github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 18:02:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #114906 from ii/promote-subjectaccessreview-test

Browse Source 
Promote e2e test for SubjectAccessReview & createAuthorizationV1NamespacedLocalSubjectAccessReview +2 Endpoints
This commit is contained in:
Kubernetes Prow Robot 2023-01-08 17:09:27 -08:00 committed by GitHub
commit cf7a3c5bbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/conformance/testdata/conformance.yaml vendored
View File

@ -1119,6 +1119,18 @@
it MUST succeed and the field MUST equal the new value.
release: v1.26
file: test/e2e/auth/service_accounts.go
- testname: SubjectReview, API Operations
codename: '[sig-auth] SubjectReview should support SubjectReview API operations
[Conformance]'
description: A ServiceAccount is created which MUST succeed. A clientset is created
to impersonate the ServiceAccount. A SubjectAccessReview is created for the ServiceAccount
which MUST succeed. The allowed status for the SubjectAccessReview MUST match
the expected allowed for the impersonated client call. A LocalSubjectAccessReviews
is created for the ServiceAccount which MUST succeed. The allowed status for the
LocalSubjectAccessReview MUST match the expected allowed for the impersonated
client call.
release: v1.27
file: test/e2e/auth/subjectreviews.go
- testname: Kubectl, guestbook application
codename: '[sig-cli] Kubectl client Guestbook application should create and stop
a working application [Conformance]'

14
test/e2e/auth/subjectreviews.go
View File

@ -35,7 +35,19 @@ import (
var _ = SIGDescribe("SubjectReview", func() {
f := framework.NewDefaultFramework("subjectreview")
ginkgo.It("should support SubjectReview API operations", func() {
/*
Release: v1.27
Testname: SubjectReview, API Operations
Description: A ServiceAccount is created which MUST succeed.
A clientset is created to impersonate the ServiceAccount.
A SubjectAccessReview is created for the ServiceAccount which
MUST succeed. The allowed status for the SubjectAccessReview
MUST match the expected allowed for the impersonated client
call. A LocalSubjectAccessReviews is created for the ServiceAccount
which MUST succeed. The allowed status for the LocalSubjectAccessReview
MUST match the expected allowed for the impersonated client call.
*/
framework.ConformanceIt("should support SubjectReview API operations", func() {
AuthClient := f.ClientSet.AuthorizationV1()
ns := f.Namespace.Name