本文整理汇总了Golang中github.com/projectatomic/atomic-enterprise/test/util.StartTestMaster函数 的典型用法代码示例。如果您正苦于以下问题:Golang StartTestMaster函数的具体用法?Golang StartTestMaster怎么用?Golang StartTestMaster使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了StartTestMaster函数 的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: TestUnprivilegedNewProject
func TestUnprivilegedNewProject(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig := *clusterAdminClientConfig
valerieClientConfig.Username = ""
valerieClientConfig.Password = ""
valerieClientConfig.BearerToken = ""
valerieClientConfig.CertFile = ""
valerieClientConfig.KeyFile = ""
valerieClientConfig.CertData = nil
valerieClientConfig.KeyData = nil
accessToken, err := tokencmd.RequestToken(&valerieClientConfig, nil, "valerie", "security!")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig.BearerToken = accessToken
valerieOpenshiftClient, err := client.New(&valerieClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// confirm that we have access to request the project
allowed, err := valerieOpenshiftClient.ProjectRequests().List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if allowed.Status != kapi.StatusSuccess {
t.Fatalf("expected %v, got %v", kapi.StatusSuccess, allowed.Status)
}
requestProject := oc.NewProjectOptions{
ProjectName: "new-project",
DisplayName: "display name here",
Description: "the special description",
Client: valerieOpenshiftClient,
Out: ioutil.Discard,
}
if err := requestProject.Run(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
waitForProject(t, valerieOpenshiftClient, "new-project", 5*time.Second, 10)
if err := requestProject.Run(); !kapierrors.IsAlreadyExists(err) {
t.Fatalf("expected an already exists error, but got %v", err)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:60, 代码来源:unprivileged_newproject_test.go
示例2: TestImageStreamDelete
func TestImageStreamDelete(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = testutil.CreateNamespace(clusterAdminKubeConfig, testutil.Namespace())
if err != nil {
t.Errorf("unexpected error: %v", err)
}
stream := mockImageStream()
if err := clusterAdminClient.ImageStreams(testutil.Namespace()).Delete(stream.Name); err == nil || !errors.IsNotFound(err) {
t.Fatalf("Unxpected non-error or type: %v", err)
}
actual, err := clusterAdminClient.ImageStreams(testutil.Namespace()).Create(stream)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if err := clusterAdminClient.ImageStreams(testutil.Namespace()).Delete(actual.Name); err != nil {
t.Fatalf("Unxpected error: %v", err)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:28, 代码来源:imagestream_test.go
示例3: TestAutomaticCreationOfPullSecrets
func TestAutomaticCreationOfPullSecrets(t *testing.T) {
saNamespace := api.NamespaceDefault
saName := serviceaccountadmission.DefaultServiceAccountName
_, clusterAdminConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminKubeClient, err := testutil.GetClusterAdminKubeClient(clusterAdminConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Get a service account token
saToken, err := waitForServiceAccountToken(clusterAdminKubeClient, saNamespace, saName, 20, time.Second)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if len(saToken) == 0 {
t.Errorf("token was not created")
}
// Get the matching dockercfg secret
saPullSecret, err := waitForServiceAccountPullSecret(clusterAdminKubeClient, saNamespace, saName, 20, time.Second)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if len(saPullSecret) == 0 {
t.Errorf("pull secret was not created")
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:31, 代码来源:service_account_test.go
示例4: TestUnprivilegedNewProjectDenied
func TestUnprivilegedNewProjectDenied(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
role, err := clusterAdminClient.ClusterRoles().Get(bootstrappolicy.SelfProvisionerRoleName)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
role.Rules = []authorizationapi.PolicyRule{}
if _, err := clusterAdminClient.ClusterRoles().Update(role); err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig := *clusterAdminClientConfig
valerieClientConfig.Username = ""
valerieClientConfig.Password = ""
valerieClientConfig.BearerToken = ""
valerieClientConfig.CertFile = ""
valerieClientConfig.KeyFile = ""
valerieClientConfig.CertData = nil
valerieClientConfig.KeyData = nil
accessToken, err := tokencmd.RequestToken(&valerieClientConfig, nil, "valerie", "security!")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig.BearerToken = accessToken
valerieOpenshiftClient, err := client.New(&valerieClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// confirm that we have access to request the project
_, err = valerieOpenshiftClient.ProjectRequests().List(labels.Everything(), fields.Everything())
if err == nil {
t.Fatalf("expected error: %v", err)
}
expectedError := `You may not request a new project via this API.`
if (err != nil) && (err.Error() != expectedError) {
t.Fatalf("expected\n\t%v\ngot\n\t%v", expectedError, err.Error())
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:54, 代码来源:unprivileged_newproject_test.go
示例5: TestBootstrapPolicyAuthenticatedUsersAgainstOpenshiftNamespace
func TestBootstrapPolicyAuthenticatedUsersAgainstOpenshiftNamespace(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
valerieClientConfig := *clusterAdminClientConfig
valerieClientConfig.Username = ""
valerieClientConfig.Password = ""
valerieClientConfig.BearerToken = ""
valerieClientConfig.CertFile = ""
valerieClientConfig.KeyFile = ""
valerieClientConfig.CertData = nil
valerieClientConfig.KeyData = nil
accessToken, err := tokencmd.RequestToken(&valerieClientConfig, nil, "valerie", "security!")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig.BearerToken = accessToken
valerieOpenshiftClient, err := client.New(&valerieClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
openshiftSharedResourcesNamespace := "openshift"
if _, err := valerieOpenshiftClient.Templates(openshiftSharedResourcesNamespace).List(labels.Everything(), fields.Everything()); err != nil {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.Templates(kapi.NamespaceDefault).List(labels.Everything(), fields.Everything()); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreams(openshiftSharedResourcesNamespace).List(labels.Everything(), fields.Everything()); err != nil {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreams(kapi.NamespaceDefault).List(labels.Everything(), fields.Everything()); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreamTags(openshiftSharedResourcesNamespace).Get("name", "tag"); !kapierror.IsNotFound(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreamTags(kapi.NamespaceDefault).Get("name", "tag"); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:54, 代码来源:bootstrap_policy_test.go
示例6: TestBootstrapPolicySelfSubjectAccessReviews
func TestBootstrapPolicySelfSubjectAccessReviews(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
valerieClientConfig := *clusterAdminClientConfig
valerieClientConfig.Username = ""
valerieClientConfig.Password = ""
valerieClientConfig.BearerToken = ""
valerieClientConfig.CertFile = ""
valerieClientConfig.KeyFile = ""
valerieClientConfig.CertData = nil
valerieClientConfig.KeyData = nil
accessToken, err := tokencmd.RequestToken(&valerieClientConfig, nil, "valerie", "security!")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig.BearerToken = accessToken
valerieOpenshiftClient, err := client.New(&valerieClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// can I get a subjectaccessreview on myself even if I have no rights to do it generally
askCanICreatePolicyBindings := &authorizationapi.SubjectAccessReview{Verb: "create", Resource: "policybindings"}
subjectAccessReviewTest{
clientInterface: valerieOpenshiftClient.SubjectAccessReviews("openshift"),
review: askCanICreatePolicyBindings,
response: authorizationapi.SubjectAccessReviewResponse{
Allowed: false,
Reason: `User "valerie" cannot create policybindings in project "openshift"`,
Namespace: "openshift",
},
}.run(t)
// I shouldn't be allowed to ask whether someone else can perform an action
askCanClusterAdminsCreateProject := &authorizationapi.SubjectAccessReview{Groups: util.NewStringSet("system:cluster-admins"), Verb: "create", Resource: "projects"}
subjectAccessReviewTest{
clientInterface: valerieOpenshiftClient.SubjectAccessReviews("openshift"),
review: askCanClusterAdminsCreateProject,
err: `User "valerie" cannot create subjectaccessreviews in project "openshift"`,
}.run(t)
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:52, 代码来源:bootstrap_policy_test.go
示例7: TestAuthorizationRestrictedAccessForProjectAdmins
func TestAuthorizationRestrictedAccessForProjectAdmins(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
haroldClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "hammer-project", "harold")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
markClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "mallet-project", "mark")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
_, err = haroldClient.DeploymentConfigs("hammer-project").List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
_, err = markClient.DeploymentConfigs("hammer-project").List(labels.Everything(), fields.Everything())
if (err == nil) || !kapierror.IsForbidden(err) {
t.Fatalf("unexpected error: %v", err)
}
// projects are a special case where a get of a project actually sets a namespace. Make sure that
// the namespace is properly special cased and set for authorization rules
_, err = haroldClient.Projects().Get("hammer-project")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
_, err = markClient.Projects().Get("hammer-project")
if (err == nil) || !kapierror.IsForbidden(err) {
t.Fatalf("unexpected error: %v", err)
}
// wait for the project authorization cache to catch the change. It is on a one second period
waitForProject(t, haroldClient, "hammer-project", 1*time.Second, 10)
waitForProject(t, markClient, "mallet-project", 1*time.Second, 10)
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:51, 代码来源:authorization_test.go
示例8: TestBootstrapPolicyOverwritePolicyCommand
func TestBootstrapPolicyOverwritePolicyCommand(t *testing.T) {
masterConfig, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
client, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if err := client.ClusterPolicies().Delete(authorizationapi.PolicyName); err != nil {
t.Errorf("unexpected error: %v", err)
}
// after the policy is deleted, we must wait for it to be cleared from the policy cache
err = wait.Poll(10*time.Millisecond, 10*time.Second, func() (bool, error) {
_, err := client.ClusterPolicies().List(labels.Everything(), fields.Everything())
if err == nil {
return false, nil
}
if !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
return true, nil
})
if err != nil {
t.Errorf("timeout: %v", err)
}
etcdClient, err := etcd.GetAndTestEtcdClient(masterConfig.EtcdClientInfo)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
etcdHelper, err := origin.NewEtcdHelper(etcdClient, masterConfig.EtcdStorageConfig.OpenShiftStorageVersion, masterConfig.EtcdStorageConfig.OpenShiftStoragePrefix)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if err := admin.OverwriteBootstrapPolicy(etcdHelper, masterConfig.PolicyConfig.BootstrapPolicyFile, admin.CreateBootstrapPolicyFileFullCommand, true, ioutil.Discard); err != nil {
t.Errorf("unexpected error: %v", err)
}
if _, err := client.ClusterPolicies().List(labels.Everything(), fields.Everything()); err != nil {
t.Errorf("unexpected error: %v", err)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:48, 代码来源:bootstrap_policy_test.go
示例9: TestImageStreamCreate
func TestImageStreamCreate(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = testutil.CreateNamespace(clusterAdminKubeConfig, testutil.Namespace())
if err != nil {
t.Errorf("unexpected error: %v", err)
}
stream := mockImageStream()
if _, err := clusterAdminClient.ImageStreams(testutil.Namespace()).Create(&imageapi.ImageStream{}); err == nil || !errors.IsInvalid(err) {
t.Fatalf("Unexpected error: %v", err)
}
expected, err := clusterAdminClient.ImageStreams(testutil.Namespace()).Create(stream)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if expected.Name == "" {
t.Errorf("Unexpected empty image Name %v", expected)
}
actual, err := clusterAdminClient.ImageStreams(testutil.Namespace()).Get(stream.Name)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if !reflect.DeepEqual(expected, actual) {
t.Errorf("unexpected object: %s", util.ObjectDiff(expected, actual))
}
streams, err := clusterAdminClient.ImageStreams(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
if len(streams.Items) != 1 {
t.Errorf("Expected one image, got %#v", streams.Items)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:45, 代码来源:imagestream_test.go
示例10: setup
func setup(t *testing.T) *client.Client {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminKubeClient, err := testutil.GetClusterAdminKubeClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminKubeClient.Namespaces().Create(&kapi.Namespace{
ObjectMeta: kapi.ObjectMeta{Name: testutil.Namespace()},
})
return clusterAdminClient
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:20, 代码来源:imagechange_buildtrigger_test.go
示例11: TestAuthorizationOnlyResolveRolesForBindingsThatMatter
func TestAuthorizationOnlyResolveRolesForBindingsThatMatter(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
addValerie := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.ViewRoleName,
RoleBindingAccessor: policy.NewClusterRoleBindingAccessor(clusterAdminClient),
Users: []string{"valerie"},
}
if err := addValerie.AddRole(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
if err = clusterAdminClient.ClusterRoles().Delete(bootstrappolicy.ViewRoleName); err != nil {
t.Fatalf("unexpected error: %v", err)
}
addEdgar := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.EditRoleName,
RoleBindingAccessor: policy.NewClusterRoleBindingAccessor(clusterAdminClient),
Users: []string{"edgar"},
}
if err := addEdgar.AddRole(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
// try to add Valerie to a non-existent role
if err := addValerie.AddRole(); !kapierror.IsNotFound(err) {
t.Fatalf("unexpected error: %v", err)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:41, 代码来源:authorization_test.go
示例12: TestRootRedirect
func TestRootRedirect(t *testing.T) {
masterConfig, _, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
transport := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
req, err := http.NewRequest("GET", masterConfig.AssetConfig.MasterPublicURL, nil)
req.Header.Set("Accept", "*/*")
resp, err := transport.RoundTrip(req)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if resp.StatusCode != http.StatusOK {
t.Errorf("Expected %d, got %d", http.StatusOK, resp.StatusCode)
}
if resp.Header.Get("Content-Type") != "application/json" {
t.Errorf("Expected %s, got %s", "application/json", resp.Header.Get("Content-Type"))
}
req, err = http.NewRequest("GET", masterConfig.AssetConfig.MasterPublicURL, nil)
req.Header.Set("Accept", "text/html")
resp, err = transport.RoundTrip(req)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if resp.StatusCode != http.StatusFound {
t.Errorf("Expected %d, got %d", http.StatusFound, resp.StatusCode)
}
if resp.Header.Get("Location") != masterConfig.AssetConfig.PublicURL {
t.Errorf("Expected %s, got %s", masterConfig.AssetConfig.PublicURL, resp.Header.Get("Location"))
}
// TODO add a test for when asset config is nil, the redirect should not occur in this case even when
// accept header contains text/html
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:41, 代码来源:root_redirect_test.go
示例13: TestImageStreamList
func TestImageStreamList(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = testutil.CreateNamespace(clusterAdminKubeConfig, testutil.Namespace())
if err != nil {
t.Errorf("unexpected error: %v", err)
}
builds, err := clusterAdminClient.ImageStreams(testutil.Namespace()).List(labels.Everything(), fields.Everything())
if err != nil {
t.Fatalf("Unexpected error %v", err)
}
if len(builds.Items) != 0 {
t.Errorf("Expected no builds, got %#v", builds.Items)
}
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:23, 代码来源:imagestream_test.go
示例14: setupBuildControllerTest
func setupBuildControllerTest(additionalBuildControllers, additionalBuildPodControllers, additionalImageChangeControllers int, t *testing.T) (*client.Client, *kclient.Client) {
master, clusterAdminKubeConfig, err := testutil.StartTestMaster()
checkErr(t, err)
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
checkErr(t, err)
clusterAdminKubeClient, err := testutil.GetClusterAdminKubeClient(clusterAdminKubeConfig)
checkErr(t, err)
_, err = clusterAdminKubeClient.Namespaces().Create(&kapi.Namespace{
ObjectMeta: kapi.ObjectMeta{Name: testutil.Namespace()},
})
checkErr(t, err)
if err := testutil.WaitForServiceAccounts(clusterAdminKubeClient, testutil.Namespace(), []string{bootstrappolicy.BuilderServiceAccountName, bootstrappolicy.DefaultServiceAccountName}); err != nil {
t.Errorf("unexpected error: %v", err)
}
openshiftConfig, err := origin.BuildMasterConfig(*master)
checkErr(t, err)
// Get the build controller clients, since those rely on service account tokens
// We don't want to proceed with the rest of the test until those are available
openshiftConfig.BuildControllerClients()
for i := 0; i < additionalBuildControllers; i++ {
openshiftConfig.RunBuildController()
}
for i := 0; i < additionalBuildPodControllers; i++ {
openshiftConfig.RunBuildPodController()
}
for i := 0; i < additionalImageChangeControllers; i++ {
openshiftConfig.RunBuildImageChangeTriggerController()
}
return clusterAdminClient, clusterAdminKubeClient
}
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:36, 代码来源:buildcontroller_test.go
示例15: TestV2RegistryGetTags
func TestV2RegistryGetTags(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("error starting master: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("error getting cluster admin client: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("error getting cluster admin client config: %v", err)
}
user := "admin"
adminClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, testutil.Namespace(), user)
if err != nil {
t.Fatalf("error creating project: %v", err)
}
token, err := tokencmd.RequestToken(clusterAdminClientConfig, nil, user, "password")
if err != nil {
t.Fatalf("error requesting token: %v", err)
}
config := `version: 0.1
loglevel: debug
http:
addr: 127.0.0.1:5000
storage:
inmemory: {}
auth:
openshift:
middleware:
repository:
- name: openshift
`
os.Setenv("OPENSHIFT_CA_DATA", string(clusterAdminClientConfig.CAData))
os.Setenv("OPENSHIFT_CERT_DATA", string(clusterAdminClientConfig.CertData))
os.Setenv("OPENSHIFT_KEY_DATA", string(clusterAdminClientConfig.KeyData))
os.Setenv("OPENSHIFT_MASTER", clusterAdminClientConfig.Host)
os.Setenv("REGISTRY_URL", "127.0.0.1:5000")
go dockerregistry.Execute(strings.NewReader(config))
stream := imageapi.ImageStream{
ObjectMeta: kapi.ObjectMeta{
Namespace: testutil.Namespace(),
Name: "test",
},
}
if _, err := adminClient.ImageStreams(testutil.Namespace()).Create(&stream); err != nil {
t.Fatalf("error creating image stream: %s", err)
}
tags, err := getTags(stream.Name, user, token)
if err != nil {
t.Fatal(err)
}
if len(tags) > 0 {
t.Fatalf("expected 0 tags, got: %#v", tags)
}
dgst, err := putManifest(stream.Name, user, token)
if err != nil {
t.Fatal(err)
}
tags, err = getTags(stream.Name, user, token)
if err != nil {
t.Fatal(err)
}
if len(tags) != 1 {
t.Fatalf("expected 1 tag, got %d: %v", len(tags), tags)
}
if tags[0] != imageapi.DefaultImageTag {
t.Fatalf("expected latest, got %q", tags[0])
}
// test get by tag
url := fmt.Sprintf("http://127.0.0.1:5000/v2/%s/%s/manifests/%s", testutil.Namespace(), stream.Name, imageapi.DefaultImageTag)
req, err := http.NewRequest("GET", url, nil)
if err != nil {
t.Fatalf("error creating request: %v", err)
}
req.SetBasicAuth(user, token)
resp, err := http.DefaultClient.Do(req)
if err != nil {
t.Fatalf("error retrieving manifest from registry: %s", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
t.Fatalf("unexpected status code: %d", resp.StatusCode)
}
body, err := ioutil.ReadAll(resp.Body)
var retrievedManifest manifest.Manifest
if err := json.Unmarshal(body, &retrievedManifest); err != nil {
t.Fatalf("error unmarshaling retrieved manifest")
}
if retrievedManifest.Name != fmt.Sprintf("%s/%s", testutil.Namespace(), stream.Name) {
t.Fatalf("unexpected manifest name: %s", retrievedManifest.Name)
//.........这里部分代码省略.........
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:101, 代码来源:v2_docker_registry_test.go
示例16: TestAuthorizationSubjectAccessReview
func TestAuthorizationSubjectAccessReview(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
haroldClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "hammer-project", "harold")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
markClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "mallet-project", "mark")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
dannyClient, err := testutil.GetClientForUser(*clusterAdminClientConfig, "danny")
if err != nil {
t.Fatalf("error requesting token: %v", err)
}
addDanny := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.ViewRoleName,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor("default", clusterAdminClient),
Users: []string{"danny"},
}
if err := addDanny.AddRole(); err != nil {
t.Errorf("unexpected error: %v", err)
}
askCanDannyGetProject := &authorizationapi.SubjectAccessReview{User: "danny", Verb: "get", Resource: "projects"}
subjectAccessReviewTest{
description: "cluster admin told danny can get project default",
clientInterface: clusterAdminClient.SubjectAccessReviews("default"),
review: askCanDannyGetProject,
response: authorizationapi.SubjectAccessReviewResponse{
Allowed: true,
Reason: "allowed by rule in default",
Namespace: "default",
},
}.run(t)
subjectAccessReviewTest{
description: "cluster admin told danny cannot get projects cluster-wide",
clientInterface: clusterAdminClient.ClusterSubjectAccessReviews(),
review: askCanDannyGetProject,
response: authorizationapi.SubjectAccessReviewResponse{
Allowed: false,
Reason: `User "danny" cannot get projects at the cluster scope`,
Namespace: "",
},
}.run(t)
subjectAccessReviewTest{
description: "as danny, can I make cluster subject access reviews",
clientInterface: dannyClient.ClusterSubjectAccessReviews(),
review: askCanDannyGetProject,
err: `User "danny" cannot create subjectaccessreviews at the cluster scope`,
}.run(t)
addValerie := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.ViewRoleName,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor("hammer-project", haroldClient),
Users: []string{"valerie"},
}
if err := addValerie.AddRole(); err != nil {
t.Errorf("unexpected error: %v", err)
}
addEdgar := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.EditRoleName,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor("mallet-project", markClient),
Users: []string{"edgar"},
}
if err := addEdgar.AddRole(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
askCanValerieGetProject := &authorizationapi.SubjectAccessReview{User: "valerie", Verb: "get", Resource: "projects"}
subjectAccessReviewTest{
description: "harold told valerie can get project hammer-project",
clientInterface: haroldClient.SubjectAccessReviews("hammer-project"),
review: askCanValerieGetProject,
response: authorizationapi.SubjectAccessReviewResponse{
Allowed: true,
Reason: "allowed by rule in hammer-project",
Namespace: "hammer-project",
},
}.run(t)
subjectAccessReviewTest{
//.........这里部分代码省略.........
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:101, 代码来源:authorization_test.go
示例17: TestServiceAccountAuthorization
func TestServiceAccountAuthorization(t *testing.T) {
saNamespace := api.NamespaceDefault
saName := serviceaccountadmission.DefaultServiceAccountName
saUsername := serviceaccount.MakeUsername(saNamespace, saName)
// Start one OpenShift master as "cluster1" to play the external kube server
cluster1MasterConfig, cluster1AdminConfigFile, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
cluster1AdminConfig, err := testutil.GetClusterAdminClientConfig(cluster1AdminConfigFile)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
cluster1AdminKubeClient, err := testutil.GetClusterAdminKubeClient(cluster1AdminConfigFile)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
cluster1AdminOSClient, err := testutil.GetClusterAdminClient(cluster1AdminConfigFile)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Get a service account token and build a client
saToken, err := waitForServiceAccountToken(cluster1AdminKubeClient, saNamespace, saName, 20, time.Second)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if len(saToken) == 0 {
t.Fatalf("token was not created")
}
cluster1SAClientConfig := kclient.Config{
Host: cluster1AdminConfig.Host,
Prefix: cluster1AdminConfig.Prefix,
BearerToken: saToken,
TLSClientConfig: kclient.TLSClientConfig{
CAFile: cluster1AdminConfig.CAFile,
CAData: cluster1AdminConfig.CAData,
},
}
cluster1SAKubeClient, err := kclient.New(&cluster1SAClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Make sure the service account doesn't have access
failNS := &api.Namespace{ObjectMeta: api.ObjectMeta{Name: "test-fail"}}
if _, err := cluster1SAKubeClient.Namespaces().Create(failNS); !errors.IsForbidden(err) {
t.Fatalf("expected forbidden error, got %v", err)
}
// Make the service account a cluster admin on cluster1
addRoleOptions := &policy.RoleModificationOptions{
RoleName: bootstrappolicy.ClusterAdminRoleName,
RoleBindingAccessor: policy.NewClusterRoleBindingAccessor(cluster1AdminOSClient),
Users: []string{saUsername},
}
if err := addRoleOptions.AddRole(); err != nil {
t.Fatalf("could not add role to service account")
}
// Give the policy cache a second to catch it's breath
time.Sleep(time.Second)
// Make sure the service account now has access
// This tests authentication using the etcd-based token getter
passNS := &api.Namespace{ObjectMeta: api.ObjectMeta{Name: "test-pass"}}
if _, err := cluster1SAKubeClient.Namespaces().Create(passNS); err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Create a kubeconfig from the serviceaccount config
cluster1SAKubeConfigFile, err := ioutil.TempFile(testutil.GetBaseDir(), "cluster1-service-account.kubeconfig")
if err != nil {
t.Fatalf("error creating tmpfile: %v", err)
}
defer os.Remove(cluster1SAKubeConfigFile.Name())
if err := writeClientConfigToKubeConfig(cluster1SAClientConfig, cluster1SAKubeConfigFile.Name()); err != nil {
t.Fatalf("error creating kubeconfig: %v", err)
}
// Set up cluster 2 to run against cluster 1 as external kubernetes
cluster2MasterConfig, err := testutil.DefaultMasterOptions()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// Don't start kubernetes in process
cluster2MasterConfig.KubernetesMasterConfig = nil
// Connect to cluster1 using the service account credentials
cluster2MasterConfig.MasterClients.ExternalKubernetesKubeConfig = cluster1SAKubeConfigFile.Name()
// Don't start etcd
cluster2MasterConfig.EtcdConfig = nil
// Use the same credentials as cluster1 to connect to existing etcd
cluster2MasterConfig.EtcdClientInfo = cluster1MasterConfig.EtcdClientInfo
// Set a custom etcd prefix to make sure data is getting sent to cluster1
cluster2MasterConfig.EtcdStorageConfig.KubernetesStoragePrefix += "2"
cluster2MasterConfig.EtcdStorageConfig.OpenShiftStoragePrefix += "2"
// Don't manage any names in cluster2
cluster2MasterConfig.ServiceAccountConfig.ManagedNames = []string{}
// Don't create any service account tokens in cluster2
//.........这里部分代码省略.........
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:101, 代码来源:service_account_test.go
示例18: TestAuthorizationResourceAccessReview
func TestAuthorizationResourceAccessReview(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
haroldClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "hammer-project", "harold")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
markClient, err := testutil.CreateNewProject(clusterAdminClient, *clusterAdminClientConfig, "mallet-project", "mark")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
addValerie := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.ViewRoleName,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor("hammer-project", haroldClient),
Users: []string{"valerie"},
}
if err := addValerie.AddRole(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
addEdgar := &policy.RoleModificationOptions{
RoleNamespace: "",
RoleName: bootstrappolicy.EditRoleName,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor("mallet-project", markClient),
Users: []string{"edgar"},
}
if err := addEdgar.AddRole(); err != nil {
t.Fatalf("unexpected error: %v", err)
}
requestWhoCanViewDeployments := &authorizationapi.ResourceAccessReview{Verb: "get", Resource: "deployments"}
{
test := resourceAccessReviewTest{
clientInterface: haroldClient.ResourceAccessReviews("hammer-project"),
review: requestWhoCanViewDeployments,
response: authorizationapi.ResourceAccessReviewResponse{
Users: util.NewStringSet("harold", "valerie"),
Groups: globalClusterAdminGroups,
Namespace: "hammer-project",
},
}
test.response.Users.Insert(globalClusterAdminUsers.List()...)
test.response.Groups.Insert("system:cluster-readers")
test.run(t)
}
{
test := resourceAccessReviewTest{
clientInterface: markClient.ResourceAccessReviews("mallet-project"),
review: requestWhoCanViewDeployments,
response: authorizationapi.ResourceAccessReviewResponse{
Users: util.NewStringSet("mark", "edgar"),
Groups: globalClusterAdminGroups,
Namespace: "mallet-project",
},
}
test.response.Users.Insert(globalClusterAdminUsers.List()...)
test.response.Groups.Insert("system:cluster-readers")
test.run(t)
}
// mark should not be able to make global access review requests
{
test := resourceAccessReviewTest{
clientInterface: markClient.ClusterResourceAccessReviews(),
review: requestWhoCanViewDeployments,
err: "cannot ",
}
test.run(t)
}
// a cluster-admin should be able to make global access review requests
{
test := resourceAccessReviewTest{
clientInterface: clusterAdminClient.ClusterResourceAccessReviews(),
review: requestWhoCanViewDeployments,
response: authorizationapi.ResourceAccessReviewResponse{
Users: globalClusterAdminUsers,
Groups: globalClusterAdminGroups,
},
}
test.response.Groups.Insert("system:cluster-readers")
test.run(t)
}
//.........这里部分代码省略.........
开发者ID:pombredanne, 项目名称:atomic-enterprise, 代码行数:101, 代码来源:authorization_test.go
示例19: TestWebhookGitHubPushWithImage
请发表评论