-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix request namespace list permissions check if a list rule is not the first match #7282
Fix request namespace list permissions check if a list rule is not the first match #7282
Conversation
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
new Promise((resolve) => resolve({ | ||
body: { | ||
status: { | ||
incomplete: true, | ||
resourceRules: [], | ||
nonResourceRules: [], | ||
}, | ||
}, | ||
})), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using asyncFn
for stuff like this would remove a bit of duplication :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe give an example and I'll refactor? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An example on adding asyncFn
to existing code structure. Note that the different parts of code here can be spread in different beforeEach
to remove said duplication.
const createSelfSubjectRulesReviewMock = asyncFn();
const proxyConfigStub = createProxyConfigStub(createSelfSubjectRulesReviewMock);
const requestPermissions = requestNamespaceListPermissions(proxyConfigStub);
const permissionCheckPromise = requestPermissions("some-namespace");
// Note: in different test, this could be `.reject(...)`.
createSelfSubjectRulesReviewMock.resolve({
body: {
status: {
incomplete: true,
resourceRules: [],
nonResourceRules: [],
},
},
});
const permissionCheck = await permissionCheckPromise;
expect(permissionCheck({
apiName: "pods",
group: "",
kind: "Pod",
namespaced: true,
})).toBeTruthy();
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
import type { RequestNamespaceListPermissionsFor } from "./request-namespace-list-permissions.injectable"; | ||
import requestNamespaceListPermissionsForInjectable from "./request-namespace-list-permissions.injectable"; | ||
|
||
const createFakeProxyConfig = (statusResponse: Promise<{ body: { status: V1SubjectRulesReviewStatus }}>) => ({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To consolidate communication in future, this is a stub
instead of fake
:)
A fake
is a trusted simulation of something with non-trivial implementation. A stub
is a trivial substitution of value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
})), | ||
) as any); | ||
|
||
const permissionCheck = await requestPermissions("fake-namespace"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A string value that does not affect test passing or failing should be "irrelevant"
or "irrelevant-namespace"
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
|
||
describe("when api returns incomplete data", () => { | ||
it("returns truthy function", async () => { | ||
const requestPermissions = requestNamespaceListPermissions(createFakeProxyConfig( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If injection of dependencies were done using injectables
instead of configuring curried functions manually, we could get rid of many steps of test initialisation here, namely everything but override of createSelfSubjectRulesReviewInjectable
, (for which that would asyncFn
fit nicely).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Example:
const createSelfSubjectRulesReviewMock = asyncFn();
di.override(createSelfSubjectRulesReviewInjectable, () => createSelfSubjectRulesReviewMock);
const requestNamespaceListPermissions = di.inject(requestNamespaceListPermissionsInjectable);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that the implementation could be simplified a lot but I'm not comfortable doing that in this PR.
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
* Fix request namespace list permissions check if a list rule is not the first match (#7282) Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * Fix cluster metadata detectors (#7255) Signed-off-by: Juho Heikka <juho.heikka@gmail.com> * Fix extension API not having all the correct types (#7263) Signed-off-by: Sebastian Malton <sebastian@malton.name> * Update release guide and fix release script (#7276) Signed-off-by: Sebastian Malton <sebastian@malton.name> * Release 6.4.2 Signed-off-by: Juho Heikka <juho.heikka@gmail.com> --------- Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> Signed-off-by: Juho Heikka <juho.heikka@gmail.com> Signed-off-by: Sebastian Malton <sebastian@malton.name> Co-authored-by: Sebastian Malton <sebastian@malton.name>
…e first match (#7282) * fix requestNamespaceListPermissionsForInjectable Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * more tests Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * fix test descriptions Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * fake -> stub Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * fake-namespace -> irrelevant-namespace Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> --------- Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
Smaller version of #7280 .