...

Source file src/sigs.k8s.io/controller-runtime/pkg/webhook/authentication/response_test.go

Documentation: sigs.k8s.io/controller-runtime/pkg/webhook/authentication

     1  /*
     2  Copyright 2021 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8     http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package authentication
    18  
    19  import (
    20  	"errors"
    21  
    22  	. "github.com/onsi/ginkgo/v2"
    23  	. "github.com/onsi/gomega"
    24  
    25  	authenticationv1 "k8s.io/api/authentication/v1"
    26  )
    27  
    28  var _ = Describe("Authentication Webhook Response Helpers", func() {
    29  	Describe("Authenticated", func() {
    30  		It("should return an 'allowed' response", func() {
    31  			Expect(Authenticated("", authenticationv1.UserInfo{})).To(Equal(
    32  				Response{
    33  					TokenReview: authenticationv1.TokenReview{
    34  						Status: authenticationv1.TokenReviewStatus{
    35  							Authenticated: true,
    36  							User:          authenticationv1.UserInfo{},
    37  						},
    38  					},
    39  				},
    40  			))
    41  		})
    42  
    43  		It("should populate a status with a reason when a reason is given", func() {
    44  			Expect(Authenticated("acceptable", authenticationv1.UserInfo{})).To(Equal(
    45  				Response{
    46  					TokenReview: authenticationv1.TokenReview{
    47  						Status: authenticationv1.TokenReviewStatus{
    48  							Authenticated: true,
    49  							User:          authenticationv1.UserInfo{},
    50  							Error:         "acceptable",
    51  						},
    52  					},
    53  				},
    54  			))
    55  		})
    56  	})
    57  
    58  	Describe("Unauthenticated", func() {
    59  		It("should return a 'not allowed' response", func() {
    60  			Expect(Unauthenticated("", authenticationv1.UserInfo{})).To(Equal(
    61  				Response{
    62  					TokenReview: authenticationv1.TokenReview{
    63  						Status: authenticationv1.TokenReviewStatus{
    64  							Authenticated: false,
    65  							User:          authenticationv1.UserInfo{},
    66  							Error:         "",
    67  						},
    68  					},
    69  				},
    70  			))
    71  		})
    72  
    73  		It("should populate a status with a reason when a reason is given", func() {
    74  			Expect(Unauthenticated("UNACCEPTABLE!", authenticationv1.UserInfo{})).To(Equal(
    75  				Response{
    76  					TokenReview: authenticationv1.TokenReview{
    77  						Status: authenticationv1.TokenReviewStatus{
    78  							Authenticated: false,
    79  							User:          authenticationv1.UserInfo{},
    80  							Error:         "UNACCEPTABLE!",
    81  						},
    82  					},
    83  				},
    84  			))
    85  		})
    86  	})
    87  
    88  	Describe("Errored", func() {
    89  		It("should return a unauthenticated response with an error", func() {
    90  			err := errors.New("this is an error")
    91  			expected := Response{
    92  				TokenReview: authenticationv1.TokenReview{
    93  					Status: authenticationv1.TokenReviewStatus{
    94  						Authenticated: false,
    95  						User:          authenticationv1.UserInfo{},
    96  						Error:         err.Error(),
    97  					},
    98  				},
    99  			}
   100  			resp := Errored(err)
   101  			Expect(resp).To(Equal(expected))
   102  		})
   103  	})
   104  
   105  	Describe("ReviewResponse", func() {
   106  		It("should populate a status with a Error when a reason is given", func() {
   107  			By("checking that a message is populated for 'allowed' responses")
   108  			Expect(ReviewResponse(true, authenticationv1.UserInfo{}, "acceptable")).To(Equal(
   109  				Response{
   110  					TokenReview: authenticationv1.TokenReview{
   111  						Status: authenticationv1.TokenReviewStatus{
   112  							Authenticated: true,
   113  							User:          authenticationv1.UserInfo{},
   114  							Error:         "acceptable",
   115  						},
   116  					},
   117  				},
   118  			))
   119  
   120  			By("checking that a message is populated for 'Unauthenticated' responses")
   121  			Expect(ReviewResponse(false, authenticationv1.UserInfo{}, "UNACCEPTABLE!")).To(Equal(
   122  				Response{
   123  					TokenReview: authenticationv1.TokenReview{
   124  						Status: authenticationv1.TokenReviewStatus{
   125  							Authenticated: false,
   126  							User:          authenticationv1.UserInfo{},
   127  							Error:         "UNACCEPTABLE!",
   128  						},
   129  					},
   130  				},
   131  			))
   132  		})
   133  
   134  		It("should return an authentication decision", func() {
   135  			By("checking that it returns an 'allowed' response when allowed is true")
   136  			Expect(ReviewResponse(true, authenticationv1.UserInfo{}, "")).To(Equal(
   137  				Response{
   138  					TokenReview: authenticationv1.TokenReview{
   139  						Status: authenticationv1.TokenReviewStatus{
   140  							Authenticated: true,
   141  							User:          authenticationv1.UserInfo{},
   142  						},
   143  					},
   144  				},
   145  			))
   146  
   147  			By("checking that it returns an 'Unauthenticated' response when allowed is false")
   148  			Expect(ReviewResponse(false, authenticationv1.UserInfo{}, "")).To(Equal(
   149  				Response{
   150  					TokenReview: authenticationv1.TokenReview{
   151  						Status: authenticationv1.TokenReviewStatus{
   152  							Authenticated: false,
   153  							User:          authenticationv1.UserInfo{},
   154  						},
   155  					},
   156  				},
   157  			))
   158  		})
   159  	})
   160  })
   161  

View as plain text