Skip to content

Commit

Permalink
Refactor & add more validation webhook tests
Browse files Browse the repository at this point in the history
Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
  • Loading branch information
MustafaSaber committed Jul 31, 2023
1 parent bff2374 commit c85fd37
Show file tree
Hide file tree
Showing 5 changed files with 188 additions and 66 deletions.
119 changes: 53 additions & 66 deletions cmd/webhook/admission/admission_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,41 @@ package admission

import (
"bytes"
_ "embed"
"fmt"
"io"
"net/http"
"net/http/httptest"
"os"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

var (
responseAllowedFmt = `{
"kind": "AdmissionReview",
"apiVersion": "admission.k8s.io/v1",
"response": {
"uid": "req-uid",
"allowed": true
}
}`

responseNotAllowedFmt = `{
"kind": "AdmissionReview",
"apiVersion": "admission.k8s.io/v1",
"response": {
"uid": "req-uid",
"allowed": false,
"status": {
"message": "%s"
}
}
}`
)

type testAdmitter struct {
// validate validates & plugs parameters for Admit
validate func(response *admissionRequest) (*admissionResponse, error)
Expand Down Expand Up @@ -60,78 +86,39 @@ func TestUnsupportedContentType(t *testing.T) {

func TestRouteGroupAdmitter(t *testing.T) {
for _, tc := range []struct {
name string
input string
result string
name string
inputFile string
message string
}{
{
name: "allowed",
input: `{
"request": {
"uid": "req-uid",
"name": "req1",
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
},
"spec": {
"backends": [
{
"name": "backend",
"type": "shunt"
}
],
"defaultBackends": [
{
"backendName": "backend"
}
]
}
}
}
}`,
result: `{
"kind": "AdmissionReview",
"apiVersion": "admission.k8s.io/v1",
"response": {
"uid": "req-uid",
"allowed": true
}
}`,
name: "allowed",
inputFile: "valid-rg.json",
},
{
name: "not allowed",
input: `{
"request": {
"uid": "req-uid",
"name": "req1",
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
}
}
}
}`,
result: `{
"kind": "AdmissionReview",
"apiVersion": "admission.k8s.io/v1",
"response": {
"uid": "req-uid",
"allowed": false,
"status": {
"message":
"could not validate RouteGroup, error in route group n1/rg1: route group without spec"
}
}
}`,
name: "not allowed",
inputFile: "invalid-rg.json",
message: "could not validate RouteGroup, error in route group n1/rg1: route group without spec",
},
{
name: "valid eskip filters",
inputFile: "rg-with-valid-eskip-filters.json",
},
{
name: "invalid eskip filters", // This means that eskip parser failed but doesn't mean filters exist
inputFile: "rg-with-invalid-eskip-filters.json",
message: "could not validate RouteGroup, parse failed after token status, last route id: , position 11: syntax error",
},
} {
t.Run(tc.name, func(t *testing.T) {
req := httptest.NewRequest("POST", "http://example.com/foo", bytes.NewBuffer([]byte(tc.input)))
result := responseAllowedFmt
if len(tc.message) > 0 {
result = fmt.Sprintf(responseNotAllowedFmt, tc.message)
}

input, err := os.ReadFile("testdata/" + tc.inputFile)
require.NoError(t, err)

req := httptest.NewRequest("POST", "http://example.com/foo", bytes.NewBuffer(input))
req.Header.Set("Content-Type", "application/json")

w := httptest.NewRecorder()
Expand All @@ -146,7 +133,7 @@ func TestRouteGroupAdmitter(t *testing.T) {
require.NoError(t, err)
resp.Body.Close()

assert.JSONEq(t, tc.result, string(rb))
assert.JSONEq(t, result, string(rb))
})
}
}
13 changes: 13 additions & 0 deletions cmd/webhook/admission/testdata/invalid-rg.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"request": {
"uid": "req-uid",
"name": "req1",
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
}
}
}
}
48 changes: 48 additions & 0 deletions cmd/webhook/admission/testdata/rg-with-invalid-eskip-filters.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"request": {
"uid": "req-uid",
"name": "req1",
"operation": "create",
"kind": {
"group": "zalando",
"version": "v1",
"kind": "RouteGroup"
},
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
},
"spec": {
"backends": [
{
"name": "backend",
"type": "shunt"
}
],
"defaultBackends": [
{
"backendName": "backend"
}
],
"routes": [
{
"backends": [
{
"backendName": "backend"
}
],
"filters": [
"status&(201)"
],
"path": "/",
"predicates": [
"Method(\"GET\")"
]
}
]
}
}
}
}
48 changes: 48 additions & 0 deletions cmd/webhook/admission/testdata/rg-with-valid-eskip-filters.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"request": {
"uid": "req-uid",
"name": "req1",
"operation": "create",
"kind": {
"group": "zalando",
"version": "v1",
"kind": "RouteGroup"
},
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
},
"spec": {
"backends": [
{
"name": "backend",
"type": "shunt"
}
],
"defaultBackends": [
{
"backendName": "backend"
}
],
"routes": [
{
"backends": [
{
"backendName": "backend"
}
],
"filters": [
"status(201)"
],
"path": "/",
"predicates": [
"Method(\"GET\")"
]
}
]
}
}
}
}
26 changes: 26 additions & 0 deletions cmd/webhook/admission/testdata/valid-rg.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{
"request": {
"uid": "req-uid",
"name": "req1",
"namespace": "n1",
"object": {
"metadata": {
"name": "rg1",
"namespace": "n1"
},
"spec": {
"backends": [
{
"name": "backend",
"type": "shunt"
}
],
"defaultBackends": [
{
"backendName": "backend"
}
]
}
}
}
}

0 comments on commit c85fd37

Please sign in to comment.