-
Notifications
You must be signed in to change notification settings - Fork 82
/
roleassignment_test.go
108 lines (98 loc) · 3.38 KB
/
roleassignment_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package phases
import (
"context"
"net/http"
"testing"
"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/to"
"github.com/golang/mock/gomock"
"github.com/Azure/azure-workload-identity/pkg/cloud/mock_cloud"
"github.com/Azure/azure-workload-identity/pkg/cmd/serviceaccount/phases/workflow"
)
func TestRoleAssignmentPreRun(t *testing.T) {
tests := []struct {
name string
phase workflow.Phase
data interface{}
errorMsg string
}{
{
name: "invalid data type",
data: "test",
errorMsg: "invalid data type string",
},
{
name: "missing --azure-scope",
data: &mockCreateData{},
errorMsg: "--azure-scope is required",
},
{
name: "missing --azure-role",
data: &mockCreateData{azureScope: "test"},
errorMsg: "--azure-role is required",
},
{
name: "missing --service-principal-name or --service-principal-object-id",
data: &mockCreateData{azureScope: "test", azureRole: "test"},
errorMsg: "--service-principal-name or --service-principal-object-id is required",
},
{
name: "valid data 1",
data: &mockCreateData{azureScope: "test", azureRole: "test", servicePrincipalName: "test"},
errorMsg: "",
},
{
name: "valid data 2",
phase: NewAADApplicationPhase(),
data: &mockCreateData{azureScope: "test", azureRole: "test", serviceAccountNamespace: "test", serviceAccountName: "test", serviceAccountIssuerURL: "test"},
},
{
name: "valid data 3",
phase: NewAADApplicationPhase(),
data: &mockCreateData{azureScope: "test", azureRole: "test", servicePrincipalObjectID: "test"},
},
{
name: "valid data 4",
phase: NewAADApplicationPhase(),
data: &mockCreateData{azureScope: "test", azureRole: "test", aadApplicationName: "test"},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
err := NewRoleAssignmentPhase().PreRun(test.data)
if err == nil {
if test.errorMsg != "" {
t.Errorf("expected error but got nil")
}
} else if err.Error() != test.errorMsg {
t.Errorf("expected error message: %s, but got: %s", test.errorMsg, err.Error())
}
})
}
}
func TestRoleAssignmentRun(t *testing.T) {
phase := NewRoleAssignmentPhase()
data := &mockCreateData{
azureRole: "azure-role",
azureScope: "azure-scope",
servicePrincipalObjectID: "service-principal-object-id",
}
ctrl := gomock.NewController(t)
defer ctrl.Finish()
mockAzureClient := mock_cloud.NewMockInterface(ctrl)
mockAzureClient.EXPECT().CreateRoleAssignment(context.Background(), data.azureScope, data.azureRole, data.servicePrincipalObjectID).Return(authorization.RoleAssignment{
ID: to.StringPtr("id"),
}, nil)
data.azureClient = mockAzureClient
if err := phase.Run(context.Background(), data); err != nil {
t.Errorf("expected no error but got: %s", err.Error())
}
// Test for scenario where role assignment already exists
mockAzureClient.EXPECT().CreateRoleAssignment(context.Background(), data.azureScope, data.azureRole, data.servicePrincipalObjectID).Return(authorization.RoleAssignment{
ID: to.StringPtr("id"),
}, autorest.DetailedError{StatusCode: http.StatusConflict})
if err := phase.Run(context.Background(), data); err != nil {
t.Errorf("expected no error but got: %s", err.Error())
}
}