TUN-6927: Refactor validate access configuration to allow empty audTags only
This commit is contained in:
João Oliveirinha
parent
515ad7cbee
commit
a1d88a6cdd
|
|
@ -175,18 +175,10 @@ func validateAccessConfiguration(cfg *config.AccessConfig) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// It is possible to set `required:true` and not have these two configured yet.
|
// we allow for an initial setup where user can force Access but not configure the rest of the keys.
|
||||||
// But if one of them is configured, we'd validate for correctness.
|
// however, if the user specified audTags but forgot teamName, we should alert it.
|
||||||
if len(cfg.AudTag) == 0 && cfg.TeamName == "" {
|
if cfg.TeamName == "" && len(cfg.AudTag) > 0 {
|
||||||
return nil
|
return errors.New("access.TeamName cannot be blank when access.audTags are present")
|
||||||
}
|
|
||||||
|
|
||||||
if len(cfg.AudTag) == 0 {
|
|
||||||
return errors.New("access audtag cannot be empty")
|
|
||||||
}
|
|
||||||
|
|
||||||
if cfg.TeamName == "" {
|
|
||||||
return errors.New("access.TeamName cannot be blank")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
|
||||||
|
|
@ -674,6 +674,46 @@ ingress:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestParseAccessConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
cfg config.AccessConfig
|
||||||
|
expectError bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "Config required with teamName only",
|
||||||
|
cfg: config.AccessConfig{Required: true, TeamName: "team"},
|
||||||
|
expectError: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "required false",
|
||||||
|
cfg: config.AccessConfig{Required: false},
|
||||||
|
expectError: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "required true but empty config",
|
||||||
|
cfg: config.AccessConfig{Required: true},
|
||||||
|
expectError: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "complete config",
|
||||||
|
cfg: config.AccessConfig{Required: true, TeamName: "team", AudTag: []string{"a"}},
|
||||||
|
expectError: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "required true with audTags but no teamName",
|
||||||
|
cfg: config.AccessConfig{Required: true, AudTag: []string{"a"}},
|
||||||
|
expectError: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, test := range tests {
|
||||||
|
t.Run(test.name, func(t *testing.T) {
|
||||||
|
err := validateAccessConfiguration(&test.cfg)
|
||||||
|
require.Equal(t, err != nil, test.expectError)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func MustReadIngress(s string) *config.Configuration {
|
func MustReadIngress(s string) *config.Configuration {
|
||||||
var conf config.Configuration
|
var conf config.Configuration
|
||||||
err := yaml.Unmarshal([]byte(s), &conf)
|
err := yaml.Unmarshal([]byte(s), &conf)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue