Skip to content

Commit 3853a0e

Browse files
johnSchnakejohnSchnake
committed
GKE also requires SAR endpoints
There was a specific error flow that was commented as only applying to GKE. This was never tested specifically for GKE (only commented as such) but that seems to be out of date and can be removed. If the SAR endpoint does not exist it should be considered an error.
1 parent d2ce69d commit 3853a0e

File tree

2 files changed

+0
-11
lines changed

2 files changed

+0
-11
lines changed

test/e2e/framework/auth/BUILD

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ go_library(
88
deps = [
99
"//staging/src/k8s.io/api/authorization/v1beta1:go_default_library",
1010
"//staging/src/k8s.io/api/rbac/v1beta1:go_default_library",
11-
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
1211
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
1312
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
1413
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",

test/e2e/framework/auth/helpers.go

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@ import (
2525
"github.com/pkg/errors"
2626
authorizationv1beta1 "k8s.io/api/authorization/v1beta1"
2727
rbacv1beta1 "k8s.io/api/rbac/v1beta1"
28-
apierrors "k8s.io/apimachinery/pkg/api/errors"
2928
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3029
"k8s.io/apimachinery/pkg/runtime/schema"
3130
"k8s.io/apimachinery/pkg/util/wait"
@@ -68,15 +67,6 @@ func WaitForNamedAuthorizationUpdate(c v1beta1authorization.SubjectAccessReviews
6867

6968
err := wait.Poll(policyCachePollInterval, policyCachePollTimeout, func() (bool, error) {
7069
response, err := c.SubjectAccessReviews().Create(review)
71-
// GKE doesn't enable the SAR endpoint. Without this endpoint, we cannot determine if the policy engine
72-
// has adjusted as expected. In this case, simply wait one second and hope it's up to date
73-
// TODO: Should have a check for the provider here but that introduces too tight of
74-
// coupling with the `framework` package. See: https://github.com/kubernetes/kubernetes/issues/76726
75-
if apierrors.IsNotFound(err) {
76-
logf("SubjectAccessReview endpoint is missing")
77-
time.Sleep(1 * time.Second)
78-
return true, nil
79-
}
8070
if err != nil {
8171
return false, err
8272
}

0 commit comments

Comments
 (0)