mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #112753 from flant/who-am-i-error
Add more accurate error message for WhoAmI command
This commit is contained in:
commit
e0e03027e0
@ -139,18 +139,29 @@ func NewCmdWhoAmI(restClientGetter genericclioptions.RESTClientGetter, streams g
|
|||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
notEnabledErr = fmt.Errorf(
|
||||||
|
"the selfsubjectreviews API is not enabled in the cluster\n" +
|
||||||
|
"enable APISelfSubjectReview feature gate and authentication.k8s.io/v1alpha1 API")
|
||||||
|
|
||||||
|
forbiddenErr = fmt.Errorf(
|
||||||
|
"the selfsubjectreviews API is not enabled in the cluster or you do not have permission to call it")
|
||||||
|
)
|
||||||
|
|
||||||
// Run prints all user attributes.
|
// Run prints all user attributes.
|
||||||
func (o WhoAmIOptions) Run() error {
|
func (o WhoAmIOptions) Run() error {
|
||||||
sar := &authenticationv1alpha1.SelfSubjectReview{}
|
sar := &authenticationv1alpha1.SelfSubjectReview{}
|
||||||
response, err := o.authClient.SelfSubjectReviews().Create(context.TODO(), sar, metav1.CreateOptions{})
|
response, err := o.authClient.SelfSubjectReviews().Create(context.TODO(), sar, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.IsNotFound(err) {
|
switch {
|
||||||
return fmt.Errorf("the selfsubjectreviews API is not enabled in the cluster.\n" +
|
case errors.IsForbidden(err):
|
||||||
"enable APISelfSubjectReview feature gate and authentication.k8s.io/v1alpha1 API.")
|
return forbiddenErr
|
||||||
|
case errors.IsNotFound(err):
|
||||||
|
return notEnabledErr
|
||||||
|
default:
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return o.resourcePrinterFunc(response, o.Out)
|
return o.resourcePrinterFunc(response, o.Out)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,12 +18,15 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
authenticationv1 "k8s.io/api/authentication/v1"
|
authenticationv1 "k8s.io/api/authentication/v1"
|
||||||
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
|
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
|
||||||
|
corev1 "k8s.io/api/core/v1"
|
||||||
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/cli-runtime/pkg/printers"
|
"k8s.io/cli-runtime/pkg/printers"
|
||||||
authfake "k8s.io/client-go/kubernetes/fake"
|
authfake "k8s.io/client-go/kubernetes/fake"
|
||||||
@ -37,9 +40,9 @@ func TestWhoAmIRun(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
o *WhoAmIOptions
|
o *WhoAmIOptions
|
||||||
args []string
|
args []string
|
||||||
allowed bool
|
|
||||||
serverErr error
|
serverErr error
|
||||||
|
|
||||||
|
expectedError error
|
||||||
expectedBodyStrings []string
|
expectedBodyStrings []string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -95,6 +98,38 @@ func TestWhoAmIRun(t *testing.T) {
|
|||||||
`,
|
`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "Forbidden error",
|
||||||
|
o: &WhoAmIOptions{
|
||||||
|
resourcePrinterFunc: printTableSelfSubjectAccessReview,
|
||||||
|
},
|
||||||
|
args: []string{},
|
||||||
|
serverErr: errors.NewForbidden(
|
||||||
|
corev1.Resource("selfsubjectreviews"), "foo", fmt.Errorf("error"),
|
||||||
|
),
|
||||||
|
expectedError: forbiddenErr,
|
||||||
|
expectedBodyStrings: []string{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "NotFound error",
|
||||||
|
o: &WhoAmIOptions{
|
||||||
|
resourcePrinterFunc: printTableSelfSubjectAccessReview,
|
||||||
|
},
|
||||||
|
args: []string{},
|
||||||
|
serverErr: errors.NewNotFound(corev1.Resource("selfsubjectreviews"), "foo"),
|
||||||
|
expectedError: notEnabledErr,
|
||||||
|
expectedBodyStrings: []string{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Server error",
|
||||||
|
o: &WhoAmIOptions{
|
||||||
|
resourcePrinterFunc: printTableSelfSubjectAccessReview,
|
||||||
|
},
|
||||||
|
args: []string{},
|
||||||
|
serverErr: fmt.Errorf("a random server-side error"),
|
||||||
|
expectedError: fmt.Errorf("a random server-side error"),
|
||||||
|
expectedBodyStrings: []string{},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
@ -111,6 +146,10 @@ func TestWhoAmIRun(t *testing.T) {
|
|||||||
|
|
||||||
fakeAuthClientSet.AddReactor("create", "selfsubjectreviews",
|
fakeAuthClientSet.AddReactor("create", "selfsubjectreviews",
|
||||||
func(action core.Action) (handled bool, ret runtime.Object, err error) {
|
func(action core.Action) (handled bool, ret runtime.Object, err error) {
|
||||||
|
if test.serverErr != nil {
|
||||||
|
return true, nil, test.serverErr
|
||||||
|
}
|
||||||
|
|
||||||
res := &authenticationv1alpha1.SelfSubjectReview{
|
res := &authenticationv1alpha1.SelfSubjectReview{
|
||||||
Status: authenticationv1alpha1.SelfSubjectReviewStatus{
|
Status: authenticationv1alpha1.SelfSubjectReviewStatus{
|
||||||
UserInfo: authenticationv1.UserInfo{
|
UserInfo: authenticationv1.UserInfo{
|
||||||
@ -130,12 +169,12 @@ func TestWhoAmIRun(t *testing.T) {
|
|||||||
|
|
||||||
err := test.o.Run()
|
err := test.o.Run()
|
||||||
switch {
|
switch {
|
||||||
case test.serverErr == nil && err == nil:
|
case test.expectedError == nil && err == nil:
|
||||||
// pass
|
// pass
|
||||||
case err != nil && test.serverErr != nil && strings.Contains(err.Error(), test.serverErr.Error()):
|
case err != nil && test.expectedError != nil && strings.Contains(err.Error(), test.expectedError.Error()):
|
||||||
// pass
|
// pass
|
||||||
default:
|
default:
|
||||||
t.Errorf("%s: expected %v, got %v", test.name, test.serverErr, err)
|
t.Errorf("%s: expected %v, got %v", test.name, test.expectedError, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user