const AliceToken … const BobToken … const UnknownToken … func getTestWebhookTokenAuth(serverURL string, customDial utilnet.DialFunc) (authenticator.Request, error) { … } func getTestWebhookTokenAuthCustomDialer(serverURL string) (authenticator.Request, error) { … } func path(resource, namespace, name string) string { … } func pathWithPrefix(prefix, resource, namespace, name string) string { … } func pathWithSubResource(resource, namespace, name, subresource string) string { … } func timeoutPath(resource, namespace, name string) string { … } var aPod … var aRC … var aService … var aNode … func aEvent(namespace string) string { … } var aBinding … var emptyEndpoints … var aEndpoints … var deleteNow … // To ensure that a POST completes before a dependent GET, set a timeout. func addTimeoutFlag(URLString string) string { … } type testRequest … func getTestRequests(namespace string) []testRequest { … } // The TestAuthMode* tests a large number of URLs and checks that they // are FORBIDDEN or not, depending on the mode. They do not attempt to do // detailed verification of behaviour beyond authorization. They are not // fuzz tests. // // TODO(etune): write a fuzz test of the REST API. func TestAuthModeAlwaysAllow(t *testing.T) { … } func parseResourceVersion(response []byte) (string, float64, error) { … } func getPreviousResourceVersionKey(url, id string) string { … } func TestAuthModeAlwaysDeny(t *testing.T) { … } // TestAliceNotForbiddenOrUnauthorized tests a user who is known to // the authentication system and authorized to do any actions. func TestAliceNotForbiddenOrUnauthorized(t *testing.T) { … } // TestBobIsForbidden tests that a user who is known to // the authentication system but not authorized to do any actions // should receive "Forbidden". func TestBobIsForbidden(t *testing.T) { … } // TestUnknownUserIsUnauthorized tests that a user who is unknown // to the authentication system get status code "Unauthorized". // An authorization module is installed in this scenario for integration // test purposes, but requests aren't expected to reach it. func TestUnknownUserIsUnauthorized(t *testing.T) { … } type impersonateAuthorizer … // alice can't act as anyone and bob can't do anything but act-as someone func (impersonateAuthorizer) Authorize(ctx context.Context, a authorizer.Attributes) (authorizer.Decision, string, error) { … } func TestImpersonateIsForbidden(t *testing.T) { … } func TestImpersonateWithUID(t *testing.T) { … } func csrPEM(t *testing.T) []byte { … } func newABACFileWithContents(t *testing.T, contents string) string { … } type trackingAuthorizer … func (a *trackingAuthorizer) Authorize(ctx context.Context, attributes authorizer.Attributes) (authorizer.Decision, string, error) { … } // TestAuthorizationAttributeDetermination tests that authorization attributes are built correctly func TestAuthorizationAttributeDetermination(t *testing.T) { … } // TestNamespaceAuthorization tests that authorization can be controlled // by namespace. func TestNamespaceAuthorization(t *testing.T) { … } // TestKindAuthorization tests that authorization can be controlled // by namespace. func TestKindAuthorization(t *testing.T) { … } // TestReadOnlyAuthorization tests that authorization can be controlled // by namespace. func TestReadOnlyAuthorization(t *testing.T) { … } // TestWebhookTokenAuthenticator tests that a control plane can use the webhook token // authenticator to call out to a remote web server for authentication // decisions. func TestWebhookTokenAuthenticator(t *testing.T) { … } // TestWebhookTokenAuthenticatorCustomDial is the same as TestWebhookTokenAuthenticator, but uses a // custom dialer func TestWebhookTokenAuthenticatorCustomDial(t *testing.T) { … } func testWebhookTokenAuthenticator(customDialer bool, t *testing.T) { … } // newTestWebhookTokenAuthServer creates an http token authentication server // that knows about both Alice and Bob. func newTestWebhookTokenAuthServer() *httptest.Server { … }
Codebase Browser
kubernetes