hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

Cleanup tests to fix type errors and use tables

Browse Source 
Signed-off-by: Sebastian Malton <sebastian@malton.name>
This commit is contained in:
Sebastian Malton 2023-03-10 14:02:26 -05:00
parent a99e922752
commit 7c482484a2
2 changed files with 202 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
packages/core/src/common/cluster/create-request-namespace-list-permissions.injectable.ts
View File

@ -39,18 +39,12 @@ const createRequestNamespaceListPermissionsInjectable = getInjectable({
const { resourceRules } = status; const { resourceRules } = status;
return (resource) => { return (resource) => (
const rules = resourceRules.filter(({ resourceRules
apiGroups = ["*"], resources = ["*"], .filter(({ apiGroups = ["*"] }) => apiGroups.includes("*") || apiGroups.includes(resource.group))
}) => { .filter(({ resources = ["*"] }) => resources.includes("*") || resources.includes(resource.apiName))
const isAboutRelevantApiGroup = apiGroups.includes("*") || apiGroups.includes(resource.group); .some(({ verbs }) => verbs.includes("*") || verbs.includes("list"))
const isAboutResource = resources.includes("*") || resources.includes(resource.apiName); );
return isAboutRelevantApiGroup && isAboutResource;
});
return rules.some(({ verbs }) => verbs.includes("*") || verbs.includes("list"));
};
} catch (error) { } catch (error) {
logger.error(`[AUTHORIZATION-NAMESPACE-REVIEW]: failed to create subject rules review`, { namespace, error }); logger.error(`[AUTHORIZATION-NAMESPACE-REVIEW]: failed to create subject rules review`, { namespace, error });

501
packages/core/src/common/cluster/request-namespace-list-permissions.test.ts
View File

@ -3,334 +3,225 @@
* Licensed under MIT License. See LICENSE in root directory for more information. * Licensed under MIT License. See LICENSE in root directory for more information.
*/ */
import type { V1SubjectRulesReviewStatus } from "@kubernetes/client-node"; import type { AsyncFnMock } from "@async-fn/jest";
import asyncFn from "@async-fn/jest";
import type { AuthorizationV1Api, V1SubjectRulesReviewStatus } from "@kubernetes/client-node";
import type { DiContainer } from "@ogre-tools/injectable"; import type { DiContainer } from "@ogre-tools/injectable";
import type { IncomingMessage } from "http";
import { anyObject } from "jest-mock-extended";
import { getDiForUnitTesting } from "../../main/getDiForUnitTesting"; import { getDiForUnitTesting } from "../../main/getDiForUnitTesting";
import type { RequestNamespaceListPermissionsFor } from "./request-namespace-list-permissions.injectable"; import { cast } from "../../test-utils/cast";
import requestNamespaceListPermissionsForInjectable from "./request-namespace-list-permissions.injectable"; import type { KubeApiResource } from "../rbac";
import type { RequestNamespaceListPermissions } from "./create-request-namespace-list-permissions.injectable";
import createRequestNamespaceListPermissionsInjectable from "./create-request-namespace-list-permissions.injectable";
const createStubProxyConfig = (statusResponse: Promise<{ body: { status: V1SubjectRulesReviewStatus }}>) => ({ interface TestCase {
makeApiClient: () => ({ description: string;
createSelfSubjectRulesReview: (): Promise<{ body: { status: V1SubjectRulesReviewStatus }}> => statusResponse, status: V1SubjectRulesReviewStatus;
}), expected: boolean;
}); }
describe("requestNamespaceListPermissions", () => { describe("requestNamespaceListPermissions", () => {
let di: DiContainer; let di: DiContainer;
let requestNamespaceListPermissions: RequestNamespaceListPermissionsFor; let createSelfSubjectRulesReviewMock: AsyncFnMock<AuthorizationV1Api["createSelfSubjectRulesReview"]>;
let requestNamespaceListPermissions: RequestNamespaceListPermissions;
beforeEach(() => { beforeEach(() => {
di = getDiForUnitTesting(); di = getDiForUnitTesting();
requestNamespaceListPermissions = di.inject(requestNamespaceListPermissionsForInjectable);
const createRequestNamespaceListPermissions = di.inject(createRequestNamespaceListPermissionsInjectable);
createSelfSubjectRulesReviewMock = asyncFn();
requestNamespaceListPermissions = createRequestNamespaceListPermissions(cast<AuthorizationV1Api>({
createSelfSubjectRulesReview: createSelfSubjectRulesReviewMock,
}));
}); });
describe("when api returns incomplete data", () => { describe("when a request for list permissions in a namespace has been started", () => {
it("returns truthy function", async () => { let request: ReturnType<RequestNamespaceListPermissions>;
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: true,
resourceRules: [],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace"); beforeEach(() => {
request = requestNamespaceListPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
}); });
});
describe("when api rejects", () => { it("should request the creation of a SelfSubjectRulesReview", () => {
it("returns truthy function", async () => { expect(createSelfSubjectRulesReviewMock).toBeCalledWith(anyObject({
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig( spec: {
new Promise((resolve, reject) => reject("unknown error")), namespace: "irrelevant-namespace",
) as any); },
}));
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
}); });
});
describe("when first resourceRule has all permissions for everything", () => { ([
it("return truthy function", async () => { {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig( description: "incomplete data",
new Promise((resolve) => resolve({ status: {
body: { incomplete: true,
status: { resourceRules: [],
incomplete: false, nonResourceRules: [],
resourceRules: [ },
{ expected: true,
apiGroups: ["*"], },
verbs: ["*"], {
}, description: "first resourceRule has all permissions for everything",
{ status: {
apiGroups: ["*"], incomplete: false,
verbs: ["get"], resourceRules: [
}, {
], apiGroups: ["*"],
nonResourceRules: [], verbs: ["*"],
}, },
}, {
})), apiGroups: ["*"],
) as any); verbs: ["get"],
},
],
nonResourceRules: [],
},
expected: true,
},
{
description: "first resourceRule has list permissions for everything",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["list"],
},
{
apiGroups: ["*"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
expected: true,
},
{
description: "first resourceRule has list permissions for asked resource",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["some-api-group"],
resources: ["some-kind"],
verbs: ["list"],
},
{
apiGroups: ["*"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
expected: true,
},
{
description: "last resourceRule has all permissions for everything",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["get"],
},
{
apiGroups: ["*"],
verbs: ["*"],
},
],
nonResourceRules: [],
},
expected: true,
},
{
description: "last resourceRule has list permissions for asked resource",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["get"],
},
{
apiGroups: ["some-api-group"],
resources: ["some-kind"],
verbs: ["list"],
},
],
nonResourceRules: [],
},
expected: true,
},
{
description: "resourceRules has matching resource without list verb",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["some-api-group"],
resources: ["some-kind"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
expected: false,
},
{
description: "resourceRules has no matching resource with list verb",
status: {
incomplete: false,
resourceRules: [
{
apiGroups: [""],
resources: ["services"],
verbs: ["list"],
},
],
nonResourceRules: [],
},
expected: false,
},
] as TestCase[]).forEach(({ description, status, expected }) => {
describe(`when api returns ${description}`, () => {
beforeEach(async () => {
await createSelfSubjectRulesReviewMock.resolve({
body: {
status,
spec: {},
},
response: null as unknown as IncomingMessage,
});
});
const permissionCheck = await requestPermissions("irrelevant-namespace"); it(`allows the request to complete, and 'canListResource' will return ${expected}`, async () => {
const canListResource = await request;
expect(permissionCheck({ expect(canListResource(someKubeResource)).toBe(expected);
apiName: "pods", });
group: "", });
kind: "Pod",
namespaced: true,
})).toBeTruthy();
}); });
});
describe("when first resourceRule has list permissions for everything", () => { describe("when api rejects", () => {
it("return truthy function", async () => { beforeEach(async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig( await createSelfSubjectRulesReviewMock.reject(new Error("unknown error"));
new Promise((resolve) => resolve({ });
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["list"],
},
{
apiGroups: ["*"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace"); it("allows the request to complete, and 'canListResource' will return true", async () => {
const canListResource = await request;
expect(permissionCheck({ expect(canListResource(someKubeResource)).toBe(true);
apiName: "pods", });
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
});
});
describe("when first resourceRule has list permissions for asked resource", () => {
it("return truthy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: [""],
resources: ["pods"],
verbs: ["list"],
},
{
apiGroups: ["*"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
});
});
describe("when last resourceRule has all permissions for everything", () => {
it("return truthy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["get"],
},
{
apiGroups: ["*"],
verbs: ["*"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
});
});
describe("when last resourceRule has list permissions for everything", () => {
it("return truthy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["get"],
},
{
apiGroups: ["*"],
verbs: ["list"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
});
});
describe("when last resourceRule has list permissions for asked resource", () => {
it("return truthy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: ["*"],
verbs: ["get"],
},
{
apiGroups: [""],
resources: ["pods"],
verbs: ["list"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
});
});
describe("when resourceRules has matching resource without list verb", () => {
it("return falsy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: [""],
resources: ["pods"],
verbs: ["get"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeFalsy();
});
});
describe("when resourceRules has no matching resource with list verb", () => {
it("return falsy function", async () => {
const requestPermissions = requestNamespaceListPermissions(createStubProxyConfig(
new Promise((resolve) => resolve({
body: {
status: {
incomplete: false,
resourceRules: [
{
apiGroups: [""],
resources: ["services"],
verbs: ["list"],
},
],
nonResourceRules: [],
},
},
})),
) as any);
const permissionCheck = await requestPermissions("irrelevant-namespace");
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeFalsy();
}); });
}); });
}); });
const someKubeResource: KubeApiResource = {
apiName: "some-kind",
group: "some-api-group",
kind: "SomeKind",
namespaced: true,
};