package iam import ( "fmt" "testing" "github.com/stretchr/testify/assert" ) func TestAccountIDValidation(t *testing.T) { valid := []string{ "my-random-kcc-resource", // generic kebab case name "j1938sa-gke-connect", // similar to hashed resource names created by controllers/talaria "a123456789101112jelsqweroasi", // max-length "cnrm-system", "foodoo", // min-length } for _, validID := range valid { if ok := ValidAccountID(validID); !ok { t.Errorf("\nExpected %s to be valid\n", validID) } } invalid := []string{ "2foo-fun-times", "this-has-bad--dashes", "this-one-is-a-good-name-but-its-too-long", "short", } for _, invalidID := range invalid { if ok := ValidAccountID(invalidID); ok { t.Errorf("\nExpected %s to be invalid\n", invalidID) } } } func TestWorkloadIdentity(t *testing.T) { s := WorkloadIdentitySvcAccount("ret-edge-dev-infra", "edge-system", "edge-agent") assert.Equal(t, s, fmt.Sprintf("%s.svc.id.goog[%s/%s]", "ret-edge-dev-infra", "edge-system", "edge-agent")) } func TestUserMember(t *testing.T) { s := UserMember("swim@ncr.com") assert.Equal(t, s, fmt.Sprintf("user:%s", "swim@ncr.com")) } func TestSvcAccountMember(t *testing.T) { s := SvcAccountMember("cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com") assert.Equal(t, s, fmt.Sprintf("serviceAccount:%s", "cnrm-system@ret-edge-dev-infra.iam.gserviceaccount.com")) } func TestLoggingServiceAccount(t *testing.T) { projectNum := "113538564660" s := LoggingServiceAccountMember(projectNum) assert.Equal(t, s, fmt.Sprintf("serviceAccount:service-%s@gcp-sa-logging.iam.gserviceaccount.com", projectNum)) }