github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 23:37:01 +00:00
Code Issues Projects Releases Wiki Activity

fix ABAC tests

Browse Source
This commit is contained in:
Jordan Liggitt 2015-08-10 16:07:08 -04:00
parent 11fcd3bb39
commit 848ec0491e
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/auth/authorizer/abac/abac_test.go
View File

@ -33,15 +33,15 @@ func TestEmptyFile(t *testing.T) {
}
func TestOneLineFileNoNewLine(t *testing.T) {
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "kind": "pods", "namespace":"ns1"}`)
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "resource": "pods", "namespace":"ns1"}`)
if err != nil {
t.Errorf("unable to read policy file: %v", err)
}
}
func TestTwoLineFile(t *testing.T) {
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "kind": "pods"}
{"user":"scheduler", "readonly": true, "kind": "services"}
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "resource": "pods"}
{"user":"scheduler", "readonly": true, "resource": "services"}
`)
if err != nil {
t.Errorf("unable to read policy file: %v", err)
@ -56,14 +56,14 @@ func TestExampleFile(t *testing.T) {
}
}
func NotTestAuthorize(t *testing.T) {
a, err := newWithContents(t, `{ "readonly": true, "kind": "events"}
{"user":"scheduler", "readonly": true, "kind": "pods"}
{"user":"scheduler", "kind": "bindings"}
{"user":"kubelet", "readonly": true, "kind": "bindings"}
{"user":"kubelet", "kind": "events"}
{"user":"alice", "ns": "projectCaribou"}
{"user":"bob", "readonly": true, "ns": "projectCaribou"}
func TestNotAuthorized(t *testing.T) {
a, err := newWithContents(t, `{ "readonly": true, "resource": "events" }
{"user":"scheduler", "readonly": true, "resource": "pods" }
{"user":"scheduler", "resource": "bindings" }
{"user":"kubelet", "readonly": true, "resource": "bindings" }
{"user":"kubelet", "resource": "events" }
{"user":"alice", "namespace": "projectCaribou"}
{"user":"bob", "readonly": true, "namespace": "projectCaribou"}
`)
if err != nil {
t.Fatalf("unable to read policy file: %v", err)
@ -114,7 +114,7 @@ func NotTestAuthorize(t *testing.T) {
// /healthz, /version, etc.
{User: uChuck, RO: true, Resource: "", NS: "", ExpectAllow: false},
}
for _, tc := range testCases {
for i, tc := range testCases {
attr := authorizer.AttributesRecord{
User: &tc.User,
ReadOnly: tc.RO,
@ -125,8 +125,8 @@ func NotTestAuthorize(t *testing.T) {
err := a.Authorize(attr)
actualAllow := bool(err == nil)
if tc.ExpectAllow != actualAllow {
t.Errorf("Expected allowed=%v but actually allowed=%v, for case %v",
tc.ExpectAllow, actualAllow, tc)
t.Errorf("%d: Expected allowed=%v but actually allowed=%v\n\t%v",
i, tc.ExpectAllow, actualAllow, tc)
}
}
}