mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
add unit test
This commit is contained in:
Shuting Zhao
parent
55f243b55b
commit
b99293018e
2 changed files with 62 additions and 2 deletions
|
|
@ -169,14 +169,14 @@ func validateRoles(roles []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// a namespace should be set in kind ServiceAccount / Role of a subject
|
||||
// a namespace should be set in kind ServiceAccount of a subject
|
||||
func validateSubjects(subjects []rbacv1.Subject) error {
|
||||
if len(subjects) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
for _, subject := range subjects {
|
||||
if subject.Kind == "ServiceAccount" || subject.Kind == "Role" {
|
||||
if subject.Kind == "ServiceAccount" {
|
||||
if subject.Namespace == "" {
|
||||
return fmt.Errorf("role %s in subject expects a namespace", subject.Name)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1120,3 +1120,63 @@ func Test_Validate_ErrorFormat(t *testing.T) {
|
|||
err = Validate(policy)
|
||||
assert.Assert(t, err != nil)
|
||||
}
|
||||
|
||||
func Test_Validate_EmptyUserInfo(t *testing.T) {
|
||||
rawRule := []byte(`
|
||||
{
|
||||
"name": "test",
|
||||
"match": {
|
||||
"subjects": null
|
||||
}
|
||||
}`)
|
||||
|
||||
var rule kyverno.Rule
|
||||
err := json.Unmarshal(rawRule, &rule)
|
||||
assert.NilError(t, err)
|
||||
|
||||
_, errNew := validateUserInfo(rule)
|
||||
assert.NilError(t, errNew)
|
||||
}
|
||||
|
||||
func Test_Validate_Roles(t *testing.T) {
|
||||
rawRule := []byte(`{
|
||||
"name": "test",
|
||||
"match": {
|
||||
"roles": [
|
||||
"namespace1:name1",
|
||||
"name2"
|
||||
]
|
||||
}
|
||||
}`)
|
||||
|
||||
var rule kyverno.Rule
|
||||
err := json.Unmarshal(rawRule, &rule)
|
||||
assert.NilError(t, err)
|
||||
|
||||
path, err := validateUserInfo(rule)
|
||||
assert.Assert(t, err != nil)
|
||||
assert.Assert(t, path == "match.roles")
|
||||
}
|
||||
|
||||
func Test_Validate_ServiceAccount(t *testing.T) {
|
||||
rawRule := []byte(`
|
||||
{
|
||||
"name": "test",
|
||||
"exclude": {
|
||||
"subjects": [
|
||||
{
|
||||
"kind": "ServiceAccount",
|
||||
"name": "testname"
|
||||
}
|
||||
]
|
||||
}
|
||||
}`)
|
||||
|
||||
var rule kyverno.Rule
|
||||
err := json.Unmarshal(rawRule, &rule)
|
||||
assert.NilError(t, err)
|
||||
|
||||
path, err := validateUserInfo(rule)
|
||||
assert.Assert(t, err != nil)
|
||||
assert.Assert(t, path == "exclude.subjects")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue