Add new non-idle timeout integration test for impersonation proxy
Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
parent
003e3e3c4d
commit
d8baa43903
@ -316,7 +316,64 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.Run("kubectl port-forward and keeping the connection open for over a minute", func(t *testing.T) {
|
t.Run("kubectl port-forward and keeping the connection open for over a minute (non-idle)", func(t *testing.T) {
|
||||||
|
kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM, credentialRequestSpecWithWorkingCredentials.Authenticator)
|
||||||
|
|
||||||
|
// Run the kubectl port-forward command.
|
||||||
|
timeout, cancelFunc := context.WithTimeout(ctx, 2*time.Minute)
|
||||||
|
defer cancelFunc()
|
||||||
|
portForwardCmd, _, portForwardStderr := kubectlCommand(timeout, t, kubeconfigPath, envVarsWithProxy, "port-forward", "--namespace", env.ConciergeNamespace, conciergePod.Name, "8443:8443")
|
||||||
|
portForwardCmd.Env = envVarsWithProxy
|
||||||
|
|
||||||
|
// Start, but don't wait for the command to finish.
|
||||||
|
err := portForwardCmd.Start()
|
||||||
|
require.NoError(t, err, `"kubectl port-forward" failed`)
|
||||||
|
go func() {
|
||||||
|
assert.EqualErrorf(t, portForwardCmd.Wait(), "signal: killed", `wanted "kubectl port-forward" to get signaled because context was cancelled (stderr: %q)`, portForwardStderr.String())
|
||||||
|
}()
|
||||||
|
|
||||||
|
// The server should recognize this this
|
||||||
|
// is going to be a long-running command and keep the connection open as long as the client stays connected.
|
||||||
|
|
||||||
|
// curl the endpoint as many times as we can within 70 seconds.
|
||||||
|
// this will ensure that we don't run into idle timeouts.
|
||||||
|
var curlStdOut, curlStdErr bytes.Buffer
|
||||||
|
timeout, cancelFunc = context.WithTimeout(ctx, 75*time.Second)
|
||||||
|
defer cancelFunc()
|
||||||
|
startTime := time.Now()
|
||||||
|
for time.Now().Before(startTime.Add(70 * time.Second)) {
|
||||||
|
curlCmd := exec.CommandContext(timeout, "curl", "-k", "-sS", "https://127.0.0.1:8443") // -sS turns off the progressbar but still prints errors
|
||||||
|
curlCmd.Stdout = &curlStdOut
|
||||||
|
curlCmd.Stderr = &curlStdErr
|
||||||
|
curlErr := curlCmd.Run()
|
||||||
|
if curlErr != nil {
|
||||||
|
t.Log("curl error: " + curlErr.Error())
|
||||||
|
t.Log("curlStdErr: " + curlStdErr.String())
|
||||||
|
t.Log("stdout: " + curlStdOut.String())
|
||||||
|
}
|
||||||
|
t.Log("time: ", time.Now())
|
||||||
|
time.Sleep(1 * time.Second)
|
||||||
|
}
|
||||||
|
|
||||||
|
// curl the endpoint once more, once 70 seconds has elapsed, to make sure the connection is still open.
|
||||||
|
timeout, cancelFunc = context.WithTimeout(ctx, 30*time.Second)
|
||||||
|
defer cancelFunc()
|
||||||
|
curlCmd := exec.CommandContext(timeout, "curl", "-k", "-sS", "https://127.0.0.1:8443") // -sS turns off the progressbar but still prints errors
|
||||||
|
curlCmd.Stdout = &curlStdOut
|
||||||
|
curlCmd.Stderr = &curlStdErr
|
||||||
|
curlErr := curlCmd.Run()
|
||||||
|
|
||||||
|
if curlErr != nil {
|
||||||
|
t.Log("curl error: " + curlErr.Error())
|
||||||
|
t.Log("curlStdErr: " + curlStdErr.String())
|
||||||
|
t.Log("stdout: " + curlStdOut.String())
|
||||||
|
}
|
||||||
|
// We expect this to 403, but all we care is that it gets through.
|
||||||
|
require.NoError(t, curlErr)
|
||||||
|
require.Contains(t, curlStdOut.String(), "\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/\\\"\"")
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("kubectl port-forward and keeping the connection open for over a minute (idle)", func(t *testing.T) {
|
||||||
kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM, credentialRequestSpecWithWorkingCredentials.Authenticator)
|
kubeconfigPath, envVarsWithProxy, _ := getImpersonationKubeconfig(t, env, impersonationProxyURL, impersonationProxyCACertPEM, credentialRequestSpecWithWorkingCredentials.Authenticator)
|
||||||
|
|
||||||
// Run the kubectl port-forward command.
|
// Run the kubectl port-forward command.
|
||||||
@ -336,7 +393,6 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
|
|||||||
// is going to be a long-running command and keep the connection open as long as the client stays connected.
|
// is going to be a long-running command and keep the connection open as long as the client stays connected.
|
||||||
time.Sleep(70 * time.Second)
|
time.Sleep(70 * time.Second)
|
||||||
|
|
||||||
require.Eventually(t, func() bool {
|
|
||||||
timeout, cancelFunc = context.WithTimeout(ctx, 2*time.Minute)
|
timeout, cancelFunc = context.WithTimeout(ctx, 2*time.Minute)
|
||||||
defer cancelFunc()
|
defer cancelFunc()
|
||||||
curlCmd := exec.CommandContext(timeout, "curl", "-k", "-sS", "https://127.0.0.1:8443") // -sS turns off the progressbar but still prints errors
|
curlCmd := exec.CommandContext(timeout, "curl", "-k", "-sS", "https://127.0.0.1:8443") // -sS turns off the progressbar but still prints errors
|
||||||
@ -350,8 +406,8 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
|
|||||||
t.Log("stdout: " + curlStdOut.String())
|
t.Log("stdout: " + curlStdOut.String())
|
||||||
}
|
}
|
||||||
// We expect this to 403, but all we care is that it gets through.
|
// We expect this to 403, but all we care is that it gets through.
|
||||||
return err == nil && strings.Contains(curlStdOut.String(), "\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/\\\"\"")
|
require.NoError(t, err)
|
||||||
}, 1*time.Minute, 500*time.Millisecond)
|
require.Contains(t, curlStdOut.String(), "\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/\\\"\"")
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("using and watching all the basic verbs", func(t *testing.T) {
|
t.Run("using and watching all the basic verbs", func(t *testing.T) {
|
||||||
|
Loading…
Reference in New Issue
Block a user