Run the LDAP client's integration tests only on Kind

TestSimultaneousLDAPRequestsOnSingleProvider proved to be unreliable on AKS due to some kind of kubectl port-forward issue, so only run the LDAP client's integration tests on Kind. They are testing the integration between the client code and the OpenLDAP test server, not testing anything about Kubernetes, so running only on Kind should give us sufficient test coverage.
2021-07-08 11:10:53 -07:00 · 2021-07-08 11:10:53 -07:00 · 709c10227f
parent 1f5480cd5c
commit 709c10227f
7 changed files with 47 additions and 3 deletions
--- a/test/cluster_capabilities/aks.yaml
+++ b/test/cluster_capabilities/aks.yaml
@ -1,6 +1,9 @@
 # Copyright 2021 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0

+# The name of the cluster type.
+kubernetesDistribution: AKS
+
 # Describe the capabilities of the cluster against which the integration tests will run.
 capabilities:

--- a/test/cluster_capabilities/eks.yaml
+++ b/test/cluster_capabilities/eks.yaml
@ -1,6 +1,9 @@
 # Copyright 2021 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0

+# The name of the cluster type.
+kubernetesDistribution: EKS
+
 # Describe the capabilities of the cluster against which the integration tests will run.
 capabilities:

--- a/test/cluster_capabilities/gke.yaml
+++ b/test/cluster_capabilities/gke.yaml
@ -1,6 +1,9 @@
 # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0

+# The name of the cluster type.
+kubernetesDistribution: GKE
+
 # Describe the capabilities of the cluster against which the integration tests will run.
 capabilities:

--- a/test/cluster_capabilities/kind.yaml
+++ b/test/cluster_capabilities/kind.yaml
@ -1,6 +1,9 @@
 # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0

+# The name of the cluster type.
+kubernetesDistribution: Kind
+
 # Describe the capabilities of the cluster against which the integration tests will run.
 capabilities:

--- a/test/cluster_capabilities/tkgs.yaml
+++ b/test/cluster_capabilities/tkgs.yaml
@ -1,6 +1,9 @@
 # Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0

+# The name of the cluster type.
+kubernetesDistribution: TKGS
+
 # Describe the capabilities of the cluster against which the integration tests will run.
 capabilities:

@ -15,4 +18,4 @@ capabilities:
  anonymousAuthenticationSupported: true

  # Are LDAP ports on the Internet reachable without interference from network firewalls or proxies?
-  canReachInternetLDAPPorts: false
+  canReachInternetLDAPPorts: true
--- a/test/integration/ldap_client_test.go
+++ b/test/integration/ldap_client_test.go
@ -25,7 +25,11 @@ import (
 )

 func TestLDAPSearch(t *testing.T) {
-	env := testlib.IntegrationEnv(t)
+	// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
+	// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
+	// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
+	// was very flaky on AKS, so we'll get the coverage by only running it on kind.
+	env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)

 	// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
 	// It requires the test LDAP server from the tools deployment.
@ -613,7 +617,11 @@ func TestLDAPSearch(t *testing.T) {
 }

 func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) {
-	env := testlib.IntegrationEnv(t)
+	// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
+	// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
+	// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
+	// was very flaky on AKS, so we'll get the coverage by only running it on kind.
+	env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)

 	// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
 	// It requires the test LDAP server from the tools deployment.
--- a/test/testlib/env.go
+++ b/test/testlib/env.go
@ -19,12 +19,19 @@ import (
 )

 type Capability string
+type KubeDistro string

 const (
 	ClusterSigningKeyIsAvailable     Capability = "clusterSigningKeyIsAvailable"
 	AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
 	HasExternalLoadBalancerProvider  Capability = "hasExternalLoadBalancerProvider"
 	CanReachInternetLDAPPorts        Capability = "canReachInternetLDAPPorts"
+
+	KindDistro KubeDistro = "Kind"
+	GKEDistro  KubeDistro = "GKE"
+	AKSDistro  KubeDistro = "AKS"
+	EKSDistro  KubeDistro = "EKS"
+	TKGSDistro KubeDistro = "TKGS"
 )

 // TestEnv captures all the external parameters consumed by our integration tests.
@ -38,6 +45,7 @@ type TestEnv struct {
 	SupervisorAppName              string                               `json:"supervisorAppName"`
 	SupervisorCustomLabels         map[string]string                    `json:"supervisorCustomLabels"`
 	ConciergeCustomLabels          map[string]string                    `json:"conciergeCustomLabels"`
+	KubernetesDistribution         KubeDistro                           `json:"kubernetesDistribution"`
 	Capabilities                   map[Capability]bool                  `json:"capabilities"`
 	TestWebhook                    auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
 	SupervisorHTTPAddress          string                               `json:"supervisorHttpAddress"`
@ -285,3 +293,16 @@ func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv {
 	}
 	return e
 }
+
+// WithKubeDistribution skips the test unless it will run on the expected cluster type.
+// Please use this sparingly. We would prefer that a test run on every cluster type where it can possibly run, so
+// prefer to run everywhere when possible or use cluster capabilities when needed, rather than looking at the
+// type of cluster to decide to skip a test. However, there are some tests that do not depend on or interact with
+// Kubernetes itself which really only need to run on on a single platform to give us the coverage that we desire.
+func (e *TestEnv) WithKubeDistribution(distro KubeDistro) *TestEnv {
+	e.t.Helper()
+	if e.KubernetesDistribution != distro {
+		e.t.Skipf("skipping integration test because test environment is running %q but this test wants %q", e.KubernetesDistribution, distro)
+	}
+	return e
+}