Make TestAPIServingCertificateAutoCreationAndRotation less flaky.
This test would occasionally flake for me when running locally. This change moves more of the assertions into the "eventually" loop, so they can temporarily fail as long as they converge on the expected values. Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
parent
2e18c88e33
commit
3a840cee76
@ -107,24 +107,26 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) {
|
|||||||
require.NoError(t, test.forceRotation(ctx, kubeClient, env.ConciergeNamespace))
|
require.NoError(t, test.forceRotation(ctx, kubeClient, env.ConciergeNamespace))
|
||||||
|
|
||||||
// Expect that the Secret comes back right away with newly minted certs.
|
// Expect that the Secret comes back right away with newly minted certs.
|
||||||
|
var regeneratedCACert []byte
|
||||||
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
||||||
var err error
|
var err error
|
||||||
secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
|
secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
|
||||||
requireEventually.NoError(err)
|
requireEventually.NoError(err)
|
||||||
}, time.Minute, 250*time.Millisecond)
|
|
||||||
regeneratedCACert := secret.Data["caCertificate"]
|
regeneratedCACert = secret.Data["caCertificate"]
|
||||||
regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
|
regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
|
||||||
regeneratedCertChain := secret.Data["tlsCertificateChain"]
|
regeneratedCertChain := secret.Data["tlsCertificateChain"]
|
||||||
require.NotEmpty(t, regeneratedCACert)
|
requireEventually.NotEmpty(regeneratedCACert)
|
||||||
require.NotEmpty(t, regeneratedPrivateKey)
|
requireEventually.NotEmpty(regeneratedPrivateKey)
|
||||||
require.NotEmpty(t, regeneratedCertChain)
|
requireEventually.NotEmpty(regeneratedCertChain)
|
||||||
require.NotEqual(t, initialCACert, regeneratedCACert)
|
requireEventually.NotEqual(initialCACert, regeneratedCACert)
|
||||||
require.NotEqual(t, initialPrivateKey, regeneratedPrivateKey)
|
requireEventually.NotEqual(initialPrivateKey, regeneratedPrivateKey)
|
||||||
require.NotEqual(t, initialCertChain, regeneratedCertChain)
|
requireEventually.NotEqual(initialCertChain, regeneratedCertChain)
|
||||||
for k, v := range env.ConciergeCustomLabels {
|
for k, v := range env.ConciergeCustomLabels {
|
||||||
require.Equalf(t, v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
|
requireEventually.Equalf(v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
|
||||||
}
|
}
|
||||||
require.Equal(t, env.ConciergeAppName, secret.Labels["app"])
|
requireEventually.Equal(env.ConciergeAppName, secret.Labels["app"])
|
||||||
|
}, time.Minute, 250*time.Millisecond)
|
||||||
|
|
||||||
// Expect that the APIService was also updated with the new CA.
|
// Expect that the APIService was also updated with the new CA.
|
||||||
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
||||||
|
Loading…
Reference in New Issue
Block a user