1 package info_test
2
3 import (
4 "context"
5 "fmt"
6 "os"
7 "testing"
8
9 "github.com/stretchr/testify/require"
10 corev1 "k8s.io/api/core/v1"
11 "k8s.io/apimachinery/pkg/api/errors"
12 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 "k8s.io/apimachinery/pkg/runtime"
14 "k8s.io/apimachinery/pkg/types"
15 "k8s.io/client-go/rest"
16 "sigs.k8s.io/controller-runtime/pkg/client"
17
18 utilruntime "k8s.io/apimachinery/pkg/util/runtime"
19 clientgoscheme "k8s.io/client-go/kubernetes/scheme"
20
21 edgeinfo "edge-infra.dev/config/components/info"
22 "edge-infra.dev/pkg/edge/info"
23 "edge-infra.dev/pkg/k8s/rbac"
24 "edge-infra.dev/pkg/k8s/runtime/sap"
25 "edge-infra.dev/test/f2"
26 "edge-infra.dev/test/f2/x/ktest"
27 )
28
29 var f f2.Framework
30
31 func TestMain(m *testing.M) {
32 f = f2.New(
33 context.Background(),
34 f2.WithExtensions(
35 ktest.New(ktest.WithScheme(createScheme())),
36 )).Teardown()
37 os.Exit(f.Run(m))
38 }
39
40 func TestEdgeInfoConfigMap(t *testing.T) {
41 var (
42 unauthorized client.Client
43 err error
44 )
45
46 feature := f2.NewFeature("Edge Info Configmap").
47 Setup("initialize unauthorized client and apply configmap", func(ctx f2.Context, t *testing.T) f2.Context {
48 k := ktest.FromContextT(ctx, t)
49 ucfg := rest.CopyConfig(k.Env.Config)
50 ucfg.Impersonate = rest.ImpersonationConfig{
51 Groups: []string{rbac.AllAuthenticated},
52 UserName: fmt.Sprintf("system:serviceaccount:%s:default", k.Namespace),
53 }
54 unauthorized, err = client.New(ucfg, client.Options{})
55 require.NoError(t, err)
56 rbac, err := edgeinfo.RBAC()
57 require.NoError(t, err)
58 mgr, err := sap.NewResourceManagerFromConfig(
59 k.Env.Config,
60 client.Options{},
61 sap.Owner{Field: "edge-framework-edge-info", Group: "edge-framework"},
62 )
63 require.NoError(t, err)
64 _, err = mgr.ApplyAll(ctx, rbac, sap.ApplyOptions{WaitTimeout: k.Env.Config.Timeout})
65 require.NoError(t, err)
66 err = k.Client.Create(ctx, emptyMap())
67 require.NoError(t, err)
68 return ctx
69 }).
70 Test("test RBAC Read", func(ctx f2.Context, t *testing.T) f2.Context {
71 err := unauthorized.Get(ctx, configMapKey(), &corev1.ConfigMap{})
72 require.NoError(t, err)
73 return ctx
74 }).
75 Test("test RBAC Create", func(ctx f2.Context, t *testing.T) f2.Context {
76 badGuyMap := badGuyMap()
77 err := unauthorized.Create(ctx, badGuyMap)
78 require.Error(t, err)
79 require.True(t, errors.IsForbidden(err))
80 return ctx
81 }).
82 Test("test RBAC Update", func(ctx f2.Context, t *testing.T) f2.Context {
83 badGuyMap := badGuyMap()
84 err := unauthorized.Update(ctx, badGuyMap)
85 require.Error(t, err)
86 require.True(t, errors.IsForbidden(err))
87 return ctx
88 }).
89 Test("test RBAC Delete", func(ctx f2.Context, t *testing.T) f2.Context {
90 err := unauthorized.Delete(ctx, emptyMap())
91 require.Error(t, err)
92 require.True(t, errors.IsForbidden(err))
93 return ctx
94 }).Feature()
95 f.Test(t, feature)
96 }
97
98 func createScheme() *runtime.Scheme {
99 scheme := runtime.NewScheme()
100 utilruntime.Must(clientgoscheme.AddToScheme(scheme))
101 return scheme
102 }
103
104
105
106
107 func configMapKey() types.NamespacedName {
108 return types.NamespacedName{
109 Name: info.EdgeConfigMapName,
110 Namespace: info.EdgeConfigMapNS,
111 }
112 }
113
114 func badGuyMap() *corev1.ConfigMap {
115 cm := emptyMap()
116 cm.Data = map[string]string{
117 "foo": "fighter",
118 }
119
120 return cm
121 }
122
123
124 func emptyMap() *corev1.ConfigMap {
125 return &corev1.ConfigMap{
126 ObjectMeta: metav1.ObjectMeta{
127 Name: info.EdgeConfigMapName, Namespace: info.EdgeConfigMapNS,
128 },
129 Data: map[string]string{},
130 }
131 }
132
View as plain text