update RBAC rules in e2e aggregator test

Add the "get" and "watch" verbs to the ClusterRole created
for the sample apiserver.  Without this, the test complains about
"Failed to watch..." the resources in question.

Strictly speaking the "get" verb doesn't seem to be needed, but
this aligns the e2e test with the example at
staging/src/k8s.io/sample-apiserver/artifacts/example/rbac.yaml
This commit is contained in:
Chris Friesen 2019-12-09 10:56:19 -06:00
parent fcc35b0468
commit a9f80c70b2

View File

@ -144,8 +144,8 @@ func TestSampleAPIServer(f *framework.Framework, aggrclient *aggregatorclient.Cl
// role for listing ValidatingWebhookConfiguration/MutatingWebhookConfiguration/Namespaces
ObjectMeta: metav1.ObjectMeta{Name: "sample-apiserver-reader"},
Rules: []rbacv1.PolicyRule{
rbacv1helpers.NewRule("list").Groups("").Resources("namespaces").RuleOrDie(),
rbacv1helpers.NewRule("list").Groups("admissionregistration.k8s.io").Resources("*").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups("").Resources("namespaces").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups("admissionregistration.k8s.io").Resources("*").RuleOrDie(),
},
})
framework.ExpectNoError(err, "creating cluster role %s", "sample-apiserver-reader")