@@ -28,19 +28,18 @@ import (
2828 authenticationv1 "k8s.io/api/authentication/v1"
2929 authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
3030 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
31+ "k8s.io/apimachinery/pkg/util/version"
3132 "k8s.io/apiserver/pkg/authentication/authenticator"
3233 "k8s.io/apiserver/pkg/authentication/user"
34+ utilfeature "k8s.io/apiserver/pkg/util/feature"
35+ featuregatetesting "k8s.io/component-base/featuregate/testing"
3336 "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
3437 "k8s.io/kubernetes/pkg/controlplane"
3538 "k8s.io/kubernetes/test/integration/framework"
3639 "k8s.io/kubernetes/test/utils/ktesting"
3740)
3841
3942func TestGetsSelfAttributes (t * testing.T ) {
40- // KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE allows for APIs pending removal to not block tests
41- // TODO: Remove this line when oldest emulation version is 1.34, along with removal of v1beta1 SelfSubjectReview (unservable by default but still servable via this envvar in 1.33)
42- t .Setenv ("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE" , "true" )
43-
4443 tests := []struct {
4544 name string
4645 userInfo * user.DefaultInfo
@@ -95,30 +94,30 @@ func TestGetsSelfAttributes(t *testing.T) {
9594 Name : "stub" ,
9695 }
9796
98- kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
99- ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
100- opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1beta1=true" )
101- opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1=true" )
102- opts .Authorization .Modes = []string {"AlwaysAllow" }
103- },
104- ModifyServerConfig : func (config * controlplane.Config ) {
105- // Unset BearerToken to disable BearerToken authenticator.
106- config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
107- config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
108- respMu .RLock ()
109- defer respMu .RUnlock ()
110- return & authenticator.Response {User : response }, true , nil
111- })
112- },
113- })
114- defer tearDownFn ()
115-
11697 for _ , tc := range tests {
117- t .Run (tc .name , func (t * testing.T ) {
98+ t .Run (tc .name + "_v1beta1" , func (t * testing.T ) {
99+ featuregatetesting .SetFeatureGateEmulationVersionDuringTest (t , utilfeature .DefaultFeatureGate , version .MustParseMajorMinor ("1.32" ))
118100 respMu .Lock ()
119101 response = tc .userInfo
120102 respMu .Unlock ()
121103
104+ kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
105+ ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
106+ opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1beta1=true" )
107+ opts .Authorization .Modes = []string {"AlwaysAllow" }
108+ },
109+ ModifyServerConfig : func (config * controlplane.Config ) {
110+ // Unset BearerToken to disable BearerToken authenticator.
111+ config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
112+ config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
113+ respMu .RLock ()
114+ defer respMu .RUnlock ()
115+ return & authenticator.Response {User : response }, true , nil
116+ })
117+ },
118+ })
119+ defer tearDownFn ()
120+
122121 resBeta , err := kubeClient .AuthenticationV1beta1 ().
123122 SelfSubjectReviews ().
124123 Create (tCtx , & authenticationv1beta1.SelfSubjectReview {}, metav1.CreateOptions {})
@@ -145,6 +144,30 @@ func TestGetsSelfAttributes(t *testing.T) {
145144 if ! reflect .DeepEqual (resBeta .Status .UserInfo .Extra , tc .expectedExtra ) {
146145 t .Fatalf ("unexpected extra: wanted %v, got %v" , tc .expectedExtra , resBeta .Status .UserInfo .Extra )
147146 }
147+ })
148+ }
149+
150+ for _ , tc := range tests {
151+ t .Run (tc .name + "_v1" , func (t * testing.T ) {
152+ respMu .Lock ()
153+ response = tc .userInfo
154+ respMu .Unlock ()
155+
156+ kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
157+ ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
158+ opts .Authorization .Modes = []string {"AlwaysAllow" }
159+ },
160+ ModifyServerConfig : func (config * controlplane.Config ) {
161+ // Unset BearerToken to disable BearerToken authenticator.
162+ config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
163+ config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
164+ respMu .RLock ()
165+ defer respMu .RUnlock ()
166+ return & authenticator.Response {User : response }, true , nil
167+ })
168+ },
169+ })
170+ defer tearDownFn ()
148171
149172 resV1 , err := kubeClient .AuthenticationV1 ().
150173 SelfSubjectReviews ().
@@ -179,35 +202,34 @@ func TestGetsSelfAttributes(t *testing.T) {
179202func TestGetsSelfAttributesError (t * testing.T ) {
180203 toggle := & atomic.Value {}
181204 toggle .Store (true )
182-
183- tCtx := ktesting .Init (t )
184- kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
185- ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
186- opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1beta1=true" )
187- opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1=true" )
188- opts .Authorization .Modes = []string {"AlwaysAllow" }
189- },
190- ModifyServerConfig : func (config * controlplane.Config ) {
191- // Unset BearerToken to disable BearerToken authenticator.
192- config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
193- config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
194- if toggle .Load ().(bool ) {
195- return & authenticator.Response {
196- User : & user.DefaultInfo {
197- Name : "alice" ,
198- },
199- }, true , nil
200- }
201-
202- return nil , false , fmt .Errorf ("test error" )
203- })
204- },
205- })
206- defer tearDownFn ()
207-
208205 expected := fmt .Errorf ("Unauthorized" )
209206
210- { // v1beta1
207+ t .Run ("v1beta1" , func (t * testing.T ) {
208+ featuregatetesting .SetFeatureGateEmulationVersionDuringTest (t , utilfeature .DefaultFeatureGate , version .MustParseMajorMinor ("1.32" ))
209+ tCtx := ktesting .Init (t )
210+ kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
211+ ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
212+ opts .APIEnablement .RuntimeConfig .Set ("authentication.k8s.io/v1beta1=true" )
213+ opts .Authorization .Modes = []string {"AlwaysAllow" }
214+ },
215+ ModifyServerConfig : func (config * controlplane.Config ) {
216+ // Unset BearerToken to disable BearerToken authenticator.
217+ config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
218+ config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
219+ if toggle .Load ().(bool ) {
220+ return & authenticator.Response {
221+ User : & user.DefaultInfo {
222+ Name : "alice" ,
223+ },
224+ }, true , nil
225+ }
226+
227+ return nil , false , fmt .Errorf ("test error" )
228+ })
229+ },
230+ })
231+ defer tearDownFn ()
232+
211233 toggle .Store (! toggle .Load ().(bool ))
212234
213235 _ , err := kubeClient .AuthenticationV1beta1 ().
@@ -221,9 +243,32 @@ func TestGetsSelfAttributesError(t *testing.T) {
221243 if expected .Error () != err .Error () {
222244 t .Fatalf ("expected error: %v, got %v" , expected , err )
223245 }
224- }
246+ })
247+
248+ t .Run ("v1" , func (t * testing.T ) {
249+ tCtx := ktesting .Init (t )
250+ kubeClient , _ , tearDownFn := framework .StartTestServer (tCtx , t , framework.TestServerSetup {
251+ ModifyServerRunOptions : func (opts * options.ServerRunOptions ) {
252+ opts .Authorization .Modes = []string {"AlwaysAllow" }
253+ },
254+ ModifyServerConfig : func (config * controlplane.Config ) {
255+ // Unset BearerToken to disable BearerToken authenticator.
256+ config .ControlPlane .Generic .LoopbackClientConfig .BearerToken = ""
257+ config .ControlPlane .Generic .Authentication .Authenticator = authenticator .RequestFunc (func (req * http.Request ) (* authenticator.Response , bool , error ) {
258+ if toggle .Load ().(bool ) {
259+ return & authenticator.Response {
260+ User : & user.DefaultInfo {
261+ Name : "alice" ,
262+ },
263+ }, true , nil
264+ }
265+
266+ return nil , false , fmt .Errorf ("test error" )
267+ })
268+ },
269+ })
270+ defer tearDownFn ()
225271
226- { // v1
227272 toggle .Store (! toggle .Load ().(bool ))
228273
229274 _ , err := kubeClient .AuthenticationV1 ().
@@ -237,5 +282,5 @@ func TestGetsSelfAttributesError(t *testing.T) {
237282 if expected .Error () != err .Error () {
238283 t .Fatalf ("expected error: %v, got %v" , expected , err )
239284 }
240- }
285+ })
241286}
0 commit comments