util.go

Documentation: k8s.io/kubernetes/test/e2e_kubeadm

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package kubeadm
    18  
    19  import (
    20  	"context"
    21  
    22  	appsv1 "k8s.io/api/apps/v1"
    23  	authv1 "k8s.io/api/authorization/v1"
    24  	corev1 "k8s.io/api/core/v1"
    25  	rbacv1 "k8s.io/api/rbac/v1"
    26  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    27  	clientset "k8s.io/client-go/kubernetes"
    28  	"k8s.io/kubernetes/test/e2e/framework"
    29  
    30  	"github.com/onsi/gomega"
    31  	"github.com/onsi/gomega/gstruct"
    32  )
    33  
    34  // ServiceAccounts utils
    35  
    36  // ExpectServiceAccount expects to be able to get the ServiceAccount with specific name from the namespace
    37  func ExpectServiceAccount(c clientset.Interface, namespace, name string) {
    38  	_, err := c.CoreV1().
    39  		ServiceAccounts(namespace).
    40  		Get(context.TODO(), name, metav1.GetOptions{})
    41  	framework.ExpectNoError(err, "error getting ServiceAccount %q from namespace %q", name, namespace)
    42  }
    43  
    44  // Secret utils
    45  
    46  // GetSecret gets Secret with specific name from the namespace
    47  func GetSecret(c clientset.Interface, namespace, name string) *corev1.Secret {
    48  	r, err := c.CoreV1().
    49  		Secrets(namespace).
    50  		Get(context.TODO(), name, metav1.GetOptions{})
    51  	framework.ExpectNoError(err, "error getting Secret %q from namespace %q", name, namespace)
    52  	return r
    53  }
    54  
    55  // ConfigMaps utils
    56  
    57  // GetConfigMap gets ConfigMap with specific name from the namespace
    58  func GetConfigMap(c clientset.Interface, namespace, name string) *corev1.ConfigMap {
    59  	r, err := c.CoreV1().
    60  		ConfigMaps(namespace).
    61  		Get(context.TODO(), name, metav1.GetOptions{})
    62  	framework.ExpectNoError(err, "error getting ConfigMap %q from namespace %q", name, namespace)
    63  	return r
    64  }
    65  
    66  // Service utils
    67  
    68  // ExpectService expects to be able to get the Service with specific name from the namespace
    69  func ExpectService(c clientset.Interface, namespace, name string) {
    70  	_, err := c.CoreV1().
    71  		Services(namespace).
    72  		Get(context.TODO(), name, metav1.GetOptions{})
    73  	framework.ExpectNoError(err, "error getting Service %q from namespace %q", name, namespace)
    74  }
    75  
    76  // Deployments utils
    77  
    78  // GetDeployment gets Deployment with specific name from the namespace
    79  func GetDeployment(c clientset.Interface, namespace, name string) *appsv1.Deployment {
    80  	r, err := c.AppsV1().
    81  		Deployments(namespace).
    82  		Get(context.TODO(), name, metav1.GetOptions{})
    83  	framework.ExpectNoError(err, "error getting Deployment %q from namespace %q", name, namespace)
    84  	return r
    85  }
    86  
    87  // DaemonSets utils
    88  
    89  // GetDaemonSet gets DaemonSet with specific name from the namespace
    90  func GetDaemonSet(c clientset.Interface, namespace, name string) *appsv1.DaemonSet {
    91  	r, err := c.AppsV1().
    92  		DaemonSets(namespace).
    93  		Get(context.TODO(), name, metav1.GetOptions{})
    94  	framework.ExpectNoError(err, "error getting DaemonSet %q from namespace %q", name, namespace)
    95  	return r
    96  }
    97  
    98  // RBAC utils
    99  
   100  // ExpectRole expects to be able to get the Role with specific name from the namespace
   101  func ExpectRole(c clientset.Interface, namespace, name string) {
   102  	_, err := c.RbacV1().
   103  		Roles(namespace).
   104  		Get(context.TODO(), name, metav1.GetOptions{})
   105  	framework.ExpectNoError(err, "error getting Role %q from namespace %q", name, namespace)
   106  }
   107  
   108  // ExpectRoleBinding expects to be able to get the RoleBinding with specific name from the namespace
   109  func ExpectRoleBinding(c clientset.Interface, namespace, name string) {
   110  	_, err := c.RbacV1().
   111  		RoleBindings(namespace).
   112  		Get(context.TODO(), name, metav1.GetOptions{})
   113  	framework.ExpectNoError(err, "error getting RoleBinding %q from namespace %q", name, namespace)
   114  }
   115  
   116  // ExpectClusterRole expects to be able to get the ClusterRole with specific name
   117  func ExpectClusterRole(c clientset.Interface, name string) {
   118  	_, err := c.RbacV1().
   119  		ClusterRoles().
   120  		Get(context.TODO(), name, metav1.GetOptions{})
   121  	framework.ExpectNoError(err, "error getting ClusterRole %q", name)
   122  }
   123  
   124  // ExpectClusterRoleBinding expects to be able to get the ClusterRoleBinding with specific name
   125  func ExpectClusterRoleBinding(c clientset.Interface, name string) {
   126  	_, err := c.RbacV1().
   127  		ClusterRoleBindings().
   128  		Get(context.TODO(), name, metav1.GetOptions{})
   129  	framework.ExpectNoError(err, "error getting ClusterRoleBindings %q", name)
   130  }
   131  
   132  // ExpectClusterRoleBindingWithSubjectAndRole expects to be able to get the ClusterRoleBinding with specific name, subject and role
   133  func ExpectClusterRoleBindingWithSubjectAndRole(c clientset.Interface, name, subjectKind, subject, role string) {
   134  	binding, err := c.RbacV1().
   135  		ClusterRoleBindings().
   136  		Get(context.TODO(), name, metav1.GetOptions{})
   137  	framework.ExpectNoError(err, "error getting ClusterRoleBindings %q", name)
   138  	gomega.Expect(binding.Subjects).To(
   139  		gomega.ContainElement(subjectMatcher(
   140  			subject,
   141  			subjectKind,
   142  		)),
   143  		"ClusterRole %q does not have %s %q as subject", name, subjectKind, subject,
   144  	)
   145  	gomega.Expect(binding.RoleRef.Name).To(
   146  		gomega.Equal(role),
   147  		"ClusterRole %q does not have %q as role", name, role,
   148  	)
   149  }
   150  
   151  // ExpectSubjectHasAccessToResource expects that the subject has access to the target resource
   152  func ExpectSubjectHasAccessToResource(c clientset.Interface, subjectKind, subject string, resource *authv1.ResourceAttributes) {
   153  	var sar *authv1.SubjectAccessReview
   154  	switch subjectKind {
   155  	case rbacv1.GroupKind:
   156  		sar = &authv1.SubjectAccessReview{
   157  			Spec: authv1.SubjectAccessReviewSpec{
   158  				Groups:             []string{subject},
   159  				ResourceAttributes: resource,
   160  			},
   161  		}
   162  	case rbacv1.UserKind:
   163  		fallthrough
   164  	case rbacv1.ServiceAccountKind:
   165  		sar = &authv1.SubjectAccessReview{
   166  			Spec: authv1.SubjectAccessReviewSpec{
   167  				User:               subject,
   168  				ResourceAttributes: resource,
   169  			},
   170  		}
   171  	default:
   172  		framework.Failf("invalid subjectKind %s", subjectKind)
   173  	}
   174  
   175  	s, err := c.AuthorizationV1().SubjectAccessReviews().Create(context.TODO(), sar, metav1.CreateOptions{})
   176  	framework.ExpectNoError(err, "error getting SubjectAccessReview for %s %s to resource %+v", subjectKind, subject, *sar.Spec.ResourceAttributes)
   177  
   178  	gomega.Expect(s.Status.Allowed).Should(gomega.BeTrue(), "%s %s has no access to resource %+v", subjectKind, subject, *sar.Spec.ResourceAttributes)
   179  }
   180  
   181  // matchers
   182  
   183  func subjectMatcher(name, kind string) gomega.OmegaMatcher {
   184  	return gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{
   185  		"Name": gomega.Equal(name),
   186  		"Kind": gomega.Equal(kind),
   187  	})
   188  }
   189
View as plain text