add permissions to kubectl test for rbac

test/e2e/node_problem_detector.go

@@ -23,9 +23,7 @@ import (
 	"time"
 
 	"k8s.io/kubernetes/pkg/api"
-	apierrors "k8s.io/kubernetes/pkg/api/errors"
 	"k8s.io/kubernetes/pkg/api/v1"
-	legacyv1 "k8s.io/kubernetes/pkg/api/v1"
 	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
 	rbacv1alpha1 "k8s.io/kubernetes/pkg/apis/rbac/v1alpha1"
 	clientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
@@ -65,33 +63,10 @@ var _ = framework.KubeDescribe("NodeProblemDetector", func() {
 
 		// this test wants extra permissions.  Since the namespace names are unique, we can leave this
 		// lying around so we don't have to race any caches
-		_, err := f.ClientSet.Rbac().ClusterRoleBindings().Create(&rbacv1alpha1.ClusterRoleBinding{
-			ObjectMeta: legacyv1.ObjectMeta{
-				Name: f.Namespace.Name + "--cluster-admin",
-			},
-			RoleRef: rbacv1alpha1.RoleRef{
-				APIGroup: "rbac.authorization.k8s.io",
-				Kind:     "ClusterRole",
-				Name:     "cluster-admin",
-			},
-			Subjects: []rbacv1alpha1.Subject{
-				{
-					Kind:      rbacv1alpha1.ServiceAccountKind,
-					Namespace: f.Namespace.Name,
-					Name:      "default",
-				},
-			},
-		})
-		if apierrors.IsForbidden(err) {
-			// The user is not allowed to create ClusterRoleBindings. This
-			// probably means that RBAC is not being used. If RBAC is being
-			// used, this test will probably fail later.
-			framework.Logf("Attempt to create ClusterRoleBinding was forbidden: %v.", err)
-			return
-		}
-		framework.ExpectNoError(err)
+		framework.BindClusterRole(f.ClientSet.Rbac(), "cluster-admin", f.Namespace.Name,
+			rbacv1alpha1.Subject{Kind: rbacv1alpha1.ServiceAccountKind, Namespace: f.Namespace.Name, Name: "default"})
 
-		err = framework.WaitForAuthorizationUpdate(f.ClientSet.Authorization(),
+		err := framework.WaitForAuthorizationUpdate(f.ClientSet.Authorization(),
 			serviceaccount.MakeUsername(f.Namespace.Name, "default"),
 			"", "create", schema.GroupResource{Resource: "pods"}, true)
 		framework.ExpectNoError(err)