--as-uid flag in kubectl and kubeconfigs.

This corresponds to previous work to allow impersonating UIDs: * Introduce Impersonate-UID header: #99961 * Add UID to client-go impersonation config #104483 Signed-off-by: Margo Crawford <margaretc@vmware.com> Kubernetes-commit: 7e079f5144474cae05802771f604df2b748d781f
2025-09-02 07:35:21 +00:00 · 2021-10-19 16:12:31 -07:00
parent 9b0b23a8ad
commit 5fca705b7d
8 changed files with 135 additions and 6 deletions
--- a/tools/clientcmd/validation_test.go
+++ b/tools/clientcmd/validation_test.go
@@ -508,6 +508,78 @@ func TestValidateAuthInfoExecInteractiveModeInvalid(t *testing.T) {
 	test.testConfig(t)
 }

+func TestValidateAuthInfoImpersonateUser(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.AuthInfos["user"] = &clientcmdapi.AuthInfo{
+		Impersonate: "user",
+	}
+	test := configValidationTest{
+		config: config,
+	}
+	test.testAuthInfo("user", t)
+	test.testConfig(t)
+}
+
+func TestValidateAuthInfoImpersonateEverything(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.AuthInfos["user"] = &clientcmdapi.AuthInfo{
+		Impersonate:          "user",
+		ImpersonateUID:       "abc123",
+		ImpersonateGroups:    []string{"group-1", "group-2"},
+		ImpersonateUserExtra: map[string][]string{"key": {"val1", "val2"}},
+	}
+	test := configValidationTest{
+		config: config,
+	}
+	test.testAuthInfo("user", t)
+	test.testConfig(t)
+}
+
+func TestValidateAuthInfoImpersonateGroupsWithoutUserInvalid(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.AuthInfos["user"] = &clientcmdapi.AuthInfo{
+		ImpersonateGroups: []string{"group-1", "group-2"},
+	}
+	test := configValidationTest{
+		config: config,
+		expectedErrorSubstring: []string{
+			`requesting uid, groups or user-extra for user without impersonating a user`,
+		},
+	}
+	test.testAuthInfo("user", t)
+	test.testConfig(t)
+}
+
+func TestValidateAuthInfoImpersonateExtraWithoutUserInvalid(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.AuthInfos["user"] = &clientcmdapi.AuthInfo{
+		ImpersonateUserExtra: map[string][]string{"key": {"val1", "val2"}},
+	}
+	test := configValidationTest{
+		config: config,
+		expectedErrorSubstring: []string{
+			`requesting uid, groups or user-extra for user without impersonating a user`,
+		},
+	}
+	test.testAuthInfo("user", t)
+	test.testConfig(t)
+}
+
+func TestValidateAuthInfoImpersonateUIDWithoutUserInvalid(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.AuthInfos["user"] = &clientcmdapi.AuthInfo{
+		ImpersonateUID: "abc123",
+	}
+	test := configValidationTest{
+		config: config,
+		expectedErrorSubstring: []string{
+			`requesting uid, groups or user-extra for user without impersonating a user`,
+		},
+	}
+	test.testAuthInfo("user", t)
+	test.testConfig(t)
+}
+
 type configValidationTest struct {
 	config                 *clientcmdapi.Config
 	expectedErrorSubstring []string