struct { | ||
lock *flock.Flock | ||
} | ||
|
||
func NewFlock(lockFilePath string) *FLock { | ||
return &FLock{ | ||
lock: flock.New(lockFilePath), | ||
} | ||
} | ||
|
||
func (f *FLock) Execute(fn func()) { | ||
GinkgoHelper() | ||
|
||
Eventually(func(g Gomega) { | ||
ok, err := f.lock.TryLock() | ||
g.Expect(err).NotTo(HaveOccurred()) | ||
g.Expect(ok).To(BeTrue()) | ||
}).Should(Succeed()) | ||
|
||
defer func() { | ||
Expect(f.lock.Unlock()).To(Succeed()) | ||
}() | ||
|
||
fn() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
package smoke_test | ||
|
||
import ( | ||
"code.cloudfoundry.org/korifi/tests/helpers" | ||
. "code.cloudfoundry.org/korifi/tests/matchers" | ||
"github.com/google/uuid" | ||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
. "github.com/onsi/gomega/gexec" | ||
"github.com/onsi/gomega/types" | ||
) | ||
|
||
var _ = Describe("list", func() { | ||
listResources := func(resourceType string, resourcesMatch types.GomegaMatcher) { | ||
cfCurlOutput, err := sessionOutput(helpers.Cf("curl", "/v3/"+resourceType)) | ||
Expect(err).NotTo(HaveOccurred()) | ||
Expect(cfCurlOutput).To(MatchJSONPath("$.resources", resourcesMatch)) | ||
} | ||
|
||
BeforeEach(func() { | ||
Expect(helpers.Cf("run-task", sharedData.BuildpackAppName, "-c", "sleep 120")).To(Exit(0)) | ||
|
||
upsiName := uuid.NewString() | ||
Expect(helpers.Cf("create-user-provided-service", upsiName)).To(Exit(0)) | ||
Expect(helpers.Cf("bind-service", sharedData.BuildpackAppName, upsiName)).To(Exit(0)) | ||
}) | ||
|
||
DescribeTable("authorised users get the resources", | ||
listResources, | ||
Entry("apps", "apps", Not(BeEmpty())), | ||
Entry("packages", "packages", Not(BeEmpty())), | ||
Entry("processes", "processes", Not(BeEmpty())), | ||
Entry("routes", "routes", Not(BeEmpty())), | ||
Entry("service_instances", "service_instances", Not(BeEmpty())), | ||
Entry("service_credential_bindings", "service_credential_bindings", Not(BeEmpty())), | ||
Entry("tasks", "tasks", Not(BeEmpty())), | ||
) | ||
|
||
When("the user is not allowed to list", func() { | ||
BeforeEach(func() { | ||
serviceAccountFactory := helpers.NewServiceAccountFactory(sharedData.RootNamespace) | ||
userName := uuid.NewString() | ||
userToken := serviceAccountFactory.CreateServiceAccount(userName) | ||
helpers.NewFlock(sharedData.FLockPath).Execute(func() { | ||
helpers.AddUserToKubeConfig(userName, userToken) | ||
}) | ||
|
||
DeferCleanup(func() { | ||
helpers.NewFlock(sharedData.FLockPath).Execute(func() { | ||
helpers.RemoveUserFromKubeConfig(userName) | ||
}) | ||
serviceAccountFactory.DeleteServiceAccount(userName) | ||
}) | ||
|
||
Expect(helpers.Cf("auth", userName)).To(Exit(0)) | ||
}) | ||
|
||
DescribeTable("unauthorised users get empty resources list", | ||
listResources, | ||
Entry("apps", "apps", BeEmpty()), | ||
Entry("packages", "packages", BeEmpty()), | ||
Entry("processes", "processes", BeEmpty()), | ||
Entry("routes", "routes", BeEmpty()), | ||
Entry("service_instances", "service_instances", BeEmpty()), | ||
Entry("service_credential_bindings", "service_credential_bindings", BeEmpty()), | ||
Entry("tasks", "tasks", BeEmpty()), | ||
) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters