-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathvectorized-role-crds.feature
More file actions
103 lines (100 loc) · 3.37 KB
/
vectorized-role-crds.feature
File metadata and controls
103 lines (100 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
@cluster:vectorized/sasl
Feature: Vectorized Role CRDs
Background: Cluster available
Given vectorized cluster "sasl" is available
@skip:gke @skip:aks @skip:eks
Scenario: Manage vectorized roles
Given there is no role "admin-role" in vectorized cluster "sasl"
And there are the following pre-existing users in vectorized cluster "sasl"
| name | password | mechanism |
| alice | password | SCRAM-SHA-256 |
| bob | password | SCRAM-SHA-256 |
When I apply Kubernetes manifest:
"""
---
apiVersion: cluster.redpanda.com/v1alpha2
kind: Role
metadata:
name: admin-role
spec:
cluster:
clusterRef:
group: redpanda.vectorized.io
kind: Cluster
name: sasl
principals:
- User:alice
- User:bob
"""
And role "admin-role" is successfully synced
Then role "admin-role" should exist in vectorized cluster "sasl"
And role "admin-role" should have members "alice and bob" in vectorized cluster "sasl"
@skip:gke @skip:aks @skip:eks
Scenario: Manage vectorized roles with authorization
Given there is no role "read-only-role" in vectorized cluster "sasl"
And there are the following pre-existing users in vectorized cluster "sasl"
| name | password | mechanism |
| charlie | password | SCRAM-SHA-256 |
When I create topic "public-test" in vectorized cluster "sasl"
And I apply Kubernetes manifest:
"""
---
apiVersion: cluster.redpanda.com/v1alpha2
kind: Role
metadata:
name: read-only-role
spec:
cluster:
clusterRef:
group: redpanda.vectorized.io
kind: Cluster
name: sasl
principals:
- User:charlie
authorization:
acls:
- type: allow
resource:
type: topic
name: public-
patternType: prefixed
operations: [Read, Describe]
"""
And role "read-only-role" is successfully synced
Then role "read-only-role" should exist in vectorized cluster "sasl"
And role "read-only-role" should have ACLs for topic pattern "public-" in vectorized cluster "sasl"
And "charlie" should be able to read from topic "public-test" in vectorized cluster "sasl"
@skip:gke @skip:aks @skip:eks
Scenario: Manage vectorized authorization-only roles
Given there are the following pre-existing users in vectorized cluster "sasl"
| name | password | mechanism |
| travis | password | SCRAM-SHA-256 |
And there is a pre-existing role "travis-role" in vectorized cluster "sasl"
When I apply Kubernetes manifest:
"""
---
apiVersion: cluster.redpanda.com/v1alpha2
kind: Role
metadata:
name: travis-role
spec:
cluster:
clusterRef:
group: redpanda.vectorized.io
kind: Cluster
name: sasl
principals:
- User:travis
authorization:
acls:
- type: allow
resource:
type: topic
name: some-topic
patternType: prefixed
operations: [Read]
"""
And role "travis-role" is successfully synced
And I delete the CRD role "travis-role"
Then there should still be role "travis-role" in vectorized cluster "sasl"
And there should be no ACLs for role "travis-role" in vectorized cluster "sasl"