@@ -46,50 +46,50 @@ func TestGetCurrentUserUID(t *testing.T) {
4646 expectedUID string
4747 }{
4848 {
49- name : "Should return UID from SelfSubjectReview " ,
49+ name : "Should return UID from OpenShift User API " ,
5050 provider : testUserIDClientProvider {
51- userUID : expectedUID ,
51+ userAPIUID : expectedUID ,
5252 },
5353 expectedUID : expectedUID ,
5454 },
5555 {
56- name : "Should return error when client creation fails " ,
56+ name : "Should fall back to SelfSubjectReview when OpenShift User API is unavailable " ,
5757 provider : testUserIDClientProvider {
58- returnClientError : true ,
58+ returnUserAPIError : apierrors .NewNotFound (schema.GroupResource {Group : "user.openshift.io" , Resource : "users" }, "~" ),
59+ userUID : expectedUID ,
5960 },
60- errRegexp : "failed to create client to check user info" ,
61+ expectedUID : expectedUID ,
6162 },
6263 {
63- name : "Should fall back to OpenShift User API when SelfSubjectReview is unavailable " ,
64+ name : "Should return error when client creation fails " ,
6465 provider : testUserIDClientProvider {
65- returnReviewError : apierrors .NewNotFound (schema.GroupResource {Group : "authentication.k8s.io" , Resource : "selfsubjectreviews" }, "self" ),
66- userAPIUID : expectedUID ,
66+ returnClientError : true ,
6767 },
68- expectedUID : expectedUID ,
68+ errRegexp : "failed to create client to check user info" ,
6969 },
7070 {
7171 name : "Should return error when both user lookups fail" ,
7272 provider : testUserIDClientProvider {
73- returnReviewError : apierrors .NewNotFound (schema.GroupResource {Group : "authentication.k8s.io" , Resource : "selfsubjectreviews" }, "self" ),
7473 returnUserAPIError : apierrors .NewNotFound (schema.GroupResource {Group : "user.openshift.io" , Resource : "users" }, "~" ),
74+ returnReviewError : apierrors .NewNotFound (schema.GroupResource {Group : "authentication.k8s.io" , Resource : "selfsubjectreviews" }, "self" ),
7575 },
7676 errRegexp : "failed to get current user information" ,
7777 },
7878 {
79- name : "Should allow empty UID from SelfSubjectReview for kube:admin" ,
79+ name : "Should allow empty UID from OpenShift User API for kube:admin" ,
8080 provider : testUserIDClientProvider {
81- userUID : "" ,
81+ userAPIUID : "" ,
82+ emptyUserAPIUID : true ,
8283 },
8384 expectedUID : "" ,
8485 },
8586 {
86- name : "Should allow empty UID from OpenShift User API for kube:admin " ,
87+ name : "Should return error when SelfSubjectReview returns empty UID on fallback " ,
8788 provider : testUserIDClientProvider {
88- returnReviewError : apierrors .NewNotFound (schema.GroupResource {Group : "authentication.k8s.io" , Resource : "selfsubjectreviews" }, "self" ),
89- userAPIUID : "" ,
90- emptyUserAPIUID : true ,
89+ returnUserAPIError : apierrors .NewNotFound (schema.GroupResource {Group : "user.openshift.io" , Resource : "users" }, "~" ),
90+ userUID : "" ,
9191 },
92- expectedUID : "" ,
92+ errRegexp : "SelfSubjectReview returned empty UID " ,
9393 },
9494 }
9595
@@ -100,8 +100,8 @@ func TestGetCurrentUserUID(t *testing.T) {
100100 assert .Error (t , err )
101101 assert .Regexp (t , tt .errRegexp , err .Error ())
102102 if tt .name == "Should return error when both user lookups fail" {
103- assert .Contains (t , err .Error (), "SelfSubjectReview error:" )
104103 assert .Contains (t , err .Error (), "OpenShift User API error:" )
104+ assert .Contains (t , err .Error (), "SelfSubjectReview error:" )
105105 }
106106 return
107107 }
0 commit comments