github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-08 04:32:37 +00:00
Code Issues Projects Releases Wiki Activity

update RBAC rules in e2e aggregator test

Browse Source 
Add the "get" and "watch" verbs to the ClusterRole created
for the sample apiserver.  Without this, the test complains about
"Failed to watch..." the resources in question.

Strictly speaking the "get" verb doesn't seem to be needed, but
this aligns the e2e test with the example at
staging/src/k8s.io/sample-apiserver/artifacts/example/rbac.yaml
This commit is contained in:
Chris Friesen
2019-12-09 10:56:19 -06:00
parent fcc35b0468
commit a9f80c70b2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/e2e/apimachinery/aggregator.go
View File

@@ -144,8 +144,8 @@ func TestSampleAPIServer(f *framework.Framework, aggrclient *aggregatorclient.Cl
// role for listing ValidatingWebhookConfiguration/MutatingWebhookConfiguration/Namespaces
ObjectMeta: metav1.ObjectMeta{Name: "sample-apiserver-reader"},
Rules: []rbacv1.PolicyRule{
rbacv1helpers.NewRule("list").Groups("").Resources("namespaces").RuleOrDie(),
rbacv1helpers.NewRule("list").Groups("admissionregistration.k8s.io").Resources("*").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups("").Resources("namespaces").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups("admissionregistration.k8s.io").Resources("*").RuleOrDie(),
},
})
framework.ExpectNoError(err, "creating cluster role %s", "sample-apiserver-reader")