github.com/terraform-modules-krish/terratest@v0.29.0/modules/k8s/self_subject_access_review_test.go

github.com/terraform-modules-krish/terratest@v0.29.0/modules/k8s/self_subject_access_review_test.go (about)

     1  // +build kubeall kubernetes
     2  
     3  // NOTE: we have build tags to differentiate kubernetes tests from non-kubernetes tests. This is done because minikube
     4  // is heavy and can interfere with docker related tests in terratest. Specifically, many of the tests start to fail with
     5  // `connection refused` errors from `minikube`. To avoid overloading the system, we run the kubernetes tests and helm
     6  // tests separately from the others. This may not be necessary if you have a sufficiently powerful machine.  We
     7  // recommend at least 4 cores and 16GB of RAM if you want to run all the tests together.
     8  
     9  package k8s
    10  
    11  import (
    12  	"testing"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  	authv1 "k8s.io/api/authorization/v1"
    16  )
    17  
    18  // NOTE: See service_account_test.go:TestGetServiceAccountWithAuthTokenGetsTokenThatCanBeUsedForAuth for the deny case,
    19  // as the current authed user is assumed to be a super user and so there is nothing they can't do.
    20  
    21  func TestCanIDoReturnsTrueForAllowedAction(t *testing.T) {
    22  	t.Parallel()
    23  
    24  	action := authv1.ResourceAttributes{
    25  		Namespace: "kube-system",
    26  		Verb:      "list",
    27  		Resource:  "pod",
    28  	}
    29  	options := NewKubectlOptions("", "", "kube-system")
    30  	assert.True(t, CanIDo(t, options, action))
    31  }