Update e2e_test.go for clusters which have ServerSideFieldValidation
Also update prepare-cluster-for-integration-tests.sh for new kubectl version command options.
This commit is contained in:
parent
7ccd41b5f2
commit
c07cc6b8ec
@ -175,8 +175,8 @@ if [[ "$skip_chromedriver_check" == "no" ]]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Require kubectl >= 1.18.x
|
# Require kubectl >= 1.18.x.
|
||||||
if [ "$(kubectl version --client=true --short | cut -d '.' -f 2)" -lt 18 ]; then
|
if [ "$(kubectl version --client=true -o=json | grep gitVersion | cut -d '.' -f 2)" -lt 18 ]; then
|
||||||
log_error "kubectl >= 1.18.x is required, you have $(kubectl version --client=true --short | cut -d ':' -f2)"
|
log_error "kubectl >= 1.18.x is required, you have $(kubectl version --client=true --short | cut -d ':' -f2)"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
@ -1336,8 +1336,15 @@ func requireUserCanUseKubectlWithoutAuthenticatingAgain(
|
|||||||
expectedGroupsPlusAuthenticated := append([]string{}, expectedGroups...)
|
expectedGroupsPlusAuthenticated := append([]string{}, expectedGroups...)
|
||||||
expectedGroupsPlusAuthenticated = append(expectedGroupsPlusAuthenticated, "system:authenticated")
|
expectedGroupsPlusAuthenticated = append(expectedGroupsPlusAuthenticated, "system:authenticated")
|
||||||
|
|
||||||
// Confirm we are the right user according to Kube by calling the whoami API.
|
// Confirm we are the right user according to Kube by calling the WhoAmIRequest API.
|
||||||
kubectlCmd3 := exec.CommandContext(ctx, "kubectl", "create", "-f", "-", "-o", "yaml", "--kubeconfig", kubeconfigPath)
|
// Use --validate=false with this command because running this command against any cluster which has
|
||||||
|
// the ServerSideFieldValidation feature gate enabled causes this command to return an RBAC error
|
||||||
|
// complaining that this user does not have permission to list CRDs:
|
||||||
|
// error validating data: failed to check CRD: failed to list CRDs: customresourcedefinitions.apiextensions.k8s.io is forbidden:
|
||||||
|
// User "pinny" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope; if you choose to ignore these errors, turn validation off with --validate=false
|
||||||
|
// While it is true that the user cannot list CRDs, that fact seems unrelated to making a create call to the
|
||||||
|
// aggregated API endpoint, so this is a strange error, but it can be easily reproduced.
|
||||||
|
kubectlCmd3 := exec.CommandContext(ctx, "kubectl", "create", "-f", "-", "-o", "yaml", "--kubeconfig", kubeconfigPath, "--validate=false")
|
||||||
kubectlCmd3.Env = append(os.Environ(), env.ProxyEnv()...)
|
kubectlCmd3.Env = append(os.Environ(), env.ProxyEnv()...)
|
||||||
kubectlCmd3.Stdin = strings.NewReader(here.Docf(`
|
kubectlCmd3.Stdin = strings.NewReader(here.Docf(`
|
||||||
apiVersion: identity.concierge.%s/v1alpha1
|
apiVersion: identity.concierge.%s/v1alpha1
|
||||||
@ -1345,7 +1352,8 @@ func requireUserCanUseKubectlWithoutAuthenticatingAgain(
|
|||||||
`, env.APIGroupSuffix))
|
`, env.APIGroupSuffix))
|
||||||
|
|
||||||
kubectlOutput3, err := kubectlCmd3.CombinedOutput()
|
kubectlOutput3, err := kubectlCmd3.CombinedOutput()
|
||||||
require.NoError(t, err)
|
require.NoErrorf(t, err,
|
||||||
|
"expected no error but got error, combined stdout/stderr was:\n----start of output\n%s\n----end of output", kubectlOutput3)
|
||||||
|
|
||||||
whoAmI := deserializeWhoAmIRequest(t, string(kubectlOutput3), env.APIGroupSuffix)
|
whoAmI := deserializeWhoAmIRequest(t, string(kubectlOutput3), env.APIGroupSuffix)
|
||||||
require.Equal(t, expectedUsername, whoAmI.Status.KubernetesUserInfo.User.Username)
|
require.Equal(t, expectedUsername, whoAmI.Status.KubernetesUserInfo.User.Username)
|
||||||
|
Loading…
Reference in New Issue
Block a user