github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2158 from lavalamp/fix

Browse Source 
Clean up auth test slightly
This commit is contained in:
Eric Tune 2014-11-05 14:51:46 -08:00
commit 0420005a32
1 changed files with 27 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
test/integration/auth_test.go
View File

@ -36,8 +36,6 @@ import (
"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authorizer" "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authorizer"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client" "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
"github.com/GoogleCloudPlatform/kubernetes/pkg/master" "github.com/GoogleCloudPlatform/kubernetes/pkg/master"
"github.com/golang/glog"
) )
func init() { func init() {
@ -55,15 +53,15 @@ xyz987,bob,2
` `
) )
func writeTestTokenFile() string { func writeTestTokenFile(t *testing.T) string {
// Write a token file. // Write a token file.
f, err := ioutil.TempFile("", "auth_integration_test") f, err := ioutil.TempFile("", "auth_integration_test")
f.Close()
if err != nil { if err != nil {
glog.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
f.Close()
if err := ioutil.WriteFile(f.Name(), []byte(TokenfileCSV), 0700); err != nil { if err := ioutil.WriteFile(f.Name(), []byte(TokenfileCSV), 0700); err != nil {
glog.Fatalf("unexpected error writing tokenfile: %v", err) t.Fatalf("unexpected error writing tokenfile: %v", err)
} }
return f.Name() return f.Name()
} }
@ -80,7 +78,7 @@ func TestWhoAmI(t *testing.T) {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
m := master.New(&master.Config{ m := master.New(&master.Config{
EtcdHelper: helper, EtcdHelper: helper,
@ -114,7 +112,7 @@ func TestWhoAmI(t *testing.T) {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tc.token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -137,7 +135,7 @@ func TestWhoAmI(t *testing.T) {
} }
} }
} }()
} }
} }
@ -388,7 +386,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -399,7 +397,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
b, _ := ioutil.ReadAll(resp.Body) b, _ := ioutil.ReadAll(resp.Body)
t.Errorf("Body: %v", string(b)) t.Errorf("Body: %v", string(b))
} }
} }()
} }
} }
@ -433,7 +431,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -442,7 +440,7 @@ func TestAuthModeAlwaysDeny(t *testing.T) {
if resp.StatusCode != http.StatusForbidden { if resp.StatusCode != http.StatusForbidden {
t.Errorf("Expected status Forbidden but got status %v", resp.Status) t.Errorf("Expected status Forbidden but got status %v", resp.Status)
} }
} }()
} }
} }
@ -463,7 +461,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -498,7 +496,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -507,7 +505,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
if _, ok := r.statusCodes[resp.StatusCode]; !ok { if _, ok := r.statusCodes[resp.StatusCode]; !ok {
t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode) t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode)
} }
} }()
} }
} }
@ -517,7 +515,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
func TestBobIsForbidden(t *testing.T) { func TestBobIsForbidden(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -552,7 +550,7 @@ func TestBobIsForbidden(t *testing.T) {
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -562,7 +560,7 @@ func TestBobIsForbidden(t *testing.T) {
if resp.StatusCode != http.StatusForbidden { if resp.StatusCode != http.StatusForbidden {
t.Errorf("Expected not status Forbidden, but got %s", resp.Status) t.Errorf("Expected not status Forbidden, but got %s", resp.Status)
} }
} }()
} }
} }
@ -573,7 +571,7 @@ func TestBobIsForbidden(t *testing.T) {
func TestUnknownUserIsUnauthorized(t *testing.T) { func TestUnknownUserIsUnauthorized(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -607,7 +605,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -619,7 +617,7 @@ func TestUnknownUserIsUnauthorized(t *testing.T) {
b, _ := ioutil.ReadAll(resp.Body) b, _ := ioutil.ReadAll(resp.Body)
t.Errorf("Body: %v", string(b)) t.Errorf("Body: %v", string(b))
} }
} }()
} }
} }
@ -639,7 +637,7 @@ func (allowFooNamespaceAuthorizer) Authorize(a authorizer.Attributes) error {
func TestNamespaceAuthorization(t *testing.T) { func TestNamespaceAuthorization(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -695,7 +693,7 @@ func TestNamespaceAuthorization(t *testing.T) {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -704,7 +702,7 @@ func TestNamespaceAuthorization(t *testing.T) {
if _, ok := r.statusCodes[resp.StatusCode]; !ok { if _, ok := r.statusCodes[resp.StatusCode]; !ok {
t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode) t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode)
} }
} }()
} }
} }
@ -724,7 +722,7 @@ func (allowServicesAuthorizer) Authorize(a authorizer.Attributes) error {
func TestKindAuthorization(t *testing.T) { func TestKindAuthorization(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -804,7 +802,7 @@ func (allowReadAuthorizer) Authorize(a authorizer.Attributes) error {
func TestReadOnlyAuthorization(t *testing.T) { func TestReadOnlyAuthorization(t *testing.T) {
deleteAllEtcdKeys() deleteAllEtcdKeys()
tokenFilename := writeTestTokenFile() tokenFilename := writeTestTokenFile(t)
defer os.Remove(tokenFilename) defer os.Remove(tokenFilename)
// This file has alice and bob in it. // This file has alice and bob in it.
@ -849,7 +847,7 @@ func TestReadOnlyAuthorization(t *testing.T) {
t.Fatalf("unexpected error: %v", err) t.Fatalf("unexpected error: %v", err)
} }
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
{ func() {
resp, err := transport.RoundTrip(req) resp, err := transport.RoundTrip(req)
defer resp.Body.Close() defer resp.Body.Close()
if err != nil { if err != nil {
@ -858,6 +856,6 @@ func TestReadOnlyAuthorization(t *testing.T) {
if _, ok := r.statusCodes[resp.StatusCode]; !ok { if _, ok := r.statusCodes[resp.StatusCode]; !ok {
t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode) t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode)
} }
} }()
} }
} }