mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
staticcheck:test/integration/auth/
This commit is contained in:
tanjunchen
parent
0c77e3a58a
commit
264a1cf5f6
@ -53,7 +53,6 @@ test/e2e/apps
|
||||
test/e2e/autoscaling
|
||||
test/e2e/instrumentation/logging/stackdriver
|
||||
test/e2e/instrumentation/monitoring
|
||||
test/integration/auth
|
||||
test/integration/deployment
|
||||
test/integration/etcd
|
||||
test/integration/examples
|
||||
|
||||
@ -53,13 +53,10 @@ go_test(
|
||||
"//staging/src/k8s.io/api/policy/v1beta1:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/api/storage/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
|
||||
"//staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
|
||||
@ -79,7 +76,6 @@ go_test(
|
||||
"//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/tokentest:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/listers/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/rest:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/tools/cache:go_default_library",
|
||||
|
||||
@ -460,11 +460,11 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
|
||||
}
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
if _, ok := r.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", r)
|
||||
@ -541,11 +541,11 @@ func TestAuthModeAlwaysDeny(t *testing.T) {
|
||||
}
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
t.Errorf("Expected status Forbidden but got status %v", resp.Status)
|
||||
@ -610,11 +610,11 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
if _, ok := r.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", r)
|
||||
@ -662,11 +662,11 @@ func TestBobIsForbidden(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all of bob's actions to return Forbidden
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
@ -705,11 +705,11 @@ func TestUnknownUserIsUnauthorized(t *testing.T) {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all of unauthenticated user's request to be "Unauthorized"
|
||||
if resp.StatusCode != http.StatusUnauthorized {
|
||||
t.Logf("case %v", r)
|
||||
@ -769,11 +769,11 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all of bob's actions to return Forbidden
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
@ -794,11 +794,11 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
||||
req.Header.Set("Impersonate-User", "alice")
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all the requests to be allowed, don't care what they actually do
|
||||
if resp.StatusCode == http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
@ -820,11 +820,11 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all of bob's actions to return Forbidden
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
@ -845,11 +845,11 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
||||
req.Header.Set("Impersonate-User", serviceaccount.MakeUsername("default", "default"))
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all the requests to be allowed, don't care what they actually do
|
||||
if resp.StatusCode == http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
@ -926,11 +926,11 @@ func TestAuthorizationAttributeDetermination(t *testing.T) {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
found := false
|
||||
for i := currentAuthorizationAttributesIndex; i < len(trackingAuthorizer.requestAttributes); i++ {
|
||||
@ -1024,11 +1024,11 @@ func TestNamespaceAuthorization(t *testing.T) {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
if _, ok := r.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", r)
|
||||
@ -1109,11 +1109,11 @@ func TestKindAuthorization(t *testing.T) {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
{
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
if _, ok := r.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", r)
|
||||
@ -1173,11 +1173,11 @@ func TestReadOnlyAuthorization(t *testing.T) {
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if _, ok := r.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", r)
|
||||
t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode)
|
||||
@ -1223,11 +1223,11 @@ func TestWebhookTokenAuthenticator(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", r)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// Expect all of Bob's actions to return Forbidden
|
||||
if resp.StatusCode != http.StatusForbidden {
|
||||
t.Logf("case %v", r)
|
||||
|
||||
@ -160,11 +160,11 @@ func TestBootstrapTokenAuth(t *testing.T) {
|
||||
|
||||
func() {
|
||||
resp, err := transport.RoundTrip(req)
|
||||
defer resp.Body.Close()
|
||||
if err != nil {
|
||||
t.Logf("case %v", test.name)
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
if _, ok := test.request.statusCodes[resp.StatusCode]; !ok {
|
||||
t.Logf("case %v", test.name)
|
||||
|
||||
@ -27,16 +27,13 @@ import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
policy "k8s.io/api/policy/v1beta1"
|
||||
storagev1 "k8s.io/api/storage/v1"
|
||||
apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/scheme"
|
||||
featuregatetesting "k8s.io/component-base/featuregate/testing"
|
||||
kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
@ -656,17 +653,3 @@ func expectAllowed(t *testing.T, f func() error) {
|
||||
t.Errorf("Expected no error, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// crdFromManifest reads a .json/yaml file and returns the CRD in it.
|
||||
func crdFromManifest(filename string) (*apiextensionsv1beta1.CustomResourceDefinition, error) {
|
||||
var crd apiextensionsv1beta1.CustomResourceDefinition
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := runtime.DecodeInto(scheme.Codecs.UniversalDecoder(), data, &crd); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &crd, nil
|
||||
}
|
||||
|
||||
@ -30,7 +30,6 @@ import (
|
||||
"time"
|
||||
|
||||
rbacapi "k8s.io/api/rbac/v1"
|
||||
apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
@ -78,12 +77,6 @@ func clientsetForToken(user string, config *restclient.Config) (clientset.Interf
|
||||
return clientset.NewForConfigOrDie(&configCopy), clientset.NewForConfigOrDie(&configCopy)
|
||||
}
|
||||
|
||||
func crdClientsetForToken(user string, config *restclient.Config) apiextensionsclient.Interface {
|
||||
configCopy := *config
|
||||
configCopy.BearerToken = user
|
||||
return apiextensionsclient.NewForConfigOrDie(&configCopy)
|
||||
}
|
||||
|
||||
type testRESTOptionsGetter struct {
|
||||
config *master.Config
|
||||
}
|
||||
@ -723,6 +716,9 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) {
|
||||
// existed prior to v1.14, but with user modifications.
|
||||
t.Logf("Modifying default `system:discovery` ClusterRoleBinding")
|
||||
discRoleBinding, err := client.RbacV1().ClusterRoleBindings().Get("system:discovery", metav1.GetOptions{})
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to get `system:discovery` ClusterRoleBinding: %v", err)
|
||||
}
|
||||
discRoleBinding.Annotations["rbac.authorization.kubernetes.io/autoupdate"] = "false"
|
||||
discRoleBinding.Annotations["rbac-discovery-upgrade-test"] = "pass"
|
||||
discRoleBinding.Subjects = []rbacapi.Subject{
|
||||
@ -737,6 +733,9 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) {
|
||||
}
|
||||
t.Logf("Modifying default `system:basic-user` ClusterRoleBinding")
|
||||
basicUserRoleBinding, err := client.RbacV1().ClusterRoleBindings().Get("system:basic-user", metav1.GetOptions{})
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to get `system:basic-user` ClusterRoleBinding: %v", err)
|
||||
}
|
||||
basicUserRoleBinding.Annotations["rbac.authorization.kubernetes.io/autoupdate"] = "false"
|
||||
basicUserRoleBinding.Annotations["rbac-discovery-upgrade-test"] = "pass"
|
||||
if basicUserRoleBinding, err = client.RbacV1().ClusterRoleBindings().Update(basicUserRoleBinding); err != nil {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user