Merge pull request #500 from nirmata/local_test

correct role/clusterrole kind
2025-03-06 16:06:56 +00:00 · 2019-11-14 16:00:01 -08:00 · 2019-11-14 16:00:01 -08:00 · 17ec220711
commit 17ec220711
parent 54744151b2 8bf60a7fea
2 changed files with 13 additions and 9 deletions
--- a/pkg/userinfo/roleRef.go
+++ b/pkg/userinfo/roleRef.go
@ -13,6 +13,11 @@ import (
 	rbaclister "k8s.io/client-go/listers/rbac/v1"
 )

+const (
+	clusterrolekind = "ClusterRole"
+	rolekind        = "Role"
+)
+
 func GetRoleRef(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, request *v1beta1.AdmissionRequest) (roles []string, clusterRoles []string, err error) {
 	// rolebindings
 	roleBindings, err := rbLister.List(labels.NewSelector())
@ -49,11 +54,10 @@ func getRoleRefByRoleBindings(roleBindings []*rbacv1.RoleBinding, userInfo authe
 				continue
 			}

-			// roleRefMap := roleRef.(map[string]interface{})
 			switch rolebinding.RoleRef.Kind {
-			case "role":
+			case rolekind:
 				roles = append(roles, rolebinding.Namespace+":"+rolebinding.RoleRef.Name)
-			case "clusterRole":
+			case clusterrolekind:
 				clusterRoles = append(clusterRoles, rolebinding.RoleRef.Name)
 			}
 		}
@ -70,7 +74,7 @@ func getRoleRefByClusterRoleBindings(clusterroleBindings []*rbacv1.ClusterRoleBi
 				continue
 			}

-			if clusterRoleBinding.RoleRef.Kind == "clusterRole" {
+			if clusterRoleBinding.RoleRef.Kind == clusterrolekind {
 				clusterRoles = append(clusterRoles, clusterRoleBinding.RoleRef.Name)
 			}
 		}
@ -80,7 +84,7 @@ func getRoleRefByClusterRoleBindings(clusterroleBindings []*rbacv1.ClusterRoleBi

 // matchSubjectsMap checks if userInfo found in subject
 // return true directly if found a match
-// subject["kind"] can only be ServiceAccount, User and Group
+// subject.kind can only be ServiceAccount, User and Group
 func matchSubjectsMap(subject rbacv1.Subject, userInfo authenticationv1.UserInfo) bool {
 	// ServiceAccount
 	if isServiceaccountUserInfo(userInfo.Username) {
--- a/pkg/userinfo/roleRef_test.go
+++ b/pkg/userinfo/roleRef_test.go
@ -181,7 +181,7 @@ func Test_getRoleRefByRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "role",
+				Kind: rolekind,
 				Name: "myrole",
 			},
 		},
@ -199,7 +199,7 @@ func Test_getRoleRefByRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "myclusterrole",
 			},
 		},
@ -232,7 +232,7 @@ func Test_getRoleRefByClusterRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "fakeclusterrole",
 			},
 		},
@ -249,7 +249,7 @@ func Test_getRoleRefByClusterRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "myclusterrole",
 			},
 		},