github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,318 Commits 1 Branch 31 Tags
2a91bd1dfdd2e293b9ec017ea3a976ecc2ecd545
Commit Graph

219 Commits

Author SHA1 Message Date
Stanislav Laznicka
7f532891c9 e2e tests: set all PSa labels instead of just enforcing 2023-06-21 15:05:13 +02:00
m.nabokikh
7c5573d326 Fix cmd, integration, and conformance tests 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-03 01:29:37 +02:00
m.nabokikh
40de26dcff KEP-3325: Promote SelfSubjectReview to GA 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-02 14:50:40 +02:00
m.nabokikh
d5aa8351e3 Fix DescribeTable for selfsubjectreview e2e 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-13 20:06:10 +01:00
Maksim Nabokikh
c1431af4f8 KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Patrick Ohly
136f89dfc5 e2e: use error wrapping with %w 
The recently introduced failure handling in ExpectNoError depends on error
wrapping: if an error prefix gets added with `fmt.Errorf("foo: %v", err)`, then
ExpectNoError cannot detect that the root cause is an assertion failure and
then will add another useless "unexpected error" prefix and will not dump the
additional failure information (currently the backtrace inside the E2E
framework).

Instead of manually deciding on a case-by-case basis where %w is needed, all
error wrapping was updated automatically with

    sed -i "s/fmt.Errorf\(.*\): '*\(%s\|%v\)'*\",\(.* err)\)/fmt.Errorf\1: %w\",\3/" $(git grep -l 'fmt.Errorf' test/e2e*)

This may be unnecessary in some cases, but it's not wrong.
 2023-02-06 15:39:13 +01:00
Patrick Ohly
1e346c4e4a e2e pod: convert ProxyResponseChecker into matcher 
Instead of pod responses being printed to the log each time polling fails, we
get a consolidated failure message with all unexpected pod responses if (and
only if) the check times out or a progress report gets produced.
 2023-02-06 15:39:13 +01:00
Antonio Ojea
7f5ae1c0c1 Revert "e2e: wait for pods with gomega" 2023-02-06 12:08:22 +01:00
Patrick Ohly
222f655062 e2e: use error wrapping with %w 
The recently introduced failure handling in ExpectNoError depends on error
wrapping: if an error prefix gets added with `fmt.Errorf("foo: %v", err)`, then
ExpectNoError cannot detect that the root cause is an assertion failure and
then will add another useless "unexpected error" prefix and will not dump the
additional failure information (currently the backtrace inside the E2E
framework).

Instead of manually deciding on a case-by-case basis where %w is needed, all
error wrapping was updated automatically with

    sed -i "s/fmt.Errorf\(.*\): '*\(%s\|%v\)'*\",\(.* err)\)/fmt.Errorf\1: %w\",\3/" $(git grep -l 'fmt.Errorf' test/e2e*)

This may be unnecessary in some cases, but it's not wrong.
 2023-01-31 13:01:39 +01:00
Patrick Ohly
5d8e970be6 e2e pod: convert ProxyResponseChecker into matcher 
Instead of pod responses being printed to the log each time polling fails, we
get a consolidated failure message with all unexpected pod responses if (and
only if) the check times out or a progress report gets produced.
 2023-01-31 13:01:39 +01:00
Stephen Heywood
befb7d4a6a Promote SubjectAccessReview e2e test to Conformance 2023-01-09 11:24:05 +13:00
Patrick Ohly
2f6c4f5eab e2e: use Ginkgo context 
All code must use the context from Ginkgo when doing API calls or polling for a
change, otherwise the code would not return immediately when the test gets
aborted.
 2022-12-16 20:14:04 +01:00
Kubernetes Prow Robot
8c23f06aaa Merge pull request #114345 from ii/create-subjectaccessreview-test 
Write e2e test for SubjectAccessReview & createAuthorizationV1NamespacedLocalSubjectAccessReview +2 Endpoints
 2022-12-15 13:21:47 -08:00
Stephen Heywood
247c23abaf Create e2e test for SubjectAccessReview endpoints 
e2e test validates the following 2 endpoints
- createAuthorizationV1SubjectAccessReview
- createAuthorizationV1NamespacedLocalSubjectAccessReview
 2022-12-16 07:42:50 +13:00
Patrick Ohly
d4729008ef e2e: simplify test cleanup 
ginkgo.DeferCleanup has multiple advantages:
- The cleanup operation can get registered if and only if needed.
- No need to return a cleanup function that the caller must invoke.
- Automatically determines whether a context is needed, which will
  simplify the introduction of context parameters.
- Ginkgo's timeline shows when it executes the cleanup operation.
 2022-12-13 08:09:01 +01:00
Patrick Ohly
df5d84ae81 e2e: accept context from Ginkgo 
Every ginkgo callback should return immediately when a timeout occurs or the
test run manually gets aborted with CTRL-C. To do that, they must take a ctx
parameter and pass it through to all code which might block.

This is a first automated step towards that: the additional parameter got added
with

    sed -i 's/\(framework.ConformanceIt\|ginkgo.It\)\(.*\)func() {$/\1\2func(ctx context.Context) {/' \
        $(git grep -l -e framework.ConformanceIt -e ginkgo.It )
    $GOPATH/bin/goimports -w $(git status | grep modified: | sed -e 's/.* //')

log_test.go was left unchanged.
 2022-12-10 19:50:18 +01:00
Stephen Heywood
5ad48780ae Promote ServiceAccount e2e test to Conformance 2022-10-10 12:12:17 +13:00
Patrick Ohly
dfdf88d4fa e2e: adapt to moved code 
This is the result of automatically editing source files like this:

    go install golang.org/x/tools/cmd/goimports@latest
    find ./test/e2e* -name "*.go" | xargs env PATH=$GOPATH/bin:$PATH ./e2e-framework-sed.sh

with e2e-framework-sed.sh containing this:

sed -i \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecCommandInContainer(/e2epod.ExecCommandInContainer(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecCommandInContainerWithFullOutput(/e2epod.ExecCommandInContainerWithFullOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInContainer(/e2epod.ExecShellInContainer(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInPod(/e2epod.ExecShellInPod(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInPodWithFullOutput(/e2epod.ExecShellInPodWithFullOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecWithOptions(/e2epod.ExecWithOptions(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.MatchContainerOutput(/e2eoutput.MatchContainerOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.PodClient(/e2epod.NewPodClient(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.PodClientNS(/e2epod.PodClientNS(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.TestContainerOutput(/e2eoutput.TestContainerOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.TestContainerOutputRegexp(/e2eoutput.TestContainerOutputRegexp(\1, /" \
    -e "s/framework.AddOrUpdateLabelOnNode\b/e2enode.AddOrUpdateLabelOnNode/" \
    -e "s/framework.AllNodes\b/e2edebug.AllNodes/" \
    -e "s/framework.AllNodesReady\b/e2enode.AllNodesReady/" \
    -e "s/framework.ContainerResourceGatherer\b/e2edebug.ContainerResourceGatherer/" \
    -e "s/framework.ContainerResourceUsage\b/e2edebug.ContainerResourceUsage/" \
    -e "s/framework.CreateEmptyFileOnPod\b/e2eoutput.CreateEmptyFileOnPod/" \
    -e "s/framework.DefaultPodDeletionTimeout\b/e2epod.DefaultPodDeletionTimeout/" \
    -e "s/framework.DumpAllNamespaceInfo\b/e2edebug.DumpAllNamespaceInfo/" \
    -e "s/framework.DumpDebugInfo\b/e2eoutput.DumpDebugInfo/" \
    -e "s/framework.DumpNodeDebugInfo\b/e2edebug.DumpNodeDebugInfo/" \
    -e "s/framework.EtcdUpgrade\b/e2eproviders.EtcdUpgrade/" \
    -e "s/framework.EventsLister\b/e2edebug.EventsLister/" \
    -e "s/framework.ExecOptions\b/e2epod.ExecOptions/" \
    -e "s/framework.ExpectNodeHasLabel\b/e2enode.ExpectNodeHasLabel/" \
    -e "s/framework.ExpectNodeHasTaint\b/e2enode.ExpectNodeHasTaint/" \
    -e "s/framework.GCEUpgradeScript\b/e2eproviders.GCEUpgradeScript/" \
    -e "s/framework.ImagePrePullList\b/e2epod.ImagePrePullList/" \
    -e "s/framework.KubectlBuilder\b/e2ekubectl.KubectlBuilder/" \
    -e "s/framework.LocationParamGKE\b/e2eproviders.LocationParamGKE/" \
    -e "s/framework.LogSizeDataTimeseries\b/e2edebug.LogSizeDataTimeseries/" \
    -e "s/framework.LogSizeGatherer\b/e2edebug.LogSizeGatherer/" \
    -e "s/framework.LogsSizeData\b/e2edebug.LogsSizeData/" \
    -e "s/framework.LogsSizeDataSummary\b/e2edebug.LogsSizeDataSummary/" \
    -e "s/framework.LogsSizeVerifier\b/e2edebug.LogsSizeVerifier/" \
    -e "s/framework.LookForStringInLog\b/e2eoutput.LookForStringInLog/" \
    -e "s/framework.LookForStringInPodExec\b/e2eoutput.LookForStringInPodExec/" \
    -e "s/framework.LookForStringInPodExecToContainer\b/e2eoutput.LookForStringInPodExecToContainer/" \
    -e "s/framework.MasterAndDNSNodes\b/e2edebug.MasterAndDNSNodes/" \
    -e "s/framework.MasterNodes\b/e2edebug.MasterNodes/" \
    -e "s/framework.MasterUpgradeGKE\b/e2eproviders.MasterUpgradeGKE/" \
    -e "s/framework.NewKubectlCommand\b/e2ekubectl.NewKubectlCommand/" \
    -e "s/framework.NewLogsVerifier\b/e2edebug.NewLogsVerifier/" \
    -e "s/framework.NewNodeKiller\b/e2enode.NewNodeKiller/" \
    -e "s/framework.NewResourceUsageGatherer\b/e2edebug.NewResourceUsageGatherer/" \
    -e "s/framework.NodeHasTaint\b/e2enode.NodeHasTaint/" \
    -e "s/framework.NodeKiller\b/e2enode.NodeKiller/" \
    -e "s/framework.NodesSet\b/e2edebug.NodesSet/" \
    -e "s/framework.PodClient\b/e2epod.PodClient/" \
    -e "s/framework.RemoveLabelOffNode\b/e2enode.RemoveLabelOffNode/" \
    -e "s/framework.ResourceConstraint\b/e2edebug.ResourceConstraint/" \
    -e "s/framework.ResourceGathererOptions\b/e2edebug.ResourceGathererOptions/" \
    -e "s/framework.ResourceUsagePerContainer\b/e2edebug.ResourceUsagePerContainer/" \
    -e "s/framework.ResourceUsageSummary\b/e2edebug.ResourceUsageSummary/" \
    -e "s/framework.RunHostCmd\b/e2eoutput.RunHostCmd/" \
    -e "s/framework.RunHostCmdOrDie\b/e2eoutput.RunHostCmdOrDie/" \
    -e "s/framework.RunHostCmdWithFullOutput\b/e2eoutput.RunHostCmdWithFullOutput/" \
    -e "s/framework.RunHostCmdWithRetries\b/e2eoutput.RunHostCmdWithRetries/" \
    -e "s/framework.RunKubectl\b/e2ekubectl.RunKubectl/" \
    -e "s/framework.RunKubectlInput\b/e2ekubectl.RunKubectlInput/" \
    -e "s/framework.RunKubectlOrDie\b/e2ekubectl.RunKubectlOrDie/" \
    -e "s/framework.RunKubectlOrDieInput\b/e2ekubectl.RunKubectlOrDieInput/" \
    -e "s/framework.RunKubectlWithFullOutput\b/e2ekubectl.RunKubectlWithFullOutput/" \
    -e "s/framework.RunKubemciCmd\b/e2ekubectl.RunKubemciCmd/" \
    -e "s/framework.RunKubemciWithKubeconfig\b/e2ekubectl.RunKubemciWithKubeconfig/" \
    -e "s/framework.SingleContainerSummary\b/e2edebug.SingleContainerSummary/" \
    -e "s/framework.SingleLogSummary\b/e2edebug.SingleLogSummary/" \
    -e "s/framework.TimestampedSize\b/e2edebug.TimestampedSize/" \
    -e "s/framework.WaitForAllNodesSchedulable\b/e2enode.WaitForAllNodesSchedulable/" \
    -e "s/framework.WaitForSSHTunnels\b/e2enode.WaitForSSHTunnels/" \
    -e "s/framework.WorkItem\b/e2edebug.WorkItem/" \
    "$@"

for i in "$@"; do
    # Import all sub packages and let goimports figure out which of those
    # are redundant (= already imported) or not needed.
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2edebug "k8s.io/kubernetes/test/e2e/framework/debug"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2enode "k8s.io/kubernetes/test/e2e/framework/node"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2eoutput "k8s.io/kubernetes/test/e2e/framework/pod/output"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2epod "k8s.io/kubernetes/test/e2e/framework/pod"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2eproviders "k8s.io/kubernetes/test/e2e/framework/providers"' "$i"
    goimports -w "$i"
done
 2022-10-06 08:19:47 +02:00
Patrick Ohly
92047da152 e2e: make import blocks consistent 2022-10-06 08:16:47 +02:00
Stephen Heywood
a3f7da0421 Create e2e test for ServiceAccount endpoint 
e2e test validates the following 1 endpoint
- replaceCoreV1NamespacedServiceAccount
 2022-10-04 09:21:25 +13:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Dave Chen
857458cfa5 update ginkgo from v1 to v2 and gomega to 1.19.0 
- update all the import statements
- run hack/pin-dependency.sh to change pinned dependency versions
- run hack/update-vendor.sh to update go.mod files and the vendor directory
- update the method signatures for custom reporters

Signed-off-by: Dave Chen <dave.chen@arm.com>
 2022-07-08 10:44:46 +08:00
Kubernetes Prow Robot
4ab90ccebb Merge pull request #109719 from stlaz/e2e_nodeauthn_nosasecret 
auth e2e: node_authn test: don't expect a SA secret
 2022-05-19 15:13:53 -07:00
kidddddddddddddddddddddd
6791ba2590 test/e2e/auth: enhance assertions 2022-05-07 11:58:06 +08:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
Stanislav Laznicka
914a2a325a auth e2e: node_authn test: don't expect a SA secret 
The test was expecting an SA token in a secret but pods are getting
their SA tokens via projected volumes by default. Also, the SA token
controller function is getting reduced so the original check is likely
to fail.
 2022-04-29 11:16:16 +02:00
Sergiusz Urbaniak
1495c9f2cd test/e2e/*: default existing tests to privileged pod security policy 
This is to ensure that all existing tests don't break when defaulting
the pod security policy to restricted in the e2e test framework.
 2022-04-05 08:41:12 +02:00
Sergiusz Urbaniak
373c08e0c7 test/e2e/framework: configure pod security admission level for e2e tests 2022-03-28 15:42:10 +02:00
Ryan Richard
e29ac0f8be Promote CertificateSigningRequest's Spec.ExpirationSeconds field to GA 
Remove the comment "As of v1.22, this field is beta and is controlled
via the CSRDuration feature gate" from the expirationSeconds field's
godoc.

Mark the "CSRDuration" feature gate as GA in 1.24, lock its value to
"true", and remove the various logic which handled when the gate was
"false".

Update conformance test to check that the CertificateSigningRequest's
Spec.ExpirationSeconds field is stored, but do not check if the field
is honored since this functionality is optional.
 2022-03-18 14:41:43 -07:00
Jordan Liggitt
654dc8686b Exercise Get of serviceaccount in e2e 2022-03-16 20:24:50 -04:00
Mike Danese
b32e043898 remove metadata-concealment related testing 
We agreed to remove these tests in SIG Auth because they aren't testing
any OSS functionality.
 2022-03-14 12:44:48 -07:00
Shihang Zhang
fb6c727fde no auto-generation of secret-based service account token 2022-02-23 14:17:30 -08:00
Ciprian Hacman
a0abe5aa33 Clean up dockershim in tests 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2021-12-22 13:05:34 +02:00
Davanum Srinivas
9405e9b55e Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
Jordan Liggitt
11c2674ec2 Fix CSR test to accept certs shorter than the requested duration 2021-10-01 09:14:54 -04:00
Monis Khan
8d49502fcd csr: update e2e conformance test with expirationSeconds usage 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00
Arda Güçlü
676958c2bd Fix NodeAuthenticator tests in dual stack 2021-06-21 15:41:13 +03:00
Arda Güçlü
0965cad63a Use builtin JoinHostPort function 2021-05-18 14:49:02 +03:00
Arda Güçlü
2ae12e6345 Add Node IP IPv6 formatting in NodeAuthenticator tests 2021-05-18 11:47:15 +03:00
Michael Taufen
b33cd86a27 Update tests to use agnhost 2.32 
Updates e2e tests to use agnhost 2.32, which fixes an issue with the
conformance tests for ServiceAccountIssuerDiscovery.

Original fix: https://github.com/kubernetes/kubernetes/pull/101589

Image promotion: https://github.com/kubernetes/k8s.io/pull/1994
 2021-05-03 14:23:46 -07:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Shihang Zhang
5d1774e9db promote RootCAConfigMap e2e test to Conformance 2021-02-22 10:37:41 -08:00
Michael Taufen
f3e223cbbc Promote ServiceAccountIssuerDiscovery test to conformance 
This satisfies the graduation criteria for promoting
ServiceAccountIssuerDiscovery to GA, per the KEP:
https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery

The test only uses GA APIs and has been passing for well
over two weeks:
https://testgrid.k8s.io/sig-release-master-blocking#gce-cos-master-alpha-features&include-filter-by-regex=ServiceAccountIssuerDiscovery
 2021-02-05 16:05:15 -08:00
Michael Taufen
05439d48aa Tolerate disabled RBAC in ServiceAccountIssuerDiscovery test 
Also clean up the binding after the test.
 2021-02-05 10:59:18 -08:00
Michael Taufen
cf809c37c4 Move ServiceAccountIssuerDiscovery test into main e2e suite 
By removing feature tag. In preparation for GA.
 2021-01-29 16:18:26 -08:00
Claudiu Belu
ee9be7ce5a tests: Removes node created by test 
The test "A node shouldn't be able to create another node" could create
a node during its run, but it doesn't delete it in this case.

This commit addresses this issue.
 2021-01-11 15:39:43 -08:00
Shihang Zhang
22ae49bb5d Promote TokenRequest e2e test to Conformance 2020-11-06 13:51:48 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Kubernetes Prow Robot
2603cc1fcf Merge pull request #94835 from zshihang/upgrade 
upgrade test for BoundServiceAccountTokenVolume
 2020-10-03 14:17:05 -07:00