github.com/mponton/terratest@v0.44.0/modules/k8s/self_subject_access_review_test.go

github.com/mponton/terratest@v0.44.0/modules/k8s/self_subject_access_review_test.go (about)

     1  //go:build kubeall || kubernetes
     2  // +build kubeall kubernetes
     3  
     4  // NOTE: we have build tags to differentiate kubernetes tests from non-kubernetes tests. This is done because minikube
     5  // is heavy and can interfere with docker related tests in terratest. Specifically, many of the tests start to fail with
     6  // `connection refused` errors from `minikube`. To avoid overloading the system, we run the kubernetes tests and helm
     7  // tests separately from the others. This may not be necessary if you have a sufficiently powerful machine.  We
     8  // recommend at least 4 cores and 16GB of RAM if you want to run all the tests together.
     9  
    10  package k8s
    11  
    12  import (
    13  	"testing"
    14  
    15  	"github.com/stretchr/testify/assert"
    16  	authv1 "k8s.io/api/authorization/v1"
    17  )
    18  
    19  // NOTE: See service_account_test.go:TestGetServiceAccountWithAuthTokenGetsTokenThatCanBeUsedForAuth for the deny case,
    20  // as the current authed user is assumed to be a super user and so there is nothing they can't do.
    21  
    22  func TestCanIDoReturnsTrueForAllowedAction(t *testing.T) {
    23  	t.Parallel()
    24  
    25  	action := authv1.ResourceAttributes{
    26  		Namespace: "kube-system",
    27  		Verb:      "list",
    28  		Resource:  "pod",
    29  	}
    30  	options := NewKubectlOptions("", "", "kube-system")
    31  	assert.True(t, CanIDo(t, options, action))
    32  }