Run the LDAP client's integration tests only on Kind

TestSimultaneousLDAPRequestsOnSingleProvider proved to be unreliable
on AKS due to some kind of kubectl port-forward issue, so only
run the LDAP client's integration tests on Kind. They are testing
the integration between the client code and the OpenLDAP test server,
not testing anything about Kubernetes, so running only on Kind should
give us sufficient test coverage.
This commit is contained in:
Ryan Richard 2021-07-08 11:10:53 -07:00
parent 1f5480cd5c
commit 709c10227f
7 changed files with 47 additions and 3 deletions

View File

@ -1,6 +1,9 @@
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# The name of the cluster type.
kubernetesDistribution: AKS
# Describe the capabilities of the cluster against which the integration tests will run.
capabilities:

View File

@ -1,6 +1,9 @@
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# The name of the cluster type.
kubernetesDistribution: EKS
# Describe the capabilities of the cluster against which the integration tests will run.
capabilities:

View File

@ -1,6 +1,9 @@
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# The name of the cluster type.
kubernetesDistribution: GKE
# Describe the capabilities of the cluster against which the integration tests will run.
capabilities:

View File

@ -1,6 +1,9 @@
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# The name of the cluster type.
kubernetesDistribution: Kind
# Describe the capabilities of the cluster against which the integration tests will run.
capabilities:

View File

@ -1,6 +1,9 @@
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
# The name of the cluster type.
kubernetesDistribution: TKGS
# Describe the capabilities of the cluster against which the integration tests will run.
capabilities:
@ -15,4 +18,4 @@ capabilities:
anonymousAuthenticationSupported: true
# Are LDAP ports on the Internet reachable without interference from network firewalls or proxies?
canReachInternetLDAPPorts: false
canReachInternetLDAPPorts: true

View File

@ -25,7 +25,11 @@ import (
)
func TestLDAPSearch(t *testing.T) {
env := testlib.IntegrationEnv(t)
// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
// was very flaky on AKS, so we'll get the coverage by only running it on kind.
env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
// It requires the test LDAP server from the tools deployment.
@ -613,7 +617,11 @@ func TestLDAPSearch(t *testing.T) {
}
func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) {
env := testlib.IntegrationEnv(t)
// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
// was very flaky on AKS, so we'll get the coverage by only running it on kind.
env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
// It requires the test LDAP server from the tools deployment.

View File

@ -19,12 +19,19 @@ import (
)
type Capability string
type KubeDistro string
const (
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider"
CanReachInternetLDAPPorts Capability = "canReachInternetLDAPPorts"
KindDistro KubeDistro = "Kind"
GKEDistro KubeDistro = "GKE"
AKSDistro KubeDistro = "AKS"
EKSDistro KubeDistro = "EKS"
TKGSDistro KubeDistro = "TKGS"
)
// TestEnv captures all the external parameters consumed by our integration tests.
@ -38,6 +45,7 @@ type TestEnv struct {
SupervisorAppName string `json:"supervisorAppName"`
SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"`
ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"`
KubernetesDistribution KubeDistro `json:"kubernetesDistribution"`
Capabilities map[Capability]bool `json:"capabilities"`
TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
SupervisorHTTPAddress string `json:"supervisorHttpAddress"`
@ -285,3 +293,16 @@ func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv {
}
return e
}
// WithKubeDistribution skips the test unless it will run on the expected cluster type.
// Please use this sparingly. We would prefer that a test run on every cluster type where it can possibly run, so
// prefer to run everywhere when possible or use cluster capabilities when needed, rather than looking at the
// type of cluster to decide to skip a test. However, there are some tests that do not depend on or interact with
// Kubernetes itself which really only need to run on on a single platform to give us the coverage that we desire.
func (e *TestEnv) WithKubeDistribution(distro KubeDistro) *TestEnv {
e.t.Helper()
if e.KubernetesDistribution != distro {
e.t.Skipf("skipping integration test because test environment is running %q but this test wants %q", e.KubernetesDistribution, distro)
}
return e
}