Merge pull request #117713 from flant/ssr-ga

KEP-3325: Promote SelfSubjectReview to GA

test/e2e/auth/selfsubjectreviews.go

@@ -22,8 +22,10 @@ import (
 
 	"github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
+	authenticationv1 "k8s.io/api/authentication/v1"
 	authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
 	authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
@@ -31,19 +33,21 @@ import (
 	admissionapi "k8s.io/pod-security-admission/api"
 )
 
-var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
+var _ = SIGDescribe("SelfSubjectReview", func() {
 	f := framework.NewDefaultFramework("selfsubjectreviews")
 	f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
 
 	/*
-			Release: v1.27
+			Release: v1.28
 			Testname: SelfSubjectReview API
 			Description:
 			The authentication.k8s.io API group MUST exist in the /apis discovery document.
 			The authentication.k8s.io/v1alpha1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
 		    The authentication.k8s.io/v1beta1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
+			The authentication.k8s.io/v1 API group/version MUST exist in the /apis/mode.k8s.io discovery document.
 			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1alpha1 discovery document.
 			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1beta1 discovery document.
+			The selfsubjectreviews resource MUST exist in the /apis/authentication.k8s.io/v1 discovery document.
 			The selfsubjectreviews resource MUST support create.
 	*/
 	ginkgo.DescribeTable(
@@ -105,6 +109,7 @@ var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
 		},
 		ginkgo.Entry("authentication/v1alpha1", "v1alpha1", authenticationv1alpha1.SchemeGroupVersion.String()),
 		ginkgo.Entry("authentication/v1beta1", "v1beta1", authenticationv1beta1.SchemeGroupVersion.String()),
+		ginkgo.Entry("authentication/v1", "v1", authenticationv1.SchemeGroupVersion.String()),
 	)
 
 	ginkgo.It("should support SelfSubjectReview API operations", func(ctx context.Context) {
@@ -116,8 +121,11 @@ var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
 
 			ssrClient := kubernetes.NewForConfigOrDie(config).AuthenticationV1alpha1().SelfSubjectReviews()
 			res, err := ssrClient.Create(ctx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
-			framework.ExpectNoError(err)
+			if apierrors.IsNotFound(err) {
+				return // Alpha API is disabled
+			}
 
+			framework.ExpectNoError(err)
 			gomega.Expect(config.Impersonate.UserName).To(gomega.Equal(res.Status.UserInfo.Username))
 			gomega.Expect(config.Impersonate.UID).To(gomega.Equal(res.Status.UserInfo.UID))
 			gomega.Expect(config.Impersonate.Groups).To(gomega.Equal(res.Status.UserInfo.Groups))
@@ -136,6 +144,29 @@ var _ = SIGDescribe("SelfSubjectReview [Feature:APISelfSubjectReview]", func() {
 
 			ssrClient := kubernetes.NewForConfigOrDie(config).AuthenticationV1beta1().SelfSubjectReviews()
 			res, err := ssrClient.Create(ctx, &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
+			if apierrors.IsNotFound(err) {
+				return // Beta API is disabled
+			}
+
+			framework.ExpectNoError(err)
+			gomega.Expect(config.Impersonate.UserName).To(gomega.Equal(res.Status.UserInfo.Username))
+			gomega.Expect(config.Impersonate.UID).To(gomega.Equal(res.Status.UserInfo.UID))
+			gomega.Expect(config.Impersonate.Groups).To(gomega.Equal(res.Status.UserInfo.Groups))
+
+			extra := make(map[string][]string, len(res.Status.UserInfo.Extra))
+			for k, v := range res.Status.UserInfo.Extra {
+				extra[k] = v
+			}
+
+			gomega.Expect(config.Impersonate.Extra).To(gomega.Equal(extra))
+		}
+
+		ginkgo.By("creating SSR authentication/v1")
+		{
+			config := restConfig(f)
+
+			ssrClient := kubernetes.NewForConfigOrDie(config).AuthenticationV1().SelfSubjectReviews()
+			res, err := ssrClient.Create(ctx, &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{})
 			framework.ExpectNoError(err)
 
 			gomega.Expect(config.Impersonate.UserName).To(gomega.Equal(res.Status.UserInfo.Username))