TestKubeCertAgent waits for CredentialIssuer strategy to be successful
At the end of the test, wait for the KubeClusterSigningCertificate strategy on the CredentialIssuer to go back to being healthy, to avoid polluting other integration tests which follow this one.
This commit is contained in:
parent
e22ad6171a
commit
8065a8d2e6
@ -39,7 +39,7 @@ import (
|
|||||||
"k8s.io/client-go/rest"
|
"k8s.io/client-go/rest"
|
||||||
"sigs.k8s.io/yaml"
|
"sigs.k8s.io/yaml"
|
||||||
|
|
||||||
"go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||||
identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1"
|
identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1"
|
||||||
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
||||||
"go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
"go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||||
@ -1008,7 +1008,7 @@ func performImpersonatorDiscovery(ctx context.Context, t *testing.T, env *librar
|
|||||||
}
|
}
|
||||||
for _, strategy := range credentialIssuer.Status.Strategies {
|
for _, strategy := range credentialIssuer.Status.Strategies {
|
||||||
// There will be other strategy types in the list, so ignore those.
|
// There will be other strategy types in the list, so ignore those.
|
||||||
if strategy.Type == v1alpha1.ImpersonationProxyStrategyType && strategy.Status == v1alpha1.SuccessStrategyStatus { //nolint:nestif
|
if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType && strategy.Status == conciergev1alpha.SuccessStrategyStatus { //nolint:nestif
|
||||||
if strategy.Frontend == nil {
|
if strategy.Frontend == nil {
|
||||||
return false, fmt.Errorf("did not find a Frontend") // unexpected, fail the test
|
return false, fmt.Errorf("did not find a Frontend") // unexpected, fail the test
|
||||||
}
|
}
|
||||||
@ -1021,10 +1021,10 @@ func performImpersonatorDiscovery(ctx context.Context, t *testing.T, env *librar
|
|||||||
return false, err // unexpected, fail the test
|
return false, err // unexpected, fail the test
|
||||||
}
|
}
|
||||||
return true, nil // found it, continue the test!
|
return true, nil // found it, continue the test!
|
||||||
} else if strategy.Type == v1alpha1.ImpersonationProxyStrategyType {
|
} else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType {
|
||||||
t.Logf("Waiting for successful impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
|
t.Logf("Waiting for successful impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
|
||||||
credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message)
|
credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message)
|
||||||
if strategy.Reason == v1alpha1.ErrorDuringSetupStrategyReason {
|
if strategy.Reason == conciergev1alpha.ErrorDuringSetupStrategyReason {
|
||||||
// The server encountered an unexpected error while starting the impersonator, so fail the test fast.
|
// The server encountered an unexpected error while starting the impersonator, so fail the test fast.
|
||||||
return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message)
|
return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message)
|
||||||
}
|
}
|
||||||
@ -1049,14 +1049,14 @@ func requireDisabledByConfigurationStrategy(ctx context.Context, t *testing.T, e
|
|||||||
}
|
}
|
||||||
for _, strategy := range credentialIssuer.Status.Strategies {
|
for _, strategy := range credentialIssuer.Status.Strategies {
|
||||||
// There will be other strategy types in the list, so ignore those.
|
// There will be other strategy types in the list, so ignore those.
|
||||||
if strategy.Type == v1alpha1.ImpersonationProxyStrategyType &&
|
if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType &&
|
||||||
strategy.Status == v1alpha1.ErrorStrategyStatus &&
|
strategy.Status == conciergev1alpha.ErrorStrategyStatus &&
|
||||||
strategy.Reason == v1alpha1.DisabledStrategyReason { //nolint:nestif
|
strategy.Reason == conciergev1alpha.DisabledStrategyReason { //nolint:nestif
|
||||||
return true, nil // found it, continue the test!
|
return true, nil // found it, continue the test!
|
||||||
} else if strategy.Type == v1alpha1.ImpersonationProxyStrategyType {
|
} else if strategy.Type == conciergev1alpha.ImpersonationProxyStrategyType {
|
||||||
t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
|
t.Logf("Waiting for disabled impersonation proxy strategy on %s: found status %s with reason %s and message: %s",
|
||||||
credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message)
|
credentialIssuerName(env), strategy.Status, strategy.Reason, strategy.Message)
|
||||||
if strategy.Reason == v1alpha1.ErrorDuringSetupStrategyReason {
|
if strategy.Reason == conciergev1alpha.ErrorDuringSetupStrategyReason {
|
||||||
// The server encountered an unexpected error while stopping the impersonator, so fail the test fast.
|
// The server encountered an unexpected error while stopping the impersonator, so fail the test fast.
|
||||||
return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message)
|
return false, fmt.Errorf("found impersonation strategy in %s state with message: %s", strategy.Reason, strategy.Message)
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,7 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/util/diff"
|
"k8s.io/apimachinery/pkg/util/diff"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
|
|
||||||
|
conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||||
"go.pinniped.dev/test/library"
|
"go.pinniped.dev/test/library"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -127,6 +128,30 @@ func TestKubeCertAgent(t *testing.T) {
|
|||||||
assert.Eventually(t, agentPodsReconciled, 10*time.Second, 250*time.Millisecond)
|
assert.Eventually(t, agentPodsReconciled, 10*time.Second, 250*time.Millisecond)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Because the above tests have purposefully put the kube cert issuer strategy into a broken
|
||||||
|
// state, wait for it to become healthy again before moving on to other integration tests,
|
||||||
|
// otherwise those tests would be polluted by this test and would have to wait for the
|
||||||
|
// strategy to become successful again.
|
||||||
|
library.RequireEventuallyWithoutError(t, func() (bool, error) {
|
||||||
|
adminConciergeClient := library.NewConciergeClientset(t)
|
||||||
|
credentialIssuer, err := adminConciergeClient.ConfigV1alpha1().CredentialIssuers().Get(ctx, credentialIssuerName(env), metav1.GetOptions{})
|
||||||
|
if err != nil || credentialIssuer.Status.Strategies == nil {
|
||||||
|
t.Log("Did not find any CredentialIssuer with any strategies")
|
||||||
|
return false, nil // didn't find it, but keep trying
|
||||||
|
}
|
||||||
|
for _, strategy := range credentialIssuer.Status.Strategies {
|
||||||
|
// There will be other strategy types in the list, so ignore those.
|
||||||
|
if strategy.Type == conciergev1alpha.KubeClusterSigningCertificateStrategyType && strategy.Status == conciergev1alpha.SuccessStrategyStatus { //nolint:nestif
|
||||||
|
if strategy.Frontend == nil {
|
||||||
|
return false, fmt.Errorf("did not find a Frontend") // unexpected, fail the test
|
||||||
|
}
|
||||||
|
return true, nil // found it, continue the test!
|
||||||
|
}
|
||||||
|
}
|
||||||
|
t.Log("Did not find any successful KubeClusterSigningCertificate strategy on CredentialIssuer")
|
||||||
|
return false, nil // didn't find it, but keep trying
|
||||||
|
}, 3*time.Minute, 3*time.Second)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ensureKubeCertAgentSteadyState(t *testing.T, agentPodsReconciled func() bool) {
|
func ensureKubeCertAgentSteadyState(t *testing.T, agentPodsReconciled func() bool) {
|
||||||
|
Loading…
Reference in New Issue
Block a user