2019-12-31 01:08:50 +00:00
|
|
|
package context
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"reflect"
|
|
|
|
|
"testing"
|
|
|
|
|
|
2022-04-25 12:20:40 +00:00
|
|
|
urkyverno "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
2023-04-13 11:29:40 +00:00
|
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
|
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
2019-12-31 01:08:50 +00:00
|
|
|
authenticationv1 "k8s.io/api/authentication/v1"
|
|
|
|
|
)
|
|
|
|
|
|
2023-04-13 11:29:40 +00:00
|
|
|
var jp = jmespath.New(config.NewDefaultConfiguration(false))
|
|
|
|
|
|
2019-12-31 01:08:50 +00:00
|
|
|
func Test_addResourceAndUserContext(t *testing.T) {
|
2020-01-24 17:37:12 +00:00
|
|
|
var err error
|
2019-12-31 01:08:50 +00:00
|
|
|
rawResource := []byte(`
|
|
|
|
|
{
|
|
|
|
|
"apiVersion": "v1",
|
|
|
|
|
"kind": "Pod",
|
|
|
|
|
"metadata": {
|
|
|
|
|
"name": "image-with-hostpath",
|
|
|
|
|
"labels": {
|
|
|
|
|
"app.type": "prod",
|
|
|
|
|
"namespace": "my-namespace"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"spec": {
|
|
|
|
|
"containers": [
|
|
|
|
|
{
|
|
|
|
|
"name": "image-with-hostpath",
|
|
|
|
|
"image": "docker.io/nautiker/curl",
|
|
|
|
|
"volumeMounts": [
|
|
|
|
|
{
|
|
|
|
|
"name": "var-lib-etcd",
|
|
|
|
|
"mountPath": "/var/lib"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"volumes": [
|
|
|
|
|
{
|
|
|
|
|
"name": "var-lib-etcd",
|
|
|
|
|
"emptyDir": {}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
`)
|
|
|
|
|
|
|
|
|
|
userInfo := authenticationv1.UserInfo{
|
2020-01-07 23:13:57 +00:00
|
|
|
Username: "system:serviceaccount:nirmata:user1",
|
2019-12-31 01:08:50 +00:00
|
|
|
UID: "014fbff9a07c",
|
|
|
|
|
}
|
2022-04-25 12:20:40 +00:00
|
|
|
userRequestInfo := urkyverno.RequestInfo{
|
2020-01-07 18:33:28 +00:00
|
|
|
Roles: nil,
|
|
|
|
|
ClusterRoles: nil,
|
2022-12-12 15:20:20 +00:00
|
|
|
AdmissionUserInfo: userInfo,
|
|
|
|
|
}
|
2019-12-31 01:08:50 +00:00
|
|
|
|
|
|
|
|
var expectedResult string
|
2023-04-13 11:29:40 +00:00
|
|
|
ctx := NewContext(jp)
|
2022-04-09 11:52:50 +00:00
|
|
|
err = AddResource(ctx, rawResource)
|
2020-01-24 17:37:12 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2019-12-31 01:08:50 +00:00
|
|
|
result, err := ctx.Query("request.object.apiVersion")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
|
|
|
|
expectedResult = "v1"
|
|
|
|
|
t.Log(result)
|
|
|
|
|
if !reflect.DeepEqual(expectedResult, result) {
|
|
|
|
|
t.Error("exected result does not match")
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-24 17:37:12 +00:00
|
|
|
err = ctx.AddUserInfo(userRequestInfo)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2019-12-31 01:08:50 +00:00
|
|
|
result, err = ctx.Query("request.object.apiVersion")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
|
|
|
|
expectedResult = "v1"
|
|
|
|
|
t.Log(result)
|
|
|
|
|
if !reflect.DeepEqual(expectedResult, result) {
|
|
|
|
|
t.Error("exected result does not match")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result, err = ctx.Query("request.userInfo.username")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2020-01-07 23:13:57 +00:00
|
|
|
expectedResult = "system:serviceaccount:nirmata:user1"
|
|
|
|
|
t.Log(result)
|
|
|
|
|
if !reflect.DeepEqual(expectedResult, result) {
|
|
|
|
|
t.Error("exected result does not match")
|
|
|
|
|
}
|
|
|
|
|
// Add service account Name
|
2020-12-23 23:10:07 +00:00
|
|
|
err = ctx.AddServiceAccount(userRequestInfo.AdmissionUserInfo.Username)
|
2020-01-24 17:37:12 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2020-01-07 23:13:57 +00:00
|
|
|
result, err = ctx.Query("serviceAccountName")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
|
|
|
|
expectedResult = "user1"
|
|
|
|
|
t.Log(result)
|
|
|
|
|
if !reflect.DeepEqual(expectedResult, result) {
|
|
|
|
|
t.Error("exected result does not match")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add service account Namespace
|
|
|
|
|
result, err = ctx.Query("serviceAccountNamespace")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
|
|
|
|
expectedResult = "nirmata"
|
2019-12-31 01:08:50 +00:00
|
|
|
t.Log(result)
|
|
|
|
|
if !reflect.DeepEqual(expectedResult, result) {
|
2021-09-26 09:12:31 +00:00
|
|
|
t.Error("expected result does not match")
|
2019-12-31 01:08:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
