Skip to content

Commit 53d4e5a

Browse files
enjenj
committed
Fix tests
Signed-off-by: Monis Khan <mkhan@redhat.com>
1 parent 3f1a91e commit 53d4e5a

File tree

4 files changed

+49
-2
lines changed

4 files changed

+49
-2
lines changed

pkg/authorization/authorizer/scope/converter.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
kapi "k8s.io/kubernetes/pkg/api"
88
kapierrors "k8s.io/kubernetes/pkg/api/errors"
99
"k8s.io/kubernetes/pkg/api/unversioned"
10+
kauthorizationapi "k8s.io/kubernetes/pkg/apis/authorization"
1011
"k8s.io/kubernetes/pkg/conversion"
1112
kutilerrors "k8s.io/kubernetes/pkg/util/errors"
1213
"k8s.io/kubernetes/pkg/util/sets"
@@ -174,6 +175,7 @@ func (userEvaluator) ResolveRules(scope, namespace string, clusterPolicyGetter c
174175
case UserAccessCheck:
175176
return []authorizationapi.PolicyRule{
176177
{Verbs: sets.NewString("create"), APIGroups: []string{authorizationapi.GroupName}, Resources: sets.NewString("subjectaccessreviews", "localsubjectaccessreviews"), AttributeRestrictions: &authorizationapi.IsPersonalSubjectAccessReview{}},
178+
authorizationapi.NewRule("create").Groups(kauthorizationapi.GroupName).Resources("selfsubjectaccessreviews").RuleOrDie(),
177179
authorizationapi.NewRule("create").Groups(authorizationapi.GroupName).Resources("selfsubjectrulesreviews").RuleOrDie(),
178180
}, nil
179181
case UserListScopedProjects:

test/cmd/authentication.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ os::cmd::expect_success_and_text "curl -k -XPOST -H 'Content-Type: application/j
7474
os::cmd::expect_success_and_text "oc policy can-i create pods --token='${accesstoken}' -n '${project}' --ignore-scopes" 'yes'
7575
os::cmd::expect_success_and_text "oc policy can-i create pods --token='${accesstoken}' -n '${project}'" 'no'
7676
os::cmd::expect_success_and_text "oc policy can-i create subjectaccessreviews --token='${accesstoken}' -n '${project}'" 'no'
77-
os::cmd::expect_success_and_text "oc policy can-i create subjectaccessreviews --token='${accesstoken}' -n '${project}' --ignore-scopes" 'yes'
77+
os::cmd::expect_success_and_text "oc policy can-i create subjectaccessreviews.v1. --token='${accesstoken}' -n '${project}' --ignore-scopes" 'yes'
7878
os::cmd::expect_success_and_text "oc policy can-i create pods --token='${accesstoken}' -n '${project}' --scopes='role:admin:*'" 'yes'
7979
os::cmd::expect_success_and_text "oc policy can-i --list --token='${accesstoken}' -n '${project}' --scopes='role:admin:*'" 'get.*pods'
8080
os::cmd::expect_success_and_not_text "oc policy can-i --list --token='${accesstoken}' -n '${project}'" 'get.*pods'

test/integration/authorization_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -672,7 +672,7 @@ func (test subjectAccessReviewTest) run(t *testing.T) {
672672
if test.kubeAuthInterface != nil {
673673
var testNS string
674674
if test.localReview != nil {
675-
if test.localReview != nil && len(test.localReview.Namespace) > 0 {
675+
if len(test.localReview.Namespace) > 0 {
676676
testNS = test.localReview.Namespace
677677
} else if len(test.response.Namespace) > 0 {
678678
testNS = test.response.Namespace

test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -329,6 +329,15 @@ items:
329329
- subjectrulesreviews
330330
verbs:
331331
- create
332+
- apiGroups:
333+
- authorization.k8s.io
334+
attributeRestrictions: null
335+
resources:
336+
- localsubjectaccessreviews
337+
- selfsubjectaccessreviews
338+
- subjectaccessreviews
339+
verbs:
340+
- create
332341
- apiGroups:
333342
- authentication.k8s.io
334343
attributeRestrictions: null
@@ -679,6 +688,13 @@ items:
679688
- subjectrulesreviews
680689
verbs:
681690
- create
691+
- apiGroups:
692+
- authorization.k8s.io
693+
attributeRestrictions: null
694+
resources:
695+
- localsubjectaccessreviews
696+
verbs:
697+
- create
682698
- apiGroups:
683699
- ""
684700
attributeRestrictions: null
@@ -1549,6 +1565,13 @@ items:
15491565
- subjectaccessreviews
15501566
verbs:
15511567
- create
1568+
- apiGroups:
1569+
- authorization.k8s.io
1570+
attributeRestrictions: null
1571+
resources:
1572+
- selfsubjectaccessreviews
1573+
verbs:
1574+
- create
15521575
- apiVersion: v1
15531576
kind: ClusterRole
15541577
metadata:
@@ -1574,6 +1597,13 @@ items:
15741597
- subjectaccessreviews
15751598
verbs:
15761599
- create
1600+
- apiGroups:
1601+
- authorization.k8s.io
1602+
attributeRestrictions: null
1603+
resources:
1604+
- selfsubjectaccessreviews
1605+
verbs:
1606+
- create
15771607
- apiVersion: v1
15781608
kind: ClusterRole
15791609
metadata:
@@ -2089,6 +2119,14 @@ items:
20892119
- subjectaccessreviews
20902120
verbs:
20912121
- create
2122+
- apiGroups:
2123+
- authorization.k8s.io
2124+
attributeRestrictions: null
2125+
resources:
2126+
- localsubjectaccessreviews
2127+
- subjectaccessreviews
2128+
verbs:
2129+
- create
20922130
- apiGroups:
20932131
- ""
20942132
attributeRestrictions: null
@@ -2386,6 +2424,13 @@ items:
23862424
- subjectrulesreviews
23872425
verbs:
23882426
- create
2427+
- apiGroups:
2428+
- authorization.k8s.io
2429+
attributeRestrictions: null
2430+
resources:
2431+
- localsubjectaccessreviews
2432+
verbs:
2433+
- create
23892434
- apiGroups:
23902435
- ""
23912436
attributeRestrictions: null

0 commit comments

Comments
 (0)