examples: add e2e test for authenticator and rbac

AliyunContainerService · Nov 28, 2023 · c276ada · c276ada
1 parent 599de60
commit c276ada
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -2,6 +2,8 @@
 GIT_COMMIT ?= $(shell git rev-parse --short HEAD)
 VERSION ?= $(shell git describe --tags --abbrev=0)
 CGO_ENABLED ?= 0
+GOARCH ?= $(shell go env GOARCH)
+GOOS ?= $(shell go env GOOS)
 LDFLAGS := -extldflags "-static"
 LDFLAGS += -X github.com/AliyunContainerService/ack-ram-tool/pkg/version.Version=$(VERSION)
 LDFLAGS += -X github.com/AliyunContainerService/ack-ram-tool/pkg/version.GitCommit=$(GIT_COMMIT)
@@ -12,8 +14,8 @@ cid ?= $(CLUSTER_ID)
 
 .PHONY: build
 build:
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags "$(LDFLAGS)" -a -o ack-ram-tool \
-	cmd/ack-ram-tool/main.go
+	GOARCH=$(GOARCH) GOOS=$(GOOS) CGO_ENABLED=$(CGO_ENABLED) \
+	go build -ldflags "$(LDFLAGS)" -a -o ack-ram-tool cmd/ack-ram-tool/main.go
 
 .PHONY: test
 test:
@@ -23,7 +25,8 @@ test:
 .PHONY: e2e
 e2e:
 	bash ./examples/rrsa/e2e-test/e2e.sh $(cid)
-	bash ./examples/credential-plugin/e2e.sh $(cid)
+	bash ./examples/credential-plugin/e2e.sh $(cid) certificate
+	bash ./examples/credential-plugin/e2e.sh $(cid) ram-authenticator-token
 
 .PHONY: lint
 lint: deps fmt vet

diff --git a/examples/credential-plugin/e2e.sh b/examples/credential-plugin/e2e.sh
@@ -5,6 +5,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )"
 CLUSTER_ID="$1"
 KUBECONFIG_PATH="${SCRIPT_DIR}/kubeconfig"
 CACHE_DIR="${HOME}/.kube/cache/ack-ram-tool/credential-plugin"
+MODE="$2"
 
 trap cleanup EXIT
 
@@ -15,7 +16,7 @@ function bar_tip() {
 function get_kubeconfig() {
   bar_tip "get kubeconfig"
 
-  ack-ram-tool credential-plugin get-kubeconfig --cluster-id ${CLUSTER_ID} > ${KUBECONFIG_PATH}
+  ack-ram-tool credential-plugin get-kubeconfig -m ${MODE} --cluster-id ${CLUSTER_ID} > ${KUBECONFIG_PATH}
 }
 
 function exec_auth() {

diff --git a/examples/rbac/README.md b/examples/rbac/README.md
diff --git a/examples/rbac/e2e.sh b/examples/rbac/e2e.sh
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )"
+CLUSTER_ID="$1"
+
+trap cleanup EXIT
+
+function bar_tip() {
+  echo -e "\n=== $1 ===\n"
+}
+
+function scan_permissions_deleted_users() {
+  bar_tip "scan-user-permissions"
+
+  ack-ram-tool rbac scan-user-permissions --cluster-id ${CLUSTER_ID}
+}
+
+function scan_permissions_all_users() {
+  bar_tip "scan-user-permissions all users"
+
+  ack-ram-tool rbac scan-user-permissions --cluster-id ${CLUSTER_ID} --all-users
+}
+
+function scan_permissions_all_clusters() {
+  bar_tip "scan-user-permissions all clusters"
+
+  ack-ram-tool rbac scan-user-permissions --cluster-id all
+}
+
+function scan_permissions_all_clusters_all_users() {
+  bar_tip "scan-user-permissions all clusters and all users"
+
+  ack-ram-tool rbac scan-user-permissions --cluster-id all --all-users
+}
+
+function cleanup() {
+  set +e
+  bar_tip "cleanup"
+
+  set -e
+}
+
+function main() {
+  if [[ "${CLUSTER_ID}none" == "none" ]]; then
+    echo "clusterId is missing. Usage: bash e2e.sh CLUSTER_ID"
+    exit 1
+  fi
+  if [[ "${SCRIPT_DIR}none" == "none" ]]; then
+    echo "get script dir failed"
+    exit 1
+  fi
+
+  scan_permissions_deleted_users
+  scan_permissions_all_users
+  scan_permissions_all_clusters
+  scan_permissions_all_clusters_all_users
+}
+
+main