github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

fix ABAC tests

Browse Source
This commit is contained in:
Jordan Liggitt 2015-08-10 16:07:08 -04:00
parent 11fcd3bb39
commit 848ec0491e
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/auth/authorizer/abac/abac_test.go
View File

@ -33,15 +33,15 @@ func TestEmptyFile(t *testing.T) {
} }
func TestOneLineFileNoNewLine(t *testing.T) { func TestOneLineFileNoNewLine(t *testing.T) {
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "kind": "pods", "namespace":"ns1"}`) _, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "resource": "pods", "namespace":"ns1"}`)
if err != nil { if err != nil {
t.Errorf("unable to read policy file: %v", err) t.Errorf("unable to read policy file: %v", err)
} }
} }
func TestTwoLineFile(t *testing.T) { func TestTwoLineFile(t *testing.T) {
_, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "kind": "pods"} _, err := newWithContents(t, `{"user":"scheduler", "readonly": true, "resource": "pods"}
{"user":"scheduler", "readonly": true, "kind": "services"} {"user":"scheduler", "readonly": true, "resource": "services"}
`) `)
if err != nil { if err != nil {
t.Errorf("unable to read policy file: %v", err) t.Errorf("unable to read policy file: %v", err)
@ -56,14 +56,14 @@ func TestExampleFile(t *testing.T) {
} }
} }
func NotTestAuthorize(t *testing.T) { func TestNotAuthorized(t *testing.T) {
a, err := newWithContents(t, `{ "readonly": true, "kind": "events"} a, err := newWithContents(t, `{ "readonly": true, "resource": "events" }
{"user":"scheduler", "readonly": true, "kind": "pods"} {"user":"scheduler", "readonly": true, "resource": "pods" }
{"user":"scheduler", "kind": "bindings"} {"user":"scheduler", "resource": "bindings" }
{"user":"kubelet", "readonly": true, "kind": "bindings"} {"user":"kubelet", "readonly": true, "resource": "bindings" }
{"user":"kubelet", "kind": "events"} {"user":"kubelet", "resource": "events" }
{"user":"alice", "ns": "projectCaribou"} {"user":"alice", "namespace": "projectCaribou"}
{"user":"bob", "readonly": true, "ns": "projectCaribou"} {"user":"bob", "readonly": true, "namespace": "projectCaribou"}
`) `)
if err != nil { if err != nil {
t.Fatalf("unable to read policy file: %v", err) t.Fatalf("unable to read policy file: %v", err)
@ -114,7 +114,7 @@ func NotTestAuthorize(t *testing.T) {
// /healthz, /version, etc. // /healthz, /version, etc.
{User: uChuck, RO: true, Resource: "", NS: "", ExpectAllow: false}, {User: uChuck, RO: true, Resource: "", NS: "", ExpectAllow: false},
} }
for _, tc := range testCases { for i, tc := range testCases {
attr := authorizer.AttributesRecord{ attr := authorizer.AttributesRecord{
User: &tc.User, User: &tc.User,
ReadOnly: tc.RO, ReadOnly: tc.RO,
@ -125,8 +125,8 @@ func NotTestAuthorize(t *testing.T) {
err := a.Authorize(attr) err := a.Authorize(attr)
actualAllow := bool(err == nil) actualAllow := bool(err == nil)
if tc.ExpectAllow != actualAllow { if tc.ExpectAllow != actualAllow {
t.Errorf("Expected allowed=%v but actually allowed=%v, for case %v", t.Errorf("%d: Expected allowed=%v but actually allowed=%v\n\t%v",
tc.ExpectAllow, actualAllow, tc) i, tc.ExpectAllow, actualAllow, tc)
} }
} }
} }