Skip to content

Commit

Permalink
lib/resourceread/rbac: Ensure v1beta1 conversion
Browse files Browse the repository at this point in the history
Protecting us from [1,2]:

  converting (v1beta1.Role) to (v1.Role): unknown conversion

in unit tests.  The manual conversion and wash through JSON seems like
a terrible hack, but I haven't been able to figure out a more elegant
approach yet.  From [3]:

  Promotes the rbac.authorization.k8s.io/v1beta1 API to v1 with no changes

so all we really need is the apiVersion bump.

[1]: kubernetes/kubernetes#90018
[2]: openshift#420 (comment)
[3]: kubernetes/kubernetes#49642
  • Loading branch information
wking committed Jul 30, 2020
1 parent ba32622 commit 55be2f2
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 1 deletion.
15 changes: 14 additions & 1 deletion lib/resourceread/rbac.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package resourceread

import (
"encoding/json"

rbacv1 "k8s.io/api/rbac/v1"
rbacv1beta1 "k8s.io/api/rbac/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
Expand Down Expand Up @@ -50,9 +52,20 @@ func ReadRoleBindingV1OrDie(objBytes []byte) *rbacv1.RoleBinding {

// ReadRoleV1OrDie reads clusterole object from bytes. Panics on error.
func ReadRoleV1OrDie(objBytes []byte) *rbacv1.Role {
requiredObj, err := runtime.Decode(rbacCodecs.UniversalDecoder(rbacv1.SchemeGroupVersion), objBytes)
requiredObj, err := runtime.Decode(rbacCodecs.UniversalDecoder(rbacv1beta1.SchemeGroupVersion, rbacv1.SchemeGroupVersion), objBytes)
if err != nil {
panic(err)
}
if v1beta1, ok := requiredObj.(*rbacv1beta1.Role); ok {
v1 := &rbacv1.Role{ObjectMeta: v1beta1.ObjectMeta}
data, err := json.Marshal(v1beta1.Rules)
if err != nil {
panic(err)
}
if err = json.Unmarshal(data, &v1.Rules); err != nil {
panic(err)
}
requiredObj = v1
}
return requiredObj.(*rbacv1.Role)
}
59 changes: 59 additions & 0 deletions lib/resourceread/rbac_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
package resourceread

import (
"testing"
)

func TestReadRoleOrDie(t *testing.T) {
type args struct {
objBytes []byte
}
tests := []struct {
name string
args args
}{
{
name: "v1beta1",
args: args{
objBytes: []byte(`
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
`),
},
},
{
name: "v1",
args: args{
objBytes: []byte(`
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
`),
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
defer func() {
if r := recover(); r != nil {
t.Error(r)
t.Fail()
}
}()
_ := ReadRoleV1OrDie(tt.args.objBytes)
})
}
}

0 comments on commit 55be2f2

Please sign in to comment.