mirror of https://github.com/istio/istio.io.git
67 lines
2.6 KiB
Go
67 lines
2.6 KiB
Go
// Copyright Istio Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package security
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"istio.io/istio/pkg/test/framework"
|
|
|
|
"istio.io/istio.io/pkg/test/istioio"
|
|
)
|
|
|
|
// TestAuthorizationForHTTPServices simulates the task in https://www.istio.io/docs/tasks/security/authz-http/
|
|
func TestAuthorizationForHTTPServices(t *testing.T) {
|
|
t.Skip("https://github.com/istio/istio/issues/18511")
|
|
framework.
|
|
NewTest(t).
|
|
Run(istioio.NewBuilder("tasks__security__authorization_for_http_services").
|
|
Add(istioio.Script{
|
|
Input: istioio.Path("scripts/authz_http.txt"),
|
|
}, istioio.YamlResources{
|
|
BaseName: "enforcing_namespace_level_access_control",
|
|
Input: istioio.BookInfo("rbac/namespace-policy.yaml"),
|
|
ResourceNames: []string{"service-viewer", "bind-service-viewer"},
|
|
}, istioio.YamlResources{
|
|
BaseName: "enforcing_service_level_access_control_step1",
|
|
Input: istioio.BookInfo("rbac/productpage-policy.yaml"),
|
|
ResourceNames: []string{"productpage-viewer", "bind-productpage-viewer"},
|
|
}, istioio.YamlResources{
|
|
BaseName: "enforcing_service_level_access_control_step2",
|
|
Input: istioio.BookInfo("rbac/details-reviews-policy.yaml"),
|
|
ResourceNames: []string{"details-reviews-viewer", "bind-details-reviews"},
|
|
}, istioio.YamlResources{
|
|
BaseName: "enforcing_service_level_access_control_step3",
|
|
Input: istioio.BookInfo("rbac/ratings-policy.yaml"),
|
|
ResourceNames: []string{"ratings-viewer", "bind-ratings"},
|
|
}).
|
|
// Remaining cleanup (undocumented).
|
|
Defer(istioio.Script{
|
|
Input: istioio.Inline{
|
|
FileName: "cleanup.sh",
|
|
Value: `
|
|
kubectl delete policy default -n default || true
|
|
kubectl delete destinationrule default -n default || true
|
|
kubectl delete clusterrbacconfig default || true
|
|
kubectl delete servicerole --all -n default || true
|
|
kubectl delete servicerolebinding --all -n default || true
|
|
|
|
kubectl delete -f samples/bookinfo/platform/kube/bookinfo.yaml || true
|
|
kubectl delete -f samples/bookinfo/networking/bookinfo-gateway.yaml || true
|
|
kubectl delete -f samples/sleep/sleep.yaml || true`,
|
|
},
|
|
}).Build())
|
|
}
|