func makeClusterTestStorage() rolebindingregistry.Storage { clusterBindingRegistry := test.NewClusterPolicyBindingRegistry(testNewClusterBindings(), nil) clusterPolicyRegistry := test.NewClusterPolicyRegistry(testNewClusterPolicies(), nil) bindingRegistry := clusterpolicybindingregistry.NewSimulatedRegistry(clusterBindingRegistry) return NewVirtualStorage(bindingRegistry, rulevalidation.NewDefaultRuleResolver(nil, nil, clusterPolicyRegistry, clusterBindingRegistry)) }
func makeTestStorage() rolebindingregistry.Storage { clusterBindingRegistry := test.NewClusterPolicyBindingRegistry(testNewClusterBindings(), nil) bindingRegistry := test.NewPolicyBindingRegistry(testNewLocalBindings(), nil) clusterPolicyRegistry := test.NewClusterPolicyRegistry(testNewClusterPolicies(), nil) policyRegistry := test.NewPolicyRegistry([]authorizationapi.Policy{}, nil) return NewVirtualStorage(policyRegistry, bindingRegistry, clusterPolicyRegistry, clusterBindingRegistry) }
func makeTestStorage() rolebindingregistry.Storage { clusterBindingRegistry := test.NewClusterPolicyBindingRegistry(testNewClusterBindings(), nil) bindingRegistry := test.NewPolicyBindingRegistry(testNewLocalBindings(), nil) clusterPolicyRegistry := test.NewClusterPolicyRegistry(testNewClusterPolicies(), nil) policyRegistry := test.NewPolicyRegistry([]authorizationapi.Policy{}, nil) return NewVirtualStorage(bindingRegistry, rulevalidation.NewDefaultRuleResolver(policyRegistry, bindingRegistry, clusterPolicyRegistry, clusterBindingRegistry), nil, authorizationapi.Resource("rolebinding")) }
func beforeTestingSetup_readonlyclusterpolicybindingcache() (testCache readOnlyClusterPolicyBindingCache, cacheChannel, testChannel chan struct{}) { cacheChannel = make(chan struct{}) testRegistry := testregistry.NewClusterPolicyBindingRegistry(testClusterPolicyBindings, nil) testCache = NewReadOnlyClusterPolicyBindingCache(testRegistry) testCache.RunUntil(cacheChannel) testChannel = make(chan struct{}) return }
func (test *subjectsTest) test(t *testing.T) { policyRegistry := testpolicyregistry.NewPolicyRegistry(test.policies, test.policyRetrievalError) policyBindingRegistry := testpolicyregistry.NewPolicyBindingRegistry(test.bindings, test.bindingRetrievalError) clusterPolicyRegistry := testpolicyregistry.NewClusterPolicyRegistry(test.clusterPolicies, test.policyRetrievalError) clusterPolicyBindingRegistry := testpolicyregistry.NewClusterPolicyBindingRegistry(test.clusterBindings, test.bindingRetrievalError) authorizer := NewAuthorizer(rulevalidation.NewDefaultRuleResolver(policyRegistry, policyBindingRegistry, clusterPolicyRegistry, clusterPolicyBindingRegistry), NewForbiddenMessageResolver("")) actualUsers, actualGroups, actualError := authorizer.GetAllowedSubjects(test.context, *test.attributes) matchStringSlice(test.expectedUsers.List(), actualUsers.List(), "users", t) matchStringSlice(test.expectedGroups.List(), actualGroups.List(), "groups", t) matchError(test.expectedError, actualError, "error", t) }
func beforeTestingSetup_readonlycache() (testClient client.ReadOnlyPolicyClient, policyStopChannel, bindingStopChannel, testChannel chan struct{}) { policyStopChannel = make(chan struct{}) bindingStopChannel = make(chan struct{}) testChannel = make(chan struct{}) policyRegistry := testregistry.NewPolicyRegistry(testPolicies, nil) clusterPolicyRegistry := testregistry.NewClusterPolicyRegistry(testClusterPolicies, nil) policyBindingRegistry := testregistry.NewPolicyBindingRegistry(testPolicyBindings, nil) clusterPolicyBindingRegistry := testregistry.NewClusterPolicyBindingRegistry(testClusterPolicyBindings, nil) testCache, testClient := NewReadOnlyCacheAndClient(policyBindingRegistry, policyRegistry, clusterPolicyBindingRegistry, clusterPolicyRegistry) testCache.RunUntil(bindingStopChannel, policyStopChannel) return }
func (test *authorizeTest) test(t *testing.T) { policyRegistry := testpolicyregistry.NewPolicyRegistry(test.policies, test.policyRetrievalError) policyBindingRegistry := testpolicyregistry.NewPolicyBindingRegistry(test.bindings, test.bindingRetrievalError) clusterPolicyRegistry := testpolicyregistry.NewClusterPolicyRegistry(test.clusterPolicies, test.policyRetrievalError) clusterPolicyBindingRegistry := testpolicyregistry.NewClusterPolicyBindingRegistry(test.clusterBindings, test.bindingRetrievalError) authorizer := NewAuthorizer(rulevalidation.NewDefaultRuleResolver(policyRegistry, policyBindingRegistry, clusterPolicyRegistry, clusterPolicyBindingRegistry), NewForbiddenMessageResolver("")) actualAllowed, actualReason, actualError := authorizer.Authorize(test.context, *test.attributes) matchBool(test.expectedAllowed, actualAllowed, "allowed", t) if actualAllowed { containsString(test.expectedReason, actualReason, "allowReason", t) } else { containsString(test.expectedReason, actualReason, "denyReason", t) matchError(test.expectedError, actualError, "error", t) } }
func makeClusterTestStorage() rolebindingregistry.Storage { clusterBindingRegistry := test.NewClusterPolicyBindingRegistry(testNewClusterBindings(), nil) clusterPolicyRegistry := test.NewClusterPolicyRegistry(testNewClusterPolicies(), nil) return NewVirtualStorage(clusterpolicyregistry.NewSimulatedRegistry(clusterPolicyRegistry), clusterpolicybindingregistry.NewSimulatedRegistry(clusterBindingRegistry), clusterPolicyRegistry, clusterBindingRegistry) }