akillibulut
/
cost-model
mirrorاز https://github.com/kubecost/cost-model


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
							package aws

import (
	"testing"

	"github.com/opencost/opencost/core/pkg/util/json"
	"github.com/opencost/opencost/pkg/cloud"
)

func TestAuthorizerJSON_Sanitize(t *testing.T) {

	testCases := map[string]struct {
		input    Authorizer
		expected Authorizer
	}{
		"Access Key": {
			input: &AccessKey{
				ID:     "ID",
				Secret: "Secret",
			},
			expected: &AccessKey{
				ID:     "ID",
				Secret: cloud.Redacted,
			},
		},
		"Service Account": {
			input:    &ServiceAccount{},
			expected: &ServiceAccount{},
		},
		"Master Payer Access Key": {
			input: &AssumeRole{
				Authorizer: &AccessKey{
					ID:     "ID",
					Secret: "Secret",
				},
				RoleARN: "role arn",
			},
			expected: &AssumeRole{
				Authorizer: &AccessKey{
					ID:     "ID",
					Secret: cloud.Redacted,
				},
				RoleARN: "role arn",
			},
		},
		"Master Payer Service Account": {
			input: &AssumeRole{
				Authorizer: &ServiceAccount{},
				RoleARN:    "role arn",
			},
			expected: &AssumeRole{
				Authorizer: &ServiceAccount{},
				RoleARN:    "role arn",
			},
		},
		"Google Web Identity": {
			input: &WebIdentity{
				RoleARN:          "role arn",
				IdentityProvider: "Google",
				TokenRetriever: &GoogleIDTokenRetriever{
					Aud: "aud",
				},
			},
			expected: &WebIdentity{
				RoleARN:          "role arn",
				IdentityProvider: "Google",
				TokenRetriever: &GoogleIDTokenRetriever{
					Aud: "aud",
				},
			},
		},
	}
	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {

			b, err := tc.input.MarshalJSON()
			if err != nil {
				t.Errorf("Failed to Marshal Authorizer: %s", err)
			}

			var f interface{}
			err = json.Unmarshal(b, &f)
			if err != nil {
				t.Errorf("Failed to Unmarshal Authorizer: %s", err)
			}

			authorizer, err := cloud.AuthorizerFromInterface(f, SelectAuthorizerByType)
			if err != nil {
				t.Errorf("Failed to Unmarshal Authorizer: %s", err)
			}

			// Convert to AuthorizerJSON for sanitization
			if authorizer != nil {
				sanitizedAuthorizer := authorizer.Sanitize()

				if !tc.expected.Equals(sanitizedAuthorizer) {
					t.Error("Authorizer was not as expected after Sanitization")
				}
			}

		})
	}
}

func TestAuthorizerJSON_Encode(t *testing.T) {

	testCases := map[string]struct {
		authorizer Authorizer
	}{
		"Access Key": {
			authorizer: &AccessKey{
				ID:     "ID",
				Secret: "Secret",
			},
		},
		"Service Account": {
			authorizer: &ServiceAccount{},
		},
		"Master Payer Access Key": {
			authorizer: &AssumeRole{
				Authorizer: &AccessKey{
					ID:     "ID",
					Secret: "Secret",
				},
				RoleARN: "role arn",
			},
		},
		"Master Payer Service Account": {
			authorizer: &AssumeRole{
				Authorizer: &ServiceAccount{},
				RoleARN:    "role arn",
			},
		},
		"Google Web Identity": {
			authorizer: &WebIdentity{
				RoleARN:          "role arn",
				IdentityProvider: "Google",
				TokenRetriever: &GoogleIDTokenRetriever{
					Aud: "aud",
				},
			},
		},
	}
	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {

			b, err := tc.authorizer.MarshalJSON()
			if err != nil {
				t.Errorf("Failed to Marshal Authorizer: %s", err)
			}

			var f interface{}
			err = json.Unmarshal(b, &f)
			if err != nil {
				t.Errorf("Failed to Unmarshal Authorizer: %s", err)
			}

			authorizer, err := cloud.AuthorizerFromInterface(f, SelectAuthorizerByType)
			if err != nil {
				t.Errorf("Failed to Unmarshal Authorizer: %s", err)
			}

			if !tc.authorizer.Equals(authorizer) {
				t.Error("Authorizer was not as expected after Sanitization")
			}

		})
	}
}