forked from arrikto/oidc-authservice
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorizer_groups_test.go
54 lines (50 loc) · 1.16 KB
/
authorizer_groups_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package main
import (
"testing"
"github.com/stretchr/testify/require"
"k8s.io/apiserver/pkg/authentication/user"
)
func TestGroupsAuthorizer(t *testing.T) {
tests := []struct {
name string
allowlist []string
userGroups []string
allowed bool
}{
{
name: "allow all",
allowlist: []string{wildcardMatcher},
userGroups: []string{},
allowed: true,
},
{
name: "deny all",
allowlist: []string{},
userGroups: []string{"a"},
allowed: false,
},
{
name: "user group in allowlist",
allowlist: []string{"a", "b", "c"},
userGroups: []string{"c", "d"},
allowed: true,
},
{
name: "user groups not in allowlist",
allowlist: []string{"a", "b", "c"},
userGroups: []string{"d", "e"},
allowed: false,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
authz := newGroupsAuthorizer(test.allowlist)
userInfo := &user.DefaultInfo{
Groups: test.userGroups,
}
allowed, reason, err := authz.Authorize(nil, userInfo)
require.NoError(t, err, "Unexpected error")
require.Equalf(t, test.allowed, allowed, "Reason: %s", reason)
})
}
}