Skip to content

Commit 50cba64

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #30075 from dinhxuanvu/auth-hypershift
OCPBUGS-57496: Account for system:hosted-cluster-config service account in HyperShift
2 parents 67ebbd9 + 6cbdda6 commit 50cba64

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

test/extended/authorization/authorization.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,7 @@ func prettyPrintReviewResponse(resp *authorizationv1.ResourceAccessReviewRespons
210210
// This list includes the admins from above, plus users or groups known to have global view access
211211
var globalClusterReaderUsers = sets.NewString("system:admin")
212212
var globalClusterReaderGroups = sets.NewString("system:cluster-readers", "system:cluster-admins", "system:masters")
213+
var hyperShiftServiceAccount = sets.NewString("system:hosted-cluster-config")
213214

214215
// this list includes any other users who can get DeploymentConfigs
215216
var globalDeploymentConfigGetterUsers = sets.NewString(
@@ -439,6 +440,9 @@ var _ = g.Describe("[sig-auth][Feature:OpenShiftAuthorization][Serial] authoriza
439440
Namespace: hammerProjectName,
440441
},
441442
}
443+
if ok, _ := exutil.IsHypershift(context.Background(), oc.AdminConfigClient()); ok {
444+
test.response.UsersSlice = append(test.response.UsersSlice, hyperShiftServiceAccount.List()...)
445+
}
442446
test.response.UsersSlice = append(test.response.UsersSlice, globalClusterReaderUsers.List()...)
443447
test.response.UsersSlice = append(test.response.UsersSlice, globalDeploymentConfigGetterUsers.List()...)
444448
test.response.GroupsSlice = append(test.response.GroupsSlice, globalClusterReaderGroups.List()...)
@@ -456,6 +460,9 @@ var _ = g.Describe("[sig-auth][Feature:OpenShiftAuthorization][Serial] authoriza
456460
Namespace: malletProjectName,
457461
},
458462
}
463+
if ok, _ := exutil.IsHypershift(context.Background(), oc.AdminConfigClient()); ok {
464+
test.response.UsersSlice = append(test.response.UsersSlice, hyperShiftServiceAccount.List()...)
465+
}
459466
test.response.UsersSlice = append(test.response.UsersSlice, globalClusterReaderUsers.List()...)
460467
test.response.UsersSlice = append(test.response.UsersSlice, globalDeploymentConfigGetterUsers.List()...)
461468
test.response.GroupsSlice = append(test.response.GroupsSlice, globalClusterReaderGroups.List()...)
@@ -486,6 +493,9 @@ var _ = g.Describe("[sig-auth][Feature:OpenShiftAuthorization][Serial] authoriza
486493
GroupsSlice: []string{},
487494
},
488495
}
496+
if ok, _ := exutil.IsHypershift(context.Background(), oc.AdminConfigClient()); ok {
497+
test.response.UsersSlice = append(test.response.UsersSlice, hyperShiftServiceAccount.List()...)
498+
}
489499
test.response.UsersSlice = append(test.response.UsersSlice, globalClusterReaderUsers.List()...)
490500
test.response.UsersSlice = append(test.response.UsersSlice, globalDeploymentConfigGetterUsers.List()...)
491501
test.response.GroupsSlice = append(test.response.GroupsSlice, globalClusterReaderGroups.List()...)

0 commit comments

Comments
 (0)