testiam

package
v1.116.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Resource kinds with customized binding roles for IAM integration test.
	ResourceContexts = []IAMResourceContext{
		{
			Kind:              "BigtableInstance",
			CreateBindingRole: "roles/bigtable.viewer",
			UpdateBindingRole: "roles/bigtable.user",
		},
		{
			Kind:              "KMSKeyRing",
			CreateBindingRole: "roles/cloudkms.publicKeyViewer",
			UpdateBindingRole: "roles/cloudkms.admin",
		},
		{
			Kind:              "Project",
			Name:              "projectinfolder",
			CreateBindingRole: "roles/storage.objectAdmin",
			UpdateBindingRole: "roles/storage.admin",
		},
		{
			Kind:              "Folder",
			Name:              "folderinfolder",
			CreateBindingRole: "roles/storage.objectAdmin",
			UpdateBindingRole: "roles/storage.admin",
		},
		{
			Kind:              "PubSubTopic",
			CreateBindingRole: "roles/pubsub.viewer",
			UpdateBindingRole: "roles/pubsub.editor",
		},
		{
			Kind:              "PubSubSubscription",
			CreateBindingRole: "roles/pubsub.subscriber",
			UpdateBindingRole: "roles/pubsub.viewer",
		},
		{
			Kind:              "SpannerInstance",
			CreateBindingRole: "roles/spanner.databaseReader",
			UpdateBindingRole: "roles/spanner.databaseUser",
		},
		{
			Kind:              "StorageBucket",
			CreateBindingRole: "roles/storage.admin",
			UpdateBindingRole: "roles/storage.objectAdmin",
		},
		{
			Kind:              "IAMServiceAccount",
			CreateBindingRole: "roles/iam.serviceAccountUser",
			UpdateBindingRole: "roles/iam.serviceAccountAdmin",
		},
		{
			Kind:              "DataprocCluster",
			CreateBindingRole: "roles/dataproc.editor",
			UpdateBindingRole: "roles/dataproc.admin",
		},
	}
)

Functions

func AssertSamePolicy 

func AssertSamePolicy(t *testing.T, k8sPolicy, gcpPolicy *v1beta1.IAMPolicy)

func ContainsBindings 

func ContainsBindings(a, b []v1beta1.IAMPolicyBinding) bool

If slice a contains all bindings in slice b, return true.

func FixtureSupportsIAMAuditConfigs 

func FixtureSupportsIAMAuditConfigs(t *testing.T, smLoader *servicemappingloader.ServiceMappingLoader, serviceMetadataLoader dclmetadata.ServiceMetadataLoader, fixture resourcefixture.ResourceFixture) bool

func FixtureSupportsIAMPolicy 

func FixtureSupportsIAMPolicy(t *testing.T, smLoader *servicemappingloader.ServiceMappingLoader,
	serviceMetadataLoader dclmetadata.ServiceMetadataLoader, dclSchemaLoader dclschemaloader.DCLSchemaLoader, fixture resourcefixture.ResourceFixture) bool

func NewExternalRef 

func NewExternalRef(refResource *unstructured.Unstructured, provider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader) (v1beta1.ResourceReference, error)

func NewIAMClient 

func NewIAMClient(sysContext testrunner.SystemContext) *kcciamclient.IAMClient

func NewResourceRef 

func NewResourceRef(refResource *unstructured.Unstructured) v1beta1.ResourceReference

func RunResourceLevelTest 

func RunResourceLevelTest(ctx context.Context, t *testing.T, mgr manager.Manager, iamTestFunc ResourceLevelTestFunc, shouldRunFunc resourcefixture.ShouldRunFunc)

Runs a resource level test against all resources. testFunc will be executed once for each resource that supports IAMPolicy. shouldRunFunc is optional, it can be supplied to skip tests for resources that don't support a given operation (e.g. deleting the IAMPolicy on a storage bucket)

func RunResourceLevelTestWithExternalRef 

func RunResourceLevelTestWithExternalRef(ctx context.Context, t *testing.T, mgr manager.Manager, iamTestFunc ResourceLevelTestFunc, shouldRunFunc resourcefixture.ShouldRunFunc)

Runs a resource level test against all resources, but creates an external resource reference to point to the referenced resource instead of a regular resource reference.

func SameAuditConfigs 

func SameAuditConfigs(a, b []v1beta1.IAMPolicyAuditConfig) bool

func SameAuditLogConfigs 

func SameAuditLogConfigs(a, b []v1beta1.AuditLogConfig) bool

func SameBindings 

func SameBindings(a, b []v1beta1.IAMPolicyBinding) bool

func ShouldRunAcquire 

func ShouldRunAcquire(fixture resourcefixture.ResourceFixture) bool

func ShouldRunDeleteParentFirst 

func ShouldRunDeleteParentFirst(fixture resourcefixture.ResourceFixture) bool

func ShouldRunWithAuditConfigs 

func ShouldRunWithAuditConfigs(fixture resourcefixture.ResourceFixture) bool

func ShouldRunWithExternalRef 

func ShouldRunWithExternalRef(fixture resourcefixture.ResourceFixture) bool

func ShouldRunWithIAMConditions 

func ShouldRunWithIAMConditions(fixture resourcefixture.ResourceFixture) bool

func ShouldRunWithTFResourcesOnly 

func ShouldRunWithTFResourcesOnly(fixture resourcefixture.ResourceFixture) bool

Types

type IAMResourceContext 

type IAMResourceContext struct {
	Kind              string
	Name              string
	CreateBindingRole string
	UpdateBindingRole string
}

func GetResourceContext 

func GetResourceContext(t *testing.T, kind string) *IAMResourceContext

type ResourceLevelTestFunc 

type ResourceLevelTestFunc func(ctx context.Context, t *testing.T, testID string, mgr manager.Manager, rc IAMResourceContext, refResource *unstructured.Unstructured, resourceRef v1beta1.ResourceReference)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.