From 8065a8d2e61fc931504e8c92044ba7b6162b4d68 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 15 Mar 2021 11:42:57 -0700 Subject: [PATCH] TestKubeCertAgent waits for CredentialIssuer strategy to be successful At the end of the test, wait for the KubeClusterSigningCertificate strategy on the CredentialIssuer to go back to being healthy, to avoid polluting other integration tests which follow this one. --- .../concierge_impersonation_proxy_test.go | 18 ++++++------- .../concierge_kubecertagent_test.go | 25 +++++++++++++++++++ 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index 433e6045..14b38fc1 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -39,7 +39,7 @@ import ( "k8s.io/client-go/rest" "sigs.k8s.io/yaml" - "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" + conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned" @@ -1008,7 +1008,7 @@ func performImpersonatorDiscovery(ctx context.Context, t *testing.T, env *librar } for _, strategy := range credentialIssuer.Status.Strategies { // There will be other strategy types in the list, so ignore those. - if strategy.Type == v1alpha1.ImpersonationProxyStrategyType && strategy.Status == v1alpha1.SuccessStrategyStatus { //nolint:nestif + if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType && strategy.Status == conciergev1alpha.SuccessStrategyStatus { //nolint:nestif if strategy.Frontend == nil { return false, fmt.Errorf("did not find a Frontend") // unexpected, fail the test } @@ -1021,10 +1021,10 @@ func performImpersonatorDiscovery(ctx context.Context, t *testing.T, env *librar return false, err // unexpected, fail the test } return true, nil // found it, continue the test! - } else if strategy.Type == v1alpha1.ImpersonationProxyStrategyType { + } else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType { t.Logf("Waiting for successful impersonation proxy strategy on %s: found status %s with reason %s and message: %s", credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message) - if strategy.Reason == v1alpha1.ErrorDuringSetupStrategyReason { + if strategy.Reason == conciergev1alpha.ErrorDuringSetupStrategyReason { // The server encountered an unexpected error while starting the impersonator, so fail the test fast. return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message) } @@ -1049,14 +1049,14 @@ func requireDisabledByConfigurationStrategy(ctx context.Context, t *testing.T, e } for _, strategy := range credentialIssuer.Status.Strategies { // There will be other strategy types in the list, so ignore those. - if strategy.Type == v1alpha1.ImpersonationProxyStrategyType && - strategy.Status == v1alpha1.ErrorStrategyStatus && - strategy.Reason == v1alpha1.DisabledStrategyReason { //nolint:nestif + if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType && + strategy.Status == conciergev1alpha.ErrorStrategyStatus && + strategy.Reason == conciergev1alpha.DisabledStrategyReason { //nolint:nestif return true, nil // found it, continue the test! - } else if strategy.Type == v1alpha1.ImpersonationProxyStrategyType { + } else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType { t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s", credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message) - if strategy.Reason == v1alpha1.ErrorDuringSetupStrategyReason { + if strategy.Reason == conciergev1alpha.ErrorDuringSetupStrategyReason { // The server encountered an unexpected error while stopping the impersonator, so fail the test fast. return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message) } diff --git a/test/integration/concierge_kubecertagent_test.go b/test/integration/concierge_kubecertagent_test.go index 73959bf8..78cfad98 100644 --- a/test/integration/concierge_kubecertagent_test.go +++ b/test/integration/concierge_kubecertagent_test.go @@ -18,6 +18,7 @@ import ( "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/wait" + conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" "go.pinniped.dev/test/library" ) @@ -127,6 +128,30 @@ func TestKubeCertAgent(t *testing.T) { assert.Eventually(t, agentPodsReconciled, 10*time.Second, 250*time.Millisecond) require.NoError(t, err) }) + + // Because the above tests have purposefully put the kube cert issuer strategy into a broken + // state, wait for it to become healthy again before moving on to other integration tests, + // otherwise those tests would be polluted by this test and would have to wait for the + // strategy to become successful again. + library.RequireEventuallyWithoutError(t, func() (bool, error) { + adminConciergeClient := library.NewConciergeClientset(t) + credentialIssuer, err := adminConciergeClient.ConfigV1alpha1().CredentialIssuers().Get(ctx, credentialIssuerName(env), metav1.GetOptions{}) + if err != nil || credentialIssuer.Status.Strategies == nil { + t.Log("Did not find any CredentialIssuer with any strategies") + return false, nil // didn't find it, but keep trying + } + for _, strategy := range credentialIssuer.Status.Strategies { + // There will be other strategy types in the list, so ignore those. + if strategy.Type == conciergev1alpha.KubeClusterSigningCertificateStrategyType && strategy.Status == conciergev1alpha.SuccessStrategyStatus { //nolint:nestif + if strategy.Frontend == nil { + return false, fmt.Errorf("did not find a Frontend") // unexpected, fail the test + } + return true, nil // found it, continue the test! + } + } + t.Log("Did not find any successful KubeClusterSigningCertificate strategy on CredentialIssuer") + return false, nil // didn't find it, but keep trying + }, 3*time.Minute, 3*time.Second) } func ensureKubeCertAgentSteadyState(t *testing.T, agentPodsReconciled func() bool) {