tests

coryodaniel · Apr 1, 2023 · 13617c6 · 13617c6
1 parent 696b3db
commit 13617c6
Show file tree

Hide file tree

Showing 6 changed files with 173 additions and 170 deletions.
diff --git a/lib/bonny/admission_control/admission_review.ex b/lib/bonny/admission_control/admission_review.ex
@@ -32,9 +32,9 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.allow(admission_review)
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => true}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => true}, webhook_type: :validating}
   """
   @spec allow(t()) :: t()
   def allow(admission_review) do
@@ -46,9 +46,9 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.deny(admission_review)
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false}, webhook_type: :validating}
   """
   @spec deny(t()) :: t()
   def deny(admission_review) do
@@ -60,12 +60,12 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.deny(admission_review, 403, "foo")
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 403, "message" => "foo"}}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 403, "message" => "foo"}}, webhook_type: :validating}
 
-      iex> Bonny.AdmissionControl.AdmissionReview.deny(%Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}}, "foo")
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "foo"}}}
+      iex> Bonny.AdmissionControl.AdmissionReview.deny(%Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}, webhook_type: :validating}, "foo")
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "foo"}}, webhook_type: :validating}
   """
   @spec deny(t(), integer(), binary()) :: t()
   @spec deny(t(), binary()) :: t()
@@ -80,13 +80,13 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.add_warning(admission_review, "warning")
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["warning"]}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["warning"]}, webhook_type: :validating}
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["existing_warning"]}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["existing_warning"]}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.add_warning(admission_review, "new_warning")
-      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["new_warning", "existing_warning"]}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{}, response: %{"warnings" => ["new_warning", "existing_warning"]}, webhook_type: :validating}
   """
   @spec add_warning(t(), binary()) :: t()
   def add_warning(admission_review, warning) do
@@ -102,13 +102,13 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.check_immutable(admission_review, ["spec", "immutable"])
-      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}, webhook_type: :validating}
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.check_immutable(admission_review, ["spec", "immutable"])
-      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "The field .spec.immutable is immutable."}}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"spec" => %{"immutable" => "new_value"}}, "oldObject" => %{"spec" => %{"immutable" => "value"}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => "The field .spec.immutable is immutable."}}, webhook_type: :validating}
   """
   @spec check_immutable(t(), list()) :: t()
   def check_immutable(admission_review, field) do
@@ -126,17 +126,17 @@ defmodule Bonny.AdmissionControl.AdmissionReview do
 
   ## Examples
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
-      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "bar"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}, webhook_type: :validating}
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
-      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}, webhook_type: :validating}
 
-      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}}
+      iex> admission_review = %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{}, webhook_type: :validating}
       ...> Bonny.AdmissionControl.AdmissionReview.check_allowed_values(admission_review, ~w(metadata annotations some/annotation), ["foo", "bar"])
-      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => ~S(The field .metadata.annotations.some/annotation must contain one of the values in ["foo", "bar"] but it's currently set to "other".)}}}
+      %Bonny.AdmissionControl.AdmissionReview{request: %{"object" => %{"metadata" => %{"annotations" => %{"some/annotation" => "other"}}, "spec" => %{}}, "oldObject" => %{"spec" => %{}}}, response: %{"allowed" => false, "status" => %{"code" => 400, "message" => ~S(The field .metadata.annotations.some/annotation must contain one of the values in ["foo", "bar"] but it's currently set to "other".)}}, webhook_type: :validating}
   """
   @spec check_allowed_values(t(), list(), list()) :: t()
   def check_allowed_values(admission_review, field, allowed_values) do

diff --git a/priv/templates/bonny.gen/init/application.ex b/priv/templates/bonny.gen/init/application.ex
@@ -14,6 +14,7 @@ defmodule <%= @app_name %>.Application do
   defp children(:test), do: []
   defp children(env) do
     [
+
       {<%= @app_name %>.Operator, conn: <%= @app_name %>.K8sConn.get!(env)}
     ]
   end

diff --git a/test/bonny/admission_control/webhook_plug_test.exs b/test/bonny/admission_control/webhook_plug_test.exs
@@ -0,0 +1,82 @@
+defmodule Bonny.AdmissionControl.PlugTest do
+  use ExUnit.Case, async: true
+  use Plug.Test
+
+  alias Bonny.Test.AdmissionControlHelper
+  alias Bonny.AdmissionControl.AdmissionReview
+  alias Bonny.AdmissionControl.Plug, as: MUT
+
+  describe "init/1" do
+    test "raises if webhook_type is not declared" do
+      assert_raise(CompileError, ~r/requires you to define the :webhook_type option/, fn ->
+        MUT.init(webhook_handler: SomeModule)
+      end)
+    end
+
+    test "raises if webhook_type is not :validating or :mutating" do
+      assert_raise(CompileError, ~r/requires you to define the :webhook_type option/, fn ->
+        MUT.init(webhook_handler: SomeModule, webhook_type: :invalid)
+      end)
+    end
+
+    test "raises if webhook_handler is not declared" do
+      assert_raise(CompileError, ~r/requires you to set the :webhook_handler option/, fn ->
+        MUT.init(webhook_type: :validating)
+      end)
+    end
+
+    test "turns webhook_handler into {module, opts} tuple" do
+      opts = MUT.init(webhook_type: :validating, webhook_handler: SomeModule)
+      assert opts.webhook_handler == {SomeModule, []}
+    end
+
+    defmodule InitTestHandler do
+      def init(:foo), do: :bar
+    end
+
+    test "calls handler's init function if tuple is given" do
+      opts = MUT.init(webhook_type: :validating, webhook_handler: {InitTestHandler, :foo})
+      assert opts.webhook_handler == {InitTestHandler, :bar}
+    end
+  end
+
+  defmodule CallTestHandler do
+    def call(admission_webhook, opts) do
+      case opts[:result] do
+        :deny -> AdmissionReview.deny(admission_webhook)
+        _ -> admission_webhook
+      end
+    end
+  end
+
+  describe "call/2" do
+    test "calls the handler and returns plug" do
+      response =
+        AdmissionControlHelper.webhook_request_conn()
+        |> MUT.call(%{webhook_type: :validation, webhook_handler: {CallTestHandler, []}})
+        |> Map.get(:resp_body)
+        |> Jason.decode!()
+
+      assert %{
+               "apiVersion" => "admission.k8s.io/v1",
+               "kind" => "AdmissionReview",
+               "response" => %{
+                 "allowed" => true
+               }
+             } = response
+    end
+
+    test "calls the handler and returns allowed false" do
+      response =
+        AdmissionControlHelper.webhook_request_conn()
+        |> MUT.call(%{
+          webhook_type: :validation,
+          webhook_handler: {CallTestHandler, [result: :deny]}
+        })
+        |> Map.get(:resp_body)
+        |> Jason.decode!()
+
+      assert false == response["response"]["allowed"]
+    end
+  end
+end
diff --git a/test/bonny/admission_control/webhook_router_test.exs b/test/bonny/admission_control/webhook_router_test.exs
diff --git a/test/support/admission_control_helper.ex b/test/support/admission_control_helper.ex
@@ -0,0 +1,68 @@
+defmodule Bonny.Test.AdmissionControlHelper do
+  use Plug.Test
+
+  def webhook_request_conn() do
+    body = """
+    {
+      "apiVersion": "admission.k8s.io/v1",
+      "kind": "AdmissionReview",
+      "request": {
+        "uid": "705ab4f5-6393-11e8-b7cc-42010a800002",
+        "kind": {
+          "group": "example.com",
+          "version": "v1alpha1",
+          "kind": "SomeCRD"
+        },
+        "resource": {
+          "group": "example.com",
+          "version": "v1alpha1",
+          "resource": "somecrds"
+        },
+        "requestKind": {
+          "group": "example.com",
+          "version": "v1alpha1",
+          "kind": "SomeCRD"
+        },
+        "requestResource": {
+          "group": "example.com",
+          "version": "v1alpha1",
+          "resource": "somecrds"
+        },
+        "name": "my-deployment",
+        "namespace": "my-namespace",
+        "operation": "UPDATE",
+        "userInfo": {
+          "username": "admin",
+          "uid": "014fbff9a07c",
+          "groups": [
+            "system:authenticated",
+            "my-admin-group"
+          ],
+          "extra": {
+            "some-key": [
+              "some-value1",
+              "some-value2"
+            ]
+          }
+        },
+        "object": {
+          "apiVersion": "autoscaling/v1",
+          "kind": "Scale"
+        },
+        "oldObject": {
+          "apiVersion": "autoscaling/v1",
+          "kind": "Scale"
+        },
+        "options": {
+          "apiVersion": "meta.k8s.io/v1",
+          "kind": "UpdateOptions"
+        },
+        "dryRun": false
+      }
+    }
+    """
+
+    conn("POST", "/webhook", body)
+    |> put_req_header("content-type", "application/json")
+  end
+end
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,7 @@ defmodule <%= @app_name %>.Application do @@
       defp children(:test), do: []
       defp children(env) do
         [
           {<%= @app_name %>.Operator, conn: <%= @app_name %>.K8sConn.get!(env)}
         ]
       end
@@ Expand Down @@