Merge pull request #104807 from shawnhanx/ut_4

Add unit tests for pkg/registry/authorization/util
2025-07-23 03:41:45 +00:00 · 2022-01-05 18:06:27 -08:00 · 2022-01-05 18:06:27 -08:00 · b18efc2e9c
commit b18efc2e9c
parent 73b68f5233 90bcd710f4
1 changed files with 70 additions and 0 deletions
--- a/pkg/registry/authorization/util/helpers_test.go
+++ b/pkg/registry/authorization/util/helpers_test.go
@ -21,6 +21,7 @@ import (
 	"testing"

 	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	authorizationapi "k8s.io/kubernetes/pkg/apis/authorization"
 )
@ -72,3 +73,72 @@ func TestResourceAttributesFrom(t *testing.T) {
 		return false
 	})
 }
+
+func TestAuthorizationAttributesFrom(t *testing.T) {
+	type args struct {
+		spec authorizationapi.SubjectAccessReviewSpec
+	}
+	tests := []struct {
+		name string
+		args args
+		want authorizer.AttributesRecord
+	}{
+		{
+			name: "nonresource",
+			args: args{
+				spec: authorizationapi.SubjectAccessReviewSpec{
+					User:                  "bob",
+					Groups:                []string{user.AllAuthenticated},
+					NonResourceAttributes: &authorizationapi.NonResourceAttributes{Verb: "get", Path: "/mypath"},
+					Extra:                 map[string]authorizationapi.ExtraValue{"scopes": {"scope-a", "scope-b"}},
+				},
+			},
+			want: authorizer.AttributesRecord{
+				User: &user.DefaultInfo{
+					Name:   "bob",
+					Groups: []string{user.AllAuthenticated},
+					Extra:  map[string][]string{"scopes": {"scope-a", "scope-b"}},
+				},
+				Verb: "get",
+				Path: "/mypath",
+			},
+		},
+		{
+			name: "resource",
+			args: args{
+				spec: authorizationapi.SubjectAccessReviewSpec{
+					User: "bob",
+					ResourceAttributes: &authorizationapi.ResourceAttributes{
+						Namespace:   "myns",
+						Verb:        "create",
+						Group:       "extensions",
+						Version:     "v1beta1",
+						Resource:    "deployments",
+						Subresource: "scale",
+						Name:        "mydeployment",
+					},
+				},
+			},
+			want: authorizer.AttributesRecord{
+				User: &user.DefaultInfo{
+					Name: "bob",
+				},
+				APIGroup:        "extensions",
+				APIVersion:      "v1beta1",
+				Namespace:       "myns",
+				Verb:            "create",
+				Resource:        "deployments",
+				Subresource:     "scale",
+				Name:            "mydeployment",
+				ResourceRequest: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := AuthorizationAttributesFrom(tt.args.spec); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("AuthorizationAttributesFrom() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}