Skip to content

Commit 1646c06

Browse files
demonCoder95demonCoder95
committed
Unify read and write test cases into a single and other nits
Refactor allNamespaces as a global slice Add clarification comments on the global slices Replace all instances of "resource not a secret" with a wider list of namespacedResources
1 parent 04827d6 commit 1646c06

File tree

1 file changed

+25
-25
lines changed

1 file changed

+25
-25
lines changed

test/e2e/authorization.go

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -36,29 +36,40 @@ var (
3636
"persistentvolumeclaims",
3737
"configmaps",
3838
}
39+
3940
// "nodes" are not included as they have their own set of test cases.
4041
globalResources = []string{
4142
"namespaces",
4243
"rbac.authorization.k8s.io/clusterroles",
4344
"storage.k8s.io/storageclasses",
4445
"apiextensions.k8s.io/customresourcedefinitions",
4546
}
46-
readOperations = []string{"get", "list", "watch"}
47+
// a slice of "get", "list", "watch" verbs
48+
readOperations = []string{"get", "list", "watch"}
49+
50+
// a slice of "create", "update", "delete", "patch" verbs
4751
writeOperations = []string{"create", "update", "delete", "patch"}
48-
allOperations = append(readOperations, writeOperations...)
52+
53+
// a slice of all operations
54+
allOperations = append(readOperations, writeOperations...)
55+
56+
// a slice representing all namespaces with respect to the test cases
57+
// "" represents the default namespace
58+
// "teapot" is a random namespace
59+
// "visibility" is a namespace where collaborators will have access
60+
// "kube-system" is a namespace where only administrators will have access
61+
allNamespaces = []string{"", "teapot", "visibility", "kube-system"}
4962
)
5063

5164
var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
5265
var cs kubernetes.Interface
5366

5467
f := framework.NewDefaultFramework("authorization")
5568

56-
// Initialise the clientset before each test
5769
g.BeforeEach(func() {
5870
cs = f.ClientSet
5971
})
6072

61-
// Test cases for all groups of users
6273
g.Context("For all groups", func() {
6374
var tc testCase
6475
g.BeforeEach(func() {
@@ -80,7 +91,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
8091
})
8192
g.It("should deny access for service accounts", func() {
8293
tc.data.resources = []string{"serviceaccounts"}
83-
tc.data.namespaces = []string{"", "teapot", "kube-system"}
94+
tc.data.namespaces = allNamespaces
8495
tc.run(context.TODO(), cs, false)
8596
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
8697
})
@@ -97,7 +108,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
97108
})
98109
g.It("should deny access for roles in all namespaces", func() {
99110
tc.data.resources = []string{"rbac.authorization.k8s.io/role"}
100-
tc.data.namespaces = []string{"", "teapot", "kube-system"}
111+
tc.data.namespaces = allNamespaces
101112
tc.run(context.TODO(), cs, false)
102113
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
103114
})
@@ -116,15 +127,15 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
116127
})
117128
g.It("should deny access in all namespaces", func() {
118129
tc.data.verbs = allOperations
119-
tc.data.namespaces = []string{"", "teapot", "kube-system"}
130+
tc.data.namespaces = allNamespaces
120131
tc.run(context.TODO(), cs, false)
121132
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
122133
})
123134
})
124135
g.When("the resource is not a Secret resource", func() {
125136
g.BeforeEach(func() {
126137
tc.data.resources = namespacedResources
127-
tc.data.namespaces = []string{"", "teapot", "kube-system"}
138+
tc.data.namespaces = allNamespaces
128139
})
129140
g.It("should allow read access in all namespaces", func() {
130141
tc.data.verbs = readOperations
@@ -498,34 +509,23 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
498509
g.BeforeEach(func() {
499510
tc.data.resources = []string{"secrets"}
500511
})
501-
g.It("should allow read access", func() {
502-
tc.data.verbs = readOperations
503-
tc.run(context.TODO(), cs, true)
504-
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
505-
})
506-
g.It("should allow write access", func() {
507-
tc.data.verbs = writeOperations
512+
g.It("should allow read and write access", func() {
513+
tc.data.verbs = allOperations
508514
tc.run(context.TODO(), cs, true)
509515
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
510516
})
511517
})
512518

513519
g.When("the resource is not a Secret", func() {
514520
g.BeforeEach(func() {
515-
tc.data.resources = []string{"pods"}
521+
tc.data.resources = namespacedResources
516522
})
517-
g.It("should allow read access", func() {
518-
tc.data.verbs = readOperations
519-
tc.run(context.TODO(), cs, true)
520-
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
521-
})
522-
g.It("should allow write access", func() {
523-
tc.data.verbs = writeOperations
523+
g.It("should allow read and write access", func() {
524+
tc.data.verbs = allOperations
524525
tc.run(context.TODO(), cs, true)
525526
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
526527
})
527528
})
528-
529529
})
530530

531531
g.When("namespace is not kube-system", func() {
@@ -551,7 +551,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
551551
})
552552
g.When("the resource is not a Secret", func() {
553553
g.BeforeEach(func() {
554-
tc.data.resources = []string{"pods, apps/daemonsets"}
554+
tc.data.resources = namespacedResources
555555
})
556556
g.It("should allow write access", func() {
557557
tc.data.verbs = writeOperations

0 commit comments

Comments
 (0)