Integration test tests update functionality

2021-05-21 10:19:33 -07:00 · 2021-05-21 10:19:33 -07:00 · 722aa72206
commit 722aa72206
parent b4bb0db6e5
1 changed files with 33 additions and 2 deletions
--- a/test/integration/concierge_impersonation_proxy_test.go
+++ b/test/integration/concierge_impersonation_proxy_test.go
@ -21,6 +21,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"reflect"
 	"strings"
 	"sync"
 	"testing"
@ -196,8 +197,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
 			ImpersonationProxy: &conciergev1alpha.ImpersonationProxySpec{
 				Mode: conciergev1alpha.ImpersonationProxyModeAuto,
 				Service: conciergev1alpha.ImpersonationProxyServiceSpec{
-					Type:        conciergev1alpha.ImpersonationProxyServiceTypeLoadBalancer,
-					Annotations: map[string]string{"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "4000"},
+					Type: conciergev1alpha.ImpersonationProxyServiceTypeLoadBalancer,
 				},
 			},
 		})
@ -377,6 +377,25 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
 			t.Parallel()
 			kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM, credentialRequestSpecWithWorkingCredentials.Authenticator)

+			// set credential issuer to have new annotation to ensure the idle timeout is long enough on AWS.
+			// this also ensures that updates to the credential issuer impersonation proxy spec go through
+			if impersonatorShouldHaveStartedAutomaticallyByDefault && clusterSupportsLoadBalancers {
+				// configure the credential issuer spec to have the impersonation proxy in auto mode
+				updateCredentialIssuer(ctx, t, env, adminConciergeClient, conciergev1alpha.CredentialIssuerSpec{
+					ImpersonationProxy: &conciergev1alpha.ImpersonationProxySpec{
+						Mode: conciergev1alpha.ImpersonationProxyModeAuto,
+						Service: conciergev1alpha.ImpersonationProxyServiceSpec{
+							Type:        conciergev1alpha.ImpersonationProxyServiceTypeLoadBalancer,
+							Annotations: map[string]string{"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "4000"},
+						},
+					},
+				})
+				// Wait until the annotation shows up on the load balancer
+				library.RequireEventuallyWithoutError(t, func() (bool, error) {
+					return loadBalancerHasAnnotations(ctx, env, adminClient, map[string]string{"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "4000"})
+				}, 30*time.Second, 500*time.Millisecond)
+			}
+
 			// Run the kubectl port-forward command.
 			timeout, cancelFunc := context.WithTimeout(ctx, 2*time.Minute)
 			defer cancelFunc()
@ -1472,6 +1491,18 @@ func hasImpersonationProxyLoadBalancerService(ctx context.Context, env *library.
 	return service.Spec.Type == corev1.ServiceTypeLoadBalancer, nil
 }

+func loadBalancerHasAnnotations(ctx context.Context, env *library.TestEnv, client kubernetes.Interface, annotations map[string]string) (bool, error) {
+	service, err := client.CoreV1().Services(env.ConciergeNamespace).Get(ctx, impersonationProxyLoadBalancerName(env), metav1.GetOptions{})
+	if k8serrors.IsNotFound(err) {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	hasExactAnnotations := reflect.DeepEqual(annotations, service.Annotations)
+	return service.Spec.Type == corev1.ServiceTypeLoadBalancer && hasExactAnnotations, nil
+}
+
 func impersonationProxyTLSSecretName(env *library.TestEnv) string {
 	return env.ConciergeAppName + "-impersonation-proxy-tls-serving-certificate"
 }