Exemplo n.º 1
0
        public async Task AddRole(
            string roleName,
            string roleArn
            )
        {
            var configMap = await _awsAuthConfigMapRepository.GetConfigMap();

            configMap.Data = configMap.Data ?? new Dictionary <string, string> {
                { "mapRoles", "" }
            };
            var groups       = new[] { "DFDS-ReadOnly", roleName };
            var modifiedYaml = ConfigMapEditor.AddRoleMapping(
                configMap.Data["mapRoles"],
                roleArn,
                roleName,
                groups
                );

            configMap.Data["mapRoles"] = modifiedYaml;

            await _awsAuthConfigMapRepository.WriteConfigMap(configMap);

            var awsAuthConfigMapYaml = configMap.SerializeToYaml();
            await _configMapPersistenceService.StoreFile(awsAuthConfigMapYaml);
        }
Exemplo n.º 2
0
        public void AddRoleMapping_GivenValidInput_ReturnsUsernameWithAddedSessionName()
        {
            // Arrange
            var roleARN  = "arn:aws:iam::228426479489:role/KubernetesTest";
            var username = "******";
            var groups   = new List <string>
            {
                "kub-test"
            };

            // Act
            var result = ConfigMapEditor.AddRoleMapping(mapRolesInput, roleARN, username, groups);

            // Assert
            Assert.NotNull(result);
            Assert.Contains($"{username}:{{{{SessionName}}}}", result);
        }
Exemplo n.º 3
0
        public void AddRoleMapping_GivenValidInput_ReturnsValidOutputWithGroupAdded()
        {
            // Arrange
            var roleARN  = "arn:aws:iam::228426479489:role/KubernetesTest";
            var username = "******";
            var groups   = new List <string>
            {
                "kub-test"
            };

            // Act
            var result = ConfigMapEditor.AddRoleMapping(mapRolesInput, roleARN, username, groups);

            // Assert
            Assert.NotNull(result);
            Assert.Contains(groups.First(), result);
        }
Exemplo n.º 4
0
        public void AddRoleMapping_MultipleMappings_ReturnsMultipleUsernamesAdded()
        {
            // Arrange
            var roleARN1  = "arn:aws:iam::228426479489:role/KubernetesTest";
            var username1 = "kubernetes-test";
            var roleARN2  = "arn:aws:iam::228426479489:role/KubernetesTest2";
            var username2 = "kubernetes-test2";
            var groups    = new List <string>
            {
                "kub-test"
            };

            // Act
            var result1 = ConfigMapEditor.AddRoleMapping(mapRolesInput, roleARN1, username1, groups);
            var result2 = ConfigMapEditor.AddRoleMapping(result1, roleARN2, username2, groups);

            // Assert
            Assert.NotNull(result2);
            Assert.Contains(username1, result2);
            Assert.Contains(username2, result2);
        }
Exemplo n.º 5
0
        public void Will_Place_RoleMapping_In_Correct_Place()
        {
            // Arrange
            var initialMap =
                "apiVersion: v1" + System.Environment.NewLine + "data:" + System.Environment.NewLine + "  mapRoles: >" + System.Environment.NewLine + "    - rolearn: arn:aws:iam::123456789012:role/Awesome" + System.Environment.NewLine + "      username: Awesome:{{SessionName}}" + System.Environment.NewLine + "      groups:" + System.Environment.NewLine + "      - DFDS-ReadOnly" + System.Environment.NewLine + "kind: ConfigMap" + System.Environment.NewLine + "metadata:" + System.Environment.NewLine + "  name: aws-auth" + System.Environment.NewLine + "  namespace: kube-system";


            // Act
            var resultMap = ConfigMapEditor.AddRoleMapping(
                initialMap,
                roleArn: "roleArn",
                userName: "******",
                groups: new[] { "group1", "group2" }
                );

            // Assert
            var expected =
                "apiVersion: v1" + System.Environment.NewLine + "data:" + System.Environment.NewLine + "  mapRoles: >" + System.Environment.NewLine + "    - rolearn: arn:aws:iam::123456789012:role/Awesome" + System.Environment.NewLine + "      username: Awesome:{{SessionName}}" + System.Environment.NewLine + "      groups:" + System.Environment.NewLine + "      - DFDS-ReadOnly" + System.Environment.NewLine + "kind: ConfigMap" + System.Environment.NewLine + "metadata:" + System.Environment.NewLine + "  name: aws-auth" + System.Environment.NewLine + "  namespace: kube-system" + System.Environment.NewLine + "- rolearn: roleArn" + System.Environment.NewLine + "  username: userName:{{SessionName}}" + System.Environment.NewLine + "  groups:" + System.Environment.NewLine + "    - group1" + System.Environment.NewLine + "    - group2" + System.Environment.NewLine + "";

            Assert.Equal(expected, resultMap);
        }
Exemplo n.º 6
0
        public void Will_Place_RoleMapping_In_Correct_Place()
        {
            // Arrange
            var initialMap =
                "apiVersion: v1\r\ndata:\r\n  mapRoles: >\r\n    - rolearn: arn:aws:iam::123456789012:role/Awesome\r\n      username: Awesome:{{SessionName}}\r\n      groups:\r\n      - DFDS-ReadOnly\r\nkind: ConfigMap\r\nmetadata:\r\n  name: aws-auth\r\n  namespace: kube-system";


            // Act
            var resultMap = ConfigMapEditor.AddRoleMapping(
                initialMap,
                roleArn: "roleArn",
                userName: "******",
                groups: new[] { "group1", "group2" }
                );


            // Assert
            var expected =
                "apiVersion: v1\r\ndata:\r\n  mapRoles: >\r\n    - rolearn: arn:aws:iam::123456789012:role/Awesome\r\n      username: Awesome:{{SessionName}}\r\n      groups:\r\n      - DFDS-ReadOnly\r\nkind: ConfigMap\r\nmetadata:\r\n  name: aws-auth\r\n  namespace: kube-system\r\n- rolearn: roleArn\n  username: userName:{{SessionName}}\n  groups:\n    - group1\n    - group2\n";

            Assert.Equal(expected, resultMap);
        }