fix: E2E tests — RBAC for Polaris service proxy + settings selector #22
@@ -0,0 +1,28 @@
|
|||||||
|
# RBAC to allow authenticated users to proxy to the Polaris dashboard service.
|
||||||
|
# The polaris plugin reads audit data via the Kubernetes service proxy:
|
||||||
|
# /api/v1/namespaces/polaris/services/http:polaris-dashboard:80/proxy/results.json
|
||||||
|
# Without this Role + RoleBinding, users get a 403 when Headlamp proxies the request.
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: polaris-dashboard-proxy-reader
|
||||||
|
namespace: polaris
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services/proxy"]
|
||||||
|
resourceNames: ["polaris-dashboard", "http:polaris-dashboard:80"]
|
||||||
|
verbs: ["get"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: polaris-dashboard-proxy-reader
|
||||||
|
namespace: polaris
|
||||||
|
subjects:
|
||||||
|
- kind: Group
|
||||||
|
name: system:authenticated
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: polaris-dashboard-proxy-reader
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
@@ -5,7 +5,7 @@ test.describe('Polaris plugin settings', () => {
|
|||||||
await page.goto('/c/main/settings/plugins');
|
await page.goto('/c/main/settings/plugins');
|
||||||
|
|
||||||
// Find Polaris plugin in the list
|
// Find Polaris plugin in the list
|
||||||
const pluginCard = page.locator('text=headlamp-polaris-plugin').first();
|
const pluginCard = page.locator('text=polaris').first();
|
||||||
await expect(pluginCard).toBeVisible();
|
await expect(pluginCard).toBeVisible();
|
||||||
|
|
||||||
// Click to view settings (if settings are displayed inline, they should already be visible)
|
// Click to view settings (if settings are displayed inline, they should already be visible)
|
||||||
|
|||||||
Reference in New Issue
Block a user