1 package iam
2
3 import (
4 "fmt"
5 "testing"
6
7 "github.com/stretchr/testify/assert"
8 )
9
10 func TestAccountIDValidation(t *testing.T) {
11 valid := []string{
12 "my-random-kcc-resource",
13 "j1938sa-gke-connect",
14 "a123456789101112jelsqweroasi",
15 "cnrm-system",
16 "foodoo",
17 }
18
19 for _, validID := range valid {
20 if ok := ValidAccountID(validID); !ok {
21 t.Errorf("\nExpected %s to be valid\n", validID)
22 }
23 }
24
25 invalid := []string{
26 "2foo-fun-times",
27 "this-has-bad--dashes",
28 "this-one-is-a-good-name-but-its-too-long",
29 "short",
30 }
31
32 for _, invalidID := range invalid {
33 if ok := ValidAccountID(invalidID); ok {
34 t.Errorf("\nExpected %s to be invalid\n", invalidID)
35 }
36 }
37 }
38
39 func TestWorkloadIdentity(t *testing.T) {
40 s := WorkloadIdentitySvcAccount("ret-edge-dev-infra", "edge-system", "edge-agent")
41 assert.Equal(t, s, fmt.Sprintf("%s.svc.id.goog[%s/%s]", "ret-edge-dev-infra", "edge-system", "edge-agent"))
42 }
43
44 func TestUserMember(t *testing.T) {
45 s := UserMember("swim@ncr.com")
46 assert.Equal(t, s, fmt.Sprintf("user:%s", "swim@ncr.com"))
47 }
48
49 func TestSvcAccountMember(t *testing.T) {
50 s := SvcAccountMember("cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com")
51 assert.Equal(t, s, fmt.Sprintf("serviceAccount:%s", "cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com"))
52 }
53
54 func TestLoggingServiceAccount(t *testing.T) {
55 projectNum := "113538564660"
56 s := LoggingServiceAccountMember(projectNum)
57 assert.Equal(t, s, fmt.Sprintf("serviceAccount:service-%s@gcp-sa-logging.iam.gserviceaccount.com", projectNum))
58 }
59
View as plain text