Add rbac generate unit tests

Adds another test to test the RBAC generate function Related #250 Signed-off-by: oluwole.fadeyi <[email protected]>
jetstack · Sep 25, 2023 · 9ef82fc · 9ef82fc
1 parent 1411468
commit 9ef82fc
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 0 deletions.
diff --git a/pkg/permissions/generate.go b/pkg/permissions/generate.go
@@ -113,3 +113,7 @@ func GenerateAgentRBACManifests(dataGatherers []agent.DataGatherer) AgentRBACMan
 
 	return AgentRBACManifests
 }
+
+func generateFullManifest(dataGatherers []agent.DataGatherer) string {
+
+}
diff --git a/pkg/permissions/generate_test.go b/pkg/permissions/generate_test.go
@@ -11,6 +11,99 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
+func TestGenerateAgentRBACManifestsString(t *testing.T) {
+	testCases := []struct {
+		description           string
+		dataGatherers         []agent.DataGatherer
+		expectedRBACManifests string
+	}{
+		{
+			description: "Generate ClusterRole and ClusterRoleBinding for simple pod dg use case",
+			dataGatherers: []agent.DataGatherer{
+				{
+					Name: "k8s/pods",
+					Kind: "k8s-dynamic",
+					Config: &k8s.ConfigDynamic{
+						GroupVersionResource: schema.GroupVersionResource{
+							Version:  "v1",
+							Resource: "pods",
+						},
+					},
+				},
+			},
+			expectedRBACManifests: `
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+	name: jetstack-secure-agent-pods-reader
+rules:
+- apiGroups: [""]
+	resources: ["pods"]
+	verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: jetstack-secure-agent-pods-reader
+roleRef:
+  kind: ClusterRole
+  name: jetstack-secure-agent-pods-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: jetstack-secure
+`,
+		},
+		{
+			description: "Generate ClusterRole and RoleBinding for simple pod dg with include namespace \"foobar\"",
+			dataGatherers: []agent.DataGatherer{
+				{
+					Name: "k8s/pods",
+					Kind: "k8s-dynamic",
+					Config: &k8s.ConfigDynamic{
+						IncludeNamespaces: []string{"foobar"},
+						GroupVersionResource: schema.GroupVersionResource{
+							Version:  "v1",
+							Resource: "pods",
+						},
+					},
+				},
+			},
+			expectedRBACManifests: `
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+	name: jetstack-secure-agent-pods-reader
+rules:
+- apiGroups: [""]
+	resources: ["pods"]
+	verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jetstack-secure-agent-pods-reader
+  namespace: foobar
+roleRef:
+  kind: ClusterRole
+  name: jetstack-secure-agent-pods-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: jetstack-secure
+`,
+		},
+	}
+
+	for _, input := range testCases {
+		got := generateFullManifest(input.dataGatherers)
+
+		td.Cmp(t, input.expectedRBACManifests, got)
+	}
+}
+
 func TestGenerateAgentRBACManifests(t *testing.T) {
 	testCases := []struct {
 		description                string
-Original file line number
+Diff line change
@@ Expand Up @@
     	return AgentRBACManifests
     }
+    func generateFullManifest(dataGatherers []agent.DataGatherer) string {
+    }