github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #71021 from liggitt/node-self-deletion

Browse Source 
Remove self-deletion permissions from kubelets
This commit is contained in:
k8s-ci-robot
2018-11-16 01:53:31 -08:00
committed by GitHub
parent 6fc60428a7 8d7cc39031
commit 1a54fd4319
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
test/integration/auth/node_test.go
View File

@@ -530,7 +530,10 @@ func TestNodeAuthorizer(t *testing.T) {
expectAllowed(t, createNode2MirrorPodEviction(node2Client))
expectAllowed(t, createNode2(node2Client))
expectAllowed(t, updateNode2Status(node2Client))
expectAllowed(t, deleteNode2(node2Client))
// self deletion is not allowed
expectForbidden(t, deleteNode2(node2Client))
// clean up node2
expectAllowed(t, deleteNode2(superuserClient))
// create a pod as an admin to add object references
expectAllowed(t, createNode2NormalPod(superuserClient))
@@ -621,7 +624,7 @@ func TestNodeAuthorizer(t *testing.T) {
// node2 can no longer get the configmap after it is unassigned as its config source
expectForbidden(t, getConfigMapConfigSource(node2Client))
// clean up node2
expectAllowed(t, deleteNode2(node2Client))
expectAllowed(t, deleteNode2(superuserClient))
//TODO(mikedanese): integration test node restriction of TokenRequest