rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-09-02 07:55:31 +00:00
Code Issues Projects Releases Wiki Activity

refactor(accesscontrol): add unit tests for CacheKey (#245)

Browse Source 
This is a follow up to 435e220 with a small refactor to make the function easier to test, and adding unit tests for CacheKey.
This commit is contained in:
Alejandro Ruiz
2024-08-28 10:06:21 +02:00
committed by GitHub
parent 01429f8528
commit 32c30149a6
3 changed files with 367 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
pkg/accesscontrol/policy_rule_index.go
View File

@@ -2,7 +2,6 @@ package accesscontrol
import (
"fmt"
"hash"
"sort"
v1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/rbac/v1"
@@ -20,13 +19,12 @@ type policyRuleIndex struct {
rCache v1.RoleCache
crbCache v1.ClusterRoleBindingCache
rbCache v1.RoleBindingCache
revisions *roleRevisionIndex
kind string
roleIndexKey string
clusterRoleIndexKey string
}
func newPolicyRuleIndex(user bool, revisions *roleRevisionIndex, rbac v1.Interface) *policyRuleIndex {
func newPolicyRuleIndex(user bool, rbac v1.Interface) *policyRuleIndex {
key := "Group"
if user {
key = "User"
@@ -39,7 +37,6 @@ func newPolicyRuleIndex(user bool, revisions *roleRevisionIndex, rbac v1.Interfa
rbCache: rbac.RoleBinding().Cache(),
clusterRoleIndexKey: "crb" + key,
roleIndexKey: "rb" + key,
revisions: revisions,
}
pi.crbCache.AddIndexer(pi.clusterRoleIndexKey, pi.clusterRoleBindingBySubjectIndexer)
@@ -72,30 +69,6 @@ func (p *policyRuleIndex) roleBindingBySubject(rb *rbacv1.RoleBinding) (result [
return
}
var null = []byte{'\x00'}
func (p *policyRuleIndex) addRolesToHash(digest hash.Hash, subjectName string) {
for _, crb := range p.getClusterRoleBindings(subjectName) {
digest.Write([]byte(crb.RoleRef.Name))
digest.Write([]byte(p.revisions.roleRevision("", crb.RoleRef.Name)))
digest.Write(null)
}
for _, rb := range p.getRoleBindings(subjectName) {
switch rb.RoleRef.Kind {
case "Role":
digest.Write([]byte(rb.RoleRef.Name))
digest.Write([]byte(rb.Namespace))
digest.Write([]byte(p.revisions.roleRevision(rb.Namespace, rb.RoleRef.Name)))
digest.Write(null)
case "ClusterRole":
digest.Write([]byte(rb.RoleRef.Name))
digest.Write([]byte(p.revisions.roleRevision("", rb.RoleRef.Name)))
digest.Write(null)
}
}
}
func (p *policyRuleIndex) get(subjectName string) *AccessSet {
result := &AccessSet{}