github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-06 16:06:51 +00:00
Code Issues Projects Releases Wiki Activity

Refactor of e2e/framework/authorizer_util.go

Browse Source 
- moves these helper functions into e2e/framework/auth
 - removes logging from helper functions
 - in some cases explicitly returns errors that were implicitly
ignored/logged. In the situations where they should be ignored,
we explicitly check that the condition is met before ignoring it.
 - fixes references of these methods to use the right package and
return values
This commit is contained in:
John Schnake
2019-04-09 11:52:36 -05:00
parent 18b4e1b84c
commit 028df0451d
18 changed files with 156 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/e2e/framework/psp_util.go
View File

@@ -28,6 +28,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/seccomp"
"k8s.io/kubernetes/test/e2e/framework/auth"
"github.com/onsi/ginkgo"
)
@@ -118,7 +119,7 @@ func createPrivilegedPSPBinding(f *Framework, namespace string) {
ExpectNoError(err, "Failed to create PSP %s", podSecurityPolicyPrivileged)
}
if IsRBACEnabled(f) {
if auth.IsRBACEnabled(f.ClientSet.RbacV1beta1()) {
// Create the Role to bind it to the namespace.
_, err = f.ClientSet.RbacV1beta1().ClusterRoles().Create(&rbacv1beta1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{Name: podSecurityPolicyPrivileged},
@@ -135,10 +136,10 @@ func createPrivilegedPSPBinding(f *Framework, namespace string) {
}
})
if IsRBACEnabled(f) {
if auth.IsRBACEnabled(f.ClientSet.RbacV1beta1()) {
ginkgo.By(fmt.Sprintf("Binding the %s PodSecurityPolicy to the default service account in %s",
podSecurityPolicyPrivileged, namespace))
BindClusterRoleInNamespace(f.ClientSet.RbacV1beta1(),
err := auth.BindClusterRoleInNamespace(f.ClientSet.RbacV1beta1(),
podSecurityPolicyPrivileged,
namespace,
rbacv1beta1.Subject{
@@ -146,7 +147,8 @@ func createPrivilegedPSPBinding(f *Framework, namespace string) {
Namespace: namespace,
Name: "default",
})
ExpectNoError(WaitForNamedAuthorizationUpdate(f.ClientSet.AuthorizationV1beta1(),
ExpectNoError(err)
ExpectNoError(auth.WaitForNamedAuthorizationUpdate(f.ClientSet.AuthorizationV1beta1(),
serviceaccount.MakeUsername(namespace, "default"), namespace, "use", podSecurityPolicyPrivileged,
schema.GroupResource{Group: "extensions", Resource: "podsecuritypolicies"}, true))
}