feat: add platform access approval and rejection tests

Author: JoseSzycho

test/iam/platform-access-approval/chainsaw-test.yaml

@@ -0,0 +1,43 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: platform-access-approval
+spec:
+  description: |
+    Verify that a User's registrationApproval starts as Pending and becomes Approved
+    after creating a PlatformAccessApproval.
+  steps:
+  - name: approval-flow
+    description: Create a User, confirm Pending, then approve and expect Approved
+    try:
+    - apply:
+        file: resources/user-approval.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 2m
+        for:
+          condition:
+            name: Ready
+            value: 'True'
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 1m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Pending
+    - apply:
+        file: resources/approval.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-approval-test-user
+        timeout: 2m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Approved

test/iam/platform-access-approval/resources/approval.yaml

@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: PlatformAccessApproval
+metadata:
+  name: access-approval-for-test-user
+spec:
+  subjectRef:
+    userRef:
+      name: access-approval-test-user

test/iam/platform-access-approval/resources/user-approval.yaml

@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: User
+metadata:
+  name: access-approval-test-user
+spec:
+  email: [email protected]
+  givenName: Approval
+  familyName: User

test/iam/platform-access-rejection/chainsaw-test.yaml

@@ -0,0 +1,45 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: platform-access-rejection
+spec:
+  description: |
+    Verify that a User's registrationApproval starts as Pending and becomes Rejected
+    after creating a PlatformAccessRejection.
+  steps:
+  - name: rejection-flow
+    description: Create a User, confirm Pending, then reject and expect Rejected
+    try:
+    - apply:
+        file: resources/user-rejection.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 2m
+        for:
+          condition:
+            name: Ready
+            value: 'True'
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 1m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Pending
+    - apply:
+        file: resources/rejection.yaml
+    - wait:
+        apiVersion: iam.miloapis.com/v1alpha1
+        kind: User
+        name: access-rejection-test-user
+        timeout: 2m
+        for:
+          jsonPath:
+            path: '{.status.registrationApproval}'
+            value: Rejected
+
+

test/iam/platform-access-rejection/resources/rejection.yaml

@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: PlatformAccessRejection
+metadata:
+  name: access-rejection-for-test-user
+spec:
+  subjectRef:
+    name: access-rejection-test-user
+  reason: Not eligible for platform access

test/iam/platform-access-rejection/resources/user-rejection.yaml

@@ -0,0 +1,8 @@
+apiVersion: iam.miloapis.com/v1alpha1
+kind: User
+metadata:
+  name: access-rejection-test-user
+spec:
+  email: [email protected]
+  givenName: Rejection
+  familyName: User