From 2515b2d710543b77e520734e50d60a622311539e Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 16 Mar 2021 14:59:59 -0500 Subject: [PATCH] Make TestAPIServingCertificateAutoCreationAndRotation more reliable. This test has occasionally flaked because it only waited for the APIService GET to finish, but did not wait for the controller to successfully update the target object. The new code should be more patient and allow the controller up to 10s to perform the expected action. Signed-off-by: Matt Moyer --- .../concierge_api_serving_certs_test.go | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/test/integration/concierge_api_serving_certs_test.go b/test/integration/concierge_api_serving_certs_test.go index 78aefea6..a6d3cd36 100644 --- a/test/integration/concierge_api_serving_certs_test.go +++ b/test/integration/concierge_api_serving_certs_test.go @@ -4,6 +4,7 @@ package integration import ( + "bytes" "context" "testing" "time" @@ -131,13 +132,19 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) { require.Equal(t, env.ConciergeAppName, secret.Labels["app"]) // Expect that the APIService was also updated with the new CA. - aggregatedAPIUpdated := func() bool { - apiService, err = aggregatedClient.ApiregistrationV1().APIServices().Get(ctx, apiServiceName, metav1.GetOptions{}) - return err == nil - } - assert.Eventually(t, aggregatedAPIUpdated, 10*time.Second, 250*time.Millisecond) - require.NoError(t, err) // prints out the error and stops the test in case of failure - require.Equal(t, regeneratedCACert, apiService.Spec.CABundle) + require.Eventually(t, func() bool { + apiService, err := aggregatedClient.ApiregistrationV1().APIServices().Get(ctx, apiServiceName, metav1.GetOptions{}) + if err != nil { + t.Logf("get for APIService %q returned error %v", apiServiceName, err) + return false + } + if !bytes.Equal(regeneratedCACert, apiService.Spec.CABundle) { + t.Logf("CA bundle in APIService %q does not yet have the expected value", apiServiceName) + return false + } + t.Logf("found that APIService %q was updated to expected CA certificate", apiServiceName) + return true + }, 10*time.Second, 250*time.Millisecond, "never saw CA certificate rotate to expected value") // Check that we can still make requests to the aggregated API through the kube API server, // because the kube API server uses these certs when proxying requests to the aggregated API server,