...
1
16
17 package authentication
18
19 import (
20 "context"
21
22 . "github.com/onsi/ginkgo/v2"
23 . "github.com/onsi/gomega"
24
25 authenticationv1 "k8s.io/api/authentication/v1"
26 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
27 machinerytypes "k8s.io/apimachinery/pkg/types"
28 )
29
30 var _ = Describe("Authentication Webhooks", func() {
31 allowHandler := func() *Webhook {
32 handler := &fakeHandler{
33 fn: func(ctx context.Context, req Request) Response {
34 return Response{
35 TokenReview: authenticationv1.TokenReview{
36 Status: authenticationv1.TokenReviewStatus{
37 Authenticated: true,
38 },
39 },
40 }
41 },
42 }
43 webhook := &Webhook{
44 Handler: handler,
45 }
46
47 return webhook
48 }
49
50 It("should invoke the handler to get a response", func() {
51 By("setting up a webhook with an allow handler")
52 webhook := allowHandler()
53
54 By("invoking the webhook")
55 resp := webhook.Handle(context.Background(), Request{})
56
57 By("checking that it allowed the request")
58 Expect(resp.Status.Authenticated).To(BeTrue())
59 })
60
61 It("should ensure that the response's UID is set to the request's UID", func() {
62 By("setting up a webhook")
63 webhook := allowHandler()
64
65 By("invoking the webhook")
66 resp := webhook.Handle(context.Background(), Request{TokenReview: authenticationv1.TokenReview{ObjectMeta: metav1.ObjectMeta{UID: "foobar"}}})
67
68 By("checking that the response share's the request's UID")
69 Expect(resp.UID).To(Equal(machinerytypes.UID("foobar")))
70 })
71
72 It("should populate the status on a response if one is not provided", func() {
73 By("setting up a webhook")
74 webhook := allowHandler()
75
76 By("invoking the webhook")
77 resp := webhook.Handle(context.Background(), Request{})
78
79 By("checking that the response share's the request's UID")
80 Expect(resp.Status).To(Equal(authenticationv1.TokenReviewStatus{Authenticated: true}))
81 })
82
83 It("shouldn't overwrite the status on a response", func() {
84 By("setting up a webhook that sets a status")
85 webhook := &Webhook{
86 Handler: HandlerFunc(func(ctx context.Context, req Request) Response {
87 return Response{
88 TokenReview: authenticationv1.TokenReview{
89 Status: authenticationv1.TokenReviewStatus{
90 Authenticated: true,
91 Error: "Ground Control to Major Tom",
92 },
93 },
94 }
95 }),
96 }
97
98 By("invoking the webhook")
99 resp := webhook.Handle(context.Background(), Request{})
100
101 By("checking that the message is intact")
102 Expect(resp.Status).NotTo(BeNil())
103 Expect(resp.Status.Authenticated).To(BeTrue())
104 Expect(resp.Status.Error).To(Equal("Ground Control to Major Tom"))
105 })
106 })
107
View as plain text