TUN-6927: Refactor validate access configuration to allow empty audTags only

This commit is contained in:
João Oliveirinha 2022-11-09 12:12:37 +00:00
parent 515ad7cbee
commit a1d88a6cdd
2 changed files with 44 additions and 12 deletions

View File

@ -175,18 +175,10 @@ func validateAccessConfiguration(cfg *config.AccessConfig) error {
return nil return nil
} }
// It is possible to set `required:true` and not have these two configured yet. // we allow for an initial setup where user can force Access but not configure the rest of the keys.
// But if one of them is configured, we'd validate for correctness. // however, if the user specified audTags but forgot teamName, we should alert it.
if len(cfg.AudTag) == 0 && cfg.TeamName == "" { if cfg.TeamName == "" && len(cfg.AudTag) > 0 {
return nil return errors.New("access.TeamName cannot be blank when access.audTags are present")
}
if len(cfg.AudTag) == 0 {
return errors.New("access audtag cannot be empty")
}
if cfg.TeamName == "" {
return errors.New("access.TeamName cannot be blank")
} }
return nil return nil

View File

@ -674,6 +674,46 @@ ingress:
} }
} }
func TestParseAccessConfig(t *testing.T) {
tests := []struct {
name string
cfg config.AccessConfig
expectError bool
}{
{
name: "Config required with teamName only",
cfg: config.AccessConfig{Required: true, TeamName: "team"},
expectError: false,
},
{
name: "required false",
cfg: config.AccessConfig{Required: false},
expectError: false,
},
{
name: "required true but empty config",
cfg: config.AccessConfig{Required: true},
expectError: false,
},
{
name: "complete config",
cfg: config.AccessConfig{Required: true, TeamName: "team", AudTag: []string{"a"}},
expectError: false,
},
{
name: "required true with audTags but no teamName",
cfg: config.AccessConfig{Required: true, AudTag: []string{"a"}},
expectError: true,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
err := validateAccessConfiguration(&test.cfg)
require.Equal(t, err != nil, test.expectError)
})
}
}
func MustReadIngress(s string) *config.Configuration { func MustReadIngress(s string) *config.Configuration {
var conf config.Configuration var conf config.Configuration
err := yaml.Unmarshal([]byte(s), &conf) err := yaml.Unmarshal([]byte(s), &conf)