forked from gruntwork-io/terratest
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request gruntwork-io#247 from kirecek/enhc/add-rbac-role-g…
…etters Add Get helpers for 'cluster_role' and 'role' resource
- Loading branch information
Showing
4 changed files
with
162 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package k8s | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
rbacv1 "k8s.io/api/rbac/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// GetClusterRole returns a Kubernetes ClusterRole resource with the given name. This will fail the test if there is an error. | ||
func GetClusterRole(t *testing.T, options *KubectlOptions, roleName string) *rbacv1.ClusterRole { | ||
role, err := GetClusterRoleE(t, options, roleName) | ||
require.NoError(t, err) | ||
return role | ||
} | ||
|
||
// GetClusterRoleE returns a Kubernetes ClusterRole resource with the given name. | ||
func GetClusterRoleE(t *testing.T, options *KubectlOptions, roleName string) (*rbacv1.ClusterRole, error) { | ||
clientset, err := GetKubernetesClientFromOptionsE(t, options) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return clientset.RbacV1().ClusterRoles().Get(roleName, metav1.GetOptions{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// +build kubeall kubernetes | ||
|
||
// NOTE: we have build tags to differentiate kubernetes tests from non-kubernetes tests. This is done because minikube | ||
// is heavy and can interfere with docker related tests in terratest. Specifically, many of the tests start to fail with | ||
// `connection refused` errors from `minikube`. To avoid overloading the system, we run the kubernetes tests and helm | ||
// tests separately from the others. This may not be necessary if you have a sufficiently powerful machine. We | ||
// recommend at least 4 cores and 16GB of RAM if you want to run all the tests together. | ||
|
||
package k8s | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestGetClusterRoleEReturnsErrorForNonExistantClusterRole(t *testing.T) { | ||
t.Parallel() | ||
|
||
options := NewKubectlOptions("", "") | ||
_, err := GetClusterRoleE(t, options, "non-existing-role") | ||
require.Error(t, err) | ||
} | ||
|
||
func TestGetClusterRoleEReturnsCorrectClusterRoleInCorrectNamespace(t *testing.T) { | ||
t.Parallel() | ||
|
||
options := NewKubectlOptions("", "") | ||
defer KubectlDeleteFromString(t, options, EXAMPLE_CLUSTER_ROLE_YAML_TEMPLATE) | ||
KubectlApplyFromString(t, options, EXAMPLE_CLUSTER_ROLE_YAML_TEMPLATE) | ||
|
||
role := GetClusterRole(t, options, "terratest-cluster-role") | ||
require.Equal(t, role.Name, "terratest-cluster-role") | ||
} | ||
|
||
const EXAMPLE_CLUSTER_ROLE_YAML_TEMPLATE = `--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: 'terratest-cluster-role' | ||
rules: | ||
- apiGroups: | ||
- '*' | ||
resources: | ||
- '*' | ||
verbs: | ||
- '*' | ||
` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package k8s | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
rbacv1 "k8s.io/api/rbac/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// GetRole returns a Kubernetes role resource in the provided namespace with the given name. The namespace used | ||
// is the one provided in the KubectlOptions. This will fail the test if there is an error. | ||
func GetRole(t *testing.T, options *KubectlOptions, roleName string) *rbacv1.Role { | ||
role, err := GetRoleE(t, options, roleName) | ||
require.NoError(t, err) | ||
return role | ||
} | ||
|
||
// GetRole returns a Kubernetes role resource in the provided namespace with the given name. The namespace used | ||
// is the one provided in the KubectlOptions. | ||
func GetRoleE(t *testing.T, options *KubectlOptions, roleName string) (*rbacv1.Role, error) { | ||
clientset, err := GetKubernetesClientFromOptionsE(t, options) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return clientset.RbacV1().Roles(options.Namespace).Get(roleName, metav1.GetOptions{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// +build kubeall kubernetes | ||
|
||
// NOTE: we have build tags to differentiate kubernetes tests from non-kubernetes tests. This is done because minikube | ||
// is heavy and can interfere with docker related tests in terratest. Specifically, many of the tests start to fail with | ||
// `connection refused` errors from `minikube`. To avoid overloading the system, we run the kubernetes tests and helm | ||
// tests separately from the others. This may not be necessary if you have a sufficiently powerful machine. We | ||
// recommend at least 4 cores and 16GB of RAM if you want to run all the tests together. | ||
|
||
package k8s | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
|
||
"github.com/gruntwork-io/terratest/modules/random" | ||
) | ||
|
||
func TestGetRoleEReturnsErrorForNonExistantRole(t *testing.T) { | ||
t.Parallel() | ||
|
||
options := NewKubectlOptions("", "") | ||
_, err := GetRoleE(t, options, "non-existing-role") | ||
require.Error(t, err) | ||
} | ||
|
||
func TestGetRoleEReturnsCorrectRoleInCorrectNamespace(t *testing.T) { | ||
t.Parallel() | ||
|
||
uniqueID := strings.ToLower(random.UniqueId()) | ||
options := NewKubectlOptions("", "") | ||
options.Namespace = uniqueID | ||
configData := fmt.Sprintf(EXAMPLE_ROLE_YAML_TEMPLATE, uniqueID, uniqueID) | ||
defer KubectlDeleteFromString(t, options, configData) | ||
KubectlApplyFromString(t, options, configData) | ||
|
||
role := GetRole(t, options, "terratest-role") | ||
require.Equal(t, role.Name, "terratest-role") | ||
require.Equal(t, role.Namespace, uniqueID) | ||
} | ||
|
||
const EXAMPLE_ROLE_YAML_TEMPLATE = `--- | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: '%s' | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: 'terratest-role' | ||
namespace: '%s' | ||
rules: | ||
- apiGroups: | ||
- '*' | ||
resources: | ||
- '*' | ||
verbs: | ||
- '*' | ||
` |