add tests

openshift · Sep 12, 2017 · 68c82cd · 68c82cd
1 parent 7708358
commit 68c82cd
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/pkg/oc/admin/policy/review.go b/pkg/oc/admin/policy/review.go
@@ -110,10 +110,9 @@ func (o *sccReviewOptions) Complete(f *clientcmd.Factory, args []string, cmd *co
 	o.RESTClientFactory = f.ClientForMapping
 
 	output := kcmdutil.GetFlagString(cmd, "output")
-	if len(output) != 0 {
-		if output != "json" && output != "yaml" {
-			return fmt.Errorf("invalid output format %q, only yaml|json supported", output)
-		}
+	wide := len(output) > 0 && output == "wide"
+
+	if len(output) != 0 && !wide {
 		printer, err := f.PrinterForCommand(cmd, false, nil, kprinters.PrintOptions{})
 		if err != nil {
 			return err

diff --git a/test/cmd/policy.sh b/test/cmd/policy.sh
@@ -3,6 +3,18 @@ source "$(dirname "${BASH_SOURCE}")/../../hack/lib/init.sh"
 trap os::test::junit::reconcile_output EXIT
 
 project="$( oc project -q )"
+testpod="apiVersion: v1
+kind: Pod
+metadata:
+  name: testpod
+spec:
+  containers:
+  - image: node
+    imagePullPolicy: IfNotPresent
+    name: testpod
+  volumes:
+  - emptyDir: {}
+    name: tmp"
 
 os::test::junit::declare_suite_start "cmd/policy"
 # This test validates user level policy
@@ -76,6 +88,22 @@ os::cmd::expect_success_and_not_text 'oc adm policy who-can create builds/docker
 os::cmd::expect_success_and_not_text 'oc adm policy who-can create builds/source' 'system:authenticated'
 os::cmd::expect_success_and_not_text 'oc adm policy who-can create builds/jenkinspipeline' 'system:authenticated'
 
+# validate --output and --dry-run flags for oc-adm-policy sub-commands
+os::cmd::expect_success_and_text 'oc adm policy remove-role-from-user admin namespaced-user -o yaml' 'name: admin'
+os::cmd::expect_success_and_text 'oc adm policy add-role-to-user admin namespaced-user -o yaml' 'name: namespaced-user'
+os::cmd::expect_success_and_text 'oc adm policy who-can create pods -o yaml' '\- namespaced\-user'
+
+os::cmd::expect_success_and_text 'oc adm policy scc-subject-review -u namespaced-user --output yaml -f - << __EOF__
+$testpod
+__EOF__' 'name: testpod'
+os::cmd::expect_success_and_text 'oc adm policy scc-subject-review -u namespaced-user --output wide -f - << __EOF__
+$testpod
+__EOF__' 'Pod/testpod'
+
+os::cmd::expect_success_and_text 'oc adm policy scc-review --output yaml -f - << __EOF__
+$testpod
+__EOF__' 'allowedServiceAccounts: \[\]'
+
 # ensure system:authenticated users can not create custom builds by default, but can if explicitly granted access
 os::cmd::expect_success_and_not_text 'oc adm policy who-can create builds/custom' 'system:authenticated'
 os::cmd::expect_success_and_text 'oc adm policy add-cluster-role-to-group system:build-strategy-custom system:authenticated' 'cluster role "system:build-strategy-custom" added: "system:authenticated"'
@@ -139,7 +167,6 @@ os::cmd::expect_success_and_text 'oc policy scc-review -f ${OS_ROOT}/test/testda
 os::cmd::expect_success "oc login -u system:admin -n '${project}'"
 os::cmd::expect_success 'oc delete project policy-second'
 
-
 # adjust the cluster-admin role to check defaulting and coverage checks
 # this is done here instead of an integration test because we need to make sure the actual yaml serializations work
 workingdir=$(mktemp -d)