From dbf78217a10cd198a7002c58b06dbcf52a3d2777 Mon Sep 17 00:00:00 2001 From: Mitsuru Kariya Date: Wed, 26 Feb 2025 03:56:35 +0900 Subject: [PATCH] Add Additional Tests Added tests to check that if NodeRules, ClusterRoles, and NamespaceRoles include `List`, it also include `Watch`. Signed-off-by: Mitsuru Kariya --- .../rbac/bootstrappolicy/policy_test.go | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go index 235b9f32e4e..611afa886b6 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go @@ -20,6 +20,7 @@ import ( "os" "path/filepath" "reflect" + "slices" "testing" "github.com/google/go-cmp/cmp" @@ -285,3 +286,39 @@ func TestClusterRoleLabel(t *testing.T) { } } } + +func TestNodeRuleVerbsConsistency(t *testing.T) { + rules := bootstrappolicy.NodeRules() + for _, rule := range rules { + verbs := rule.Verbs + if slices.Contains(verbs, "list") && !slices.Contains(verbs, "watch") { + t.Errorf("The NodeRule has Verb `List` but does not have Verb `Watch`.") + } + } +} + +func TestClusterRoleVerbsConsistency(t *testing.T) { + roles := bootstrappolicy.ClusterRoles() + for _, role := range roles { + for _, rule := range role.Rules { + verbs := rule.Verbs + if slices.Contains(verbs, "list") && !slices.Contains(verbs, "watch") { + t.Errorf("The ClusterRole %s has Verb `List` but does not have Verb `Watch`.", role.Name) + } + } + } +} + +func TestNamespaceRoleVerbsConsistency(t *testing.T) { + namespaceRoles := bootstrappolicy.NamespaceRoles() + for namespace, roles := range namespaceRoles { + for _, role := range roles { + for _, rule := range role.Rules { + verbs := rule.Verbs + if slices.Contains(verbs, "list") && !slices.Contains(verbs, "watch") { + t.Errorf("The Role %s/%s has Verb `List` but does not have Verb `Watch`.", namespace, role.Name) + } + } + } + } +}