diff --git a/src/lib/validate-processor.test.ts b/src/lib/validate-processor.test.ts new file mode 100644 index 000000000..814541861 --- /dev/null +++ b/src/lib/validate-processor.test.ts @@ -0,0 +1,74 @@ +import { describe, expect, it } from "@jest/globals"; +import { validateProcessor } from "./validate-processor"; +import { Capability } from "./capability"; +import { KubernetesObject } from "kubernetes-fluent-client"; +import { AdmissionRequest, CapabilityCfg } from "./types"; +import { Operation } from "./enums"; + +describe("validate-processor tests", () => { + const defaultCapabilityConfig: CapabilityCfg = { + name: "test-capability", + description: "Test capability description", + namespaces: ["default"], + }; + + const defaultModuleConfig = { uuid: "some-uuid", alwaysIgnore: { namespaces: [] } }; + const defaultCapabilities: Capability[] = [new Capability(defaultCapabilityConfig)]; + const defaultRequestMetadata = {}; + const defaultKind = { + group: "", + version: "v1", + kind: "Pod", + }; + const defaultRequest: AdmissionRequest = { + operation: Operation.CREATE, + uid: "test-uid", + kind: defaultKind, + resource: { + group: "", + version: "v1", + resource: "pods", + }, + name: "test-pod", + userInfo: { + username: "test-user", + groups: ["test-group"], + }, + object: { + apiVersion: "v1", + kind: "Pod", + metadata: { + name: "test-pod", + labels: { + "test-label": "true", + }, + annotations: { + "test-annotation": "true", + }, + }, + }, + }; + + it("should return an empty validate response", async () => { + const result = await validateProcessor( + defaultModuleConfig, + defaultCapabilities, + defaultRequest, + defaultRequestMetadata, + ); + expect(result).toStrictEqual([]); + }); + + it("TODO: should do something when secret", async () => { + const request = { ...defaultRequest, kind: { group: "", kind: "Secret", version: "v1" } }; + const result = await validateProcessor(defaultModuleConfig, defaultCapabilities, request, defaultRequestMetadata); + expect(result).toStrictEqual([]); + }); + + it("TODO should do something with bindings", async () => { + const capabilities: Capability[] = [new Capability({ ...defaultCapabilityConfig })]; + const request = { ...defaultRequest, kind: { group: "", kind: "Secret", version: "v1" } }; + const result = await validateProcessor(defaultModuleConfig, capabilities, request, defaultRequestMetadata); + expect(result).toStrictEqual([]); + }); +}); diff --git a/src/lib/validate-processor.ts b/src/lib/validate-processor.ts index 611fa6411..2324e7418 100644 --- a/src/lib/validate-processor.ts +++ b/src/lib/validate-processor.ts @@ -32,9 +32,9 @@ export async function validateProcessor( for (const { name, bindings, namespaces } of capabilities) { const actionMetadata = { ...reqMetadata, name }; - for (const action of bindings) { + for (const binding of bindings) { // Skip this action if it's not a validation action - if (!action.validateCallback) { + if (!binding.validateCallback) { continue; } @@ -44,18 +44,18 @@ export async function validateProcessor( }; // Continue to the next action without doing anything if this one should be skipped - const shouldSkip = shouldSkipRequest(action, req, namespaces, config?.alwaysIgnore?.namespaces); + const shouldSkip = shouldSkipRequest(binding, req, namespaces, config?.alwaysIgnore?.namespaces); if (shouldSkip !== "") { Log.debug(shouldSkip); continue; } - const label = action.validateCallback.name; + const label = binding.validateCallback.name; Log.info(actionMetadata, `Processing validation action (${label})`); try { // Run the validation callback, if it fails set allowed to false - const resp = await action.validateCallback(wrapped); + const resp = await binding.validateCallback(wrapped); localResponse.allowed = resp.allowed; // If the validation callback returned a status code or message, set it in the Response