djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Edit some comments in concierge_impersonation_proxy_test.go

Browse Source
This commit is contained in:
Ryan Richard 2021-03-19 09:36:05 -07:00
parent f519f0cb09
commit d856221f56
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/integration/concierge_impersonation_proxy_test.go
View File

@ -274,29 +274,29 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
) )
} }
t.Run("watching for a full minute", func(t *testing.T) { t.Run("kubectl port-forward and keeping the connection open for over a minute", func(t *testing.T) {
t.Parallel() t.Parallel()
kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM) kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM)
// run the kubectl port-forward command // Run the kubectl port-forward command.
timeout, cancelFunc := context.WithTimeout(ctx, 2*time.Minute) timeout, cancelFunc := context.WithTimeout(ctx, 2*time.Minute)
defer cancelFunc() defer cancelFunc()
portForwardCmd, _, portForwardStderr := kubectlCommand(timeout, t, kubeconfigPath, envVarsWithProxy, "port-forward", "--namespace", env.ConciergeNamespace, conciergePod.Name, "8443:8443") portForwardCmd, _, portForwardStderr := kubectlCommand(timeout, t, kubeconfigPath, envVarsWithProxy, "port-forward", "--namespace", env.ConciergeNamespace, conciergePod.Name, "8443:8443")
portForwardCmd.Env = envVarsWithProxy portForwardCmd.Env = envVarsWithProxy
// start, but don't wait for the command to finish // Start, but don't wait for the command to finish.
err := portForwardCmd.Start() err := portForwardCmd.Start()
require.NoError(t, err, `"kubectl port-forward" failed`) require.NoError(t, err, `"kubectl port-forward" failed`)
go func() { go func() {
assert.EqualErrorf(t, portForwardCmd.Wait(), "signal: killed", `wanted "kubectl port-forward" to get signaled because context was cancelled (stderr: %q)`, portForwardStderr.String()) assert.EqualErrorf(t, portForwardCmd.Wait(), "signal: killed", `wanted "kubectl port-forward" to get signaled because context was cancelled (stderr: %q)`, portForwardStderr.String())
}() }()
// wait to see if we time out. // Wait to see if we time out. The default timeout is 60 seconds, but the server should recognize this this
// is going to be a long-running command and keep the connection open as long as the client stays connected.
time.Sleep(70 * time.Second) time.Sleep(70 * time.Second)
require.Eventually(t, func() bool { require.Eventually(t, func() bool {
// then run curl something against it
timeout, cancelFunc = context.WithTimeout(ctx, 2*time.Minute) timeout, cancelFunc = context.WithTimeout(ctx, 2*time.Minute)
defer cancelFunc() defer cancelFunc()
curlCmd := exec.CommandContext(timeout, "curl", "-k", "-s", "https://127.0.0.1:8443") curlCmd := exec.CommandContext(timeout, "curl", "-k", "-s", "https://127.0.0.1:8443")
@ -309,7 +309,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
t.Log("curlStdErr: " + curlStdErr.String()) t.Log("curlStdErr: " + curlStdErr.String())
t.Log("stdout: " + curlStdOut.String()) t.Log("stdout: " + curlStdOut.String())
} }
// we expect this to 403, but all we care is that it gets through // We expect this to 403, but all we care is that it gets through.
return err == nil && strings.Contains(curlStdOut.String(), "\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/\\\"\"") return err == nil && strings.Contains(curlStdOut.String(), "\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/\\\"\"")
}, 1*time.Minute, 500*time.Millisecond) }, 1*time.Minute, 500*time.Millisecond)
}) })