Fix cmd, integration, and conformance tests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

test/cmd/auth_whoami.sh

@@ -18,15 +18,12 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-# Runs tests for kubectl diff
+run_kubectl_auth_whoami_tests() {
-run_kubectl_events_tests() {
     set -o nounset
     set -o errexit
 
-    create_and_use_new_namespace
     kube::log::status "Testing kubectl auth whoami"
 
-    ### Create a new namespace
     # Command
     output_message=$(kubectl auth whoami -o json 2>&1)
 

test/cmd/legacy-script.sh

@@ -29,6 +29,7 @@ KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
 # source "${KUBE_ROOT}/hack/lib/test.sh"
 source "${KUBE_ROOT}/test/cmd/apply.sh"
 source "${KUBE_ROOT}/test/cmd/apps.sh"
+source "${KUBE_ROOT}/test/cmd/auth_whoami.sh"
 source "${KUBE_ROOT}/test/cmd/authentication.sh"
 source "${KUBE_ROOT}/test/cmd/authorization.sh"
 source "${KUBE_ROOT}/test/cmd/batch.sh"
@@ -98,6 +99,7 @@ replicasets="replicasets"
 replicationcontrollers="replicationcontrollers"
 roles="roles"
 secrets="secrets"
+selfsubjectreviews="selfsubjectreviews"
 serviceaccounts="serviceaccounts"
 services="services"
 statefulsets="statefulsets"
@@ -816,6 +818,10 @@ runTests() {
   record_command run_exec_credentials_tests
   record_command run_exec_credentials_interactive_tests
 
+  if kube::test::if_supports_resource "${selfsubjectreviews}" ; then
+    record_command run_kubectl_auth_whoami_tests
+  fi
+
   ########################
   # authorization.k8s.io #
   ########################
@@ -895,6 +901,8 @@ runTests() {
     kubectl delete "${kube_flags[@]}" rolebindings,role,clusterroles,clusterrolebindings -n some-other-random -l test-cmd=auth
   fi
 
+
+
   #####################
   # Retrieve multiple #
   #####################

test/conformance/testdata/ineligible_endpoints.yaml

@@ -259,3 +259,6 @@
 - endpoint: connectCoreV1PostNamespacedPodAttach
   reason: Explicitly designed to be a debug feature
   link: https://github.com/kubernetes/kubernetes/issues/112778#issuecomment-1427995711
+- endpoint: createAuthenticationV1SelfSubjectReview
+  reason: Cluster providers are allowed to choose to not serve this API, and the whoami command handles unavailability gracefully.
+  link: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/3325-self-subject-attributes-review-api/README.md#ga

test/e2e/auth/selfsubjectreviews.go

@@ -25,6 +25,7 @@ import (
 	authenticationv1 "k8s.io/api/authentication/v1"
 	authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
 	authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
@@ -32,19 +33,21 @@ import (
 	admissionapi "k8s.io/pod-security-admission/api"
 )
 
-var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
+var _ = SIGDescribe("SelfSubjectReview", func() {
 	f := framework.NewDefaultFramework("selfsubjectreviews")
 	f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
 
 	/*
-			Release: v1.27
+			Release: v1.28
 			Testname: SelfSubjectReview API
 			Description:
 			The authentication.k8s.io API group MUST exist in the /apis discovery document.
 			The authentication.k8s.io/v1alpha1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
 		    The authentication.k8s.io/v1beta1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
+			The authentication.k8s.io/v1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
 			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1alpha1 discovery document.
 			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1beta1 discovery document.
+			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1 discovery document.
 			The selfsubjectreviews resource MUST support create.
 	*/
 	ginkgo.DescribeTable(
@@ -118,8 +121,11 @@ var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
 
 			ssrClient := kubernetes.NewForConfigOrDie(config).AuthenticationV1alpha1().SelfSubjectReviews()
 			res, err := ssrClient.Create(ctx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
-			framework.ExpectNoError(err)
+			if apierrors.IsNotFound(err) {
+				return // Alpha API is disabled
+			}
 
+			framework.ExpectNoError(err)
 			gomega.Expect(config.Impersonate.UserName).To(gomega.Equal(res.Status.UserInfo.Username))
 			gomega.Expect(config.Impersonate.UID).To(gomega.Equal(res.Status.UserInfo.UID))
 			gomega.Expect(config.Impersonate.Groups).To(gomega.Equal(res.Status.UserInfo.Groups))
@@ -138,8 +144,11 @@ var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
 
 			ssrClient := kubernetes.NewForConfigOrDie(config).AuthenticationV1beta1().SelfSubjectReviews()
 			res, err := ssrClient.Create(ctx, &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
-			framework.ExpectNoError(err)
+			if apierrors.IsNotFound(err) {
+				return // Beta API is disabled
+			}
 
+			framework.ExpectNoError(err)
 			gomega.Expect(config.Impersonate.UserName).To(gomega.Equal(res.Status.UserInfo.Username))
 			gomega.Expect(config.Impersonate.UID).To(gomega.Equal(res.Status.UserInfo.UID))
 			gomega.Expect(config.Impersonate.Groups).To(gomega.Equal(res.Status.UserInfo.Groups))