Added comprehensive unit tests for authorization logic: - hasAccessToNamespace() tests: - User subject access (positive and negative cases) - Group subject access - ServiceAccount subject access - ServiceAccount with empty namespace (defaults to RoleBinding ns) - Privileged groups (system:masters, cozystack-cluster-admin) - Get() handler tests: - Returns namespace when user has access - Returns NotFound when user lacks access (not Forbidden) - Returns NotFound for non-tenant namespaces All tests verify that authorization correctly enforces RoleBinding-based access control and prevents IDOR vulnerabilities. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> |
||
|---|---|---|
| .. | ||
| apis | ||
| apiserver | ||
| cmd/server | ||
| config | ||
| generated | ||
| lineage | ||
| ovnstatus | ||
| registry | ||
| version | ||