mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-25 23:49:37 -05:00
2d8fcd9bf4
Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
178 lines
3.7 KiB
Go
178 lines
3.7 KiB
Go
package client
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
iampb "google.golang.org/genproto/googleapis/iam/v1"
|
|
"google.golang.org/protobuf/proto"
|
|
)
|
|
|
|
func TestAddIAMPolicyBindings(t *testing.T) {
|
|
someErr := errors.New("someErr")
|
|
|
|
testCases := map[string]struct {
|
|
projectsAPI stubProjectsAPI
|
|
input AddIAMPolicyBindingInput
|
|
errExpected bool
|
|
}{
|
|
"successful set without new bindings": {
|
|
input: AddIAMPolicyBindingInput{
|
|
Bindings: []PolicyBinding{},
|
|
},
|
|
},
|
|
"successful set with bindings": {
|
|
input: AddIAMPolicyBindingInput{
|
|
Bindings: []PolicyBinding{
|
|
{
|
|
ServiceAccount: "service-account",
|
|
Role: "role",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
"retrieving iam policy fails": {
|
|
projectsAPI: stubProjectsAPI{
|
|
getPolicyErr: someErr,
|
|
},
|
|
errExpected: true,
|
|
},
|
|
"setting iam policy fails": {
|
|
projectsAPI: stubProjectsAPI{
|
|
setPolicyErr: someErr,
|
|
},
|
|
errExpected: true,
|
|
},
|
|
}
|
|
|
|
for name, tc := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
assert := assert.New(t)
|
|
|
|
ctx := context.Background()
|
|
client := Client{
|
|
project: "project",
|
|
zone: "zone",
|
|
name: "name",
|
|
uid: "uid",
|
|
projectsAPI: tc.projectsAPI,
|
|
}
|
|
|
|
err := client.addIAMPolicyBindings(ctx, tc.input)
|
|
if tc.errExpected {
|
|
assert.Error(err)
|
|
} else {
|
|
assert.NoError(err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAddIAMPolicy(t *testing.T) {
|
|
testCases := map[string]struct {
|
|
binding PolicyBinding
|
|
policy *iampb.Policy
|
|
errExpected bool
|
|
policyExpected *iampb.Policy
|
|
}{
|
|
"successful on empty policy": {
|
|
binding: PolicyBinding{
|
|
ServiceAccount: "service-account",
|
|
Role: "role",
|
|
},
|
|
policy: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{},
|
|
},
|
|
policyExpected: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "role",
|
|
Members: []string{"serviceAccount:service-account"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
"successful on existing policy with different role": {
|
|
binding: PolicyBinding{
|
|
ServiceAccount: "service-account",
|
|
Role: "role",
|
|
},
|
|
policy: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "other-role",
|
|
Members: []string{"other-member"},
|
|
},
|
|
},
|
|
},
|
|
policyExpected: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "other-role",
|
|
Members: []string{"other-member"},
|
|
},
|
|
{
|
|
Role: "role",
|
|
Members: []string{"serviceAccount:service-account"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
"successful on existing policy with existing role": {
|
|
binding: PolicyBinding{
|
|
ServiceAccount: "service-account",
|
|
Role: "role",
|
|
},
|
|
policy: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "role",
|
|
Members: []string{"other-member"},
|
|
},
|
|
},
|
|
},
|
|
policyExpected: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "role",
|
|
Members: []string{"other-member", "serviceAccount:service-account"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
"already a member": {
|
|
binding: PolicyBinding{
|
|
ServiceAccount: "service-account",
|
|
Role: "role",
|
|
},
|
|
policy: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "role",
|
|
Members: []string{"serviceAccount:service-account"},
|
|
},
|
|
},
|
|
},
|
|
policyExpected: &iampb.Policy{
|
|
Bindings: []*iampb.Binding{
|
|
{
|
|
Role: "role",
|
|
Members: []string{"serviceAccount:service-account"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tc := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
assert := assert.New(t)
|
|
|
|
addIAMPolicy(tc.policy, tc.binding)
|
|
assert.True(proto.Equal(tc.policyExpected, tc.policy))
|
|
})
|
|
}
|
|
}
|