重新封装API，不同资源使用到的API不同 (onsi#27)

* bugfix: loadconfig (onsi#17) feature: add tenant to request * WIP:add auth demo * bugfix: 修正API
xjh1996 · Jan 8, 2021 · 0022ecf · 0022ecf
1 parent c28dff5
commit 0022ecf
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 27 deletions.
diff --git a/app/statefulset.go b/app/statefulset.go
@@ -46,14 +46,14 @@ var _ = SIGDescribe("有状态工作负载", func() {
 
 	f := framework.NewDefaultFramework("Statefulset-basic")
 
-	ginkgo.PContext("基础部署", func() {
+	ginkgo.Context("基础部署", func() {
 		ginkgo.It("创建", func() {
 			testCreateStatefulset(f)
 		})
 
 	})
 
-	ginkgo.PContext("服务管理", func() {
+	ginkgo.Context("服务管理", func() {
 		ginkgo.It("修改副本和镜像", func() {
 			testUpdateStatefulset(f)
 		})

diff --git a/auth/permission.go b/auth/permission.go
@@ -1,8 +1,6 @@
 package auth
 
 import (
-	"encoding/json"
-
 	authclient "github.com/caicloud/auth/pkg/server/client"
 	"github.com/caicloud/nubela/expect"
 	"github.com/caicloud/zeus/framework"
@@ -24,8 +22,26 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		err                  error
 	)
 	// 指定namespace新建更新配额值
-	nsQuotaOld := quotaSize("0.2", "0.5Gi", "0.1", "0.2Gi")
-	nsQuotaNew := quotaSize("0.25", "0.5Gi", "0.1", "0.2Gi")
+	nsQuotaOld := auth.GenerateNSQuotaString(auth.NamespceMetadate{
+		LimitCPU:         "0.25",
+		LimitMem:         "0.5Gi",
+		RequestCPU:       "0.1",
+		RequestMem:       "0.2Gi",
+		StorageClassName: "aaa",
+		StorageSize:      "0",
+		PVCSize:          "0",
+		GPU:              "0",
+	})
+	nsQuotaNew := auth.GenerateNSQuotaString(auth.NamespceMetadate{
+		LimitCPU:         "0.2",
+		LimitMem:         "0.5Gi",
+		RequestCPU:       "0.1",
+		RequestMem:       "0.2Gi",
+		StorageClassName: "aaa",
+		StorageSize:      "0",
+		PVCSize:          "0",
+		GPU:              "0",
+	})
 	ginkgo.Describe("管理权限", func() {
 		ginkgo.BeforeEach(func() {
 			// 创建基础变量并赋值
@@ -41,7 +57,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		ginkgo.It("管理权限", func() {
 			permission = []string{"ManageNamespace"}
 			resource = []string{"trn:cps:::cluster/" + f.ClusterID} // 格式trn:cps:::resourceType/resourceValue,具体Type，Value和开发沟通，或参考https://bytedance.feishu.cn/docs/doccnUdvIc3bCQ724C87idUQWIe#
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{true, true, true, true, true}) // 顺序create, get, list, update, delete权限
 		})
@@ -63,7 +79,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		ginkgo.It("新建权限", func() {
 			permission = []string{"CreateNamespace"}
 			resource = []string{"trn:cps:::cluster/" + f.ClusterID} // 格式trn:cps:::resourceType/resourceValue,具体Type，Value和开发沟通，或参考https://bytedance.feishu.cn/docs/doccnUdvIc3bCQ724C87idUQWIe#
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{true, true, true, false, false}) // 顺序create, get, list, update, delete权限
 		})
@@ -85,7 +101,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		ginkgo.It("删除权限", func() {
 			permission = []string{"DeleteNamespace"}
 			resource = []string{"trn:cps:::cluster/" + f.ClusterID, "trn:cps:::namespace/cluster/" + f.ClusterID + "/" + nsName} // 格式trn:cps:::resourceType/resourceValue,具体Type，Value和开发沟通，或参考https://bytedance.feishu.cn/docs/doccnUdvIc3bCQ724C87idUQWIe#
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{false, true, true, false, true}) // 顺序create, get, list, update, delete权限
 		})
@@ -109,7 +125,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		ginkgo.It("更新权限", func() {
 			permission = []string{"UpdateNamespace"}
 			resource = []string{"trn:cps:::cluster/" + f.ClusterID, "trn:cps:::namespace/cluster/" + f.ClusterID + "/" + nsName} // 格式trn:cps:::resourceType/resourceValue,具体Type，Value和开发沟通，或参考https://bytedance.feishu.cn/docs/doccnUdvIc3bCQ724C87idUQWIe#
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{false, true, true, true, false}) // 顺序create, get, list, update, delete权限
 		})
@@ -133,7 +149,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		ginkgo.It("查看权限", func() {
 			permission = []string{"VisitNamespace"}
 			resource = []string{"trn:cps:::cluster/" + f.ClusterID, "trn:cps:::namespace/cluster/" + f.ClusterID + "/" + nsName} // 格式trn:cps:::resourceType/resourceValue,具体Type，Value和开发沟通，或参考https://bytedance.feishu.cn/docs/doccnUdvIc3bCQ724C87idUQWIe#
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{false, true, true, false, false}) // 顺序create, get, list, update, delete权限
 		})
@@ -156,7 +172,7 @@ var _ = SIGDescribe("命名空间权限管理[permission]", func() {
 		})
 		ginkgo.It("无权限", func() {
 			permission = []string{""}
-			normalUserAuthAPI = auth.PresetOperation(authAPI, baseInfo, permission, resource)
+			normalUserAuthAPI = auth.GetNormalUserAuthAPI(authAPI, baseInfo, permission, resource)
 			errs := crudNamespace(normalUserAuthAPI, baseInfo, nsName, nsQuotaOld, nsQuotaNew)
 			auth.CheckResult(errs, []bool{false, false, false, false, false}) // 顺序create, get, list, update, delete权限
 		})
@@ -183,12 +199,3 @@ func crudNamespace(authAPI authclient.Interface, baseInfo *auth.BaseInfo, nsName
 	errs = append(errs, err)
 	return errs
 }
-
-func quotaSize(limitCPU, limitMem, requestCPU, requestMem string) string {
-	quotaMap := map[string]string{"limits.cpu": limitCPU, "limits.memory": limitMem, "requests.cpu": requestCPU, "requests.memory": requestMem}
-	quotaByte, err := json.Marshal(quotaMap)
-	if err != nil {
-		panic(err)
-	}
-	return string(quotaByte)
-}
diff --git a/framework/auth/namespace.go b/framework/auth/namespace.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+	"encoding/json"
 
 	authclient "github.com/caicloud/auth/pkg/server/client"
 	v20201010 "github.com/caicloud/auth/pkg/server/client/v20201010"
@@ -10,10 +11,14 @@ import (
 
 // Describe resource metadate for a namespace
 type NamespceMetadate struct {
-	LimitCPU   string
-	LimitMem   string
-	RequestCPU string
-	RequestMem string
+	LimitCPU         string
+	LimitMem         string
+	RequestCPU       string
+	RequestMem       string
+	GPU              string
+	StorageClassName string
+	StorageSize      string
+	PVCSize          string
 }
 
 // DefaultNM returns default namespace metadata
@@ -26,6 +31,17 @@ func DefaultNamespaceMeta() *NamespceMetadate {
 	}
 }
 
+func GenerateNSQuotaString(quota NamespceMetadate) string {
+	quotaMap := map[string]string{"limits.cpu": quota.LimitCPU, "limits.memory": quota.LimitMem, "requests.cpu": quota.RequestCPU, "requests.memory": quota.RequestMem,
+		"requests.nvidia.com/gpu": quota.GPU, quota.StorageClassName + ".storageclass.storage.k8s.io/requests.storage": quota.StorageSize,
+		quota.StorageClassName + ".storageclass.storage.k8s.io/persistentvolumeclaims": quota.PVCSize}
+	quotaByte, err := json.Marshal(quotaMap)
+	if err != nil {
+		panic(err)
+	}
+	return string(quotaByte)
+}
+
 func CreateNamespaceAndWait(authAPI authclient.Interface, tenantID, name, quota, clusterID string) (*v20201010.Namespace, error) {
 	createNSReq := &v20201010.CreateNamespaceRequest{
 		Tenant: tenantID,

diff --git a/framework/auth/permission.go b/framework/auth/permission.go
@@ -84,7 +84,18 @@ func GetUser(authAPI authclient.Interface, name string) (*v20201010.UserResp, er
 	return authAPI.V20201010().GetUser(context.TODO(), getUserReq)
 }
 
-func PresetOperation(authAPI authclient.Interface, baseInfo *BaseInfo, permission, resource []string) authclient.Interface {
+func GetNormalUserAuthAPI(authAPI authclient.Interface, baseInfo *BaseInfo, permission, resource []string) authclient.Interface {
+	user := PresetOperation(authAPI, baseInfo, permission, resource)
+	normalUserAuthAPI, err := user.Auth()
+	if err != nil {
+		logger.Failf("get normal user failed, %v", err)
+	}
+	return normalUserAuthAPI
+}
+
+// PresetOperation create a normal user, add user to tenant, create a role with permission and resource, and bind user with role.
+// then return this normal user.
+func PresetOperation(authAPI authclient.Interface, baseInfo *BaseInfo, permission, resource []string) client.User {
 	// 创建普通用户
 	var err error
 	if err = CreateSingleUserAndWait(authAPI, baseInfo.UserName, baseInfo.Email, passwd); err != nil {
@@ -122,7 +133,7 @@ func PresetOperation(authAPI authclient.Interface, baseInfo *BaseInfo, permissio
 	if roles.Items[0].Name != role.Name { // 测试中一个用户只绑定一个角色
 		logger.Failf("bindding role failed, expected %q, binded %q, all roles %q, userName %q", role.Name, roles.Items[0].Name, roles.Items, user.Username)
 	}
-	return normalUserAuthAPI
+	return user
 }
 
 func CreateBaseInfo(tenantID, clusterID string) *BaseInfo {