1 // Copyright 2022 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package testiam 16 17 import "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/resourcefixture" 18 19 func ShouldRunWithNoProjectKind(fixture resourcefixture.ResourceFixture) bool { 20 // A temporary should run function to skip testing kind project as it requires dynamically associating Billing Account 21 switch fixture.GVK.Kind { 22 case "Project": 23 return false 24 default: 25 return true 26 } 27 } 28 29 func ShouldRunWithExternalRef(fixture resourcefixture.ResourceFixture) bool { 30 // We only need to test the case of "IAMPolicy (or IAMPolicyMember) having 31 // an external reference" for a few resources. We could test both cases 32 // (IAMPolicy with regular reference and IAMPolicy with external reference) 33 // for all resources that can be referenced by IAMPolicy, but this is very 34 // expensive and not really necessary. 35 // 36 // Note: only resources with user-specified IDs are supported since 37 // NewExternalRef() cannot generate external references to resources with 38 // server-generated IDs (e.g. Folder). 39 switch fixture.GVK.Kind { 40 case "PubSubTopic", // Basic resource with no dependencies 41 "SpannerDatabase": // Resource whose IAMPolicy/IAMPolicyMember spec must contain info about a dependency (name of the SpannerInstance) 42 return true 43 default: 44 return false 45 } 46 } 47 48 func ShouldRunWithIAMConditions(fixture resourcefixture.ResourceFixture) bool { 49 // We only need to test the case of "IAMPolicy (or IAMPolicyMember) with 50 // IAM condition" for a few resources. We could test IAM conditions for all 51 // resourcs that support conditions, but this is very expensive and not 52 // really necessary. 53 switch fixture.GVK.Kind { 54 case "KMSKeyRing": // Basic resource that supports IAM conditions 55 return true 56 default: 57 return false 58 } 59 } 60 61 func ShouldRunWithAuditConfigs(fixture resourcefixture.ResourceFixture) bool { 62 // Only the following resources support IAM audit configs in KCC currently 63 switch fixture.GVK.Kind { 64 case "Folder": 65 return true 66 default: 67 return false 68 } 69 } 70 71 func ShouldRunDeleteParentFirst(fixture resourcefixture.ResourceFixture) bool { 72 // Only the following resource(s) will be used for deletion ordering tests 73 return fixture.GVK.Kind == "PubSubTopic" 74 } 75 76 func ShouldRunAcquire(fixture resourcefixture.ResourceFixture) bool { 77 // Only the following resource(s) will be used for IAM resource acquisition tests 78 return fixture.GVK.Kind == "PubSubTopic" 79 } 80 81 func ShouldRunWithTFResourcesOnly(fixture resourcefixture.ResourceFixture) bool { 82 switch fixture.GVK.Kind { 83 case "BigtableInstance", "KMSKeyRing", "Folder", 84 "PubSubTopic", "PubSubSubscription", "SpannerInstance", "StorageBucket", "IAMServiceAccount": 85 return true 86 default: 87 return false 88 } 89 } 90