...

Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/iam/resource.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/iam 

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package testiam
    16  
    17  import (
    18  	"fmt"
    19  	"testing"
    20  
    21  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/iam/v1beta1"
    22  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/extension"
    23  	dclmetadata "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/metadata"
    24  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/schema/dclschemaloader"
    25  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s"
    26  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/krmtotf"
    27  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/servicemapping/servicemappingloader"
    28  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test"
    29  	testcontroller "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/controller"
    30  	testgcp "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/gcp"
    31  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/resourcefixture"
    32  
    33  	tfschema "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
    34  	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
    35  )
    36  
    37  func NewResourceRef(refResource *unstructured.Unstructured) v1beta1.ResourceReference {
    38  	return v1beta1.ResourceReference{
    39  		Kind:       refResource.GetKind(),
    40  		APIVersion: refResource.GetAPIVersion(),
    41  		Name:       refResource.GetName(),
    42  	}
    43  }
    44  
    45  func NewExternalRef(refResource *unstructured.Unstructured, provider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader) (v1beta1.ResourceReference, error) {
    46  	gvk := refResource.GroupVersionKind()
    47  	sm, err := smLoader.GetServiceMapping(gvk.Group)
    48  	if err != nil {
    49  		return v1beta1.ResourceReference{}, err
    50  	}
    51  	r, err := krmtotf.NewResource(refResource, sm, provider)
    52  	if err != nil {
    53  		return v1beta1.ResourceReference{}, err
    54  	}
    55  	var id string
    56  	// TODO(kcc-eng): As import ID resolution is dependent on the API server,
    57  	//  for resources that require resolution from references, we cannot
    58  	//  call r.GetImportID before those resources exist in etcd. For now,
    59  	//  for SpannerDatabase, manually set its external reference. We should
    60  	//  restructure this such that either the references already exist
    61  	//  before this point, or external IDs are manually supplied.
    62  	if refResource.GetKind() == "SpannerDatabase" {
    63  		project, ok := k8s.GetAnnotation(k8s.ProjectIDAnnotation, refResource)
    64  		if !ok {
    65  			return v1beta1.ResourceReference{}, fmt.Errorf("referenced resource does not have the annotation %v", k8s.ProjectIDAnnotation)
    66  		}
    67  		instance, ok, err := unstructured.NestedString(refResource.Object, "spec", "instanceRef", "name")
    68  		if err != nil || !ok {
    69  			return v1beta1.ResourceReference{}, fmt.Errorf("error getting instance reference for SpannerDatabase")
    70  		}
    71  		id = fmt.Sprintf("projects/%v/instances/%v/databases/%v", project, instance, r.GetName())
    72  	} else {
    73  		id, err = r.GetImportID(nil, smLoader)
    74  		if err != nil {
    75  			return v1beta1.ResourceReference{}, err
    76  		}
    77  	}
    78  	return v1beta1.ResourceReference{
    79  		Kind:       refResource.GetKind(),
    80  		APIVersion: refResource.GetAPIVersion(),
    81  		External:   id,
    82  	}, nil
    83  }
    84  
    85  func FixtureSupportsIAMAuditConfigs(t *testing.T, smLoader *servicemappingloader.ServiceMappingLoader, serviceMetadataLoader dclmetadata.ServiceMetadataLoader, fixture resourcefixture.ResourceFixture) bool {
    86  	t.Helper()
    87  	// IAM support is not implemented for DCL based resources
    88  	if dclmetadata.IsDCLBasedResourceKind(fixture.GVK, serviceMetadataLoader) {
    89  		return false
    90  	}
    91  	project := testgcp.GCPProject{
    92  		ProjectID:     "project-name",
    93  		ProjectNumber: 1234,
    94  	}
    95  	ns := project.ProjectID
    96  	unstruct := test.ToUnstructWithNamespace(t,
    97  		testcontroller.ReplaceTestVars(t, fixture.Create, "testid", project),
    98  		ns)
    99  	rc, err := smLoader.GetResourceConfig(unstruct)
   100  	if err != nil {
   101  		t.Fatalf("error getting service mapping: %v", err)
   102  	}
   103  	if err != nil {
   104  		t.Fatalf("error getting resource config: %v", err)
   105  	}
   106  	return rc.IAMConfig.AuditConfigName != ""
   107  }
   108  
   109  func FixtureSupportsIAMPolicy(t *testing.T, smLoader *servicemappingloader.ServiceMappingLoader,
   110  	serviceMetadataLoader dclmetadata.ServiceMetadataLoader, dclSchemaLoader dclschemaloader.DCLSchemaLoader, fixture resourcefixture.ResourceFixture) bool {
   111  	t.Helper()
   112  	if dclmetadata.IsDCLBasedResourceKind(fixture.GVK, serviceMetadataLoader) {
   113  		dclSchema, err := dclschemaloader.GetDCLSchemaForGVK(fixture.GVK, serviceMetadataLoader, dclSchemaLoader)
   114  		if err != nil {
   115  			t.Fatalf("error getting DCLSchema: %v", err)
   116  		}
   117  		supportsIAM, err := extension.HasIam(dclSchema)
   118  		if err != nil {
   119  			t.Fatalf("error checking if DCLSchema supports IAM: %v", err)
   120  		}
   121  		return supportsIAM
   122  	}
   123  	project := testgcp.GCPProject{
   124  		ProjectID:     "project-name",
   125  		ProjectNumber: 1234,
   126  	}
   127  	ns := project.ProjectID
   128  	unstruct := test.ToUnstructWithNamespace(t,
   129  		testcontroller.ReplaceTestVars(t, fixture.Create, "testid", project),
   130  		ns)
   131  	rc, err := smLoader.GetResourceConfig(unstruct)
   132  	if err != nil {
   133  		t.Fatalf("error getting service mapping: %v", err)
   134  	}
   135  	if err != nil {
   136  		t.Fatalf("error getting resource config: %v", err)
   137  	}
   138  	return rc.IAMConfig.PolicyName != ""
   139  }
   140  

View as plain text