Home Explore Help
Sign In
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 169eb6024c
Branches Tags
custom-kube-...
/
kubernetes-v1.15.4
/
test
/
e2e_kubeadm
/
util.go

util.go 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. /*
    2. 

  2. Copyright 2018 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package e2e_kubeadm
    18. 

  18. 

  19. import (
    20. 

  20. 	appsv1 "k8s.io/api/apps/v1"
    21. 

  21. 	authv1 "k8s.io/api/authorization/v1"
    22. 

  22. 	corev1 "k8s.io/api/core/v1"
    23. 

  23. 	rbacv1 "k8s.io/api/rbac/v1"
    24. 

  24. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25. 

  25. 	clientset "k8s.io/client-go/kubernetes"
    26. 

  26. 	"k8s.io/kubernetes/test/e2e/framework"
    27. 

  27. 

  28. 	"github.com/onsi/gomega"
    29. 

  29. 	"github.com/onsi/gomega/gstruct"
    30. 

  30. )
    31. 

  31. 

  32. // ServiceAccounts utils
    33. 

  33. 

  34. // ExpectServiceAccount expects to be able to get the ServiceAccount with specific name from the namespace
    35. 

  35. func ExpectServiceAccount(c clientset.Interface, namespace, name string) {
    36. 

  36. 	_, err := c.CoreV1().
    37. 

  37. 		ServiceAccounts(namespace).
    38. 

  38. 		Get(name, metav1.GetOptions{})
    39. 

  39. 	framework.ExpectNoError(err, "error getting ServiceAccount %q from namespace %q", name, namespace)
    40. 

  40. }
    41. 

  41. 

  42. // Secret utils
    43. 

  43. 

  44. // GetSecret gets Secret with specific name from the namespace
    45. 

  45. func GetSecret(c clientset.Interface, namespace, name string) *corev1.Secret {
    46. 

  46. 	r, err := c.CoreV1().
    47. 

  47. 		Secrets(namespace).
    48. 

  48. 		Get(name, metav1.GetOptions{})
    49. 

  49. 	framework.ExpectNoError(err, "error getting Secret %q from namespace %q", name, namespace)
    50. 

  50. 	return r
    51. 

  51. }
    52. 

  52. 

  53. // ConfigMaps utils
    54. 

  54. 

  55. // GetConfigMap gets ConfigMap with specific name from the namespace
    56. 

  56. func GetConfigMap(c clientset.Interface, namespace, name string) *corev1.ConfigMap {
    57. 

  57. 	r, err := c.CoreV1().
    58. 

  58. 		ConfigMaps(namespace).
    59. 

  59. 		Get(name, metav1.GetOptions{})
    60. 

  60. 	framework.ExpectNoError(err, "error getting ConfigMap %q from namespace %q", name, namespace)
    61. 

  61. 	return r
    62. 

  62. }
    63. 

  63. 

  64. // Service utils
    65. 

  65. 

  66. // ExpectService expects to be able to get the Service with specific name from the namespace
    67. 

  67. func ExpectService(c clientset.Interface, namespace, name string) {
    68. 

  68. 	_, err := c.CoreV1().
    69. 

  69. 		Services(namespace).
    70. 

  70. 		Get(name, metav1.GetOptions{})
    71. 

  71. 	framework.ExpectNoError(err, "error getting Service %q from namespace %q", name, namespace)
    72. 

  72. }
    73. 

  73. 

  74. // Deployments utils
    75. 

  75. 

  76. // GetDeployment gets Deployment with specific name from the namespace
    77. 

  77. func GetDeployment(c clientset.Interface, namespace, name string) *appsv1.Deployment {
    78. 

  78. 	r, err := c.AppsV1().
    79. 

  79. 		Deployments(namespace).
    80. 

  80. 		Get(name, metav1.GetOptions{})
    81. 

  81. 	framework.ExpectNoError(err, "error getting Deployment %q from namespace %q", name, namespace)
    82. 

  82. 	return r
    83. 

  83. }
    84. 

  84. 

  85. // DaemonSets utils
    86. 

  86. 

  87. // GetDaemonSet gets DaemonSet with specific name from the namespace
    88. 

  88. func GetDaemonSet(c clientset.Interface, namespace, name string) *appsv1.DaemonSet {
    89. 

  89. 	r, err := c.AppsV1().
    90. 

  90. 		DaemonSets(namespace).
    91. 

  91. 		Get(name, metav1.GetOptions{})
    92. 

  92. 	framework.ExpectNoError(err, "error getting DaemonSet %q from namespace %q", name, namespace)
    93. 

  93. 	return r
    94. 

  94. }
    95. 

  95. 

  96. // RBAC utils
    97. 

  97. 

  98. // ExpectRole expects to be able to get the Role with specific name from the namespace
    99. 

  99. func ExpectRole(c clientset.Interface, namespace, name string) {
    100. 

  100. 	_, err := c.RbacV1().
    101. 

  101. 		Roles(namespace).
    102. 

  102. 		Get(name, metav1.GetOptions{})
    103. 

  103. 	framework.ExpectNoError(err, "error getting Role %q from namespace %q", name, namespace)
    104. 

  104. }
    105. 

  105. 

  106. // ExpectRoleBinding expects to be able to get the RoleBinding with specific name from the namespace
    107. 

  107. func ExpectRoleBinding(c clientset.Interface, namespace, name string) {
    108. 

  108. 	_, err := c.RbacV1().
    109. 

  109. 		RoleBindings(namespace).
    110. 

  110. 		Get(name, metav1.GetOptions{})
    111. 

  111. 	framework.ExpectNoError(err, "error getting RoleBinding %q from namespace %q", name, namespace)
    112. 

  112. }
    113. 

  113. 

  114. // ExpectClusterRole expects to be able to get the ClusterRole with specific name
    115. 

  115. func ExpectClusterRole(c clientset.Interface, name string) {
    116. 

  116. 	_, err := c.RbacV1().
    117. 

  117. 		ClusterRoles().
    118. 

  118. 		Get(name, metav1.GetOptions{})
    119. 

  119. 	framework.ExpectNoError(err, "error getting ClusterRole %q", name)
    120. 

  120. }
    121. 

  121. 

  122. // ExpectClusterRoleBinding expects to be able to get the ClusterRoleBinding with specific name
    123. 

  123. func ExpectClusterRoleBinding(c clientset.Interface, name string) {
    124. 

  124. 	_, err := c.RbacV1().
    125. 

  125. 		ClusterRoleBindings().
    126. 

  126. 		Get(name, metav1.GetOptions{})
    127. 

  127. 	framework.ExpectNoError(err, "error getting ClusterRoleBindings %q", name)
    128. 

  128. }
    129. 

  129. 

  130. // ExpectClusterRoleBindingWithSubjectAndRole expects to be able to get the ClusterRoleBinding with specific name, subject and role
    131. 

  131. func ExpectClusterRoleBindingWithSubjectAndRole(c clientset.Interface, name, subjectKind, subject, role string) {
    132. 

  132. 	binding, err := c.RbacV1().
    133. 

  133. 		ClusterRoleBindings().
    134. 

  134. 		Get(name, metav1.GetOptions{})
    135. 

  135. 	framework.ExpectNoError(err, "error getting ClusterRoleBindings %q", name)
    136. 

  136. 	gomega.Expect(binding.Subjects).To(
    137. 

  137. 		gomega.ContainElement(subjectMatcher(
    138. 

  138. 			subject,
    139. 

  139. 			subjectKind,
    140. 

  140. 		)),
    141. 

  141. 		"ClusterRole %q does not have %s %q as subject", name, subjectKind, subject,
    142. 

  142. 	)
    143. 

  143. 	gomega.Expect(binding.RoleRef.Name).To(
    144. 

  144. 		gomega.Equal(role),
    145. 

  145. 		"ClusterRole %q does not have %q as role", name, role,
    146. 

  146. 	)
    147. 

  147. }
    148. 

  148. 

  149. // ExpectSubjectHasAccessToResource expects that the subject has access to the target resource
    150. 

  150. func ExpectSubjectHasAccessToResource(c clientset.Interface, subjectKind, subject string, resource *authv1.ResourceAttributes) {
    151. 

  151. 	var sar *authv1.SubjectAccessReview
    152. 

  152. 	switch subjectKind {
    153. 

  153. 	case rbacv1.GroupKind:
    154. 

  154. 		sar = &authv1.SubjectAccessReview{
    155. 

  155. 			Spec: authv1.SubjectAccessReviewSpec{
    156. 

  156. 				Groups:             []string{subject},
    157. 

  157. 				ResourceAttributes: resource,
    158. 

  158. 			},
    159. 

  159. 		}
    160. 

  160. 	case rbacv1.UserKind:
    161. 

  161. 		fallthrough
    162. 

  162. 	case rbacv1.ServiceAccountKind:
    163. 

  163. 		sar = &authv1.SubjectAccessReview{
    164. 

  164. 			Spec: authv1.SubjectAccessReviewSpec{
    165. 

  165. 				User:               subject,
    166. 

  166. 				ResourceAttributes: resource,
    167. 

  167. 			},
    168. 

  168. 		}
    169. 

  169. 	default:
    170. 

  170. 		framework.Failf("invalid subjectKind %s", subjectKind)
    171. 

  171. 	}
    172. 

  172. 

  173. 	s, err := c.AuthorizationV1().SubjectAccessReviews().Create(sar)
    174. 

  174. 	framework.ExpectNoError(err, "error getting SubjectAccessReview for %s %s to resource %+v", subjectKind, subject, *sar.Spec.ResourceAttributes)
    175. 

  175. 

  176. 	gomega.Expect(s.Status.Allowed).Should(gomega.BeTrue(), "%s %s has no access to resource %+v", subjectKind, subject, *sar.Spec.ResourceAttributes)
    177. 

  177. }
    178. 

  178. 

  179. // matchers
    180. 

  180. 

  181. func subjectMatcher(name, kind string) gomega.OmegaMatcher {
    182. 

  182. 	return gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{
    183. 

  183. 		"Name": gomega.Equal(name),
    184. 

  184. 		"Kind": gomega.Equal(kind),
    185. 

  185. 	})
    186. 

  186. }
    187. 

  187.