diff --git a/test/extended/cli/admin.go b/test/extended/cli/admin.go index 90db69ac05f9..be9c6eb434ce 100644 --- a/test/extended/cli/admin.go +++ b/test/extended/cli/admin.go @@ -212,38 +212,42 @@ var _ = g.Describe("[sig-cli] oc adm", func() { o.Expect(err).To(o.HaveOccurred()) o.Expect(out).To(o.ContainSubstring("error: rolebinding custom found for role view, not other")) - o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", "fake-user").Execute()).To(o.Succeed()) - o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", "-z", "fake-sa").Execute()).To(o.Succeed()) - o.Expect(oc.Run("adm", "policy", "add-scc-to-group").Args("privileged", "fake-group").Execute()).To(o.Succeed()) + fakeUser := gen.GenerateName("fake-user-") + fakeSA := gen.GenerateName("fake-sa-") + fakeGroup := gen.GenerateName("fake-group-") + + o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", fakeUser).Execute()).To(o.Succeed()) + o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", "-z", fakeSA).Execute()).To(o.Succeed()) + o.Expect(oc.Run("adm", "policy", "add-scc-to-group").Args("privileged", fakeGroup).Execute()).To(o.Succeed()) out, err = oc.Run("get").Args("clusterrolebinding/system:openshift:scc:privileged", "-o", "yaml").Output() o.Expect(err).NotTo(o.HaveOccurred()) - o.Expect(out).To(o.ContainSubstring("fake-user")) - o.Expect(out).To(o.ContainSubstring("fake-sa")) - o.Expect(out).To(o.ContainSubstring("fake-group")) + o.Expect(out).To(o.ContainSubstring(fakeUser)) + o.Expect(out).To(o.ContainSubstring(fakeSA)) + o.Expect(out).To(o.ContainSubstring(fakeGroup)) - o.Expect(oc.Run("adm", "policy", "remove-scc-from-user").Args("privileged", "fake-user").Execute()).To(o.Succeed()) - o.Expect(oc.Run("adm", "policy", "remove-scc-from-user").Args("privileged", "-z", "fake-sa").Execute()).To(o.Succeed()) - o.Expect(oc.Run("adm", "policy", "remove-scc-from-group").Args("privileged", "fake-group").Execute()).To(o.Succeed()) + o.Expect(oc.Run("adm", "policy", "remove-scc-from-user").Args("privileged", fakeUser).Execute()).To(o.Succeed()) + o.Expect(oc.Run("adm", "policy", "remove-scc-from-user").Args("privileged", "-z", fakeSA).Execute()).To(o.Succeed()) + o.Expect(oc.Run("adm", "policy", "remove-scc-from-group").Args("privileged", fakeGroup).Execute()).To(o.Succeed()) out, err = oc.Run("get").Args("clusterrolebinding/system:openshift:scc:privileged", "-o", "yaml").Output() // there are two possible outcomes here: if err == nil { // 1. the binding exists, but it should not contain the removed entities - o.Expect(out).NotTo(o.ContainSubstring("fake-user")) - o.Expect(out).NotTo(o.ContainSubstring("fake-sa")) - o.Expect(out).NotTo(o.ContainSubstring("fake-group")) + o.Expect(out).NotTo(o.ContainSubstring(fakeUser)) + o.Expect(out).NotTo(o.ContainSubstring(fakeSA)) + o.Expect(out).NotTo(o.ContainSubstring(fakeGroup)) } else { // 2. the binding does not exists, if we removed all entities from the binding o.Expect(out).To(o.ContainSubstring(`clusterrolebindings.rbac.authorization.k8s.io "system:openshift:scc:privileged" not found`)) } // check pruning - o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", "fake-user").Execute()).To(o.Succeed()) - out, err = oc.Run("adm", "prune", "auth").Args("users/fake-user").Output() + o.Expect(oc.Run("adm", "policy", "add-scc-to-user").Args("privileged", fakeUser).Execute()).To(o.Succeed()) + out, err = oc.Run("adm", "prune", "auth").Args(fmt.Sprintf("users/%s", fakeUser)).Output() o.Expect(err).NotTo(o.HaveOccurred()) o.Expect(out).To(o.ContainSubstring("clusterrolebinding.rbac.authorization.k8s.io/system:openshift:scc:privileged updated")) - o.Expect(oc.Run("adm", "policy", "add-scc-to-group").Args("privileged", "fake-group").Execute()).To(o.Succeed()) - out, err = oc.Run("adm", "prune", "auth").Args("group/fake-group").Output() + o.Expect(oc.Run("adm", "policy", "add-scc-to-group").Args("privileged", fakeGroup).Execute()).To(o.Succeed()) + out, err = oc.Run("adm", "prune", "auth").Args(fmt.Sprintf("group/%s", fakeGroup)).Output() o.Expect(err).NotTo(o.HaveOccurred()) o.Expect(out).To(o.ContainSubstring("clusterrolebinding.rbac.authorization.k8s.io/system:openshift:scc:privileged updated")) })