From befb7d4a6aa99cf23a9e272c3f9d52816c5e5ea6 Mon Sep 17 00:00:00 2001 From: Stephen Heywood Date: Mon, 9 Jan 2023 11:24:05 +1300 Subject: [PATCH] Promote SubjectAccessReview e2e test to Conformance --- test/conformance/testdata/conformance.yaml | 12 ++++++++++++ test/e2e/auth/subjectreviews.go | 14 +++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/test/conformance/testdata/conformance.yaml b/test/conformance/testdata/conformance.yaml index 38b4f409078..9ac049151cb 100755 --- a/test/conformance/testdata/conformance.yaml +++ b/test/conformance/testdata/conformance.yaml @@ -1119,6 +1119,18 @@ it MUST succeed and the field MUST equal the new value. release: v1.26 file: test/e2e/auth/service_accounts.go +- testname: SubjectReview, API Operations + codename: '[sig-auth] SubjectReview should support SubjectReview API operations + [Conformance]' + description: A ServiceAccount is created which MUST succeed. A clientset is created + to impersonate the ServiceAccount. A SubjectAccessReview is created for the ServiceAccount + which MUST succeed. The allowed status for the SubjectAccessReview MUST match + the expected allowed for the impersonated client call. A LocalSubjectAccessReviews + is created for the ServiceAccount which MUST succeed. The allowed status for the + LocalSubjectAccessReview MUST match the expected allowed for the impersonated + client call. + release: v1.27 + file: test/e2e/auth/subjectreviews.go - testname: Kubectl, guestbook application codename: '[sig-cli] Kubectl client Guestbook application should create and stop a working application [Conformance]' diff --git a/test/e2e/auth/subjectreviews.go b/test/e2e/auth/subjectreviews.go index 8906fc5189c..a43fd603992 100644 --- a/test/e2e/auth/subjectreviews.go +++ b/test/e2e/auth/subjectreviews.go @@ -35,7 +35,19 @@ import ( var _ = SIGDescribe("SubjectReview", func() { f := framework.NewDefaultFramework("subjectreview") - ginkgo.It("should support SubjectReview API operations", func() { + /* + Release: v1.27 + Testname: SubjectReview, API Operations + Description: A ServiceAccount is created which MUST succeed. + A clientset is created to impersonate the ServiceAccount. + A SubjectAccessReview is created for the ServiceAccount which + MUST succeed. The allowed status for the SubjectAccessReview + MUST match the expected allowed for the impersonated client + call. A LocalSubjectAccessReviews is created for the ServiceAccount + which MUST succeed. The allowed status for the LocalSubjectAccessReview + MUST match the expected allowed for the impersonated client call. + */ + framework.ConformanceIt("should support SubjectReview API operations", func() { AuthClient := f.ClientSet.AuthorizationV1() ns := f.Namespace.Name