test: more destination check tests (argoproj#20617)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Adrian Aneci <aneci@adobe.com>
adriananeci · Dec 4, 2024 · 864d118 · 864d118
1 parent c857775
commit 864d118
Showing 1 changed file with 48 additions and 8 deletions.
diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go
@@ -107,100 +107,140 @@ func TestAppProject_IsNegatedSourcePermitted(t *testing.T) {
 }
 
 func TestAppProject_IsDestinationPermitted(t *testing.T) {
+	t.Parallel()
+
 	testData := []struct {
+		name        string
 		projDest    []ApplicationDestination
 		appDest     ApplicationDestination
 		isPermitted bool
 	}{
 		{
+			name: "server an namespace match",
 			projDest: []ApplicationDestination{{
 				Server: "https://kubernetes.default.svc", Namespace: "default",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"},
 			isPermitted: true,
 		},
 		{
+			name: "namespace does not match",
 			projDest: []ApplicationDestination{{
 				Server: "https://kubernetes.default.svc", Namespace: "default",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"},
 			isPermitted: false,
 		},
 		{
+			name: "server does not match",
 			projDest: []ApplicationDestination{{
 				Server: "https://my-cluster", Namespace: "default",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"},
 			isPermitted: false,
 		},
 		{
+			name: "wildcard namespace",
 			projDest: []ApplicationDestination{{
 				Server: "https://kubernetes.default.svc", Namespace: "*",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"},
 			isPermitted: true,
 		},
 		{
+			name: "wildcard server",
 			projDest: []ApplicationDestination{{
 				Server: "https://*.default.svc", Namespace: "default",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"},
 			isPermitted: true,
 		},
 		{
+			name: "wildcard server and namespace",
 			projDest: []ApplicationDestination{{
 				Server: "https://team1-*", Namespace: "default",
 			}},
 			appDest:     ApplicationDestination{Server: "https://test2-dev-cluster", Namespace: "default"},
 			isPermitted: false,
 		},
 		{
+			name: "wildcard namespace with prefix",
 			projDest: []ApplicationDestination{{
 				Server: "https://kubernetes.default.svc", Namespace: "test-*",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test-foo"},
 			isPermitted: true,
 		},
 		{
+			name: "wildcard namespace without prefix",
 			projDest: []ApplicationDestination{{
 				Server: "https://kubernetes.default.svc", Namespace: "test-*",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"},
 			isPermitted: false,
 		},
 		{
+			name: "wildcard server and namespace",
 			projDest: []ApplicationDestination{{
 				Server: "*", Namespace: "*",
 			}},
 			appDest:     ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"},
 			isPermitted: true,
 		},
 		{
+			name: "wildcard server and namespace with name",
 			projDest: []ApplicationDestination{{
 				Server: "", Namespace: "*", Name: "test",
 			}},
 			appDest:     ApplicationDestination{Name: "test", Namespace: "test"},
 			isPermitted: true,
 		},
 		{
+			name: "wildcard server and namespace with different name",
 			projDest: []ApplicationDestination{{
 				Server: "", Namespace: "*", Name: "test2",
 			}},
 			appDest:     ApplicationDestination{Name: "test", Namespace: "test"},
 			isPermitted: false,
 		},
+		/**
+		  - name: host-cluster
+		    namespace: '!{kube-system,argocd}'
+		    server: 'https://kubernetes.default.svc'
+		  - name: destination-cluster-01
+		    namespace: '*'
+		    server: 'https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com'
+
+		  destination:
+		    server: https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com
+		    namespace: karpenter
+		*/
+		{
+			name: "negated namespace with multiple values",
+			projDest: []ApplicationDestination{
+				{Name: "host-cluster", Server: "https://kubernetes.default.svc", Namespace: "!{kube-system,argocd}"},
+				{Name: "destination-cluster-01", Server: "https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com", Namespace: "*"},
+			},
+			appDest:     ApplicationDestination{Server: "https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com", Namespace: "kube-system"},
+			isPermitted: true,
+		},
 	}
 
 	for _, data := range testData {
-		proj := AppProject{
-			Spec: AppProjectSpec{
-				Destinations: data.projDest,
-			},
-		}
-		permitted, _ := proj.IsDestinationPermitted(data.appDest, func(project string) ([]*Cluster, error) {
-			return []*Cluster{}, nil
+		data := data
+		t.Run(data.name, func(t *testing.T) {
+			t.Parallel()
+
+			proj := AppProject{
+				Spec: AppProjectSpec{
+					Destinations: data.projDest,
+				},
+			}
+			permitted, _ := proj.IsDestinationPermitted(data.appDest, func(project string) ([]*Cluster, error) {
+				return []*Cluster{}, nil
+			})
+			assert.Equal(t, data.isPermitted, permitted)
 		})
-		assert.Equal(t, data.isPermitted, permitted)
 	}
 }