cleanup pretty printing, add a comment

demonCoder95 · demonCoder95 · commit 66e2269e0f99 · 2024-11-22T02:59:38.000+01:00
diff --git a/test/e2e/authorization.go b/test/e2e/authorization.go
@@ -247,6 +247,8 @@ var _ = g.Describe("Authorization [RBAC] [Zalando]", func() {
 		var tc testCase
 		g.BeforeEach(func() {
 			tc.data.groups = [][]string{
+				// Collaborator groups can escalate privileges to their respective groups
+				// so, we need to include the respective group in the list as well.
 				{"CollaboratorPowerUser", "PowerUser"},
 				{"CollaboratorManual", "Manual"},
 				{"CollaboratorEmergency", "Emergency"},
diff --git a/test/e2e/authorization_utils.go b/test/e2e/authorization_utils.go
@@ -439,49 +439,34 @@ func (t *testCase) evaluateOutput(createdSars []authv1.SubjectAccessReview, allo
 // to help debug the RBAC test cases.
 func prettyPrintSAR(sar authv1.SubjectAccessReview) string {
 
+	// helper function to print the field values conditionally
+	ifNotNil := func(k, v string) string {
+		if v != "" {
+			return "\n  " + k + ": " + v
+		}
+		return ""
+	}
+
 	str := "\nSubjectAccessReviewSpec:"
 	// we print the field values conditionally since some fields might be empty
 	// this helps in making the output more readable
-	if ns := sar.Spec.ResourceAttributes.Namespace; ns != "" {
-		str += "\n  Namespace: " + ns
-	}
-	if verb := sar.Spec.ResourceAttributes.Verb; verb != "" {
-		str += "\n  Verb: " + verb
-	}
-	if group := sar.Spec.ResourceAttributes.Group; group != "" {
-		str += "\n  APIGroup: " + group
-	}
-	if resource := sar.Spec.ResourceAttributes.Resource; resource != "" {
-		str += "\n  Resource: " + resource
-	}
-	if subresource := sar.Spec.ResourceAttributes.Subresource; subresource != "" {
-		str += "\n  Subresource: " + subresource
-	}
-	if name := sar.Spec.ResourceAttributes.Name; name != "" {
-		str += "\n  Name: " + name
-	}
+	str += ifNotNil("Namespace", sar.Spec.ResourceAttributes.Namespace)
+	str += ifNotNil("Verb", sar.Spec.ResourceAttributes.Verb)
+	str += ifNotNil("Group", sar.Spec.ResourceAttributes.Group)
+	str += ifNotNil("Resource", sar.Spec.ResourceAttributes.Resource)
+	str += ifNotNil("Subresource", sar.Spec.ResourceAttributes.Subresource)
+	str += ifNotNil("Name", sar.Spec.ResourceAttributes.Name)
 	if sar.Spec.NonResourceAttributes != nil {
-		if verb := sar.Spec.NonResourceAttributes.Verb; verb != "" {
-			str += "\n  NonResourceVerb: " + verb
-		}
-		if path := sar.Spec.NonResourceAttributes.Path; path != "" {
-			str += "\n  NonResourcePath: " + path
-		}
-	}
-	if user := sar.Spec.User; user != "" {
-		str += "\n  User: " + user
-	}
-	if groups := sar.Spec.Groups; len(groups) > 0 {
-		str += "\n  Groups: " + strings.Join(groups, ",")
+		str += ifNotNil("Path", sar.Spec.NonResourceAttributes.Path)
+		str += ifNotNil("Verb", sar.Spec.NonResourceAttributes.Verb)
 	}
+	str += ifNotNil("User", sar.Spec.User)
+	str += ifNotNil("Groups", strings.Join(sar.Spec.Groups, ","))
 	str += "\nSubjectAccessReviewStatus:"
 	// these fields are always present in the SubjectAccessReviewStatus
 	str += "\n  Allowed: " + strconv.FormatBool(sar.Status.Allowed)
 	str += "\n  Denied: " + strconv.FormatBool(sar.Status.Denied)
-
-	if reason := sar.Status.Reason; reason != "" {
-		str += "\n  Reason: " + reason
-	}
+	str += ifNotNil("Reason", sar.Status.Reason)
 	str += "\n"
 	return str
 }
