Skip to content

Commit

Permalink
Create viewer role and -binding if not existing
Browse files Browse the repository at this point in the history
  • Loading branch information
@ccremer
ccremer committed Mar 13, 2023
1 parent 8c5d737 commit 0ff7bdc
Show file tree
Hide file tree
Showing 6 changed files with 159 additions and 118 deletions.
160 changes: 97 additions & 63 deletions cypress/e2e/billingentity-members.cy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ import { ClusterRoleBinding, ClusterRoleBindingPermissions } from '../../src/app
import { billingEntityNxt } from '../fixtures/billingentities';
import { createClusterRoleBinding } from '../fixtures/clusterrole-binding';
import { createClusterRole } from '../fixtures/clusterrole';
import { ClusterRole, ClusterRolePermissions } from '../../src/app/types/clusterRole';
import { ClusterRolePermissions } from '../../src/app/types/clusterRole';

describe('billing entity edit members with existing admin roles', () => {
describe('billing entity edit members with existing roles', () => {
beforeEach(() => {
cy.setupAuth();
window.localStorage.setItem('hideFirstTimeLoginDialog', 'true');
Expand All @@ -26,7 +26,10 @@ describe('billing entity edit members with existing admin roles', () => {
{ verb: 'update', ...ClusterRoleBindingPermissions, name: 'billingentities-be-2345-admin' }
);
cy.intercept('GET', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles/billingentities-be-2345-admin', {
body: createClusterRole('be-2345'),
body: createClusterRole('be-2345', true),
});
cy.intercept('GET', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles/billingentities-be-2345-viewer', {
body: createClusterRole('be-2345', false),
});
});

Expand All @@ -38,28 +41,36 @@ describe('billing entity edit members with existing admin roles', () => {
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig'] }),
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig'], exists: true }),
}
);
cy.intercept(
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'] }),
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'], exists: true }),
}
);
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-viewer',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
).as('updateViewer');
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-admin',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
).as('updateAdmin');

Expand Down Expand Up @@ -94,28 +105,36 @@ describe('billing entity edit members with existing admin roles', () => {
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-viewer',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);
cy.intercept(
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-admin',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig'] }),
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig'], exists: true }),
}
).as('updateViewer');
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'] }),
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'], exists: true }),
}
).as('updateAdmin');

Expand Down Expand Up @@ -149,14 +168,22 @@ describe('billing entity edit members with existing admin roles', () => {
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-viewer',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);
cy.intercept(
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-admin',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);

Expand All @@ -174,28 +201,40 @@ describe('billing entity edit members with existing admin roles', () => {
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-viewer',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);
cy.intercept(
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-admin',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
);
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#mig', 'appuio#crc'] }),
body: createClusterRoleBinding({
name: 'billingentities-be-2345-viewer',
users: ['appuio#mig', 'appuio#crc'],
exists: true,
}),
}
).as('updateViewer');
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'] }),
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#mig'], exists: true }),
}
).as('updateAdmin');

Expand Down Expand Up @@ -252,7 +291,7 @@ describe('billing entity edit members with existing admin roles', () => {
});
});

describe('billing entity edit members without admin roles', () => {
describe('billing entity edit members without initial roles', () => {
beforeEach(() => {
cy.setupAuth();
window.localStorage.setItem('hideFirstTimeLoginDialog', 'true');
Expand All @@ -274,17 +313,14 @@ describe('billing entity edit members without admin roles', () => {
cy.intercept('GET', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles/billingentities-be-2345-admin', {
statusCode: 404,
});
});

it('add member', () => {
cy.intercept('GET', 'appuio-api/apis/billing.appuio.io/v1/billingentities/be-2345', {
body: billingEntityNxt,
cy.intercept('GET', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles/billingentities-be-2345-viewer', {
statusCode: 404,
});
cy.intercept(
'GET',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: [] }),
statusCode: 404,
}
);
cy.intercept(
Expand All @@ -294,52 +330,50 @@ describe('billing entity edit members without admin roles', () => {
statusCode: 404,
}
);
cy.intercept('POST', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles', {
body: createClusterRole('be-2345'),
}).as('createAdminRole');
});

cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-viewer',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#crc'] }),
it('add member', () => {
cy.intercept('GET', 'appuio-api/apis/billing.appuio.io/v1/billingentities/be-2345', {
body: billingEntityNxt,
});
cy.intercept('POST', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterroles', (req) => {
if (req.body.metadata.name.includes('admin')) {
expect(req.body.rules).to.have.length(2);
const rule = req.body.rules && req.body.rules[0];
expect(rule && rule.resourceNames).to.include('billingentities-be-2345-admin');
expect(rule && rule.verbs).to.eql(['*']);

req.reply(createClusterRole('be-2345', true));
return;
}
).as('updateViewer');
cy.intercept(
'PUT',
'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/billingentities-be-2345-admin',
{
body: createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#crc'] }),
if (req.body.metadata.name.includes('viewer')) {
const rule = req.body.rules && req.body.rules[0];
expect(rule && rule.resourceNames).to.include('billingentities-be-2345-viewer');
expect(rule && rule.verbs).to.eql(['get', 'watch']);

req.reply(createClusterRole('be-2345', false));
return;
}
}).as('createRole');

cy.intercept('POST', 'appuio-api/apis/rbac.authorization.k8s.io/v1/clusterrolebindings', (req) => {
expect(req.body.subjects).to.have.length(1);
const subject = req.body.subjects && req.body.subjects[0];
expect(subject && subject.name).to.eq('appuio#crc');

if (req.body.metadata.name.includes('admin')) {
req.reply(createClusterRoleBinding({ name: 'billingentities-be-2345-admin', users: ['appuio#crc'] }));
}
).as('createAdminBinding');
if (req.body.metadata.name.includes('viewer')) {
req.reply(createClusterRoleBinding({ name: 'billingentities-be-2345-viewer', users: ['appuio#crc'] }));
}
}).as('createRoleBinding');

cy.visit('/billingentities/be-2345/members');
cy.get('.text-3xl').should('contain.text', 'be-2345 Members');
cy.get('[data-cy="name-input-0"]').type('crc');
cy.get('p-multiselect').eq(0).click().contains('billingentities-be-2345-admin').click();
cy.get('button[type=submit]').click();
cy.wait('@updateViewer');
cy.wait('@createAdminBinding');
cy.wait('@createAdminRole');
cy.get('@updateViewer')
.its('request.body')
.then((body: ClusterRoleBinding) => {
expect(body.subjects).to.have.length(1);
const subject = body.subjects && body.subjects[0];
expect(subject && subject.name).to.eq('appuio#crc');
});
cy.get('@createAdminBinding')
.its('request.body')
.then((body: ClusterRoleBinding) => {
expect(body.subjects).to.have.length(1);
const subject = body.subjects && body.subjects[0];
expect(subject && subject.name).to.eq('appuio#crc');
});
cy.get('@createAdminRole')
.its('request.body')
.then((body: ClusterRole) => {
expect(body.rules).to.have.length(2);
const rule = body.rules && body.rules[0];
expect(rule && rule.resourceNames).to.include('billingentities-be-2345-admin');
});
cy.wait(['@createRole', '@createRoleBinding']);
});
});
2 changes: 2 additions & 0 deletions cypress/fixtures/clusterrole-binding.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { ClusterRoleBinding } from '../../src/app/types/clusterrole-binding';
export interface ClusterRoleBindingConfig {
name: string;
users: string[];
exists?: boolean;
}

export function createClusterRoleBinding(config: ClusterRoleBindingConfig): ClusterRoleBinding {
Expand All @@ -11,6 +12,7 @@ export function createClusterRoleBinding(config: ClusterRoleBindingConfig): Clus
kind: 'ClusterRoleBinding',
metadata: {
name: config.name,
creationTimestamp: config.exists ? 'timestamp-irrelevant' : undefined,
},
roleRef: {
name: config.name,
Expand Down
8 changes: 4 additions & 4 deletions cypress/fixtures/clusterrole.ts
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
import { ClusterRole } from '../../src/app/types/clusterRole';

export function createClusterRole(beName: string): ClusterRole {
export function createClusterRole(beName: string, admin: boolean): ClusterRole {
return {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: `billingentities-${beName}-admin`,
name: `billingentities-${beName}-${admin ? 'admin' : 'viewer'}`,
},
rules: [
{
verbs: ['get', 'update', 'create', 'watch', 'patch', 'delete'],
verbs: admin ? ['get', 'update', 'create', 'watch', 'patch', 'delete'] : ['get', 'watch'],
apiGroups: ['rbac.authorization.k8s.io'],
resources: ['clusterrolebindings'],
resourceNames: [`billingentities-${beName}-admin`],
resourceNames: [`billingentities-${beName}-${admin ? 'admin' : 'viewer'}`],
},
{
verbs: ['get'],
Expand Down
6 changes: 3 additions & 3 deletions src/app/billingentity/billingentity-members/billingentity-members.component.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
<div class="field col-11 md:col-1">
<button
(click)="removeFormControl(i)"
*ngIf="!last && payload.canEdit; else noButton"
*ngIf="!last; else noButton"
class="p-button"
i18n-title
pButton
Expand All @@ -67,11 +67,11 @@
</button>
</div>
<ng-template #noButton>
<div *ngIf="payload.canEdit" class="ml-3 w-3rem"></div>
<div class="ml-3 w-3rem"></div>
</ng-template>
</div>

<div *ngIf="payload.canEdit">
<div>
<div *ngIf="isRemovingOwnUser" class="grid mb-2 mt-2">
<p-message
i18n-text
Expand Down
Loading

0 comments on commit 0ff7bdc

Please sign in to comment.