github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
112,133 Commits 1 Branch 31 Tags
5aeb9db52fd877b063048bc05dfd00a20b1a6d41
Commit Graph

203 Commits

Author SHA1 Message Date
Stephen Heywood
5ad48780ae Promote ServiceAccount e2e test to Conformance 2022-10-10 12:12:17 +13:00
Patrick Ohly
dfdf88d4fa e2e: adapt to moved code 
This is the result of automatically editing source files like this:

    go install golang.org/x/tools/cmd/goimports@latest
    find ./test/e2e* -name "*.go" | xargs env PATH=$GOPATH/bin:$PATH ./e2e-framework-sed.sh

with e2e-framework-sed.sh containing this:

sed -i \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecCommandInContainer(/e2epod.ExecCommandInContainer(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecCommandInContainerWithFullOutput(/e2epod.ExecCommandInContainerWithFullOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInContainer(/e2epod.ExecShellInContainer(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInPod(/e2epod.ExecShellInPod(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecShellInPodWithFullOutput(/e2epod.ExecShellInPodWithFullOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.ExecWithOptions(/e2epod.ExecWithOptions(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.MatchContainerOutput(/e2eoutput.MatchContainerOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.PodClient(/e2epod.NewPodClient(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.PodClientNS(/e2epod.PodClientNS(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.TestContainerOutput(/e2eoutput.TestContainerOutput(\1, /" \
    -e "s/\(f\|fr\|\w\w*\.[fF]\w*\)\.TestContainerOutputRegexp(/e2eoutput.TestContainerOutputRegexp(\1, /" \
    -e "s/framework.AddOrUpdateLabelOnNode\b/e2enode.AddOrUpdateLabelOnNode/" \
    -e "s/framework.AllNodes\b/e2edebug.AllNodes/" \
    -e "s/framework.AllNodesReady\b/e2enode.AllNodesReady/" \
    -e "s/framework.ContainerResourceGatherer\b/e2edebug.ContainerResourceGatherer/" \
    -e "s/framework.ContainerResourceUsage\b/e2edebug.ContainerResourceUsage/" \
    -e "s/framework.CreateEmptyFileOnPod\b/e2eoutput.CreateEmptyFileOnPod/" \
    -e "s/framework.DefaultPodDeletionTimeout\b/e2epod.DefaultPodDeletionTimeout/" \
    -e "s/framework.DumpAllNamespaceInfo\b/e2edebug.DumpAllNamespaceInfo/" \
    -e "s/framework.DumpDebugInfo\b/e2eoutput.DumpDebugInfo/" \
    -e "s/framework.DumpNodeDebugInfo\b/e2edebug.DumpNodeDebugInfo/" \
    -e "s/framework.EtcdUpgrade\b/e2eproviders.EtcdUpgrade/" \
    -e "s/framework.EventsLister\b/e2edebug.EventsLister/" \
    -e "s/framework.ExecOptions\b/e2epod.ExecOptions/" \
    -e "s/framework.ExpectNodeHasLabel\b/e2enode.ExpectNodeHasLabel/" \
    -e "s/framework.ExpectNodeHasTaint\b/e2enode.ExpectNodeHasTaint/" \
    -e "s/framework.GCEUpgradeScript\b/e2eproviders.GCEUpgradeScript/" \
    -e "s/framework.ImagePrePullList\b/e2epod.ImagePrePullList/" \
    -e "s/framework.KubectlBuilder\b/e2ekubectl.KubectlBuilder/" \
    -e "s/framework.LocationParamGKE\b/e2eproviders.LocationParamGKE/" \
    -e "s/framework.LogSizeDataTimeseries\b/e2edebug.LogSizeDataTimeseries/" \
    -e "s/framework.LogSizeGatherer\b/e2edebug.LogSizeGatherer/" \
    -e "s/framework.LogsSizeData\b/e2edebug.LogsSizeData/" \
    -e "s/framework.LogsSizeDataSummary\b/e2edebug.LogsSizeDataSummary/" \
    -e "s/framework.LogsSizeVerifier\b/e2edebug.LogsSizeVerifier/" \
    -e "s/framework.LookForStringInLog\b/e2eoutput.LookForStringInLog/" \
    -e "s/framework.LookForStringInPodExec\b/e2eoutput.LookForStringInPodExec/" \
    -e "s/framework.LookForStringInPodExecToContainer\b/e2eoutput.LookForStringInPodExecToContainer/" \
    -e "s/framework.MasterAndDNSNodes\b/e2edebug.MasterAndDNSNodes/" \
    -e "s/framework.MasterNodes\b/e2edebug.MasterNodes/" \
    -e "s/framework.MasterUpgradeGKE\b/e2eproviders.MasterUpgradeGKE/" \
    -e "s/framework.NewKubectlCommand\b/e2ekubectl.NewKubectlCommand/" \
    -e "s/framework.NewLogsVerifier\b/e2edebug.NewLogsVerifier/" \
    -e "s/framework.NewNodeKiller\b/e2enode.NewNodeKiller/" \
    -e "s/framework.NewResourceUsageGatherer\b/e2edebug.NewResourceUsageGatherer/" \
    -e "s/framework.NodeHasTaint\b/e2enode.NodeHasTaint/" \
    -e "s/framework.NodeKiller\b/e2enode.NodeKiller/" \
    -e "s/framework.NodesSet\b/e2edebug.NodesSet/" \
    -e "s/framework.PodClient\b/e2epod.PodClient/" \
    -e "s/framework.RemoveLabelOffNode\b/e2enode.RemoveLabelOffNode/" \
    -e "s/framework.ResourceConstraint\b/e2edebug.ResourceConstraint/" \
    -e "s/framework.ResourceGathererOptions\b/e2edebug.ResourceGathererOptions/" \
    -e "s/framework.ResourceUsagePerContainer\b/e2edebug.ResourceUsagePerContainer/" \
    -e "s/framework.ResourceUsageSummary\b/e2edebug.ResourceUsageSummary/" \
    -e "s/framework.RunHostCmd\b/e2eoutput.RunHostCmd/" \
    -e "s/framework.RunHostCmdOrDie\b/e2eoutput.RunHostCmdOrDie/" \
    -e "s/framework.RunHostCmdWithFullOutput\b/e2eoutput.RunHostCmdWithFullOutput/" \
    -e "s/framework.RunHostCmdWithRetries\b/e2eoutput.RunHostCmdWithRetries/" \
    -e "s/framework.RunKubectl\b/e2ekubectl.RunKubectl/" \
    -e "s/framework.RunKubectlInput\b/e2ekubectl.RunKubectlInput/" \
    -e "s/framework.RunKubectlOrDie\b/e2ekubectl.RunKubectlOrDie/" \
    -e "s/framework.RunKubectlOrDieInput\b/e2ekubectl.RunKubectlOrDieInput/" \
    -e "s/framework.RunKubectlWithFullOutput\b/e2ekubectl.RunKubectlWithFullOutput/" \
    -e "s/framework.RunKubemciCmd\b/e2ekubectl.RunKubemciCmd/" \
    -e "s/framework.RunKubemciWithKubeconfig\b/e2ekubectl.RunKubemciWithKubeconfig/" \
    -e "s/framework.SingleContainerSummary\b/e2edebug.SingleContainerSummary/" \
    -e "s/framework.SingleLogSummary\b/e2edebug.SingleLogSummary/" \
    -e "s/framework.TimestampedSize\b/e2edebug.TimestampedSize/" \
    -e "s/framework.WaitForAllNodesSchedulable\b/e2enode.WaitForAllNodesSchedulable/" \
    -e "s/framework.WaitForSSHTunnels\b/e2enode.WaitForSSHTunnels/" \
    -e "s/framework.WorkItem\b/e2edebug.WorkItem/" \
    "$@"

for i in "$@"; do
    # Import all sub packages and let goimports figure out which of those
    # are redundant (= already imported) or not needed.
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2edebug "k8s.io/kubernetes/test/e2e/framework/debug"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2enode "k8s.io/kubernetes/test/e2e/framework/node"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2eoutput "k8s.io/kubernetes/test/e2e/framework/pod/output"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2epod "k8s.io/kubernetes/test/e2e/framework/pod"' "$i"
    sed -i -e '/"k8s.io.kubernetes.test.e2e.framework"/a e2eproviders "k8s.io/kubernetes/test/e2e/framework/providers"' "$i"
    goimports -w "$i"
done
 2022-10-06 08:19:47 +02:00
Patrick Ohly
92047da152 e2e: make import blocks consistent 2022-10-06 08:16:47 +02:00
Stephen Heywood
a3f7da0421 Create e2e test for ServiceAccount endpoint 
e2e test validates the following 1 endpoint
- replaceCoreV1NamespacedServiceAccount
 2022-10-04 09:21:25 +13:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Dave Chen
857458cfa5 update ginkgo from v1 to v2 and gomega to 1.19.0 
- update all the import statements
- run hack/pin-dependency.sh to change pinned dependency versions
- run hack/update-vendor.sh to update go.mod files and the vendor directory
- update the method signatures for custom reporters

Signed-off-by: Dave Chen <dave.chen@arm.com>
 2022-07-08 10:44:46 +08:00
Kubernetes Prow Robot
4ab90ccebb Merge pull request #109719 from stlaz/e2e_nodeauthn_nosasecret 
auth e2e: node_authn test: don't expect a SA secret
 2022-05-19 15:13:53 -07:00
kidddddddddddddddddddddd
6791ba2590 test/e2e/auth: enhance assertions 2022-05-07 11:58:06 +08:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
Stanislav Laznicka
914a2a325a auth e2e: node_authn test: don't expect a SA secret 
The test was expecting an SA token in a secret but pods are getting
their SA tokens via projected volumes by default. Also, the SA token
controller function is getting reduced so the original check is likely
to fail.
 2022-04-29 11:16:16 +02:00
Sergiusz Urbaniak
1495c9f2cd test/e2e/*: default existing tests to privileged pod security policy 
This is to ensure that all existing tests don't break when defaulting
the pod security policy to restricted in the e2e test framework.
 2022-04-05 08:41:12 +02:00
Sergiusz Urbaniak
373c08e0c7 test/e2e/framework: configure pod security admission level for e2e tests 2022-03-28 15:42:10 +02:00
Ryan Richard
e29ac0f8be Promote CertificateSigningRequest's Spec.ExpirationSeconds field to GA 
Remove the comment "As of v1.22, this field is beta and is controlled
via the CSRDuration feature gate" from the expirationSeconds field's
godoc.

Mark the "CSRDuration" feature gate as GA in 1.24, lock its value to
"true", and remove the various logic which handled when the gate was
"false".

Update conformance test to check that the CertificateSigningRequest's
Spec.ExpirationSeconds field is stored, but do not check if the field
is honored since this functionality is optional.
 2022-03-18 14:41:43 -07:00
Jordan Liggitt
654dc8686b Exercise Get of serviceaccount in e2e 2022-03-16 20:24:50 -04:00
Mike Danese
b32e043898 remove metadata-concealment related testing 
We agreed to remove these tests in SIG Auth because they aren't testing
any OSS functionality.
 2022-03-14 12:44:48 -07:00
Shihang Zhang
fb6c727fde no auto-generation of secret-based service account token 2022-02-23 14:17:30 -08:00
Ciprian Hacman
a0abe5aa33 Clean up dockershim in tests 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2021-12-22 13:05:34 +02:00
Davanum Srinivas
9405e9b55e Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
Jordan Liggitt
11c2674ec2 Fix CSR test to accept certs shorter than the requested duration 2021-10-01 09:14:54 -04:00
Monis Khan
8d49502fcd csr: update e2e conformance test with expirationSeconds usage 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00
Arda Güçlü
676958c2bd Fix NodeAuthenticator tests in dual stack 2021-06-21 15:41:13 +03:00
Arda Güçlü
0965cad63a Use builtin JoinHostPort function 2021-05-18 14:49:02 +03:00
Arda Güçlü
2ae12e6345 Add Node IP IPv6 formatting in NodeAuthenticator tests 2021-05-18 11:47:15 +03:00
Michael Taufen
b33cd86a27 Update tests to use agnhost 2.32 
Updates e2e tests to use agnhost 2.32, which fixes an issue with the
conformance tests for ServiceAccountIssuerDiscovery.

Original fix: https://github.com/kubernetes/kubernetes/pull/101589

Image promotion: https://github.com/kubernetes/k8s.io/pull/1994
 2021-05-03 14:23:46 -07:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Shihang Zhang
5d1774e9db promote RootCAConfigMap e2e test to Conformance 2021-02-22 10:37:41 -08:00
Michael Taufen
f3e223cbbc Promote ServiceAccountIssuerDiscovery test to conformance 
This satisfies the graduation criteria for promoting
ServiceAccountIssuerDiscovery to GA, per the KEP:
https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery

The test only uses GA APIs and has been passing for well
over two weeks:
https://testgrid.k8s.io/sig-release-master-blocking#gce-cos-master-alpha-features&include-filter-by-regex=ServiceAccountIssuerDiscovery
 2021-02-05 16:05:15 -08:00
Michael Taufen
05439d48aa Tolerate disabled RBAC in ServiceAccountIssuerDiscovery test 
Also clean up the binding after the test.
 2021-02-05 10:59:18 -08:00
Michael Taufen
cf809c37c4 Move ServiceAccountIssuerDiscovery test into main e2e suite 
By removing feature tag. In preparation for GA.
 2021-01-29 16:18:26 -08:00
Claudiu Belu
ee9be7ce5a tests: Removes node created by test 
The test "A node shouldn't be able to create another node" could create
a node during its run, but it doesn't delete it in this case.

This commit addresses this issue.
 2021-01-11 15:39:43 -08:00
Shihang Zhang
22ae49bb5d Promote TokenRequest e2e test to Conformance 2020-11-06 13:51:48 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Kubernetes Prow Robot
2603cc1fcf Merge pull request #94835 from zshihang/upgrade 
upgrade test for BoundServiceAccountTokenVolume
 2020-10-03 14:17:05 -07:00
Shihang Zhang
637235e893 upgrade test for BoundServiceAccountTokenVolume 2020-09-24 09:55:05 -07:00
Claudiu Belu
89eae73323 tests: Refactors agnhost image pod usage in tests 
A previous commit created a few agnhost related functions that creates agnhost
pods / containers for general purposes.

Refactors tests to use those functions.
 2020-09-22 13:09:49 -07:00
Daniel Smith
75f835aa08 move port definitions to a common location 2020-09-02 10:48:25 -07:00
Jordan Liggitt
f5490cb5c8 Remove flaky audit e2e test 2020-08-17 09:59:59 -04:00
Jordan Liggitt
6fb7d40a72 Move kube-apiserver client cert back to simple e2e 2020-06-10 15:28:26 -04:00
Jordan Liggitt
a504445086 Generated files 
Change-Id: I598d686849f4b97846757b227f5191bac031798b
 2020-06-05 04:58:14 +00:00
Jordan Liggitt
ea8f4cb536 Update CSR e2e to use v1 2020-06-05 00:50:01 -04:00
Kubernetes Prow Robot
84861d2102 Merge pull request #91558 from liggitt/csr-e2e 
Add e2e coverage for the CertificateSigningRequest API, enable patch support for approval subresource
 2020-06-02 06:28:15 -07:00
hasheddan
7b0b5cb8d1 Fix minor typo in projected service account e2e test 
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
 2020-06-01 14:10:09 -05:00
Jordan Liggitt
0e2b13aed2 Add CertificateSigningRequest API coverage tests 2020-05-29 11:50:44 -04:00
David Eads
ed4e6f1026 remove dynamic audit 2020-05-27 15:18:53 -04:00
Kubernetes Prow Robot
57b0c310b7 Merge pull request #90390 from ii/promote-serviceaccount-resource-lifecycle-test 
Promote ServiceAccount resource lifecycle test - +3 conformance coverage
 2020-05-20 16:44:33 -07:00
Shihang Zhang
3db7275b54 set proper file permission for projected service account volume 2020-05-04 18:25:23 -07:00
Caleb Woodbine
bd9269f444 Fix formatting 2020-04-30 14:21:04 +12:00
Caleb Woodbine
e09e781a0c Promote ServiceAccount resource lifecycle test 2020-04-23 16:32:54 +12:00
Kubernetes Prow Robot
c13a9401ca Merge pull request #90193 from ii/create-serviceaccount-resource-lifecycle-test 
Create ServiceAccount resource lifecycle test - +3 endpoint coverage
 2020-04-22 19:22:00 -07:00