add logic to expand into resourceAttributes and nonResourceAttributes from testCaseData

demonCoder95 · demonCoder95 · commit 6bfbe461510a · 2024-11-21T01:52:34.000+01:00
diff --git a/test/e2e/authorization_utils.go b/test/e2e/authorization_utils.go
@@ -47,10 +47,7 @@ type testcaseOutput struct {
 
 func (t *testCase) run(ctx context.Context, cs kubernetes.Interface) error {
 	// Generate the list of SubjectAccessReview objects based on the testcase data
-	sars, err := generateSubjectAccessReviews(t.data)
-	if err != nil {
-		return err
-	}
+	sars := t.generateSubjectAccessReviews()
 
 	// Create the SubjectAccessReview objects in the cluster
 	createdSars, err := createSubjectAccessReviews(ctx, cs, sars)
@@ -67,9 +64,163 @@ func (t *testCase) run(ctx context.Context, cs kubernetes.Interface) error {
 
 // accessReviewGenerator generates a list of SubjectAccessReview objects based on the
 // testcase data provided.
-func generateSubjectAccessReviews(data testcaseData) ([]authv1.SubjectAccessReview, error) {
-	// TODO: Implement this function
-	return nil, nil
+func (t *testCase) generateSubjectAccessReviews() []authv1.SubjectAccessReview {
+	// Initialize the list of SubjectAccessReview objects
+	sars := make([]authv1.SubjectAccessReview, 0)
+
+	// expand the testcase data to generate a list of ResourceAttributes
+	resourceAttributes := t.expandResourceAttributes()
+
+	// expand the testcase data to generate a list of NonResourceAttributes
+	// nonResourceAttributes := t.expandNonResourceAttributes()
+
+	// expand the testcase data to generate a list of SubjectAccessReview objects
+	// based on the ResourceAttributes and NonResourceAttributes
+	for _, ra := range resourceAttributes {
+		for _, user := range t.data.users {
+			for _, group := range t.data.groups {
+				sar := authv1.SubjectAccessReview{
+					Spec: authv1.SubjectAccessReviewSpec{
+						ResourceAttributes: &ra,
+						User:               user,
+						Groups:             group,
+					},
+				}
+				sars = append(sars, sar)
+			}
+		}
+	}
+	return sars
+}
+
+// expandResourceAttributes expands the testcase data to generate a list of ResourceAttributes
+func (t *testCase) expandResourceAttributes() []authv1.ResourceAttributes {
+	// This will hold the expanded ResourceAttributes
+	ras := make([]authv1.ResourceAttributes, 0)
+
+	// TODO: Convert this logic in a function similar to the way it is implemented
+	// today to avoid code duplication
+	nsExpansions := make([]authv1.ResourceAttributes, 0)
+	// expand on namespaces
+	if len(t.data.namespaces) > 0 {
+		for _, ns := range t.data.namespaces {
+			ra := authv1.ResourceAttributes{
+				Namespace: ns,
+			}
+			nsExpansions = append(nsExpansions, ra)
+		}
+		// we update the expanded list with namespace expansions
+		ras = nsExpansions
+	}
+
+	// expand on verbs
+	verbExpansions := make([]authv1.ResourceAttributes, 0)
+	if len(t.data.verbs) > 0 {
+		for _, verb := range t.data.verbs {
+			for _, ra := range ras {
+				// copy the ResourceAttributes object to avoid modifying the original object
+				// and make it safe to user in the next iterations
+				copy := ra
+				copy.Verb = verb
+				verbExpansions = append(verbExpansions, copy)
+			}
+		}
+		// we update the expanded list with verb expansions
+		ras = verbExpansions
+	}
+
+	// expand on apiGroups
+	apiGroupExpansions := make([]authv1.ResourceAttributes, 0)
+	if len(t.data.apiGroups) > 0 {
+		for _, apiGroup := range t.data.apiGroups {
+			for _, ra := range ras {
+				copy := ra
+				copy.Group = apiGroup
+				apiGroupExpansions = append(apiGroupExpansions, copy)
+			}
+		}
+		// we update the expanded list with apiGroup expansions
+		ras = apiGroupExpansions
+	}
+
+	// expand on resources
+	resourceExpansions := make([]authv1.ResourceAttributes, 0)
+	if len(t.data.resources) > 0 {
+		for _, resource := range t.data.resources {
+			for _, ra := range ras {
+				copy := ra
+				copy.Resource = resource
+				resourceExpansions = append(resourceExpansions, copy)
+			}
+		}
+		// we update the expanded list with resource expansions
+		ras = resourceExpansions
+	}
+
+	// expand on subresources
+	subresourceExpansions := make([]authv1.ResourceAttributes, 0)
+	if len(t.data.subresources) > 0 {
+		for _, subresource := range t.data.subresources {
+			for _, ra := range ras {
+				copy := ra
+				copy.Subresource = subresource
+				subresourceExpansions = append(subresourceExpansions, copy)
+			}
+		}
+		// we update the expanded list with subresource expansions
+		ras = subresourceExpansions
+	}
+
+	// expand on names
+	nameExpansions := make([]authv1.ResourceAttributes, 0)
+	if len(t.data.names) > 0 {
+		for _, name := range t.data.names {
+			for _, ra := range ras {
+				copy := ra
+				copy.Name = name
+				nameExpansions = append(nameExpansions, copy)
+			}
+		}
+		// we update the expanded list with name expansions
+		ras = nameExpansions
+	}
+
+	return ras
+}
+
+// expandNonResourceAttributes expands the testcase data to generate a list of NonResourceAttributes
+func (t *testCase) expandNonResourceAttributes() []authv1.NonResourceAttributes {
+	// This will hold the expanded NonResourceAttributes
+	nras := make([]authv1.NonResourceAttributes, 0)
+
+	// expand on paths
+	pathExpansions := make([]authv1.NonResourceAttributes, 0)
+	if len(t.data.nonResourcePaths) > 0 {
+		for _, path := range t.data.nonResourcePaths {
+			nra := authv1.NonResourceAttributes{
+				Path: path,
+			}
+			pathExpansions = append(pathExpansions, nra)
+		}
+		// we update the expanded list with path expansions
+		nras = pathExpansions
+	}
+
+	// expand on verbs
+	verbExpansions := make([]authv1.NonResourceAttributes, 0)
+	if len(t.data.nonResourceVerbs) > 0 {
+		for _, verb := range t.data.nonResourceVerbs {
+			for _, nra := range nras {
+				copy := nra
+				copy.Verb = verb
+				verbExpansions = append(verbExpansions, copy)
+			}
+		}
+		// we update the expanded list with verb expansions
+		nras = verbExpansions
+	}
+
+	return nras
 }
 
 // createSubjectAccessReviews creates provided SubjectAccessReview objects in the cluster
@@ -91,6 +242,7 @@ func createSubjectAccessReview(ctx context.Context, cs kubernetes.Interface, sar
 	return cs.AuthorizationV1().SubjectAccessReviews().Create(ctx, &sar, metav1.CreateOptions{})
 }
 
+// evaluateOutput evaluates the output based on the created SubjectAccessReview objects
 func (t *testCase) evaluateOutput(createdSars []authv1.SubjectAccessReview) {
 	tcOutput := testcaseOutput{}
 
