add method to create rolebinding for user in namespace scope

abhijeet-dhumal · abhijeet-dhumal · commit 5620f1397adf · 2024-05-30T14:16:33.000+05:30
diff --git a/support/rbac.go b/support/rbac.go
@@ -202,3 +202,37 @@ func CreateUserClusterRoleBinding(t Test, userName string, roleName string) *rba
 
 	return rb
 }
+
+func CreateUserNamespaceRoleBinding(t Test, userName string, namespace *corev1.Namespace, roleName string) *rbacv1.RoleBinding {
+	t.T().Helper()
+
+	// Create a RoleBinding to give specified role access to the user for test-namespace
+	roleBinding := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: "rb-ns-",
+			Namespace:    namespace.Name,
+		},
+		RoleRef: rbacv1.RoleRef{
+			Kind:     "ClusterRole",
+			Name:     roleName, // grants admin access
+			APIGroup: "rbac.authorization.k8s.io",
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:     "User",
+				Name:     userName,
+				APIGroup: "rbac.authorization.k8s.io",
+			},
+		},
+	}
+
+	rb, err := t.Client().Core().RbacV1().RoleBindings(namespace.Name).Create(t.Ctx(), roleBinding, metav1.CreateOptions{})
+	t.Expect(err).NotTo(gomega.HaveOccurred())
+	t.T().Logf("Created User ClusterRoleBinding %s successfully", roleBinding.Name)
+
+	t.T().Cleanup(func() {
+		t.Client().Core().RbacV1().ClusterRoleBindings().Delete(t.Ctx(), rb.Name, metav1.DeleteOptions{})
+	})
+
+	return rb
+}
diff --git a/support/rbac_test.go b/support/rbac_test.go
@@ -60,3 +60,22 @@ func TestCreateUserClusterRoleBinding(t *testing.T) {
 	test.Expect(rb.Subjects[0].Kind).To(gomega.Equal("User"))
 	test.Expect(rb.Subjects[0].Name).To(gomega.Equal("user-1"))
 }
+
+func TestCreateUserNamespaceRoleBinding(t *testing.T) {
+
+	test := NewTest(t)
+	namespace := test.NewTestNamespace()
+
+	rb := CreateUserNamespaceRoleBinding(test, "user-1", namespace, "role1")
+
+	test.Expect(rb).To(gomega.Not(gomega.BeNil()))
+	test.Expect(rb.GenerateName).To(gomega.Equal("rb-ns-"))
+
+	test.Expect(rb.RoleRef.APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group))
+	test.Expect(rb.RoleRef.Kind).To(gomega.Equal("ClusterRole"))
+	test.Expect(rb.RoleRef.Name).To(gomega.Equal("role1"))
+
+	test.Expect(rb.Subjects[0].APIGroup).To(gomega.Equal(rbacv1.SchemeGroupVersion.Group))
+	test.Expect(rb.Subjects[0].Kind).To(gomega.Equal("User"))
+	test.Expect(rb.Subjects[0].Name).To(gomega.Equal("user-1"))
+}
