From 709c10227f30bfb13508837fbf23d3c4a9428668 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Thu, 8 Jul 2021 11:10:53 -0700 Subject: [PATCH] Run the LDAP client's integration tests only on Kind TestSimultaneousLDAPRequestsOnSingleProvider proved to be unreliable on AKS due to some kind of kubectl port-forward issue, so only run the LDAP client's integration tests on Kind. They are testing the integration between the client code and the OpenLDAP test server, not testing anything about Kubernetes, so running only on Kind should give us sufficient test coverage. --- test/cluster_capabilities/aks.yaml | 3 +++ test/cluster_capabilities/eks.yaml | 3 +++ test/cluster_capabilities/gke.yaml | 3 +++ test/cluster_capabilities/kind.yaml | 3 +++ test/cluster_capabilities/tkgs.yaml | 5 ++++- test/integration/ldap_client_test.go | 12 ++++++++++-- test/testlib/env.go | 21 +++++++++++++++++++++ 7 files changed, 47 insertions(+), 3 deletions(-) diff --git a/test/cluster_capabilities/aks.yaml b/test/cluster_capabilities/aks.yaml index 2a944bda..8bdfa98e 100644 --- a/test/cluster_capabilities/aks.yaml +++ b/test/cluster_capabilities/aks.yaml @@ -1,6 +1,9 @@ # Copyright 2021 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# The name of the cluster type. +kubernetesDistribution: AKS + # Describe the capabilities of the cluster against which the integration tests will run. capabilities: diff --git a/test/cluster_capabilities/eks.yaml b/test/cluster_capabilities/eks.yaml index 9bce553d..304922f8 100644 --- a/test/cluster_capabilities/eks.yaml +++ b/test/cluster_capabilities/eks.yaml @@ -1,6 +1,9 @@ # Copyright 2021 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# The name of the cluster type. +kubernetesDistribution: EKS + # Describe the capabilities of the cluster against which the integration tests will run. capabilities: diff --git a/test/cluster_capabilities/gke.yaml b/test/cluster_capabilities/gke.yaml index 080cec4a..a1247788 100644 --- a/test/cluster_capabilities/gke.yaml +++ b/test/cluster_capabilities/gke.yaml @@ -1,6 +1,9 @@ # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# The name of the cluster type. +kubernetesDistribution: GKE + # Describe the capabilities of the cluster against which the integration tests will run. capabilities: diff --git a/test/cluster_capabilities/kind.yaml b/test/cluster_capabilities/kind.yaml index 92759ed9..485ba506 100644 --- a/test/cluster_capabilities/kind.yaml +++ b/test/cluster_capabilities/kind.yaml @@ -1,6 +1,9 @@ # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# The name of the cluster type. +kubernetesDistribution: Kind + # Describe the capabilities of the cluster against which the integration tests will run. capabilities: diff --git a/test/cluster_capabilities/tkgs.yaml b/test/cluster_capabilities/tkgs.yaml index 4c7d05ba..86220291 100644 --- a/test/cluster_capabilities/tkgs.yaml +++ b/test/cluster_capabilities/tkgs.yaml @@ -1,6 +1,9 @@ # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +# The name of the cluster type. +kubernetesDistribution: TKGS + # Describe the capabilities of the cluster against which the integration tests will run. capabilities: @@ -15,4 +18,4 @@ capabilities: anonymousAuthenticationSupported: true # Are LDAP ports on the Internet reachable without interference from network firewalls or proxies? - canReachInternetLDAPPorts: false + canReachInternetLDAPPorts: true diff --git a/test/integration/ldap_client_test.go b/test/integration/ldap_client_test.go index 0b41d00d..99a6b7fb 100644 --- a/test/integration/ldap_client_test.go +++ b/test/integration/ldap_client_test.go @@ -25,7 +25,11 @@ import ( ) func TestLDAPSearch(t *testing.T) { - env := testlib.IntegrationEnv(t) + // This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts + // with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward. + // Theoretically we should always be able to run this test, but something about the kubectl port forwarding + // was very flaky on AKS, so we'll get the coverage by only running it on kind. + env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro) // Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml. // It requires the test LDAP server from the tools deployment. @@ -613,7 +617,11 @@ func TestLDAPSearch(t *testing.T) { } func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) { - env := testlib.IntegrationEnv(t) + // This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts + // with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward. + // Theoretically we should always be able to run this test, but something about the kubectl port forwarding + // was very flaky on AKS, so we'll get the coverage by only running it on kind. + env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro) // Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml. // It requires the test LDAP server from the tools deployment. diff --git a/test/testlib/env.go b/test/testlib/env.go index 3ff75f03..ea6834b6 100644 --- a/test/testlib/env.go +++ b/test/testlib/env.go @@ -19,12 +19,19 @@ import ( ) type Capability string +type KubeDistro string const ( ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable" AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported" HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider" CanReachInternetLDAPPorts Capability = "canReachInternetLDAPPorts" + + KindDistro KubeDistro = "Kind" + GKEDistro KubeDistro = "GKE" + AKSDistro KubeDistro = "AKS" + EKSDistro KubeDistro = "EKS" + TKGSDistro KubeDistro = "TKGS" ) // TestEnv captures all the external parameters consumed by our integration tests. @@ -38,6 +45,7 @@ type TestEnv struct { SupervisorAppName string `json:"supervisorAppName"` SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"` ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"` + KubernetesDistribution KubeDistro `json:"kubernetesDistribution"` Capabilities map[Capability]bool `json:"capabilities"` TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"` SupervisorHTTPAddress string `json:"supervisorHttpAddress"` @@ -285,3 +293,16 @@ func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv { } return e } + +// WithKubeDistribution skips the test unless it will run on the expected cluster type. +// Please use this sparingly. We would prefer that a test run on every cluster type where it can possibly run, so +// prefer to run everywhere when possible or use cluster capabilities when needed, rather than looking at the +// type of cluster to decide to skip a test. However, there are some tests that do not depend on or interact with +// Kubernetes itself which really only need to run on on a single platform to give us the coverage that we desire. +func (e *TestEnv) WithKubeDistribution(distro KubeDistro) *TestEnv { + e.t.Helper() + if e.KubernetesDistribution != distro { + e.t.Skipf("skipping integration test because test environment is running %q but this test wants %q", e.KubernetesDistribution, distro) + } + return e +}