Skip to content

Commit

Permalink
test(olm): test role aggregation for aggregate apiservices
Browse files Browse the repository at this point in the history
  • Loading branch information
ecordell committed May 10, 2019
1 parent e200f20 commit f4a0e36
Showing 1 changed file with 98 additions and 0 deletions.
98 changes: 98 additions & 0 deletions test/e2e/operator_groups_e2e_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package e2e

import (
"encoding/json"
"fmt"
"strings"
"testing"
Expand Down Expand Up @@ -496,10 +497,82 @@ func TestOperatorGroupRoleAggregation(t *testing.T) {
_, err = fetchCSV(t, crc, csvA.GetName(), nsA, csvSucceededChecker)
require.NoError(t, err)

// Create a csv for an apiserver
depName := genName("hat-server")
mockGroup := fmt.Sprintf("hats.%s.redhat.com", genName(""))
version := "v1alpha1"
mockGroupVersion := strings.Join([]string{mockGroup, version}, "/")
mockKinds := []string{"fez", "fedora"}
mockNames := []string{"fezs", "fedoras"}
depSpec := newMockExtServerDeployment(depName, mockGroupVersion, mockKinds)
strategy := install.StrategyDetailsDeployment{
DeploymentSpecs: []install.StrategyDeploymentSpec{
{
Name: depName,
Spec: depSpec,
},
},
}
strategyRaw, err := json.Marshal(strategy)
owned := make([]v1alpha1.APIServiceDescription, len(mockKinds))
for i, kind := range mockKinds {
owned[i] = v1alpha1.APIServiceDescription{
Name: mockNames[i],
Group: mockGroup,
Version: version,
Kind: kind,
DeploymentName: depName,
ContainerPort: int32(5443),
DisplayName: kind,
Description: fmt.Sprintf("A %s", kind),
}
}

csvB := v1alpha1.ClusterServiceVersion{
Spec: v1alpha1.ClusterServiceVersionSpec{
MinKubeVersion: "0.0.0",
InstallModes: []v1alpha1.InstallMode{
{
Type: v1alpha1.InstallModeTypeOwnNamespace,
Supported: true,
},
{
Type: v1alpha1.InstallModeTypeSingleNamespace,
Supported: true,
},
{
Type: v1alpha1.InstallModeTypeMultiNamespace,
Supported: true,
},
{
Type: v1alpha1.InstallModeTypeAllNamespaces,
Supported: true,
},
},
InstallStrategy: v1alpha1.NamedInstallStrategy{
StrategyName: install.InstallStrategyNameDeployment,
StrategySpecRaw: strategyRaw,
},
APIServiceDefinitions: v1alpha1.APIServiceDefinitions{
Owned: owned,
},
},
}
csvB.SetName(depName)

// Create the APIService CSV
_, err = createCSV(t, c, crc, csvB, nsA, false, true)
require.NoError(t, err)
defer cleanupCSV()

_, err = fetchCSV(t, crc, csvB.GetName(), nsA, csvSucceededChecker)
require.NoError(t, err)

// Ensure clusterroles created and aggregated for access provided APIs
padmin, cleanupPadmin := createProjectAdmin(t, c, nsA)
defer cleanupPadmin()

// Check CRD access aggregated
err = wait.Poll(pollInterval, pollDuration, func() (bool, error) {
res, err := c.KubernetesInterface().AuthorizationV1().SubjectAccessReviews().Create(&authorizationv1.SubjectAccessReview{
Spec: authorizationv1.SubjectAccessReviewSpec{
Expand All @@ -523,6 +596,31 @@ func TestOperatorGroupRoleAggregation(t *testing.T) {
return res.Status.Allowed, nil
})
require.NoError(t, err)

// Check apiserver access aggregated
err = wait.Poll(pollInterval, pollDuration, func() (bool, error) {
res, err := c.KubernetesInterface().AuthorizationV1().SubjectAccessReviews().Create(&authorizationv1.SubjectAccessReview{
Spec: authorizationv1.SubjectAccessReviewSpec{
User: padmin,
ResourceAttributes: &authorizationv1.ResourceAttributes{
Namespace: nsA,
Group: mockGroup,
Version: version,
Resource: mockNames[1],
Verb: "create",
},
},
})
if err != nil {
return false, err
}
if res == nil {
return false, nil
}
t.Logf("checking padmin for permission: %#v", res)
return res.Status.Allowed, nil
})
require.NoError(t, err)
}

func TestOperatorGroupInstallModeSupport(t *testing.T) {
Expand Down

0 comments on commit f4a0e36

Please sign in to comment.