improve tests

Signed-off-by: Francesco Ilario <filario@redhat.com>
codeready-toolchain · Aug 12, 2024 · 3452b2b · 3452b2b
1 parent 43f6c58
commit 3452b2b
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 5 deletions.
diff --git a/pkg/proxy/handlers/spacelister_get_test.go b/pkg/proxy/handlers/spacelister_get_test.go
@@ -748,6 +748,7 @@ func TestSpaceListerGetPublicViewerEnabled(t *testing.T) {
 	fakeSignupService := fake.NewSignupService(
 		newSignup("batman", "batman.space", true),
 		newSignup("robin", "robin.space", true),
+		newSignup("gordon", "gordon.no-space", false),
 	)
 
 	fakeClient := fake.InitClient(t,
@@ -797,11 +798,16 @@ func TestSpaceListerGetPublicViewerEnabled(t *testing.T) {
 			expectedWorkspace: nil,
 			expectedErr:       "",
 		},
-		"gordon can get batman workspace": {
-			username:          "gordon.space",
+		"gordon can get robin workspace": {
+			username:          "gordon.no-space",
 			workspaceRequest:  "robin",
 			expectedWorkspace: publicRobinWS,
 		},
+		"gordon can not get batman workspace": {
+			username:          "gordon.no-space",
+			workspaceRequest:  "batman",
+			expectedWorkspace: nil,
+		},
 	}
 
 	for k, tc := range tests {
@@ -848,11 +854,12 @@ func TestSpaceListerGetPublicViewerEnabled(t *testing.T) {
 	}
 }
 
-func TestSpaceListerGetWithBindingsWithPublicViewerEnabled(t *testing.T) {
+func TestGetUserWorkspaceWithBindingsWithPublicViewerEnabled(t *testing.T) {
 
 	fakeSignupService := fake.NewSignupService(
 		newSignup("batman", "batman.space", true),
 		newSignup("robin", "robin.space", true),
+		newSignup("gordon", "gordon.no-space", false),
 	)
 
 	fakeClient := fake.InitClient(t,
@@ -927,6 +934,21 @@ func TestSpaceListerGetWithBindingsWithPublicViewerEnabled(t *testing.T) {
 			workspaceRequest:  "batman",
 			expectedWorkspace: nil,
 		},
+		"gordon can not get batman workspace": {
+			username:          "gordon.no-space",
+			workspaceRequest:  "batman",
+			expectedWorkspace: nil,
+		},
+		"gordon can get robin workspace": {
+			username:         "gordon.no-space",
+			workspaceRequest: "robin",
+			expectedWorkspace: func() *toolchainv1alpha1.Workspace {
+				batmansRobinWS := robinWS.DeepCopy()
+				batmansRobinWS.Status.Type = ""
+				batmansRobinWS.Status.Role = "viewer"
+				return batmansRobinWS
+			}(),
+		},
 	}
 
 	for k, tc := range tests {

diff --git a/pkg/proxy/proxy_community_test.go b/pkg/proxy/proxy_community_test.go
@@ -68,6 +68,8 @@ func (s *TestProxySuite) checkProxyCommunityOK(fakeApp *fake.ProxyFakeApp, p *Pr
 	s.Run("successfully proxy", func() {
 		owner := uuid.New()
 		communityUser := uuid.New()
+		alice := uuid.New()
+		notReadyUser := uuid.New()
 		httpTestServerResponse := "my response"
 
 		// Start the member-2 API Server
@@ -110,6 +112,24 @@ func (s *TestProxySuite) checkProxyCommunityOK(fakeApp *fake.ProxyFakeApp, p *Pr
 				RequestPath:                 fmt.Sprintf("http://localhost:%s/workspaces/communityspace/api/communityspace/pods", port),
 				ExpectedResponse:            httpTestServerResponse,
 			},
+			// Given A not ready user exists
+			// When  the not ready user requests the list of pods in workspace communityspace
+			// Then  the request is forwarded from the proxy
+			// And   the request impersonates the not ready user
+			// And   the request's X-SSO-User Header is set to not ready user's ID
+			// And   the request is successful
+			"plain http actual request as notReadyUser": {
+				ProxyRequestMethod:  "GET",
+				ProxyRequestHeaders: map[string][]string{"Authorization": {"Bearer " + s.token(notReadyUser)}},
+				ExpectedAPIServerRequestHeaders: map[string][]string{
+					"Authorization":    {"Bearer clusterSAToken"},
+					"Impersonate-User": {toolchainv1alpha1.KubesawAuthenticatedUsername},
+					"X-SSO-User":       {"username-" + notReadyUser.String()},
+				},
+				ExpectedProxyResponseStatus: http.StatusOK,
+				RequestPath:                 fmt.Sprintf("http://localhost:%s/workspaces/communityspace/api/communityspace/pods", port),
+				ExpectedResponse:            httpTestServerResponse,
+			},
 			// Given smith2 owns a workspace named communityspace
 			// And   communityspace is publicly visible (shared with PublicViewer)
 			// And   a user named communityuser exists
@@ -187,13 +207,13 @@ func (s *TestProxySuite) checkProxyCommunityOK(fakeApp *fake.ProxyFakeApp, p *Pr
 						Name:              "communityUser",
 						APIEndpoint:       testServer.URL,
 						ClusterName:       "member-2",
-						CompliantUsername: "communityuser",
+						CompliantUsername: "communityUser",
 						Username:          "communityUser@",
 						Status: signup.Status{
 							Ready: true,
 						},
 					}),
-					fake.Signup(communityUser.String(), &signup.Signup{
+					fake.Signup(alice.String(), &signup.Signup{
 						Name:              "alice",
 						APIEndpoint:       testServer.URL,
 						ClusterName:       "member-2",
@@ -203,6 +223,14 @@ func (s *TestProxySuite) checkProxyCommunityOK(fakeApp *fake.ProxyFakeApp, p *Pr
 							Ready: true,
 						},
 					}),
+					fake.Signup(notReadyUser.String(), &signup.Signup{
+						Name:              "notReadyUser",
+						CompliantUsername: "notReadyUser",
+						Username:          "notReadyUser@",
+						Status: signup.Status{
+							Ready: false,
+						},
+					}),
 				)
 				s.Application.MockSignupService(fakeApp.SignupServiceMock)
 				inf := fake.NewFakeInformer()