It's possible that a conflict will happen when
attempting to create a `ClusterRole` resource
without a randomized name given that is a cluster
scoped object and another object with same name
might exist. This commit fixes this issue by ensuring
the name of the `ClusterRole` is randomized. Additionally,
it adds clean up for the clusterRole and clusterRoleBinding.
This sets the appropriate groups (system:authenticated, system:serviceaccounts,
system:serviceaccounts:<ns>) in the SAR used in WaitForAuthzUpdate to accurately
simulate the service account’s identity.
- test/e2e/framework/*.go should have very minimal dependencies.
We can enforce that via import-boss.
- What each test/e2e/framework/* sub-package uses is less relevant,
although ideally it also should be as minimal as possible in each case.
Enforcing this via import-boss ensures that new dependencies get flagged as
problem and thus will get additional scrutiny. It might be okay to add them,
but it needs to be considered.
All code must use the context from Ginkgo when doing API calls or polling for a
change, otherwise the code would not return immediately when the test gets
aborted.
There was a specific error flow that was commented as only applying
to GKE. This was never tested specifically for GKE (only commented
as such) but that seems to be out of date and can be removed. If
the SAR endpoint does not exist it should be considered an error.
- moves these helper functions into e2e/framework/auth
- removes logging from helper functions
- in some cases explicitly returns errors that were implicitly
ignored/logged. In the situations where they should be ignored,
we explicitly check that the condition is met before ignoring it.
- fixes references of these methods to use the right package and
return values
