Run the LDAP client's integration tests only on Kind
TestSimultaneousLDAPRequestsOnSingleProvider proved to be unreliable on AKS due to some kind of kubectl port-forward issue, so only run the LDAP client's integration tests on Kind. They are testing the integration between the client code and the OpenLDAP test server, not testing anything about Kubernetes, so running only on Kind should give us sufficient test coverage.
This commit is contained in:
Ryan Richard
parent
1f5480cd5c
commit
709c10227f
@ -1,6 +1,9 @@
|
|||||||
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# The name of the cluster type.
|
||||||
|
kubernetesDistribution: AKS
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# The name of the cluster type.
|
||||||
|
kubernetesDistribution: EKS
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# The name of the cluster type.
|
||||||
|
kubernetesDistribution: GKE
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# The name of the cluster type.
|
||||||
|
kubernetesDistribution: Kind
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
# The name of the cluster type.
|
||||||
|
kubernetesDistribution: TKGS
|
||||||
|
|
||||||
# Describe the capabilities of the cluster against which the integration tests will run.
|
# Describe the capabilities of the cluster against which the integration tests will run.
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
||||||
@ -15,4 +18,4 @@ capabilities:
|
|||||||
anonymousAuthenticationSupported: true
|
anonymousAuthenticationSupported: true
|
||||||
|
|
||||||
# Are LDAP ports on the Internet reachable without interference from network firewalls or proxies?
|
# Are LDAP ports on the Internet reachable without interference from network firewalls or proxies?
|
||||||
canReachInternetLDAPPorts: false
|
canReachInternetLDAPPorts: true
|
||||||
|
|||||||
@ -25,7 +25,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestLDAPSearch(t *testing.T) {
|
func TestLDAPSearch(t *testing.T) {
|
||||||
env := testlib.IntegrationEnv(t)
|
// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
|
||||||
|
// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
|
||||||
|
// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
|
||||||
|
// was very flaky on AKS, so we'll get the coverage by only running it on kind.
|
||||||
|
env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)
|
||||||
|
|
||||||
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
|
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
|
||||||
// It requires the test LDAP server from the tools deployment.
|
// It requires the test LDAP server from the tools deployment.
|
||||||
@ -613,7 +617,11 @@ func TestLDAPSearch(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) {
|
func TestSimultaneousLDAPRequestsOnSingleProvider(t *testing.T) {
|
||||||
env := testlib.IntegrationEnv(t)
|
// This test does not interact with Kubernetes itself. It is a test of our LDAP client code, and only interacts
|
||||||
|
// with our test OpenLDAP server, which is exposed directly to this test via kubectl port-forward.
|
||||||
|
// Theoretically we should always be able to run this test, but something about the kubectl port forwarding
|
||||||
|
// was very flaky on AKS, so we'll get the coverage by only running it on kind.
|
||||||
|
env := testlib.IntegrationEnv(t).WithKubeDistribution(testlib.KindDistro)
|
||||||
|
|
||||||
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
|
// Note that these tests depend on the values hard-coded in the LDIF file in test/deploy/tools/ldap.yaml.
|
||||||
// It requires the test LDAP server from the tools deployment.
|
// It requires the test LDAP server from the tools deployment.
|
||||||
|
|||||||
@ -19,12 +19,19 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type Capability string
|
type Capability string
|
||||||
|
type KubeDistro string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
|
ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
|
||||||
AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
|
AnonymousAuthenticationSupported Capability = "anonymousAuthenticationSupported"
|
||||||
HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider"
|
HasExternalLoadBalancerProvider Capability = "hasExternalLoadBalancerProvider"
|
||||||
CanReachInternetLDAPPorts Capability = "canReachInternetLDAPPorts"
|
CanReachInternetLDAPPorts Capability = "canReachInternetLDAPPorts"
|
||||||
|
|
||||||
|
KindDistro KubeDistro = "Kind"
|
||||||
|
GKEDistro KubeDistro = "GKE"
|
||||||
|
AKSDistro KubeDistro = "AKS"
|
||||||
|
EKSDistro KubeDistro = "EKS"
|
||||||
|
TKGSDistro KubeDistro = "TKGS"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TestEnv captures all the external parameters consumed by our integration tests.
|
// TestEnv captures all the external parameters consumed by our integration tests.
|
||||||
@ -38,6 +45,7 @@ type TestEnv struct {
|
|||||||
SupervisorAppName string `json:"supervisorAppName"`
|
SupervisorAppName string `json:"supervisorAppName"`
|
||||||
SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"`
|
SupervisorCustomLabels map[string]string `json:"supervisorCustomLabels"`
|
||||||
ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"`
|
ConciergeCustomLabels map[string]string `json:"conciergeCustomLabels"`
|
||||||
|
KubernetesDistribution KubeDistro `json:"kubernetesDistribution"`
|
||||||
Capabilities map[Capability]bool `json:"capabilities"`
|
Capabilities map[Capability]bool `json:"capabilities"`
|
||||||
TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
|
TestWebhook auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
|
||||||
SupervisorHTTPAddress string `json:"supervisorHttpAddress"`
|
SupervisorHTTPAddress string `json:"supervisorHttpAddress"`
|
||||||
@ -285,3 +293,16 @@ func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv {
|
|||||||
}
|
}
|
||||||
return e
|
return e
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WithKubeDistribution skips the test unless it will run on the expected cluster type.
|
||||||
|
// Please use this sparingly. We would prefer that a test run on every cluster type where it can possibly run, so
|
||||||
|
// prefer to run everywhere when possible or use cluster capabilities when needed, rather than looking at the
|
||||||
|
// type of cluster to decide to skip a test. However, there are some tests that do not depend on or interact with
|
||||||
|
// Kubernetes itself which really only need to run on on a single platform to give us the coverage that we desire.
|
||||||
|
func (e *TestEnv) WithKubeDistribution(distro KubeDistro) *TestEnv {
|
||||||
|
e.t.Helper()
|
||||||
|
if e.KubernetesDistribution != distro {
|
||||||
|
e.t.Skipf("skipping integration test because test environment is running %q but this test wants %q", e.KubernetesDistribution, distro)
|
||||||
|
}
|
||||||
|
return e
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user