-
Notifications
You must be signed in to change notification settings - Fork 163
/
forbidden_annotations_regex_test.go
105 lines (94 loc) · 2.71 KB
/
forbidden_annotations_regex_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
//go:build e2e
// Copyright 2020-2023 Project Capsule Authors.
// SPDX-License-Identifier: Apache-2.0
package e2e
import (
"context"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
"github.com/projectcapsule/capsule/pkg/api"
)
var _ = Describe("creating a tenant with various forbidden regexes", func() {
//errorRegexes := []string{
// "(.*gitops|.*nsm).[k8s.io/((?!(resource)).*|trusted)](http://k8s.io/((?!(resource)).*%7Ctrusted))",
//}
//
//for _, annotationValue := range errorRegexes {
// It("should fail using a non-valid the regex on the annotation", func() {
// tnt := &capsulev1beta2.Tenant{
// ObjectMeta: metav1.ObjectMeta{
// Name: "namespace",
// },
// Spec: capsulev1beta2.TenantSpec{
// Owners: capsulev1beta2.OwnerListSpec{
// {
// Name: "alice",
// Kind: "User",
// },
// },
// },
// }
//
// EventuallyCreation(func() error {
// tnt.Spec.NamespaceOptions = &capsulev1beta2.NamespaceOptions{
// ForbiddenLabels: api.ForbiddenListSpec{
// Regex: annotationValue,
// },
// }
// return k8sClient.Create(context.TODO(), tnt)
// }).ShouldNot(Succeed())
//
// EventuallyCreation(func() error {
// tnt.Spec.NamespaceOptions = &capsulev1beta2.NamespaceOptions{
// ForbiddenAnnotations: api.ForbiddenListSpec{
// Regex: annotationValue,
// },
// }
// return k8sClient.Create(context.TODO(), tnt)
// }).ShouldNot(Succeed())
// })
//}
successRegexes := []string{
"",
"(.*gitops|.*nsm)",
}
for _, annotationValue := range successRegexes {
It("should succeed using a valid regex on the annotation", func() {
tnt := &capsulev1beta2.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "namespace",
},
Spec: capsulev1beta2.TenantSpec{
Owners: capsulev1beta2.OwnerListSpec{
{
Name: "alice",
Kind: "User",
},
},
},
}
EventuallyCreation(func() error {
tnt.SetResourceVersion("")
tnt.Spec.NamespaceOptions = &capsulev1beta2.NamespaceOptions{
ForbiddenLabels: api.ForbiddenListSpec{
Regex: annotationValue,
},
}
return k8sClient.Create(context.TODO(), tnt)
}).Should(Succeed())
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
EventuallyCreation(func() error {
tnt.SetResourceVersion("")
tnt.Spec.NamespaceOptions = &capsulev1beta2.NamespaceOptions{
ForbiddenAnnotations: api.ForbiddenListSpec{
Regex: annotationValue,
},
}
return k8sClient.Create(context.TODO(), tnt)
}).Should(Succeed())
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
})
}
})