service rolebinding am trying to create
{
"apiVersion": "rbac.istio.io/v1alpha1",
"kind": "ServiceRoleBinding",
"metadata": {
"name": "bind-service-viewer"
},
"spec": {
"subjects": [
{
"user": "*"
}
],
"roleRef": {
"kind": "ServiceRole",
"name": "service-viewer"
}
}
}
Go code for the same
raw, _ := ioutil.ReadFile("./files/def-srb.json")
srb := "istio.io/client-go/pkg/apis/rbac/v1alpha1".ServiceRoleBinding{}
json.Unmarshal(raw, &srb)
return "istio.io/client-go/pkg/clientset/versioned/typed/rbac/v1alpha1".ServiceRoleBindings(ns).Create(&srb)
Test code for the same
func TestCreateSRB (t *testing.T) {
raw, err := ioutil.ReadFile("./files/def-srb.json")
if err != nil {
fmt.Println(err)
}
srb := v1alpha1.ServiceRoleBinding{}
err = json.Unmarshal(raw, &srb)
if err != nil {
fmt.Println(err)
}
resp, err := CreateSRBforFunc("test", istioclient.NewSimpleClientset().RbacV1alpha1(), "test-group", "test-fn")
checkError(err, t)
if diff := cmp.Diff(&srb, resp); diff != "" {
t.Errorf("mismatch (-want +got):\n%s", diff)
}
}
Test Result
--- FAIL: TestCreateSRB (0.00s)
ns_test.go:237: mismatch (-want +got):
&v1alpha1.ServiceRoleBinding{
TypeMeta: v1.TypeMeta{Kind: "ServiceRoleBinding", APIVersion: "rbac.istio.io/v1alpha1"},
ObjectMeta: v1.ObjectMeta{
Name: "bind-service-viewer",
GenerateName: "",
- Namespace: "",
+ Namespace: "test",
SelfLink: "",
UID: "",
... // 11 identical fields
},
Spec: v1alpha1.ServiceRoleBinding{
Subjects: []*v1alpha1.Subject{
&{User: "*"},
+ s`user:"*" `,
+ s`user:"*" `,
+ s`user:"*" `,
+ s`user:"*" `,
+ s`user:"*" `,
+ s`user:"*" `,
+ s`user:"*" `,
},
RoleRef: &v1alpha1.RoleRef{Kind: "ServiceRole", Name: "service-viewer"},
Mode: s"ENFORCED",
... // 5 identical fields
},
}
FAIL
exit status 1
Not sure why so many user subjects are created