github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #46755 from CaoShuFeng/cani-test-cmd

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 49120, 46755, 49157, 49165, 48950)

add cmd test for kubectl auth can-i

**Release note**:

```
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2017-07-19 00:06:23 -07:00 committed by GitHub
commit 164cae1151
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hack/lib/test.sh
View File

@ -286,6 +286,18 @@ kube::test::if_has_not_string() {
fi fi
} }
kube::test::if_empty_string() {
local match=$1
if [ -n "$match" ]; then
echo "$match is not empty"
caller
return 1
else
echo "Successful"
return 0
fi
}
# Returns true if the required resource is part of supported resources. # Returns true if the required resource is part of supported resources.
# Expects env vars: # Expects env vars:
# SUPPORTED_RESOURCES: Array of all resources supported by the apiserver. "*" # SUPPORTED_RESOURCES: Array of all resources supported by the apiserver. "*"

22
hack/make-rules/test-cmd-util.sh
View File

@ -71,6 +71,7 @@ statefulsets="statefulsets"
static="static" static="static"
storageclass="storageclass" storageclass="storageclass"
subjectaccessreviews="subjectaccessreviews" subjectaccessreviews="subjectaccessreviews"
selfsubjectaccessreviews="selfsubjectaccessreviews"
thirdpartyresources="thirdpartyresources" thirdpartyresources="thirdpartyresources"
customresourcedefinitions="customresourcedefinitions" customresourcedefinitions="customresourcedefinitions"
daemonsets="daemonsets" daemonsets="daemonsets"
@ -4492,6 +4493,27 @@ runTests() {
record_command run_authorization_tests record_command run_authorization_tests
fi fi
# kubectl auth can-i
# kube-apiserver is started with authorization mode AlwaysAllow, so kubectl can-i always returns yes
if kube::test::if_supports_resource "${subjectaccessreviews}" ; then
output_message=$(kubectl auth can-i '*' '*' 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(kubectl auth can-i get invalid_resource 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "the server doesn't have a resource type"
output_message=$(kubectl auth can-i get /logs/ 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(! kubectl auth can-i get /logs/ --subresource=log 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "subresource can not be used with nonResourceURL"
output_message=$(kubectl auth can-i list jobs.batch/bar -n foo --quiet 2>&1 "${kube_flags[@]}")
kube::test::if_empty_string "${output_message}"
fi
##################### #####################
# Retrieve multiple # # Retrieve multiple #