644 circle ci changes

2025-03-28 10:28:36 +00:00 · 2020-02-09 19:28:51 +05:30 · 2020-02-09 19:28:51 +05:30 · 17da6217e0
commit 17da6217e0
parent 99e54e28d8
2 changed files with 1 additions and 29 deletions
--- a/pkg/userinfo/roleRef.go
+++ b/pkg/userinfo/roleRef.go
@ -88,7 +88,7 @@ func getRoleRefByClusterRoleBindings(clusterroleBindings []*rbacv1.ClusterRoleBi
 // subject.kind can only be ServiceAccount, User and Group
 func matchSubjectsMap(subject rbacv1.Subject, userInfo authenticationv1.UserInfo) bool {
 	// ServiceAccount
-	if isServiceaccountUserInfo(userInfo.Username) {
+	if strings.Contains(userInfo.Username, SaPrefix) {
 		return matchServiceAccount(subject, userInfo)
 	}

@ -96,13 +96,6 @@ func matchSubjectsMap(subject rbacv1.Subject, userInfo authenticationv1.UserInfo
 	return matchUserOrGroup(subject, userInfo)
 }

-func isServiceaccountUserInfo(username string) bool {
-	if strings.Contains(username, SaPrefix) {
-		return true
-	}
-	return false
-}
-
 // matchServiceAccount checks if userInfo sa matche the subject sa
 // serviceaccount represents as saPrefix:namespace:name in userInfo
 func matchServiceAccount(subject rbacv1.Subject, userInfo authenticationv1.UserInfo) bool {
--- a/pkg/userinfo/roleRef_test.go
+++ b/pkg/userinfo/roleRef_test.go
@ -11,27 +11,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-func Test_isServiceaccountUserInfo(t *testing.T) {
-	tests := []struct {
-		username string
-		expected bool
-	}{
-		{
-			username: "system:serviceaccount:default:saconfig",
-			expected: true,
-		},
-		{
-			username: "serviceaccount:default:saconfig",
-			expected: false,
-		},
-	}
-
-	for _, test := range tests {
-		res := isServiceaccountUserInfo(test.username)
-		assert.Assert(t, test.expected == res)
-	}
-}
-
 func Test_matchServiceAccount_subject_variants(t *testing.T) {
 	userInfo := authenticationv1.UserInfo{
 		Username: "system:serviceaccount:default:saconfig",