func buildAuth(nodeName types.NodeName, client clientset.Interface, config componentconfig.KubeletConfiguration) (server.AuthInterface, error) { // Get clients, if provided var ( tokenClient authenticationclient.TokenReviewInterface sarClient authorizationclient.SubjectAccessReviewInterface ) if client != nil && !reflect.ValueOf(client).IsNil() { tokenClient = client.Authentication().TokenReviews() sarClient = client.Authorization().SubjectAccessReviews() } authenticator, err := buildAuthn(tokenClient, config.Authentication) if err != nil { return nil, err } attributes := server.NewNodeAuthorizerAttributesGetter(nodeName) authorizer, err := buildAuthz(sarClient, config.Authorization) if err != nil { return nil, err } return server.NewKubeletAuth(authenticator, attributes, authorizer), nil }
// Customized ForEach wrapper for this test. forEachPod := func(selectorKey string, selectorValue string, fn func(v1.Pod)) { clusterState(selectorKey, selectorValue).ForEach(fn) } var c clientset.Interface var ns string BeforeEach(func() { c = f.ClientSet ns = f.Namespace.Name // this test wants powerful permissions. Since the namespace names are unique, we can leave this // lying around so we don't have to race any caches framework.BindClusterRoleInNamespace(c.Rbac(), "edit", f.Namespace.Name, rbacv1beta1.Subject{Kind: rbacv1beta1.ServiceAccountKind, Namespace: f.Namespace.Name, Name: "default"}) err := framework.WaitForAuthorizationUpdate(c.Authorization(), serviceaccount.MakeUsername(f.Namespace.Name, "default"), f.Namespace.Name, "create", schema.GroupResource{Resource: "pods"}, true) framework.ExpectNoError(err) }) framework.KubeDescribe("Redis", func() { It("should create and stop redis servers", func() { mkpath := func(file string) string { return filepath.Join(framework.TestContext.RepoRoot, "examples/storage/redis", file) } bootstrapYaml := mkpath("redis-master.yaml") sentinelServiceYaml := mkpath("redis-sentinel-service.yaml") sentinelControllerYaml := mkpath("redis-sentinel-controller.yaml") controllerYaml := mkpath("redis-controller.yaml")