djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make TestAPIServingCertificateAutoCreationAndRotation more reliable.

Browse Source 
This test has occasionally flaked because it only waited for the APIService GET to finish, but did not wait for the controller to successfully update the target object.

The new code should be more patient and allow the controller up to 10s to perform the expected action.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-03-16 14:59:59 -05:00
parent 2319606cd2
commit 2515b2d710
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
test/integration/concierge_api_serving_certs_test.go
View File

@ -4,6 +4,7 @@
package integration
import (
"bytes"
"context"
"testing"
"time"
@ -131,13 +132,19 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) {
require.Equal(t, env.ConciergeAppName, secret.Labels["app"])
// Expect that the APIService was also updated with the new CA.
aggregatedAPIUpdated := func() bool {
apiService, err = aggregatedClient.ApiregistrationV1().APIServices().Get(ctx, apiServiceName, metav1.GetOptions{})
return err == nil
}
assert.Eventually(t, aggregatedAPIUpdated, 10*time.Second, 250*time.Millisecond)
require.NoError(t, err) // prints out the error and stops the test in case of failure
require.Equal(t, regeneratedCACert, apiService.Spec.CABundle)
require.Eventually(t, func() bool {
apiService, err := aggregatedClient.ApiregistrationV1().APIServices().Get(ctx, apiServiceName, metav1.GetOptions{})
if err != nil {
t.Logf("get for APIService %q returned error %v", apiServiceName, err)
return false
}
if !bytes.Equal(regeneratedCACert, apiService.Spec.CABundle) {
t.Logf("CA bundle in APIService %q does not yet have the expected value", apiServiceName)
return false
}
t.Logf("found that APIService %q was updated to expected CA certificate", apiServiceName)
return true
}, 10*time.Second, 250*time.Millisecond, "never saw CA certificate rotate to expected value")
// Check that we can still make requests to the aggregated API through the kube API server,
// because the kube API server uses these certs when proxying requests to the aggregated API server,