github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

add cmd test for kubectl auth can-i

Browse Source
This commit is contained in:
Cao Shufeng 2017-06-01 13:56:49 +08:00
parent 78a9e4feba
commit c28efb85ff
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hack/lib/test.sh
View File

@ -286,6 +286,18 @@ kube::test::if_has_not_string() {
fi fi
} }
kube::test::if_empty_string() {
local match=$1
if [ -n "$match" ]; then
echo "$match is not empty"
caller
return 1
else
echo "Successful"
return 0
fi
}
# Returns true if the required resource is part of supported resources. # Returns true if the required resource is part of supported resources.
# Expects env vars: # Expects env vars:
# SUPPORTED_RESOURCES: Array of all resources supported by the apiserver. "*" # SUPPORTED_RESOURCES: Array of all resources supported by the apiserver. "*"

22
hack/make-rules/test-cmd-util.sh
View File

@ -68,6 +68,7 @@ statefulsets="statefulsets"
static="static" static="static"
storageclass="storageclass" storageclass="storageclass"
subjectaccessreviews="subjectaccessreviews" subjectaccessreviews="subjectaccessreviews"
selfsubjectaccessreviews="selfsubjectaccessreviews"
thirdpartyresources="thirdpartyresources" thirdpartyresources="thirdpartyresources"
customresourcedefinitions="customresourcedefinitions" customresourcedefinitions="customresourcedefinitions"
daemonsets="daemonsets" daemonsets="daemonsets"
@ -3795,6 +3796,27 @@ __EOF__
rm "${SAR_RESULT_FILE}" rm "${SAR_RESULT_FILE}"
fi fi
# kubectl auth can-i
# kube-apiserver is started with authorization mode AlwaysAllow, so kubectl can-i always returns yes
if kube::test::if_supports_resource "${subjectaccessreviews}" ; then
output_message=$(kubectl auth can-i '*' '*' 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(kubectl auth can-i get invalid_resource 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "the server doesn't have a resource type"
output_message=$(kubectl auth can-i get /logs/ 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "yes"
output_message=$(! kubectl auth can-i get /logs/ --subresource=log 2>&1 "${kube_flags[@]}")
kube::test::if_has_string "${output_message}" "subresource can not be used with nonResourceURL"
output_message=$(kubectl auth can-i list jobs.batch/bar -n foo --quiet 2>&1 "${kube_flags[@]}")
kube::test::if_empty_string "${output_message}"
fi
##################### #####################
# Retrieve multiple # # Retrieve multiple #