Make TestAPIServingCertificateAutoCreationAndRotation less flaky.

This test would occasionally flake for me when running locally. This change moves more of the assertions into the "eventually" loop, so they can temporarily fail as long as they converge on the expected values.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-07-08 16:40:39 -05:00
parent 2e18c88e33
commit 3a840cee76
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D

View File

@ -107,24 +107,26 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) {
require.NoError(t, test.forceRotation(ctx, kubeClient, env.ConciergeNamespace)) require.NoError(t, test.forceRotation(ctx, kubeClient, env.ConciergeNamespace))
// Expect that the Secret comes back right away with newly minted certs. // Expect that the Secret comes back right away with newly minted certs.
var regeneratedCACert []byte
testlib.RequireEventually(t, func(requireEventually *require.Assertions) { testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
var err error var err error
secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{}) secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
requireEventually.NoError(err) requireEventually.NoError(err)
}, time.Minute, 250*time.Millisecond)
regeneratedCACert := secret.Data["caCertificate"] regeneratedCACert = secret.Data["caCertificate"]
regeneratedPrivateKey := secret.Data["tlsPrivateKey"] regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
regeneratedCertChain := secret.Data["tlsCertificateChain"] regeneratedCertChain := secret.Data["tlsCertificateChain"]
require.NotEmpty(t, regeneratedCACert) requireEventually.NotEmpty(regeneratedCACert)
require.NotEmpty(t, regeneratedPrivateKey) requireEventually.NotEmpty(regeneratedPrivateKey)
require.NotEmpty(t, regeneratedCertChain) requireEventually.NotEmpty(regeneratedCertChain)
require.NotEqual(t, initialCACert, regeneratedCACert) requireEventually.NotEqual(initialCACert, regeneratedCACert)
require.NotEqual(t, initialPrivateKey, regeneratedPrivateKey) requireEventually.NotEqual(initialPrivateKey, regeneratedPrivateKey)
require.NotEqual(t, initialCertChain, regeneratedCertChain) requireEventually.NotEqual(initialCertChain, regeneratedCertChain)
for k, v := range env.ConciergeCustomLabels { for k, v := range env.ConciergeCustomLabels {
require.Equalf(t, v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v) requireEventually.Equalf(v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
} }
require.Equal(t, env.ConciergeAppName, secret.Labels["app"]) requireEventually.Equal(env.ConciergeAppName, secret.Labels["app"])
}, time.Minute, 250*time.Millisecond)
// Expect that the APIService was also updated with the new CA. // Expect that the APIService was also updated with the new CA.
testlib.RequireEventually(t, func(requireEventually *require.Assertions) { testlib.RequireEventually(t, func(requireEventually *require.Assertions) {