Skip to content

Commit 9c9e8aa

Browse files
katyannakatyanna
committed
Remove read-only testcases from Admission Controller section
Admission Controller does not cover read-only permissions, that's entirely on the RBAC. Signed-off-by: Katyanna Moura <[email protected]>
1 parent 46a184b commit 9c9e8aa

File tree

1 file changed

+0
-48
lines changed

1 file changed

+0
-48
lines changed

test/e2e/authorization.go

Lines changed: 0 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -685,32 +685,6 @@ var _ = g.Describe("Authorization via admission-controller [RBAC] [Zalando]", fu
685685
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("write operations are forbidden")))
686686
})
687687
})
688-
689-
g.Context("as read-only user", func() {
690-
var client *kubernetes.Clientset
691-
692-
g.BeforeEach(func() {
693-
var err error
694-
695-
client, err = getReadOnlyClient(eksCluster, awsAccountID)
696-
framework.ExpectNoError(err)
697-
})
698-
699-
g.It("should deny write access in user namespace", func() {
700-
err := client.CoreV1().Pods(nonSystemResource.Namespace).Delete(context.Background(), nonSystemResource.Name, metav1.DeleteOptions{DryRun: []string{"All"}})
701-
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("write operations are forbidden")))
702-
})
703-
704-
g.It("should deny write access in collaborator namespace", func() {
705-
err := client.CoreV1().Pods(collaboratorResource.Namespace).Delete(context.Background(), collaboratorResource.Name, metav1.DeleteOptions{DryRun: []string{"All"}})
706-
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("write operations are forbidden")))
707-
})
708-
709-
g.It("should deny write access in system namespace", func() {
710-
err := client.CoreV1().Pods(systemResource.Namespace).Delete(context.Background(), systemResource.Name, metav1.DeleteOptions{DryRun: []string{"All"}})
711-
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("write operations are forbidden")))
712-
})
713-
})
714688
})
715689

716690
g.Context("for global resources", func() {
@@ -813,28 +787,6 @@ var _ = g.Describe("Authorization via admission-controller [RBAC] [Zalando]", fu
813787
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("this namespace may not be deleted")))
814788
})
815789
})
816-
817-
g.Context("as read-only user", func() {
818-
var client *kubernetes.Clientset
819-
820-
g.BeforeEach(func() {
821-
var err error
822-
823-
client, err = getReadOnlyClient(eksCluster, awsAccountID)
824-
framework.ExpectNoError(err)
825-
})
826-
827-
// why allow any write acess for read-only user?
828-
g.It("should allow write access for non-system resources", func() {
829-
err := client.RbacV1().ClusterRoles().Delete(context.Background(), nonSystemResource.Name, metav1.DeleteOptions{DryRun: []string{"All"}})
830-
framework.ExpectNoError(err, "failed to delete cluster role: %s", nonSystemResource.Name)
831-
})
832-
833-
g.It("should deny write access for system resources", func() {
834-
err := client.RbacV1().ClusterRoles().Delete(context.Background(), systemResource.Name, metav1.DeleteOptions{DryRun: []string{"All"}})
835-
gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("write operations are forbidden")))
836-
})
837-
})
838790
})
839791

840792
g.Context("exec permission", func() {

0 commit comments

Comments
 (0)