generated from kubewarden/go-policy-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
validate_test.go
120 lines (110 loc) · 3.07 KB
/
validate_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"testing"
corev1 "github.com/kubewarden/k8s-objects/api/core/v1"
metav1 "github.com/kubewarden/k8s-objects/apimachinery/pkg/apis/meta/v1"
kubewarden_protocol "github.com/kubewarden/policy-sdk-go/protocol"
kubewarden_testing "github.com/kubewarden/policy-sdk-go/testing"
"github.com/mailru/easyjson"
)
func TestValidateLabel(t *testing.T) {
tests := []struct {
name string
podLabels map[string]string
deniedLabels []string
constrainedLabels map[string]string
expectedIsValid bool
}{
{
name: "pod without labels is accepted",
podLabels: make(map[string]string),
deniedLabels: []string{"owner"},
constrainedLabels: make(map[string]string),
expectedIsValid: true,
},
{
name: "pod without denied labels is accepted",
podLabels: map[string]string{
"hello": "world",
},
deniedLabels: []string{"owner"},
constrainedLabels: make(map[string]string),
expectedIsValid: true,
},
{
name: "pod with a denied label is rejected",
podLabels: map[string]string{
"hello": "world",
},
deniedLabels: []string{"hello"},
constrainedLabels: make(map[string]string),
expectedIsValid: false,
},
{
name: "pod with a satisfied constraint label is accepted",
podLabels: map[string]string{
"cc-center": "team-123",
},
deniedLabels: []string{"hello"},
constrainedLabels: map[string]string{
"cc-center": `team-\d+`,
},
expectedIsValid: true,
},
{
name: "pod with an unsatisfied constraint label is rejected",
podLabels: map[string]string{
"cc-center": "team-kubewarden",
},
deniedLabels: []string{"hello"},
constrainedLabels: map[string]string{
"cc-center": `team-\d+`,
},
expectedIsValid: false,
},
{
name: "pod missing a constrained label is rejected",
podLabels: map[string]string{
"owner": "team-kubewarden",
},
deniedLabels: []string{"hello"},
constrainedLabels: map[string]string{
"cc-center": `team-\d+`,
},
expectedIsValid: false,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
basicSettings := BasicSettings{
DeniedLabels: test.deniedLabels,
ConstrainedLabels: test.constrainedLabels,
}
pod := corev1.Pod{
Metadata: &metav1.ObjectMeta{
Name: "test-pod",
Namespace: "default",
Labels: test.podLabels,
},
}
payload, err := kubewarden_testing.BuildValidationRequest(&pod, &basicSettings)
if err != nil {
t.Errorf("Unexpected request error: %+v", err)
}
responsePayload, err := validate(payload)
if err != nil {
t.Errorf("Unexpected validation error: %+v", err)
}
var response kubewarden_protocol.ValidationResponse
if err = easyjson.Unmarshal(responsePayload, &response); err != nil {
t.Errorf("Unexpected response error: %+v", err)
}
if test.expectedIsValid && !response.Accepted {
t.Errorf("Unexpected rejection: %s", *response.Message)
}
if !test.expectedIsValid && response.Accepted {
t.Errorf("Unexpected acceptance")
}
})
}
}