1
16
17 package authentication
18
19 import (
20 "errors"
21
22 . "github.com/onsi/ginkgo/v2"
23 . "github.com/onsi/gomega"
24
25 authenticationv1 "k8s.io/api/authentication/v1"
26 )
27
28 var _ = Describe("Authentication Webhook Response Helpers", func() {
29 Describe("Authenticated", func() {
30 It("should return an 'allowed' response", func() {
31 Expect(Authenticated("", authenticationv1.UserInfo{})).To(Equal(
32 Response{
33 TokenReview: authenticationv1.TokenReview{
34 Status: authenticationv1.TokenReviewStatus{
35 Authenticated: true,
36 User: authenticationv1.UserInfo{},
37 },
38 },
39 },
40 ))
41 })
42
43 It("should populate a status with a reason when a reason is given", func() {
44 Expect(Authenticated("acceptable", authenticationv1.UserInfo{})).To(Equal(
45 Response{
46 TokenReview: authenticationv1.TokenReview{
47 Status: authenticationv1.TokenReviewStatus{
48 Authenticated: true,
49 User: authenticationv1.UserInfo{},
50 Error: "acceptable",
51 },
52 },
53 },
54 ))
55 })
56 })
57
58 Describe("Unauthenticated", func() {
59 It("should return a 'not allowed' response", func() {
60 Expect(Unauthenticated("", authenticationv1.UserInfo{})).To(Equal(
61 Response{
62 TokenReview: authenticationv1.TokenReview{
63 Status: authenticationv1.TokenReviewStatus{
64 Authenticated: false,
65 User: authenticationv1.UserInfo{},
66 Error: "",
67 },
68 },
69 },
70 ))
71 })
72
73 It("should populate a status with a reason when a reason is given", func() {
74 Expect(Unauthenticated("UNACCEPTABLE!", authenticationv1.UserInfo{})).To(Equal(
75 Response{
76 TokenReview: authenticationv1.TokenReview{
77 Status: authenticationv1.TokenReviewStatus{
78 Authenticated: false,
79 User: authenticationv1.UserInfo{},
80 Error: "UNACCEPTABLE!",
81 },
82 },
83 },
84 ))
85 })
86 })
87
88 Describe("Errored", func() {
89 It("should return a unauthenticated response with an error", func() {
90 err := errors.New("this is an error")
91 expected := Response{
92 TokenReview: authenticationv1.TokenReview{
93 Status: authenticationv1.TokenReviewStatus{
94 Authenticated: false,
95 User: authenticationv1.UserInfo{},
96 Error: err.Error(),
97 },
98 },
99 }
100 resp := Errored(err)
101 Expect(resp).To(Equal(expected))
102 })
103 })
104
105 Describe("ReviewResponse", func() {
106 It("should populate a status with a Error when a reason is given", func() {
107 By("checking that a message is populated for 'allowed' responses")
108 Expect(ReviewResponse(true, authenticationv1.UserInfo{}, "acceptable")).To(Equal(
109 Response{
110 TokenReview: authenticationv1.TokenReview{
111 Status: authenticationv1.TokenReviewStatus{
112 Authenticated: true,
113 User: authenticationv1.UserInfo{},
114 Error: "acceptable",
115 },
116 },
117 },
118 ))
119
120 By("checking that a message is populated for 'Unauthenticated' responses")
121 Expect(ReviewResponse(false, authenticationv1.UserInfo{}, "UNACCEPTABLE!")).To(Equal(
122 Response{
123 TokenReview: authenticationv1.TokenReview{
124 Status: authenticationv1.TokenReviewStatus{
125 Authenticated: false,
126 User: authenticationv1.UserInfo{},
127 Error: "UNACCEPTABLE!",
128 },
129 },
130 },
131 ))
132 })
133
134 It("should return an authentication decision", func() {
135 By("checking that it returns an 'allowed' response when allowed is true")
136 Expect(ReviewResponse(true, authenticationv1.UserInfo{}, "")).To(Equal(
137 Response{
138 TokenReview: authenticationv1.TokenReview{
139 Status: authenticationv1.TokenReviewStatus{
140 Authenticated: true,
141 User: authenticationv1.UserInfo{},
142 },
143 },
144 },
145 ))
146
147 By("checking that it returns an 'Unauthenticated' response when allowed is false")
148 Expect(ReviewResponse(false, authenticationv1.UserInfo{}, "")).To(Equal(
149 Response{
150 TokenReview: authenticationv1.TokenReview{
151 Status: authenticationv1.TokenReviewStatus{
152 Authenticated: false,
153 User: authenticationv1.UserInfo{},
154 },
155 },
156 },
157 ))
158 })
159 })
160 })
161
View as plain text