Skip to content

Commit 77df0b4

Browse files
r4f4r4f4
committed
aws/permissions: add VPC permissions unit tests.
1 parent 86569ec commit 77df0b4

File tree

1 file changed

+69
-0
lines changed

1 file changed

+69
-0
lines changed

pkg/asset/installconfig/aws/permissions_test.go

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -411,3 +411,72 @@ func TestKMSKeyPermissions(t *testing.T) {
411411
})
412412
})
413413
}
414+
415+
func TestVPCPermissions(t *testing.T) {
416+
t.Run("Should include", func(t *testing.T) {
417+
t.Run("create network permissions when VPC not specified", func(t *testing.T) {
418+
t.Run("for standard regions", func(t *testing.T) {
419+
ic := validInstallConfig()
420+
ic.AWS.Subnets = nil
421+
ic.AWS.HostedZone = ""
422+
requiredPerms := RequiredPermissionGroups(ic)
423+
assert.Contains(t, requiredPerms, PermissionCreateNetworking)
424+
})
425+
t.Run("for secret regions", func(t *testing.T) {
426+
ic := validInstallConfig()
427+
ic.AWS.Region = "us-iso-east-1"
428+
ic.AWS.Subnets = nil
429+
ic.AWS.HostedZone = ""
430+
requiredPerms := RequiredPermissionGroups(ic)
431+
assert.Contains(t, requiredPerms, PermissionCreateNetworking)
432+
})
433+
})
434+
t.Run("delete network permissions when VPC not specified for standard region", func(t *testing.T) {
435+
ic := validInstallConfig()
436+
ic.AWS.Subnets = nil
437+
ic.AWS.HostedZone = ""
438+
requiredPerms := RequiredPermissionGroups(ic)
439+
assert.Contains(t, requiredPerms, PermissionDeleteNetworking)
440+
})
441+
t.Run("delete shared network permissions when VPC specified for standard region", func(t *testing.T) {
442+
ic := validInstallConfig()
443+
requiredPerms := RequiredPermissionGroups(ic)
444+
assert.Contains(t, requiredPerms, PermissionDeleteSharedNetworking)
445+
})
446+
})
447+
t.Run("Should not include", func(t *testing.T) {
448+
t.Run("create network permissions when VPC specified", func(t *testing.T) {
449+
ic := validInstallConfig()
450+
requiredPerms := RequiredPermissionGroups(ic)
451+
assert.NotContains(t, requiredPerms, PermissionCreateNetworking)
452+
})
453+
t.Run("delete network permissions", func(t *testing.T) {
454+
t.Run("when VPC specified", func(t *testing.T) {
455+
ic := validInstallConfig()
456+
requiredPerms := RequiredPermissionGroups(ic)
457+
assert.NotContains(t, requiredPerms, PermissionDeleteNetworking)
458+
})
459+
t.Run("on secret regions", func(t *testing.T) {
460+
ic := validInstallConfig()
461+
ic.AWS.Region = "us-iso-east-1"
462+
requiredPerms := RequiredPermissionGroups(ic)
463+
assert.NotContains(t, requiredPerms, PermissionDeleteNetworking)
464+
})
465+
})
466+
t.Run("delete shared network permissions", func(t *testing.T) {
467+
t.Run("when VPC not specified", func(t *testing.T) {
468+
ic := validInstallConfig()
469+
ic.AWS.Subnets = nil
470+
ic.AWS.HostedZone = ""
471+
requiredPerms := RequiredPermissionGroups(ic)
472+
assert.NotContains(t, requiredPerms, PermissionDeleteSharedNetworking)
473+
})
474+
t.Run("on secret regions", func(t *testing.T) {
475+
ic := validInstallConfig()
476+
ic.AWS.Region = "us-iso-east-1"
477+
requiredPerms := RequiredPermissionGroups(ic)
478+
assert.NotContains(t, requiredPerms, PermissionDeleteSharedNetworking)
479+
})
480+
})
481+
})
482+
}

0 commit comments

Comments
 (0)