Skip to content

Commit

Permalink
rbac: adjust return consistency
Browse files Browse the repository at this point in the history
  • Loading branch information
sebrandon1 committed Jan 3, 2025
1 parent 708bb26 commit 04df64c
Show file tree
Hide file tree
Showing 6 changed files with 67 additions and 50 deletions.
24 changes: 14 additions & 10 deletions pkg/rbac/clusterrole.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,13 @@ func NewClusterRoleBuilder(apiClient *clients.Settings, name string, rule rbacv1
"name: %s, policy rule: %v",
name, rule)

builder := ClusterRoleBuilder{
if apiClient == nil {
glog.V(100).Infof("The apiClient is empty")

return nil
}

builder := &ClusterRoleBuilder{
apiClient: apiClient,
Definition: &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -51,11 +57,13 @@ func NewClusterRoleBuilder(apiClient *clients.Settings, name string, rule rbacv1
glog.V(100).Infof("The name of the clusterrole is empty")

builder.errorMsg = "clusterrole 'name' cannot be empty"

return builder
}

builder.WithRules([]rbacv1.PolicyRule{rule})

return &builder
return builder
}

// WithRules appends additional rules to the clusterrole definition.
Expand All @@ -71,9 +79,7 @@ func (builder *ClusterRoleBuilder) WithRules(rules []rbacv1.PolicyRule) *Cluster
glog.V(100).Infof("The list of rules is empty")

builder.errorMsg = "cannot accept nil or empty slice as rules"
}

if builder.errorMsg != "" {
return builder
}

Expand All @@ -82,9 +88,7 @@ func (builder *ClusterRoleBuilder) WithRules(rules []rbacv1.PolicyRule) *Cluster
glog.V(100).Infof("The clusterrole rule must contain at least one Verb entry")

builder.errorMsg = "clusterrole rule must contain at least one Verb entry"
}

if builder.errorMsg != "" {
return builder
}
}
Expand Down Expand Up @@ -135,7 +139,7 @@ func PullClusterRole(apiClient *clients.Settings, name string) (*ClusterRoleBuil
return nil, fmt.Errorf("the apiClient cannot be nil")
}

builder := ClusterRoleBuilder{
builder := &ClusterRoleBuilder{
apiClient: apiClient,
Definition: &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -156,7 +160,7 @@ func PullClusterRole(apiClient *clients.Settings, name string) (*ClusterRoleBuil

builder.Definition = builder.Object

return &builder, nil
return builder, nil
}

// Create generates a clusterrole in the cluster and stores the created object in struct.
Expand Down Expand Up @@ -256,13 +260,13 @@ func (builder *ClusterRoleBuilder) validate() (bool, error) {
if builder.Definition == nil {
glog.V(100).Infof("The %s is undefined", resourceCRD)

builder.errorMsg = msg.UndefinedCrdObjectErrString(resourceCRD)
return false, fmt.Errorf(msg.UndefinedCrdObjectErrString(resourceCRD))
}

if builder.apiClient == nil {
glog.V(100).Infof("The %s builder apiclient is nil", resourceCRD)

builder.errorMsg = fmt.Sprintf("%s builder cannot have nil apiClient", resourceCRD)
return false, fmt.Errorf("%s builder cannot have nil apiClient", resourceCRD)
}

if builder.errorMsg != "" {
Expand Down
8 changes: 5 additions & 3 deletions pkg/rbac/clusterrole_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,12 @@ func TestNewClusterRoleBuilder(t *testing.T) {
testClusterRole := NewClusterRoleBuilder(client, testCase.name, testCase.rule)
if testCase.client {
assert.NotNil(t, testClusterRole)
}

if len(testCase.expectedErrorText) > 0 {
assert.Equal(t, testCase.expectedErrorText, testClusterRole.errorMsg)
if len(testCase.expectedErrorText) > 0 {
assert.Equal(t, testCase.expectedErrorText, testClusterRole.errorMsg)
}
} else {
assert.Nil(t, testClusterRole)
}
}
}
Expand Down
20 changes: 10 additions & 10 deletions pkg/rbac/clusterrolebinding.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func NewClusterRoleBindingBuilder(
"name: %s, clusterrole: %s, subject %v",
name, clusterRole, subject)

builder := ClusterRoleBindingBuilder{
builder := &ClusterRoleBindingBuilder{
apiClient: apiClient,
Definition: &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -57,9 +57,11 @@ func NewClusterRoleBindingBuilder(
glog.V(100).Infof("The name of the clusterrolebinding is empty")

builder.errorMsg = "clusterrolebinding 'name' cannot be empty"

return builder
}

return &builder
return builder
}

// WithSubjects appends additional subjects to clusterrolebinding definition.
Expand All @@ -75,9 +77,7 @@ func (builder *ClusterRoleBindingBuilder) WithSubjects(subjects []rbacv1.Subject
glog.V(100).Infof("The list of subjects is empty")

builder.errorMsg = "cannot accept nil or empty slice as subjects"
}

if builder.errorMsg != "" {
return builder
}

Expand All @@ -86,15 +86,15 @@ func (builder *ClusterRoleBindingBuilder) WithSubjects(subjects []rbacv1.Subject
glog.V(100).Infof("The clusterrolebinding subject kind must be one of 'ServiceAccount', 'User', or 'Group'")

builder.errorMsg = "clusterrolebinding subject kind must be one of 'ServiceAccount', 'User', or 'Group'"

return builder
}

if subject.Name == "" {
glog.V(100).Infof("The clusterrolebinding subject name cannot be empty")

builder.errorMsg = "clusterrolebinding subject name cannot be empty"
}

if builder.errorMsg != "" {
return builder
}
}
Expand Down Expand Up @@ -146,7 +146,7 @@ func PullClusterRoleBinding(apiClient *clients.Settings, name string) (*ClusterR
if name == "" {
glog.V(100).Infof("The name of the clusterrolebinding is empty")

builder.errorMsg = "clusterrolebinding 'name' cannot be empty"
return nil, fmt.Errorf("clusterrolebinding 'name' cannot be empty")
}

if !builder.Exists() {
Expand Down Expand Up @@ -203,7 +203,7 @@ func (builder *ClusterRoleBindingBuilder) Delete() error {

builder.Object = nil

return err
return nil
}

// Update modifies a clusterrolebinding object in the cluster.
Expand Down Expand Up @@ -252,13 +252,13 @@ func (builder *ClusterRoleBindingBuilder) validate() (bool, error) {
if builder.Definition == nil {
glog.V(100).Infof("The %s is undefined", resourceCRD)

builder.errorMsg = msg.UndefinedCrdObjectErrString(resourceCRD)
return false, fmt.Errorf(msg.UndefinedCrdObjectErrString(resourceCRD))
}

if builder.apiClient == nil {
glog.V(100).Infof("The %s builder apiclient is nil", resourceCRD)

builder.errorMsg = fmt.Sprintf("%s builder cannot have nil apiClient", resourceCRD)
return false, fmt.Errorf("%s builder cannot have nil apiClient", resourceCRD)
}

if builder.errorMsg != "" {
Expand Down
24 changes: 15 additions & 9 deletions pkg/rbac/role.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ func NewRoleBuilder(apiClient *clients.Settings, name, nsname string, rule rbacv
"Initializing new role structure with the following params: "+
"name: %s, namespace: %s, rule %v", name, nsname, rule)

if apiClient == nil {
glog.V(100).Infof("The apiClient is empty")

return nil
}

builder := &RoleBuilder{
apiClient: apiClient,
Definition: &rbacv1.Role{
Expand Down Expand Up @@ -78,9 +84,7 @@ func (builder *RoleBuilder) WithRules(rules []rbacv1.PolicyRule) *RoleBuilder {
glog.V(100).Infof("The list of rules is empty")

builder.errorMsg = "cannot create role with empty rule"
}

if builder.errorMsg != "" {
return builder
}

Expand All @@ -89,21 +93,23 @@ func (builder *RoleBuilder) WithRules(rules []rbacv1.PolicyRule) *RoleBuilder {
glog.V(100).Infof("The role has no verbs")

builder.errorMsg = "role must contain at least one Verb"

return builder
}

if len(rule.Resources) == 0 {
glog.V(100).Infof("The role has no resources")

builder.errorMsg = "role must contain at least one Resource"

return builder
}

if len(rule.APIGroups) == 0 {
glog.V(100).Infof("The role has no apigroups")

builder.errorMsg = "role must contain at least one APIGroup"
}

if builder.errorMsg != "" {
return builder
}
}
Expand Down Expand Up @@ -153,7 +159,7 @@ func PullRole(apiClient *clients.Settings, name, nsname string) (*RoleBuilder, e
return nil, fmt.Errorf("the apiClient cannot be nil")
}

builder := RoleBuilder{
builder := &RoleBuilder{
apiClient: apiClient,
Definition: &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -181,7 +187,7 @@ func PullRole(apiClient *clients.Settings, name, nsname string) (*RoleBuilder, e

builder.Definition = builder.Object

return &builder, nil
return builder, nil
}

// Create makes a Role in the cluster and stores the created object in struct.
Expand Down Expand Up @@ -229,7 +235,7 @@ func (builder *RoleBuilder) Delete() error {

builder.Object = nil

return err
return nil
}

// Update modifies the existing Role object with role definition in builder.
Expand Down Expand Up @@ -282,13 +288,13 @@ func (builder *RoleBuilder) validate() (bool, error) {
if builder.Definition == nil {
glog.V(100).Infof("The %s is undefined", resourceCRD)

builder.errorMsg = msg.UndefinedCrdObjectErrString(resourceCRD)
return false, fmt.Errorf(msg.UndefinedCrdObjectErrString(resourceCRD))
}

if builder.apiClient == nil {
glog.V(100).Infof("The %s builder apiclient is nil", resourceCRD)

builder.errorMsg = fmt.Sprintf("%s builder cannot have nil apiClient", resourceCRD)
return false, fmt.Errorf("%s builder cannot have nil apiClient", resourceCRD)
}

if builder.errorMsg != "" {
Expand Down
15 changes: 9 additions & 6 deletions pkg/rbac/role_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,11 +78,14 @@ func TestNewRoleBuilder(t *testing.T) {
testPolicy := NewRoleBuilder(client, testCase.name, testCase.nsName, testCase.rule)
if testCase.client {
assert.NotNil(t, testPolicy)
}

if len(testCase.expectedErrorText) > 0 {
assert.Equal(t, testCase.expectedErrorText, testPolicy.errorMsg)
if len(testCase.expectedErrorText) > 0 {
assert.Equal(t, testCase.expectedErrorText, testPolicy.errorMsg)
}
} else {
assert.Nil(t, testPolicy)
}

}

Check failure on line 89 in pkg/rbac/role_test.go

View workflow job for this annotation

GitHub Actions / lint

block should not end with a whitespace (or comment) (wsl)
}

Expand Down Expand Up @@ -190,7 +193,7 @@ func TestRoleCreate(t *testing.T) {
},
{
testRole: buildInvalidRoleTestBuilder(buildTestClientWithDummyObject()),
expectedError: fmt.Errorf("role must contain at least one APIGroup"),
expectedError: fmt.Errorf("role must contain at least one Verb"),
},
{
testRole: buildValidRoleBuilder(clients.GetTestClients(clients.TestClientParams{})),
Expand Down Expand Up @@ -244,7 +247,7 @@ func TestRoleDelete(t *testing.T) {
},
{
testRole: buildInvalidRoleTestBuilder(buildTestClientWithDummyObject()),
expectedError: fmt.Errorf("role must contain at least one APIGroup"),
expectedError: fmt.Errorf("role must contain at least one Verb"),
},
{
testRole: buildValidRoleBuilder(clients.GetTestClients(clients.TestClientParams{})),
Expand Down Expand Up @@ -277,7 +280,7 @@ func TestRoleUpdate(t *testing.T) {
},
{
testRole: buildInvalidRoleTestBuilder(buildTestClientWithDummyObject()),
expectedError: fmt.Errorf("role must contain at least one APIGroup"),
expectedError: fmt.Errorf("role must contain at least one Verb"),
},
{
testRole: buildValidRoleBuilder(clients.GetTestClients(clients.TestClientParams{})),
Expand Down
Loading

0 comments on commit 04df64c

Please sign in to comment.