From 9eab16f10e60331df317058e9db701e7bb5b4b8b Mon Sep 17 00:00:00 2001 From: m1093782566 Date: Thu, 3 Aug 2017 16:33:10 +0800 Subject: [PATCH] add UT for pkg/kubecl clusterrolebinding --- pkg/kubectl/BUILD | 3 + pkg/kubectl/clusterrolebinding.go | 24 +-- pkg/kubectl/clusterrolebinding_test.go | 229 +++++++++++++++++++++++++ 3 files changed, 244 insertions(+), 12 deletions(-) create mode 100644 pkg/kubectl/clusterrolebinding_test.go diff --git a/pkg/kubectl/BUILD b/pkg/kubectl/BUILD index 52a40a1c946..a145d10fdcc 100644 --- a/pkg/kubectl/BUILD +++ b/pkg/kubectl/BUILD @@ -12,6 +12,7 @@ go_test( name = "go_default_test", srcs = [ "cluster_test.go", + "clusterrolebinding_test.go", "configmap_test.go", "delete_test.go", "deployment_test.go", @@ -59,6 +60,7 @@ go_test( "//vendor/k8s.io/api/batch/v2alpha1:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", @@ -153,6 +155,7 @@ go_library( "//vendor/k8s.io/api/batch/v2alpha1:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library", + "//vendor/k8s.io/api/rbac/v1beta1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", diff --git a/pkg/kubectl/clusterrolebinding.go b/pkg/kubectl/clusterrolebinding.go index b19ca40754c..d9465606911 100644 --- a/pkg/kubectl/clusterrolebinding.go +++ b/pkg/kubectl/clusterrolebinding.go @@ -21,9 +21,9 @@ import ( "strings" + rbacv1beta1 "k8s.io/api/rbac/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/kubernetes/pkg/apis/rbac" ) // ClusterRoleBindingGeneratorV1 supports stable generation of a clusterRoleBinding. @@ -109,24 +109,24 @@ func (s ClusterRoleBindingGeneratorV1) StructuredGenerate() (runtime.Object, err if err := s.validate(); err != nil { return nil, err } - clusterRoleBinding := &rbac.ClusterRoleBinding{} + clusterRoleBinding := &rbacv1beta1.ClusterRoleBinding{} clusterRoleBinding.Name = s.Name - clusterRoleBinding.RoleRef = rbac.RoleRef{ - APIGroup: rbac.GroupName, + clusterRoleBinding.RoleRef = rbacv1beta1.RoleRef{ + APIGroup: rbacv1beta1.GroupName, Kind: "ClusterRole", Name: s.ClusterRole, } for _, user := range sets.NewString(s.Users...).List() { - clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbac.Subject{ - Kind: rbac.UserKind, - APIGroup: rbac.GroupName, + clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbacv1beta1.Subject{ + Kind: rbacv1beta1.UserKind, + APIGroup: rbacv1beta1.GroupName, Name: user, }) } for _, group := range sets.NewString(s.Groups...).List() { - clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbac.Subject{ - Kind: rbac.GroupKind, - APIGroup: rbac.GroupName, + clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbacv1beta1.Subject{ + Kind: rbacv1beta1.GroupKind, + APIGroup: rbacv1beta1.GroupName, Name: group, }) } @@ -135,8 +135,8 @@ func (s ClusterRoleBindingGeneratorV1) StructuredGenerate() (runtime.Object, err if len(tokens) != 2 || tokens[0] == "" || tokens[1] == "" { return nil, fmt.Errorf("serviceaccount must be :") } - clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbac.Subject{ - Kind: rbac.ServiceAccountKind, + clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbacv1beta1.Subject{ + Kind: rbacv1beta1.ServiceAccountKind, APIGroup: "", Namespace: tokens[0], Name: tokens[1], diff --git a/pkg/kubectl/clusterrolebinding_test.go b/pkg/kubectl/clusterrolebinding_test.go new file mode 100644 index 00000000000..f1846a26789 --- /dev/null +++ b/pkg/kubectl/clusterrolebinding_test.go @@ -0,0 +1,229 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kubectl + +import ( + "reflect" + "testing" + + rbacv1beta1 "k8s.io/api/rbac/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func TestClusterRoleBindingGenerate(t *testing.T) { + tests := []struct { + name string + params map[string]interface{} + expected *rbacv1beta1.ClusterRoleBinding + expectErr bool + }{ + { + name: "valid case 1", + params: map[string]interface{}{ + "name": "foo", + "clusterrole": "admin", + "user": []string{"user"}, + "group": []string{"group"}, + "serviceaccount": []string{"ns1:name1"}, + }, + expected: &rbacv1beta1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + }, + RoleRef: rbacv1beta1.RoleRef{ + APIGroup: rbacv1beta1.GroupName, + Kind: "ClusterRole", + Name: "admin", + }, + Subjects: []rbacv1beta1.Subject{ + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.UserKind, + Name: "user", + }, + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.GroupKind, + Name: "group", + }, + { + Kind: rbacv1beta1.ServiceAccountKind, + APIGroup: "", + Namespace: "ns1", + Name: "name1", + }, + }, + }, + expectErr: false, + }, + { + name: "valid case 2", + params: map[string]interface{}{ + "name": "foo", + "clusterrole": "admin", + "user": []string{"user1", "user2"}, + "group": []string{"group1", "group2"}, + "serviceaccount": []string{"ns1:name1", "ns2:name2"}, + }, + expected: &rbacv1beta1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + }, + RoleRef: rbacv1beta1.RoleRef{ + APIGroup: rbacv1beta1.GroupName, + Kind: "ClusterRole", + Name: "admin", + }, + Subjects: []rbacv1beta1.Subject{ + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.UserKind, + Name: "user1", + }, + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.UserKind, + Name: "user2", + }, + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.GroupKind, + Name: "group1", + }, + { + APIGroup: rbacv1beta1.GroupName, + Kind: rbacv1beta1.GroupKind, + Name: "group2", + }, + { + Kind: rbacv1beta1.ServiceAccountKind, + APIGroup: "", + Namespace: "ns1", + Name: "name1", + }, + { + Kind: rbacv1beta1.ServiceAccountKind, + APIGroup: "", + Namespace: "ns2", + Name: "name2", + }, + }, + }, + expectErr: false, + }, + { + name: "valid case 3", + params: map[string]interface{}{ + "name": "foo", + "clusterrole": "admin", + }, + expected: &rbacv1beta1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + }, + RoleRef: rbacv1beta1.RoleRef{ + APIGroup: rbacv1beta1.GroupName, + Kind: "ClusterRole", + Name: "admin", + }, + }, + expectErr: false, + }, + { + name: "invalid serviceaccount, expected format: ", + params: map[string]interface{}{ + "name": "role", + "clusterrole": "admin", + "user": []string{"user"}, + "group": []string{"group"}, + "serviceaccount": []string{"ns1-name1"}, + }, + expectErr: true, + }, + { + name: "name must be specified", + params: map[string]interface{}{ + "name": "", + "clusterrole": "admin", + "user": []string{"user"}, + "group": []string{"group"}, + "serviceaccount": []string{"ns1:name1"}, + }, + expectErr: true, + }, + { + name: "clusterrole must be specified", + params: map[string]interface{}{ + "name": "foo", + "clusterrole": "", + "user": []string{"user"}, + "group": []string{"group"}, + "serviceaccount": []string{"ns1:name1"}, + }, + expectErr: true, + }, + { + name: "expected user []string", + params: map[string]interface{}{ + "name": "role", + "clusterrole": "admin", + "user": "user", + "group": []string{"group"}, + "serviceaccount": []string{"ns1:name1"}, + }, + expectErr: true, + }, + { + name: "expected group []string", + params: map[string]interface{}{ + "name": "role", + "clusterrole": "admin", + "user": []string{"user"}, + "group": "group", + "serviceaccount": []string{"ns1:name1"}, + }, + expectErr: true, + }, + { + name: "expected serviceaccount []string", + params: map[string]interface{}{ + "name": "role", + "clusterrole": "admin", + "user": []string{"user"}, + "group": []string{"group"}, + "serviceaccount": "ns1", + }, + expectErr: true, + }, + } + generator := ClusterRoleBindingGeneratorV1{} + for i := range tests { + obj, err := generator.Generate(tests[i].params) + if !tests[i].expectErr && err != nil { + t.Errorf("[%d] unexpected error: %v", i, err) + } + if tests[i].expectErr && err != nil { + continue + } + if tests[i].expectErr && err == nil { + t.Errorf("[%s] expect error, got nil", tests[i].name) + } + if !reflect.DeepEqual(obj.(*rbacv1beta1.ClusterRoleBinding), tests[i].expected) { + t.Errorf("\n[%s] want:\n%#v\ngot:\n%#v", tests[i].name, tests[i].expected, obj.(*rbacv1beta1.ClusterRoleBinding)) + } + } +}