Skip to content

Commit

Permalink
Add more test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@strideynet
strideynet committed Jan 10, 2025
1 parent c7e5c7b commit d7b3fbb
Showing 1 changed file with 186 additions and 1 deletion.
187 changes: 186 additions & 1 deletion lib/auth/machineid/workloadidentityv1/decision_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,14 +271,19 @@ func Test_evaluateRules(t *testing.T) {
},
}

var noMatchRule require.ErrorAssertionFunc = func(t require.TestingT, err error, i ...interface{}) {
require.Error(t, err)
require.Contains(t, err.Error(), "no matching rule found")
}

tests := []struct {
name string
wid *workloadidentityv1pb.WorkloadIdentity
attrs *workloadidentityv1pb.Attrs
requireErr require.ErrorAssertionFunc
}{
{
name: "pass, no rules",
name: "no rules: pass",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Expand All @@ -292,6 +297,186 @@ func Test_evaluateRules(t *testing.T) {
attrs: attrs,
requireErr: require.NoError,
},
{
name: "eq: pass",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
Value: "foo",
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: require.NoError,
},
{
name: "eq: fail",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
Value: "not-foo",
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: noMatchRule,
},
{
name: "not_eq: pass",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_NotEq{
NotEq: &workloadidentityv1pb.WorkloadIdentityConditionNotEq{
Value: "bar",
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: require.NoError,
},
{
name: "not_eq: fail",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_NotEq{
NotEq: &workloadidentityv1pb.WorkloadIdentityConditionNotEq{
Value: "foo",
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: noMatchRule,
},
{
name: "in: pass",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_In{
In: &workloadidentityv1pb.WorkloadIdentityConditionIn{
Values: []string{"bar", "foo"},
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: require.NoError,
},
{
name: "in: fail",
wid: &workloadidentityv1pb.WorkloadIdentity{
Kind: types.KindWorkloadIdentity,
Version: types.V1,
Metadata: &headerv1.Metadata{
Name: "test",
},
Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
Rules: &workloadidentityv1pb.WorkloadIdentityRules{
Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
{
Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
{
Attribute: "user.name",
Operator: &workloadidentityv1pb.WorkloadIdentityCondition_In{
In: &workloadidentityv1pb.WorkloadIdentityConditionIn{
Values: []string{"bar", "fizz"},
},
},
},
},
},
},
},
},
},
attrs: attrs,
requireErr: noMatchRule,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit d7b3fbb

Please sign in to comment.