UT: add ut for rbac.go and webhook_configuration.go
Signed-off-by: jwcesign <jiangwei115@huawei.com>
This commit is contained in:
jwcesign
parent
69829f677c
commit
d5e7a7fe7c
|
|
@ -13,7 +13,7 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
// grantProxyPermissionToAdmin grants the proxy permission to "system:admin"
|
// grantProxyPermissionToAdmin grants the proxy permission to "system:admin"
|
||||||
func grantProxyPermissionToAdmin(clientSet *kubernetes.Clientset) error {
|
func grantProxyPermissionToAdmin(clientSet kubernetes.Interface) error {
|
||||||
proxyAdminClusterRole := utils.ClusterRoleFromRules(clusterProxyAdminRole, []rbacv1.PolicyRule{
|
proxyAdminClusterRole := utils.ClusterRoleFromRules(clusterProxyAdminRole, []rbacv1.PolicyRule{
|
||||||
{
|
{
|
||||||
APIGroups: []string{"cluster.karmada.io"},
|
APIGroups: []string{"cluster.karmada.io"},
|
||||||
|
|
@ -41,7 +41,7 @@ func grantProxyPermissionToAdmin(clientSet *kubernetes.Clientset) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// grantAccessPermissionToAgent grants the limited access permmission to 'karmada-agent'
|
// grantAccessPermissionToAgent grants the limited access permmission to 'karmada-agent'
|
||||||
func grantAccessPermissionToAgent(clientSet *kubernetes.Clientset) error {
|
func grantAccessPermissionToAgent(clientSet kubernetes.Interface) error {
|
||||||
clusterRole := utils.ClusterRoleFromRules(karmadaAgentAccessClusterRole, []rbacv1.PolicyRule{
|
clusterRole := utils.ClusterRoleFromRules(karmadaAgentAccessClusterRole, []rbacv1.PolicyRule{
|
||||||
{
|
{
|
||||||
APIGroups: []string{"authentication.k8s.io"},
|
APIGroups: []string{"authentication.k8s.io"},
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
package karmada
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"k8s.io/client-go/kubernetes/fake"
|
||||||
|
)
|
||||||
|
|
||||||
|
var noError = false
|
||||||
|
|
||||||
|
func Test_grantProxyPermissionToAdmin(t *testing.T) {
|
||||||
|
client := fake.NewSimpleClientset()
|
||||||
|
if err := grantProxyPermissionToAdmin(client); (err != nil) != noError {
|
||||||
|
t.Errorf("grantProxyPermissionToAdmin() error = %v, wantErr %v", err, noError)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_grantAccessPermissionToAgent(t *testing.T) {
|
||||||
|
client := fake.NewSimpleClientset()
|
||||||
|
if err := grantAccessPermissionToAgent(client); (err != nil) != noError {
|
||||||
|
t.Errorf("grantAccessPermissionToAgent() error = %v, wantErr %v", err, noError)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -159,7 +159,7 @@ webhooks:
|
||||||
timeoutSeconds: 3`, systemNamespace, caBundle)
|
timeoutSeconds: 3`, systemNamespace, caBundle)
|
||||||
}
|
}
|
||||||
|
|
||||||
func createValidatingWebhookConfiguration(c *kubernetes.Clientset, staticYaml string) error {
|
func createValidatingWebhookConfiguration(c kubernetes.Interface, staticYaml string) error {
|
||||||
obj := admissionregistrationv1.ValidatingWebhookConfiguration{}
|
obj := admissionregistrationv1.ValidatingWebhookConfiguration{}
|
||||||
|
|
||||||
if err := json.Unmarshal(utils.StaticYamlToJSONByte(staticYaml), &obj); err != nil {
|
if err := json.Unmarshal(utils.StaticYamlToJSONByte(staticYaml), &obj); err != nil {
|
||||||
|
|
@ -173,7 +173,7 @@ func createValidatingWebhookConfiguration(c *kubernetes.Clientset, staticYaml st
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func createMutatingWebhookConfiguration(c *kubernetes.Clientset, staticYaml string) error {
|
func createMutatingWebhookConfiguration(c kubernetes.Interface, staticYaml string) error {
|
||||||
obj := admissionregistrationv1.MutatingWebhookConfiguration{}
|
obj := admissionregistrationv1.MutatingWebhookConfiguration{}
|
||||||
|
|
||||||
if err := json.Unmarshal(utils.StaticYamlToJSONByte(staticYaml), &obj); err != nil {
|
if err := json.Unmarshal(utils.StaticYamlToJSONByte(staticYaml), &obj); err != nil {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,30 @@
|
||||||
|
package karmada
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/base64"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"k8s.io/client-go/kubernetes/fake"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Test_createValidatingWebhookConfiguration(t *testing.T) {
|
||||||
|
client := fake.NewSimpleClientset()
|
||||||
|
cfg := validatingConfig(base64.StdEncoding.EncodeToString([]byte("foo")), "bar")
|
||||||
|
if cfg == "" {
|
||||||
|
t.Errorf("validatingConfig() return = %v, want yaml config", cfg)
|
||||||
|
}
|
||||||
|
if err := createValidatingWebhookConfiguration(client, cfg); err != nil {
|
||||||
|
t.Errorf("createValidatingWebhookConfiguration() return = %v, want no error", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_createMutatingWebhookConfiguration(t *testing.T) {
|
||||||
|
client := fake.NewSimpleClientset()
|
||||||
|
cfg := mutatingConfig(base64.StdEncoding.EncodeToString([]byte("foo")), "bar")
|
||||||
|
if cfg == "" {
|
||||||
|
t.Errorf("mutatingConfig() return = %v, want yaml config", cfg)
|
||||||
|
}
|
||||||
|
if err := createMutatingWebhookConfiguration(client, cfg); err != nil {
|
||||||
|
t.Errorf("createMutatingWebhookConfiguration() return = %v, want no error", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -47,7 +47,7 @@ func ClusterRoleBindingFromSubjects(clusterRoleBindingName, clusterRoleName stri
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateIfNotExistClusterRole create ClusterRole when it doesn't exist
|
// CreateIfNotExistClusterRole create ClusterRole when it doesn't exist
|
||||||
func CreateIfNotExistClusterRole(clientSet *kubernetes.Clientset, role *rbacv1.ClusterRole) error {
|
func CreateIfNotExistClusterRole(clientSet kubernetes.Interface, role *rbacv1.ClusterRole) error {
|
||||||
clusterRoleClient := clientSet.RbacV1().ClusterRoles()
|
clusterRoleClient := clientSet.RbacV1().ClusterRoles()
|
||||||
_, err := clusterRoleClient.Get(context.TODO(), role.Name, metav1.GetOptions{})
|
_, err := clusterRoleClient.Get(context.TODO(), role.Name, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -68,7 +68,7 @@ func CreateIfNotExistClusterRole(clientSet *kubernetes.Clientset, role *rbacv1.C
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateIfNotExistClusterRoleBinding create ClusterRoleBinding when it doesn't exist
|
// CreateIfNotExistClusterRoleBinding create ClusterRoleBinding when it doesn't exist
|
||||||
func CreateIfNotExistClusterRoleBinding(clientSet *kubernetes.Clientset, binding *rbacv1.ClusterRoleBinding) error {
|
func CreateIfNotExistClusterRoleBinding(clientSet kubernetes.Interface, binding *rbacv1.ClusterRoleBinding) error {
|
||||||
crbClient := clientSet.RbacV1().ClusterRoleBindings()
|
crbClient := clientSet.RbacV1().ClusterRoleBindings()
|
||||||
_, err := crbClient.Get(context.TODO(), binding.Name, metav1.GetOptions{})
|
_, err := crbClient.Get(context.TODO(), binding.Name, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -89,7 +89,7 @@ func CreateIfNotExistClusterRoleBinding(clientSet *kubernetes.Clientset, binding
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateOrUpdateRole creates a Role if the target resource doesn't exist. If the resource exists already, this function will update the resource instead.
|
// CreateOrUpdateRole creates a Role if the target resource doesn't exist. If the resource exists already, this function will update the resource instead.
|
||||||
func CreateOrUpdateRole(clientSet *kubernetes.Clientset, role *rbacv1.Role) error {
|
func CreateOrUpdateRole(clientSet kubernetes.Interface, role *rbacv1.Role) error {
|
||||||
if _, err := clientSet.RbacV1().Roles(role.ObjectMeta.Namespace).Create(context.TODO(), role, metav1.CreateOptions{}); err != nil {
|
if _, err := clientSet.RbacV1().Roles(role.ObjectMeta.Namespace).Create(context.TODO(), role, metav1.CreateOptions{}); err != nil {
|
||||||
if !apierrors.IsAlreadyExists(err) {
|
if !apierrors.IsAlreadyExists(err) {
|
||||||
return fmt.Errorf("unable to create RBAC role: %v", err)
|
return fmt.Errorf("unable to create RBAC role: %v", err)
|
||||||
|
|
@ -105,7 +105,7 @@ func CreateOrUpdateRole(clientSet *kubernetes.Clientset, role *rbacv1.Role) erro
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateOrUpdateRoleBinding creates a RoleBinding if the target resource doesn't exist. If the resource exists already, this function will update the resource instead.
|
// CreateOrUpdateRoleBinding creates a RoleBinding if the target resource doesn't exist. If the resource exists already, this function will update the resource instead.
|
||||||
func CreateOrUpdateRoleBinding(clientSet *kubernetes.Clientset, roleBinding *rbacv1.RoleBinding) error {
|
func CreateOrUpdateRoleBinding(clientSet kubernetes.Interface, roleBinding *rbacv1.RoleBinding) error {
|
||||||
if _, err := clientSet.RbacV1().RoleBindings(roleBinding.ObjectMeta.Namespace).Create(context.TODO(), roleBinding, metav1.CreateOptions{}); err != nil {
|
if _, err := clientSet.RbacV1().RoleBindings(roleBinding.ObjectMeta.Namespace).Create(context.TODO(), roleBinding, metav1.CreateOptions{}); err != nil {
|
||||||
if !apierrors.IsAlreadyExists(err) {
|
if !apierrors.IsAlreadyExists(err) {
|
||||||
return fmt.Errorf("unable to create RBAC rolebinding: %v", err)
|
return fmt.Errorf("unable to create RBAC rolebinding: %v", err)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue