mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-01 07:47:56 +00:00
updates audit endpoints test
This commit is contained in:
parent
7e102de723
commit
5a84453e4e
@ -42,7 +42,10 @@ type fakeAuditSink struct {
|
|||||||
func (s *fakeAuditSink) ProcessEvents(evs ...*auditinternal.Event) {
|
func (s *fakeAuditSink) ProcessEvents(evs ...*auditinternal.Event) {
|
||||||
s.lock.Lock()
|
s.lock.Lock()
|
||||||
defer s.lock.Unlock()
|
defer s.lock.Unlock()
|
||||||
s.events = append(s.events, evs...)
|
for _, ev := range evs {
|
||||||
|
e := ev.DeepCopy()
|
||||||
|
s.events = append(s.events, e)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *fakeAuditSink) Events() []*auditinternal.Event {
|
func (s *fakeAuditSink) Events() []*auditinternal.Event {
|
||||||
@ -90,6 +93,9 @@ func TestAudit(t *testing.T) {
|
|||||||
}
|
}
|
||||||
requestBodyMatches := func(i int, pattern string) eventCheck {
|
requestBodyMatches := func(i int, pattern string) eventCheck {
|
||||||
return func(events []*auditinternal.Event) error {
|
return func(events []*auditinternal.Event) error {
|
||||||
|
if events[i].RequestObject == nil {
|
||||||
|
return fmt.Errorf("expected non nil request object")
|
||||||
|
}
|
||||||
if matched, _ := regexp.Match(pattern, events[i].RequestObject.Raw); !matched {
|
if matched, _ := regexp.Match(pattern, events[i].RequestObject.Raw); !matched {
|
||||||
return fmt.Errorf("expected RequestBody to match %q, but didn't: %q", pattern, string(events[i].RequestObject.Raw))
|
return fmt.Errorf("expected RequestBody to match %q, but didn't: %q", pattern, string(events[i].RequestObject.Raw))
|
||||||
}
|
}
|
||||||
@ -106,6 +112,9 @@ func TestAudit(t *testing.T) {
|
|||||||
}
|
}
|
||||||
responseBodyMatches := func(i int, pattern string) eventCheck {
|
responseBodyMatches := func(i int, pattern string) eventCheck {
|
||||||
return func(events []*auditinternal.Event) error {
|
return func(events []*auditinternal.Event) error {
|
||||||
|
if events[i].ResponseObject == nil {
|
||||||
|
return fmt.Errorf("expected non nil response object")
|
||||||
|
}
|
||||||
if matched, _ := regexp.Match(pattern, events[i].ResponseObject.Raw); !matched {
|
if matched, _ := regexp.Match(pattern, events[i].ResponseObject.Raw); !matched {
|
||||||
return fmt.Errorf("expected ResponseBody to match %q, but didn't: %q", pattern, string(events[i].ResponseObject.Raw))
|
return fmt.Errorf("expected ResponseBody to match %q, but didn't: %q", pattern, string(events[i].ResponseObject.Raw))
|
||||||
}
|
}
|
||||||
@ -122,6 +131,19 @@ func TestAudit(t *testing.T) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
expectedStages := func(stages ...auditinternal.Stage) eventCheck {
|
||||||
|
return func(events []*auditinternal.Event) error {
|
||||||
|
if len(stages) != len(events) {
|
||||||
|
return fmt.Errorf("expected %d stages, but got %d events", len(stages), len(events))
|
||||||
|
}
|
||||||
|
for i, stage := range stages {
|
||||||
|
if events[i].Stage != stage {
|
||||||
|
return fmt.Errorf("expected stage %q, got %q", stage, events[i].Stage)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for _, test := range []struct {
|
for _, test := range []struct {
|
||||||
desc string
|
desc string
|
||||||
@ -140,8 +162,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
noRequestBody(0),
|
noRequestBody(1),
|
||||||
responseBodyMatches(0, `{.*"name":"c".*}`),
|
responseBodyMatches(1, `{.*"name":"c".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -157,8 +180,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
noRequestBody(0),
|
noRequestBody(1),
|
||||||
responseBodyMatches(0, `{.*"name":"a".*"name":"b".*}`),
|
responseBodyMatches(1, `{.*"name":"a".*"name":"b".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -170,8 +194,9 @@ func TestAudit(t *testing.T) {
|
|||||||
201,
|
201,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
requestBodyIs(0, string(simpleFooJSON)),
|
requestBodyIs(1, string(simpleFooJSON)),
|
||||||
responseBodyMatches(0, `{.*"foo".*}`),
|
responseBodyMatches(1, `{.*"foo".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -183,8 +208,9 @@ func TestAudit(t *testing.T) {
|
|||||||
405,
|
405,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
noRequestBody(0), // the 405 is thrown long before the create handler would be executed
|
noRequestBody(1), // the 405 is thrown long before the create handler would be executed
|
||||||
noResponseBody(0), // the 405 is thrown long before the create handler would be executed
|
noResponseBody(1), // the 405 is thrown long before the create handler would be executed
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -196,8 +222,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
noRequestBody(0),
|
noRequestBody(1),
|
||||||
responseBodyMatches(0, `{.*"kind":"Status".*"status":"Success".*}`),
|
responseBodyMatches(1, `{.*"kind":"Status".*"status":"Success".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -209,8 +236,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
requestBodyMatches(0, "DeleteOptions"),
|
requestBodyMatches(1, "DeleteOptions"),
|
||||||
responseBodyMatches(0, `{.*"kind":"Status".*"status":"Success".*}`),
|
responseBodyMatches(1, `{.*"kind":"Status".*"status":"Success".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -222,8 +250,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
requestBodyIs(0, string(simpleCPrimeJSON)),
|
requestBodyIs(1, string(simpleCPrimeJSON)),
|
||||||
responseBodyMatches(0, `{.*"bla".*}`),
|
responseBodyMatches(1, `{.*"bla".*}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -235,8 +264,9 @@ func TestAudit(t *testing.T) {
|
|||||||
400,
|
400,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
requestBodyIs(0, string(simpleCPrimeJSON)),
|
requestBodyIs(1, string(simpleCPrimeJSON)),
|
||||||
responseBodyMatches(0, `"Status".*"status":"Failure".*"code":400}`),
|
responseBodyMatches(1, `"Status".*"status":"Failure".*"code":400}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -255,8 +285,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
requestBodyIs(0, `{"labels":{"foo":"bar"}}`),
|
requestBodyIs(1, `{"labels":{"foo":"bar"}}`),
|
||||||
responseBodyMatches(0, `"name":"c".*"labels":{"foo":"bar"}`),
|
responseBodyMatches(1, `"name":"c".*"labels":{"foo":"bar"}`),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -272,8 +303,9 @@ func TestAudit(t *testing.T) {
|
|||||||
200,
|
200,
|
||||||
3,
|
3,
|
||||||
[]eventCheck{
|
[]eventCheck{
|
||||||
noRequestBody(0),
|
noRequestBody(2),
|
||||||
noResponseBody(0),
|
noResponseBody(2),
|
||||||
|
expectedStages(auditinternal.StageRequestReceived, auditinternal.StageResponseStarted, auditinternal.StageResponseComplete),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
} {
|
} {
|
||||||
|
Loading…
Reference in New Issue
Block a user