-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add unit and integration tests for rbac authorizer #26753
add unit and integration tests for rbac authorizer #26753
Conversation
ad064d9
to
d07ec41
Compare
d07ec41
to
7104d4a
Compare
@erictune this is a bit more fleshed out. Any comments? |
e2e testing woes
|
7104d4a
to
cc7611b
Compare
// Create the namespace used later in the test | ||
{superUser, "POST", "", "namespaces", "", "", jobNamespace, http.StatusCreated}, | ||
|
||
{"user-with-no-permissions", "POST", "batch", "jobs", "job-namespace", "", aJob, http.StatusForbidden}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are testing denial when the object does not exist. You should also test denial when the object does exist.
Suggest: for each type of object, have a test case where that object is modified, and then authz outcomes change. |
Added 1.3 milestone since the associated issue is marked 1.3 |
LGTM |
lgtm |
|
@erictune am looking into this |
git bisect says #27255 is when this started failing. |
cc7611b
to
d13e351
Compare
@erictune this should be good now |
LGTM |
@erictune This test failure doesn't look related to the PR
|
@k8s-bot e2e test this issue: #IGNORE |
GCE e2e build/test passed for commit d13e351. |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
GCE e2e build/test passed for commit d13e351. |
Automatic merge from submit-queue |
This PR adds lots of tests for the RBAC authorizer.
The plan over the next couple days is to add a lot more test cases.
Updates #23396
cc @erictune