From 3a840cee76b4fe6bdda28ac6426847c379fb2bc0 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Thu, 8 Jul 2021 16:40:39 -0500
Subject: [PATCH] Make TestAPIServingCertificateAutoCreationAndRotation less
 flaky.

This test would occasionally flake for me when running locally. This change moves more of the assertions into the "eventually" loop, so they can temporarily fail as long as they converge on the expected values.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 .../concierge_api_serving_certs_test.go       | 28 ++++++++++---------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/test/integration/concierge_api_serving_certs_test.go b/test/integration/concierge_api_serving_certs_test.go
index 2bb02f26..86267a39 100644
--- a/test/integration/concierge_api_serving_certs_test.go
+++ b/test/integration/concierge_api_serving_certs_test.go
@@ -107,24 +107,26 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) {
 			require.NoError(t, test.forceRotation(ctx, kubeClient, env.ConciergeNamespace))
 
 			// Expect that the Secret comes back right away with newly minted certs.
+			var regeneratedCACert []byte
 			testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
 				var err error
 				secret, err = kubeClient.CoreV1().Secrets(env.ConciergeNamespace).Get(ctx, defaultServingCertResourceName, metav1.GetOptions{})
 				requireEventually.NoError(err)
+
+				regeneratedCACert = secret.Data["caCertificate"]
+				regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
+				regeneratedCertChain := secret.Data["tlsCertificateChain"]
+				requireEventually.NotEmpty(regeneratedCACert)
+				requireEventually.NotEmpty(regeneratedPrivateKey)
+				requireEventually.NotEmpty(regeneratedCertChain)
+				requireEventually.NotEqual(initialCACert, regeneratedCACert)
+				requireEventually.NotEqual(initialPrivateKey, regeneratedPrivateKey)
+				requireEventually.NotEqual(initialCertChain, regeneratedCertChain)
+				for k, v := range env.ConciergeCustomLabels {
+					requireEventually.Equalf(v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
+				}
+				requireEventually.Equal(env.ConciergeAppName, secret.Labels["app"])
 			}, time.Minute, 250*time.Millisecond)
-			regeneratedCACert := secret.Data["caCertificate"]
-			regeneratedPrivateKey := secret.Data["tlsPrivateKey"]
-			regeneratedCertChain := secret.Data["tlsCertificateChain"]
-			require.NotEmpty(t, regeneratedCACert)
-			require.NotEmpty(t, regeneratedPrivateKey)
-			require.NotEmpty(t, regeneratedCertChain)
-			require.NotEqual(t, initialCACert, regeneratedCACert)
-			require.NotEqual(t, initialPrivateKey, regeneratedPrivateKey)
-			require.NotEqual(t, initialCertChain, regeneratedCertChain)
-			for k, v := range env.ConciergeCustomLabels {
-				require.Equalf(t, v, secret.Labels[k], "expected secret to have label `%s: %s`", k, v)
-			}
-			require.Equal(t, env.ConciergeAppName, secret.Labels["app"])
 
 			// Expect that the APIService was also updated with the new CA.
 			testlib.RequireEventually(t, func(requireEventually *require.Assertions) {