Skip to content

Commit 15ee238

Browse files
anniegracehuanniegracehu
committed
Add JSON/YAML permission fixtures for manual update/revoke checks.
Provide three paired examples under tests/permission_files to validate update/revoke behavior with auth can-i for both input formats. Made-with: Cursor
1 parent 146a8e4 commit 15ee238

File tree

6 files changed

+1017
-0
lines changed

6 files changed

+1017
-0
lines changed

tests/permission_files/permissions-example1.json

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
{
2+
"perms": {
3+
"*": [
4+
{
5+
"*": [
6+
"*",
7+
"delete",
8+
"get",
9+
"patch"
10+
]
11+
}
12+
],
13+
"non-apigroup": [
14+
{
15+
"nonResourceURL::*": [
16+
"*"
17+
]
18+
}
19+
],
20+
"": [
21+
{
22+
"pods/log": [
23+
"get"
24+
]
25+
}
26+
],
27+
"argoproj.io": [
28+
{
29+
"applicationset": [
30+
"get",
31+
"list",
32+
"watch"
33+
]
34+
},
35+
{
36+
"applications": [
37+
"create",
38+
"get",
39+
"list",
40+
"watch",
41+
"update",
42+
"patch",
43+
"delete"
44+
]
45+
},
46+
{
47+
"applicationsets": [
48+
"create",
49+
"get",
50+
"list",
51+
"watch",
52+
"update",
53+
"delete",
54+
"patch"
55+
]
56+
},
57+
{
58+
"appprojects": [
59+
"create",
60+
"get",
61+
"list",
62+
"watch",
63+
"update",
64+
"patch",
65+
"delete"
66+
]
67+
}
68+
]
69+
}
70+
}

tests/permission_files/permissions-example1.yaml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
perms:
2+
'*':
3+
- '*':
4+
- '*'
5+
- delete
6+
- get
7+
- patch
8+
non-apigroup:
9+
- nonResourceURL::*:
10+
- '*'
11+
? ''
12+
: - pods/log:
13+
- get
14+
argoproj.io:
15+
- applicationset:
16+
- get
17+
- list
18+
- watch
19+
- applications:
20+
- create
21+
- get
22+
- list
23+
- watch
24+
- update
25+
- patch
26+
- delete
27+
- applicationsets:
28+
- create
29+
- get
30+
- list
31+
- watch
32+
- update
33+
- delete
34+
- patch
35+
- appprojects:
36+
- create
37+
- get
38+
- list
39+
- watch
40+
- update
41+
- patch
42+
- delete

tests/permission_files/permissions-example2.json

Lines changed: 260 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,260 @@
1+
{
2+
"perms": {
3+
"cert-manager.io": [
4+
{
5+
"issuers/status": [
6+
"update"
7+
]
8+
},
9+
{
10+
"clusterissuers/status": [
11+
"update"
12+
]
13+
},
14+
{
15+
"certificates/status": [
16+
"update"
17+
]
18+
},
19+
{
20+
"certificaterequests/status": [
21+
"update"
22+
]
23+
},
24+
{
25+
"certificates/finalizers": [
26+
"update"
27+
]
28+
},
29+
{
30+
"certificaterequests/finalizers": [
31+
"update"
32+
]
33+
},
34+
{
35+
"clusterissuers": [
36+
"update",
37+
"get",
38+
"list",
39+
"watch"
40+
]
41+
},
42+
{
43+
"certificates": [
44+
"get",
45+
"list",
46+
"watch",
47+
"update",
48+
"create",
49+
"delete",
50+
"deletecollection",
51+
"patch"
52+
]
53+
},
54+
{
55+
"certificaterequests": [
56+
"update",
57+
"get",
58+
"list",
59+
"watch",
60+
"create",
61+
"delete",
62+
"deletecollection",
63+
"patch"
64+
]
65+
},
66+
{
67+
"issuers": [
68+
"update",
69+
"get",
70+
"list",
71+
"watch",
72+
"create",
73+
"delete",
74+
"deletecollection",
75+
"patch"
76+
]
77+
},
78+
{
79+
"signers/resourceName::issuers.cert-manager.io/*": [
80+
"approve"
81+
],
82+
"signers/resourceName::clusterissuers.cert-manager.io/*": [
83+
"approve"
84+
]
85+
},
86+
{
87+
"signers/resourceName::issuers.cert-manager.io/*": [
88+
"approve"
89+
],
90+
"signers/resourceName::clusterissuers.cert-manager.io/*": [
91+
"approve"
92+
]
93+
}
94+
],
95+
"": [
96+
{
97+
"configmaps/resourceName::cert-manager-cainjector-leader-election": [
98+
"get",
99+
"update",
100+
"patch"
101+
],
102+
"configmaps/resourceName::cert-manager-cainjector-leader-election-core": [
103+
"get",
104+
"update",
105+
"patch"
106+
]
107+
},
108+
{
109+
"configmaps/resourceName::cert-manager-cainjector-leader-election": [
110+
"get",
111+
"update",
112+
"patch"
113+
],
114+
"configmaps/resourceName::cert-manager-cainjector-leader-election-core": [
115+
"get",
116+
"update",
117+
"patch"
118+
]
119+
},
120+
{
121+
"configmaps/resourceName::cert-manager-controller": [
122+
"create",
123+
"get",
124+
"update",
125+
"patch"
126+
]
127+
},
128+
{
129+
"secrets/resourceName::kptc-cert-manager-webhook-ca": [
130+
"get",
131+
"list",
132+
"watch",
133+
"create",
134+
"update",
135+
"patch",
136+
"delete"
137+
]
138+
}
139+
],
140+
"admissionregistration.k8s.io": [
141+
{
142+
"validatingwebhookconfigurations": [
143+
"get",
144+
"list",
145+
"watch",
146+
"update"
147+
]
148+
}
149+
],
150+
"apiregistration.k8s.io": [
151+
{
152+
"apiservices": [
153+
"get",
154+
"list",
155+
"watch",
156+
"update"
157+
]
158+
}
159+
],
160+
"auditregistration.k8s.io": [
161+
{
162+
"auditsinks": [
163+
"get",
164+
"list",
165+
"watch",
166+
"update"
167+
]
168+
}
169+
],
170+
"acme.cert-manager.io": [
171+
{
172+
"orders/status": [
173+
"update"
174+
]
175+
},
176+
{
177+
"orders/finalizers": [
178+
"update"
179+
]
180+
},
181+
{
182+
"challenges/status": [
183+
"update"
184+
]
185+
},
186+
{
187+
"challenges/finalizers": [
188+
"update"
189+
]
190+
},
191+
{
192+
"challenges": [
193+
"get",
194+
"list",
195+
"watch",
196+
"create",
197+
"delete",
198+
"update",
199+
"deletecollection",
200+
"patch"
201+
]
202+
},
203+
{
204+
"orders": [
205+
"create",
206+
"delete",
207+
"get",
208+
"list",
209+
"watch",
210+
"update",
211+
"deletecollection",
212+
"patch"
213+
]
214+
}
215+
],
216+
"networking.k8s.io": [
217+
{
218+
"ingresses/finalizers": [
219+
"update"
220+
]
221+
}
222+
],
223+
"route.openshift.io": [
224+
{
225+
"routes/custom-host": [
226+
"create"
227+
]
228+
}
229+
],
230+
"authorization.k8s.io": [
231+
{
232+
"subjectaccessreviews": [
233+
"create"
234+
]
235+
}
236+
],
237+
"coordination.k8s.io": [
238+
{
239+
"leases/resourceName::cert-manager-controller": [
240+
"get",
241+
"update",
242+
"patch"
243+
]
244+
},
245+
{
246+
"leases/resourceName::cert-manager-controller": [
247+
"create",
248+
"get",
249+
"update",
250+
"patch"
251+
]
252+
},
253+
{
254+
"leases": [
255+
"create"
256+
]
257+
}
258+
]
259+
}
260+
}

0 commit comments

Comments
 (0)