chore(refactor): use rbac package for valid actions (#25456)

Signed-off-by: nitishfy <justnitish06@gmail.com>
This commit is contained in:
Nitish Kumar
2025-12-01 16:35:43 +05:30
committed by GitHub
parent 56dcea0cfe
commit 27f30b4a7d
2 changed files with 45 additions and 8 deletions

View File

@@ -2566,15 +2566,14 @@ type ResourceActionParam struct {
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
}
// TODO: refactor to use rbac.ActionGet, rbac.ActionCreate, without import cycle
var validActions = map[string]bool{
"get": true,
"create": true,
"update": true,
"delete": true,
"sync": true,
"override": true,
"*": true,
rbac.ActionGet: true,
rbac.ActionCreate: true,
rbac.ActionUpdate: true,
rbac.ActionDelete: true,
rbac.ActionSync: true,
rbac.ActionOverride: true,
"*": true,
}
var validActionPatterns = []*regexp.Regexp{

View File

@@ -3775,6 +3775,44 @@ func Test_validatePolicy_ValidResource(t *testing.T) {
require.Error(t, err)
}
func TestIsValidAction(t *testing.T) {
tests := []struct {
name string
action string
want bool
}{
// validActions direct matches
{"ValidGet", "get", true},
{"ValidCreate", "create", true},
{"ValidUpdate", "update", true},
{"ValidDelete", "delete", true},
{"ValidSync", "sync", true},
{"ValidOverride", "override", true},
{"ValidWildcard", "*", true},
// pattern matches
{"MatchActionPattern", "action/foo", true},
{"MatchUpdatePattern", "update/bar", true},
{"MatchDeletePattern", "delete/baz", true},
// near matches
{"NoMatchActionSuffix", "actionfoo", false},
{"NoMatchUpdateSuffix", "updatebar", false},
{"NoMatchDeleteSuffix", "deletebaz", false},
// invalid
{"RandomString", "random", false},
{"Empty", "", false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := isValidAction(tt.action)
assert.Equal(t, tt.want, got, "isValidAction(%q)", tt.action)
})
}
}
func TestEnvsubst(t *testing.T) {
env := Env{
&EnvEntry{"foo", "bar"},