diff --git a/support/rbac.go b/support/rbac.go index 2e2aaad..f0fce48 100644 --- a/support/rbac.go +++ b/support/rbac.go @@ -101,6 +101,37 @@ func CreateRoleBinding(t Test, namespace string, serviceAccount *corev1.ServiceA return rb } +func CreateUserRoleBinding(t Test, namespace string, userName string, role *rbacv1.Role) *rbacv1.RoleBinding { + t.T().Helper() + + roleBinding := &rbacv1.RoleBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "RoleBinding", + }, + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "rb-", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.SchemeGroupVersion.Group, + Kind: "Role", + Name: role.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: "User", + APIGroup: rbacv1.SchemeGroupVersion.Group, + Name: userName, + }, + }, + } + rb, err := t.Client().Core().RbacV1().RoleBindings(namespace).Create(t.Ctx(), roleBinding, metav1.CreateOptions{}) + t.Expect(err).NotTo(gomega.HaveOccurred()) + t.T().Logf("Created User RoleBinding %s/%s successfully", role.Namespace, role.Name) + + return rb +} + func CreateClusterRoleBinding(t Test, serviceAccount *corev1.ServiceAccount, role *rbacv1.ClusterRole) *rbacv1.ClusterRoleBinding { t.T().Helper() @@ -136,3 +167,38 @@ func CreateClusterRoleBinding(t Test, serviceAccount *corev1.ServiceAccount, rol return rb } + +func CreateUserClusterRoleBinding(t Test, userName string, role *rbacv1.ClusterRole) *rbacv1.ClusterRoleBinding { + t.T().Helper() + + roleBinding := &rbacv1.ClusterRoleBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "ClusterRoleBinding", + }, + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "crb-", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.SchemeGroupVersion.Group, + Kind: "ClusterRole", + Name: role.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: "User", + APIGroup: rbacv1.SchemeGroupVersion.Group, + Name: userName, + }, + }, + } + rb, err := t.Client().Core().RbacV1().ClusterRoleBindings().Create(t.Ctx(), roleBinding, metav1.CreateOptions{}) + t.Expect(err).NotTo(gomega.HaveOccurred()) + t.T().Logf("Created User ClusterRoleBinding %s/%s successfully", role.Namespace, role.Name) + + t.T().Cleanup(func() { + t.Client().Core().RbacV1().ClusterRoleBindings().Delete(t.Ctx(), rb.Name, metav1.DeleteOptions{}) + }) + + return rb +} diff --git a/support/rbac_test.go b/support/rbac_test.go new file mode 100644 index 0000000..f0a7098 --- /dev/null +++ b/support/rbac_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package support + +import ( + "testing" + + "github.com/onsi/gomega" + + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func TestCreateUserRoleBinding(t *testing.T) { + + test := NewTest(t) + + role := &rbacv1.Role{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "Role", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "role1", + Namespace: "ns-1", + }, + } + + rb := CreateUserRoleBinding(test, "ns-1", "user-1", role) + + test.Expect(rb).To(gomega.Not(gomega.BeNil())) + test.Expect(rb.GenerateName).To(gomega.Equal("rb-")) + test.Expect(rb.Namespace).To(gomega.Equal("ns-1")) + + test.Expect(rb.RoleRef.APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group)) + test.Expect(rb.RoleRef.Kind).To(gomega.Equal("Role")) + test.Expect(rb.RoleRef.Name).To(gomega.Equal("role1")) + + test.Expect(rb.Subjects[0].APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group)) + test.Expect(rb.Subjects[0].Kind).To(gomega.Equal("User")) + test.Expect(rb.Subjects[0].Name).To(gomega.Equal("user-1")) +} + +func TestCreateUserClusterRoleBinding(t *testing.T) { + + test := NewTest(t) + + crole := &rbacv1.ClusterRole{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "ClusterRole", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "role1", + }, + } + + rb := CreateUserClusterRoleBinding(test, "user-1", crole) + + test.Expect(rb).To(gomega.Not(gomega.BeNil())) + test.Expect(rb.GenerateName).To(gomega.Equal("crb-")) + + test.Expect(rb.RoleRef.APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group)) + test.Expect(rb.RoleRef.Kind).To(gomega.Equal("ClusterRole")) + test.Expect(rb.RoleRef.Name).To(gomega.Equal("role1")) + + test.Expect(rb.Subjects[0].APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group)) + test.Expect(rb.Subjects[0].Kind).To(gomega.Equal("User")) + test.Expect(rb.Subjects[0].Name).To(gomega.Equal("user-1")) +}