Start fixing tests

lib/auth/machineid/workloadidentityv1/decision_test.go

@@ -263,28 +263,40 @@ func Test_evaluateRules(t *testing.T) {
 		User: &workloadidentityv1pb.UserAttrs{
 			Name: "foo",
 		},
-	}
-	wi := &workloadidentityv1pb.WorkloadIdentity{
-		Kind:    types.KindWorkloadIdentity,
-		Version: types.V1,
-		Metadata: &headerv1.Metadata{
-			Name: "test",
+		Workload: &workloadidentityv1pb.WorkloadAttrs{
+			Kubernetes: &workloadidentityv1pb.WorkloadAttrsKubernetes{
+				PodName:   "pod1",
+				Namespace: "default",
+			},
 		},
-		Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
-			Rules: &workloadidentityv1pb.WorkloadIdentityRules{
-				Allow: []*workloadidentityv1pb.WorkloadIdentityRule{
-					{
-						Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
-							{
-								Attribute: "user.name",
-								Equals:    "foo",
-							},
-						},
-					},
+	}
+
+	tests := []struct {
+		name       string
+		wid        *workloadidentityv1pb.WorkloadIdentity
+		attrs      *workloadidentityv1pb.Attrs
+		requireErr require.ErrorAssertionFunc
+	}{
+		{
+			name: "pass, no rules",
+			wid: &workloadidentityv1pb.WorkloadIdentity{
+				Kind:    types.KindWorkloadIdentity,
+				Version: types.V1,
+				Metadata: &headerv1.Metadata{
+					Name: "test",
+				},
+				Spec: &workloadidentityv1pb.WorkloadIdentitySpec{
+					Rules: &workloadidentityv1pb.WorkloadIdentityRules{},
 				},
 			},
+			attrs:      attrs,
+			requireErr: require.NoError,
 		},
 	}
-	err := evaluateRules(wi, attrs)
-	require.NoError(t, err)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := evaluateRules(tt.wid, tt.attrs)
+			tt.requireErr(t, err)
+		})
+	}
 }

lib/auth/machineid/workloadidentityv1/workloadidentityv1_test.go

@@ -187,7 +187,11 @@ func TestIssueWorkloadIdentityE2E(t *testing.T) {
 						Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
 							{
 								Attribute: "join.kubernetes.service_account.namespace",
-								Equals:    "my-namespace",
+								Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
+									Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
+										Value: "my-namespace",
+									},
+								},
 							},
 						},
 					},
@@ -402,11 +406,19 @@ func TestIssueWorkloadIdentity(t *testing.T) {
 						Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
 							{
 								Attribute: "user.name",
-								Equals:    "dog",
+								Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
+									Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
+										Value: "dog",
+									},
+								},
 							},
 							{
 								Attribute: "workload.kubernetes.namespace",
-								Equals:    "default",
+								Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
+									Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
+										Value: "default",
+									},
+								},
 							},
 						},
 					},
@@ -768,7 +780,11 @@ func TestIssueWorkloadIdentities(t *testing.T) {
 						Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
 							{
 								Attribute: "workload.kubernetes.namespace",
-								Equals:    "default",
+								Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
+									Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
+										Value: "default",
+									},
+								},
 							},
 						},
 					},
@@ -798,7 +814,11 @@ func TestIssueWorkloadIdentities(t *testing.T) {
 						Conditions: []*workloadidentityv1pb.WorkloadIdentityCondition{
 							{
 								Attribute: "workload.kubernetes.namespace",
-								Equals:    "default",
+								Operator: &workloadidentityv1pb.WorkloadIdentityCondition_Eq{
+									Eq: &workloadidentityv1pb.WorkloadIdentityConditionEq{
+										Value: "default",
+									},
+								},
 							},
 						},
 					},