iam-manager
iam-manager copied to clipboard
keikoproj
Add validation tests.
I haven't opened an issue for this, but I can if you'd like it to be tracked that way.
close #
Could you share the solution in high level?
Injects the k8s client in ValidateCreate and ValidateUpdate so we can test validateIamPolicy with a mock.
Could you share the test results?
go fmt ./...
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd_no_webhook/bases
KUBECONFIG=/Users/aaronwebber/.kube/config \
LOCAL=true \
ALLOWED_POLICY_ACTION=s3:,sts:,ec2:Describe,acm:Describe,acm:List,acm:Get,route53:Get,route53:List,route53:Create,route53:Delete,route53:Change,kms:Decrypt,kms:Encrypt,kms:ReEncrypt,kms:GenerateDataKey,kms:DescribeKey,dynamodb:,secretsmanager:GetSecretValue,es:,sqs:SendMessage,sqs:ReceiveMessage,sqs:DeleteMessage,SNS:Publish,sqs:GetQueueAttributes,sqs:GetQueueUrl \
RESTRICTED_POLICY_RESOURCES=policy-resource \
RESTRICTED_S3_RESOURCES=s3-resource \
AWS_ACCOUNT_ID=123456789012 \
AWS_REGION=us-west-2 \
MANAGED_POLICIES=arn:aws:iam::123456789012:policy/SOMETHING \
MANAGED_PERMISSION_BOUNDARY_POLICY=arn:aws:iam::1123456789012:role/iam-manager-permission-boundary \
CLUSTER_NAME=k8s_test_keiko \
CLUSTER_OIDC_ISSUER_URL="https://google.com/OIDC" \
DEFAULT_TRUST_POLICY='{"Version": "2012-10-17", "Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/OIDC_PROVIDER"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"OIDC_PROVIDER:sub": "system:serviceaccount:{{.NamespaceName}}:SERVICE_ACCOUNT_NAME"}}}, {"Effect": "Allow","Principal": {"AWS": ["arn:aws:iam::{{.AccountID}}:role/trust_role"]},"Action": "sts:AssumeRole"}]}' \
MAX_ROLES_ALLOWED=2 \
go test ./... -coverprofile cover.out
? github.com/keikoproj/iam-manager [no test files]
ok github.com/keikoproj/iam-manager/api/v1alpha1 1.602s coverage: 21.7% of statements
ok github.com/keikoproj/iam-manager/controllers 10.782s coverage: 9.9% of statements
ok github.com/keikoproj/iam-manager/internal/config 0.859s coverage: 66.9% of statements
ok github.com/keikoproj/iam-manager/internal/utils 1.288s coverage: 84.9% of statements
ok github.com/keikoproj/iam-manager/pkg/awsapi 2.474s coverage: 86.1% of statements
? github.com/keikoproj/iam-manager/pkg/awsapi/mocks [no test files]
? github.com/keikoproj/iam-manager/pkg/k8s [no test files]
? github.com/keikoproj/iam-manager/pkg/k8s/mocks [no test files]
? github.com/keikoproj/iam-manager/pkg/log [no test files]
ok github.com/keikoproj/iam-manager/pkg/validation 1.988s coverage: 87.4% of statements
Codecov Report
Merging #79 (455f230) into master (6fd794b) will decrease coverage by
0.52%. The diff coverage is42.85%.
@@ Coverage Diff @@
## master #79 +/- ##
==========================================
- Coverage 66.40% 65.87% -0.53%
==========================================
Files 8 11 +3
Lines 1003 1096 +93
==========================================
+ Hits 666 722 +56
- Misses 306 341 +35
- Partials 31 33 +2
| Impacted Files | Coverage Δ | |
|---|---|---|
| api/v1alpha1/iamrole_webhook.go | 69.33% <33.33%> (ø) |
|
| internal/config/properties.go | 64.74% <60.00%> (-0.16%) |
:arrow_down: |
| api/v1alpha1/StringOrStrings.go | 0.00% <0.00%> (ø) |
|
| api/v1alpha1/iamrole_types.go | 100.00% <0.00%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 6fd794b...455f230. Read the comment docs.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
if this approach looks OK I can add some more tests to increase code coverage
@sabw8217 Absolutely!! please go ahead. its long time we touched web hook implementation and ended up having some tech debt there. Thank you for the change. Appreciate it!!
