github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 01:40:13 +00:00
Code Issues Projects Releases Wiki Activity

Promote SubjectAccessReview e2e test to Conformance

Browse Source
This commit is contained in:
Stephen Heywood 2023-01-09 11:24:05 +13:00
parent 3aff1f97be
commit befb7d4a6a
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/conformance/testdata/conformance.yaml vendored
View File

@ -1119,6 +1119,18 @@
it MUST succeed and the field MUST equal the new value.
release: v1.26
file: test/e2e/auth/service_accounts.go
- testname: SubjectReview, API Operations
codename: '[sig-auth] SubjectReview should support SubjectReview API operations
[Conformance]'
description: A ServiceAccount is created which MUST succeed. A clientset is created
to impersonate the ServiceAccount. A SubjectAccessReview is created for the ServiceAccount
which MUST succeed. The allowed status for the SubjectAccessReview MUST match
the expected allowed for the impersonated client call. A LocalSubjectAccessReviews
is created for the ServiceAccount which MUST succeed. The allowed status for the
LocalSubjectAccessReview MUST match the expected allowed for the impersonated
client call.
release: v1.27
file: test/e2e/auth/subjectreviews.go
- testname: Kubectl, guestbook application
codename: '[sig-cli] Kubectl client Guestbook application should create and stop
a working application [Conformance]'

14
test/e2e/auth/subjectreviews.go
View File

@ -35,7 +35,19 @@ import (
var _ = SIGDescribe("SubjectReview", func() {
f := framework.NewDefaultFramework("subjectreview")
ginkgo.It("should support SubjectReview API operations", func() {
/*
Release: v1.27
Testname: SubjectReview, API Operations
Description: A ServiceAccount is created which MUST succeed.
A clientset is created to impersonate the ServiceAccount.
A SubjectAccessReview is created for the ServiceAccount which
MUST succeed. The allowed status for the SubjectAccessReview
MUST match the expected allowed for the impersonated client
call. A LocalSubjectAccessReviews is created for the ServiceAccount
which MUST succeed. The allowed status for the LocalSubjectAccessReview
MUST match the expected allowed for the impersonated client call.
*/
framework.ConformanceIt("should support SubjectReview API operations", func() {
AuthClient := f.ClientSet.AuthorizationV1()
ns := f.Namespace.Name