Skip to content

Commit 1b13def

Browse files
demonCoder95demonCoder95
committed
use global slices for verbs and resources
1 parent 0b3171b commit 1b13def

File tree

1 file changed

+49
-69
lines changed

1 file changed

+49
-69
lines changed

test/e2e/authorization.go

Lines changed: 49 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,29 @@ var (
2323
{"CollaboratorPowerUser"},
2424
{"Administrator"},
2525
}
26+
27+
// "secrets" are not included as they have their own set of test cases.
28+
namespacedResources = []string{
29+
"pods",
30+
"apps/deployments",
31+
"apps/statefulsets",
32+
"apps/deployments/scale",
33+
"apps/statefulsets/scale",
34+
"services",
35+
"persistentvolumes",
36+
"persistentvolumeclaims",
37+
"configmaps",
38+
}
39+
// "nodes" are not included as they have their own set of test cases.
40+
globalResources = []string{
41+
"namespaces",
42+
"rbac.authorization.k8s.io/clusterroles",
43+
"storage.k8s.io/storageclasses",
44+
"apiextensions.k8s.io/customresourcedefinitions",
45+
}
46+
readOperations = []string{"get", "list", "watch"}
47+
writeOperations = []string{"create", "update", "delete", "patch"}
48+
allOperations = append(readOperations, writeOperations...)
2649
)
2750

2851
var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
@@ -92,55 +115,38 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
92115
tc.data.resources = []string{"secrets"}
93116
})
94117
g.It("should deny access in all namespaces", func() {
95-
tc.data.verbs = []string{"get", "list", "watch", "create", "update", "delete", "patch"}
118+
tc.data.verbs = allOperations
96119
tc.data.namespaces = []string{"", "teapot", "kube-system"}
97120
tc.run(context.TODO(), cs, false)
98121
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
99122
})
100123
})
101124
g.When("the resource is not a Secret resource", func() {
102125
g.BeforeEach(func() {
103-
tc.data.resources = []string{
104-
"pods",
105-
"apps/deployments",
106-
"apps/daemonsets",
107-
"apps/statefulsets",
108-
"apps/deployments/scale",
109-
"apps/statefulsets/scale",
110-
"services",
111-
"persistentvolumes",
112-
"persistentvolumeclaims",
113-
"configmaps",
114-
}
126+
tc.data.resources = namespacedResources
115127
tc.data.namespaces = []string{"", "teapot", "kube-system"}
116128
})
117129
g.It("should allow read access in all namespaces", func() {
118-
tc.data.verbs = []string{"get", "list", "watch"}
130+
tc.data.verbs = readOperations
119131
tc.run(context.TODO(), cs, true)
120132
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
121133
})
122134
g.It("should deny write access in all namespaces", func() {
123-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
135+
tc.data.verbs = writeOperations
124136
tc.run(context.TODO(), cs, false)
125137
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
126138
})
127139
})
128140
g.When("the resource is a global resource", func() {
129141
g.BeforeEach(func() {
130-
tc.data.resources = []string{
131-
"namespaces",
132-
"nodes",
133-
"rbac.authorization.k8s.io/clusterroles",
134-
"storage.k8s.io/storageclasses",
135-
"apiextensions.k8s.io/customresourcedefinitions",
136-
}
142+
tc.data.resources = append(globalResources, "nodes")
137143
g.It("should allow read access", func() {
138-
tc.data.verbs = []string{"get", "list", "watch"}
144+
tc.data.verbs = readOperations
139145
tc.run(context.TODO(), cs, true)
140146
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
141147
})
142148
g.It("should deny write access", func() {
143-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
149+
tc.data.verbs = writeOperations
144150
tc.run(context.TODO(), cs, false)
145151
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
146152
})
@@ -162,21 +168,21 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
162168
g.It("should deny read access to Secrets in kube-system and visibility namespaces", func() {
163169
tc.data.resources = []string{"secrets"}
164170
tc.data.namespaces = []string{"kube-system", "visibility"}
165-
tc.data.verbs = []string{"get", "list", "watch"}
171+
tc.data.verbs = readOperations
166172
tc.run(context.TODO(), cs, false)
167173
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
168174
})
169175

170176
g.It("should deny write access to Nodes", func() {
171177
tc.data.resources = []string{"nodes"}
172-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
178+
tc.data.verbs = writeOperations
173179
tc.run(context.TODO(), cs, false)
174180
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
175181
})
176182

177183
g.It("should deny write access to DaemonSets", func() {
178184
tc.data.resources = []string{"apps/daemonsets"}
179-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
185+
tc.data.verbs = writeOperations
180186
tc.run(context.TODO(), cs, false)
181187
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
182188
})
@@ -198,18 +204,8 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
198204

199205
g.When("the resource is a namespaced resource", func() {
200206
g.BeforeEach(func() {
201-
tc.data.resources = []string{
202-
"pods",
203-
"apps/deployments",
204-
"apps/statefulsets",
205-
"apps/deployments/scale",
206-
"apps/statefulsets/scale",
207-
"services",
208-
"persistentvolumes",
209-
"persistentvolumeclaims",
210-
"configmaps",
211-
}
212-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
207+
tc.data.resources = namespacedResources
208+
tc.data.verbs = writeOperations
213209
})
214210
// These should be covered by the admission-controller tests.
215211
// They're written here for completeness.
@@ -218,19 +214,15 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
218214
})
219215
g.When("the resource is a global resource", func() {
220216
g.BeforeEach(func() {
221-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
217+
tc.data.verbs = writeOperations
222218
})
223219
g.It("should deny write access to Nodes", func() {
224220
tc.data.resources = []string{"nodes"}
225221
tc.run(context.TODO(), cs, false)
226222
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
227223
})
228224
g.It("should allow write access to resources other than Nodes", func() {
229-
tc.data.resources = []string{
230-
"namespaces",
231-
"storage.k8s.io/storageclasses",
232-
"apiextensions.k8s.io/customresourcedefinitions",
233-
}
225+
tc.data.resources = globalResources
234226
tc.run(context.TODO(), cs, true)
235227
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
236228
})
@@ -253,7 +245,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
253245
g.When("the resource is a Secret", func() {
254246
g.BeforeEach(func() {
255247
tc.data.resources = []string{"secrets"}
256-
tc.data.verbs = []string{"get", "list", "watch"}
248+
tc.data.verbs = readOperations
257249
})
258250

259251
g.It("should allow read access to visibility namespace", func() {
@@ -270,13 +262,13 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
270262

271263
g.It("should deny write access to Nodes", func() {
272264
tc.data.resources = []string{"nodes"}
273-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
265+
tc.data.verbs = writeOperations
274266
tc.run(context.TODO(), cs, false)
275267
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
276268
})
277269
g.It("should allow write access to DaemonSets", func() {
278270
tc.data.resources = []string{"apps/daemonsets"}
279-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
271+
tc.data.verbs = writeOperations
280272
tc.data.namespaces = []string{"visibility"}
281273
tc.run(context.TODO(), cs, true)
282274
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
@@ -297,16 +289,8 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
297289

298290
g.When("the resource is a namespaced resource", func() {
299291
g.BeforeEach(func() {
300-
tc.data.resources = []string{
301-
"pods",
302-
"apps/deployments",
303-
"apps/statefulsets",
304-
"services",
305-
"persistentvolumes",
306-
"persistentvolumeclaims",
307-
"configmaps",
308-
}
309-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
292+
tc.data.resources = namespacedResources
293+
tc.data.verbs = writeOperations
310294
})
311295
// This should be covered by the admission-controller tests.
312296
// It's written here for completeness.
@@ -320,19 +304,15 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
320304

321305
g.When("the resource is a global resource", func() {
322306
g.BeforeEach(func() {
323-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
307+
tc.data.verbs = writeOperations
324308
})
325309
g.It("should deny access to Nodes", func() {
326310
tc.data.resources = []string{"nodes"}
327311
tc.run(context.TODO(), cs, false)
328312
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
329313
})
330314
g.It("should allow access to resources other than Nodes", func() {
331-
tc.data.resources = []string{
332-
"namespaces",
333-
"storage.k8s.io/storageclasses",
334-
"apiextensions.k8s.io/customresourcedefinitions",
335-
}
315+
tc.data.resources = globalResources
336316
tc.run(context.TODO(), cs, true)
337317
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
338318
})
@@ -512,7 +492,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
512492
tc.data.resources = []string{"secrets"}
513493
})
514494
g.It("should allow read access", func() {
515-
tc.data.verbs = []string{"get", "list", "watch"}
495+
tc.data.verbs = readOperations
516496
tc.run(context.TODO(), cs, true)
517497
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
518498
})
@@ -523,12 +503,12 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
523503
tc.data.resources = []string{"pods"}
524504
})
525505
g.It("should allow read access", func() {
526-
tc.data.verbs = []string{"get", "list", "watch"}
506+
tc.data.verbs = readOperations
527507
tc.run(context.TODO(), cs, true)
528508
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
529509
})
530510
g.It("should allow write access", func() {
531-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
511+
tc.data.verbs = writeOperations
532512
tc.run(context.TODO(), cs, true)
533513
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
534514
})
@@ -552,7 +532,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
552532
tc.data.resources = []string{"secrets"}
553533
})
554534
g.It("should allow read access", func() {
555-
tc.data.verbs = []string{"get", "list", "watch"}
535+
tc.data.verbs = readOperations
556536
tc.run(context.TODO(), cs, true)
557537
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
558538
})
@@ -562,7 +542,7 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
562542
tc.data.resources = []string{"pods, apps/daemonsets"}
563543
})
564544
g.It("should allow write access", func() {
565-
tc.data.verbs = []string{"create", "update", "delete", "patch"}
545+
tc.data.verbs = writeOperations
566546
tc.run(context.TODO(), cs, true)
567547
gomega.Expect(tc.output.passed).To(gomega.BeTrue(), tc.output.String())
568548
})

0 commit comments

Comments
 (0)