From d8c6894cbce4a0f8a7073f6d52965328589d1fe5 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Thu, 4 Mar 2021 17:25:43 -0800 Subject: [PATCH] All controller unit tests should not cancel context until test is over All controller unit tests were accidentally using a timeout context for the informers, instead of a cancel context which stays alive until each test is completely finished. There is no reason to risk unpredictable behavior of a timeout being reached during an individual test, even though with the previous 3 second timeout it could only be reached on a machine which is running orders of magnitude slower than usual, since each test usually runs in about 100-300 ms. Unfortunately, sometimes our CI workers might get that slow. This sparked a review of other usages of timeout contexts in other tests, and all of them were increased to a minimum value of 1 minute, under the rule of thumb that our tests will be more reliable on slow machines if they "pass fast and fail slow". --- cmd/local-user-authenticator/main_test.go | 9 ++-- .../apicerts/apiservice_updater_test.go | 13 +++--- .../controller/apicerts/certs_expirer_test.go | 4 +- .../controller/apicerts/certs_manager_test.go | 14 +++--- .../apicerts/certs_observer_test.go | 15 +++---- .../cachecleaner/cachecleaner_test.go | 3 +- .../jwtcachefiller/jwtcachefiller_test.go | 2 +- .../webhookcachefiller_test.go | 3 +- .../impersonator_config_test.go | 45 ++++++++++++------- .../kubecertagent/annotater_test.go | 14 +++--- .../controller/kubecertagent/creater_test.go | 14 +++--- .../controller/kubecertagent/deleter_test.go | 17 ++++--- .../controller/kubecertagent/execer_test.go | 12 ++--- .../federation_domain_watcher_test.go | 12 ++--- .../federation_domain_secrets_test.go | 3 +- .../generator/supervisor_secrets_test.go | 3 +- .../supervisorconfig/jwks_observer_test.go | 31 +++++++------ .../supervisorconfig/jwks_writer_test.go | 3 +- .../tls_cert_observer_test.go | 31 +++++++------ .../upstreamwatcher/upstreamwatcher_test.go | 2 +- .../garbage_collector_test.go | 30 ++++++------- .../securityheader/securityheader_test.go | 4 +- internal/secret/cache_test.go | 4 +- pkg/oidcclient/login_test.go | 4 +- test/integration/cli_test.go | 2 +- .../concierge_api_serving_certs_test.go | 2 +- .../concierge_availability_test.go | 2 +- test/integration/concierge_client_test.go | 2 +- .../concierge_credentialissuer_test.go | 2 +- .../concierge_credentialrequest_test.go | 10 ++--- .../concierge_impersonation_proxy_test.go | 2 +- .../concierge_kubecertagent_test.go | 2 +- test/integration/supervisor_login_test.go | 4 +- ...ervisor_storage_garbage_collection_test.go | 2 +- test/integration/supervisor_storage_test.go | 4 +- test/integration/whoami_test.go | 14 +++--- test/library/assertions.go | 2 +- test/library/client.go | 20 ++++----- test/library/dumplogs.go | 2 +- 39 files changed, 182 insertions(+), 182 deletions(-) diff --git a/cmd/local-user-authenticator/main_test.go b/cmd/local-user-authenticator/main_test.go index 07771971..b755f1ac 100644 --- a/cmd/local-user-authenticator/main_test.go +++ b/cmd/local-user-authenticator/main_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package main @@ -99,7 +99,7 @@ func TestWebhook(t *testing.T) { }, })) - secretInformer := createSecretInformer(t, kubeClient) + secretInformer := createSecretInformer(ctx, t, kubeClient) certProvider, caBundle, serverName := newCertProvider(t) w := newWebhook(certProvider, secretInformer) @@ -437,7 +437,7 @@ func TestWebhook(t *testing.T) { } } -func createSecretInformer(t *testing.T, kubeClient kubernetes.Interface) corev1informers.SecretInformer { +func createSecretInformer(ctx context.Context, t *testing.T, kubeClient kubernetes.Interface) corev1informers.SecretInformer { t.Helper() kubeInformers := kubeinformers.NewSharedInformerFactory(kubeClient, 0) @@ -448,9 +448,6 @@ func createSecretInformer(t *testing.T, kubeClient kubernetes.Interface) corev1i // informer factory before syncing it. secretInformer.Informer() - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) - defer cancel() - kubeInformers.Start(ctx.Done()) informerTypesSynced := kubeInformers.WaitForCacheSync(ctx.Done()) diff --git a/internal/controller/apicerts/apiservice_updater_test.go b/internal/controller/apicerts/apiservice_updater_test.go index 8454170f..64314215 100644 --- a/internal/controller/apicerts/apiservice_updater_test.go +++ b/internal/controller/apicerts/apiservice_updater_test.go @@ -7,7 +7,6 @@ import ( "context" "errors" "testing" - "time" "github.com/sclevine/spec" "github.com/sclevine/spec/report" @@ -112,8 +111,8 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { var aggregatorAPIClient *aggregatorfake.Clientset var kubeInformerClient *kubernetesfake.Clientset var kubeInformers kubeinformers.SharedInformerFactory - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context // Defer starting the informers until the last possible moment so that the @@ -131,7 +130,7 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -140,14 +139,14 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactory(kubeInformerClient, 0) @@ -155,7 +154,7 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is not yet a serving cert Secret in the installation namespace or it was deleted", func() { diff --git a/internal/controller/apicerts/certs_expirer_test.go b/internal/controller/apicerts/certs_expirer_test.go index 8ba490fa..f8f16595 100644 --- a/internal/controller/apicerts/certs_expirer_test.go +++ b/internal/controller/apicerts/certs_expirer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apicerts @@ -216,7 +216,7 @@ func TestExpirerControllerSync(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() kubeAPIClient := kubernetesfake.NewSimpleClientset() diff --git a/internal/controller/apicerts/certs_manager_test.go b/internal/controller/apicerts/certs_manager_test.go index d43babf6..f70f8500 100644 --- a/internal/controller/apicerts/certs_manager_test.go +++ b/internal/controller/apicerts/certs_manager_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apicerts @@ -125,8 +125,8 @@ func TestManagerControllerSync(t *testing.T) { var kubeAPIClient *kubernetesfake.Clientset var kubeInformerClient *kubernetesfake.Clientset var kubeInformers kubeinformers.SharedInformerFactory - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context // Defer starting the informers until the last possible moment so that the @@ -151,7 +151,7 @@ func TestManagerControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -160,14 +160,14 @@ func TestManagerControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactory(kubeInformerClient, 0) @@ -175,7 +175,7 @@ func TestManagerControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is not yet a serving cert Secret in the installation namespace or it was deleted", func() { diff --git a/internal/controller/apicerts/certs_observer_test.go b/internal/controller/apicerts/certs_observer_test.go index 452c3544..bd1540cc 100644 --- a/internal/controller/apicerts/certs_observer_test.go +++ b/internal/controller/apicerts/certs_observer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package apicerts @@ -6,7 +6,6 @@ package apicerts import ( "context" "testing" - "time" "github.com/sclevine/spec" "github.com/sclevine/spec/report" @@ -104,8 +103,8 @@ func TestObserverControllerSync(t *testing.T) { var subject controllerlib.Controller var kubeInformerClient *kubernetesfake.Clientset var kubeInformers kubeinformers.SharedInformerFactory - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var dynamicCertProvider dynamiccert.Provider @@ -123,7 +122,7 @@ func TestObserverControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -132,14 +131,14 @@ func TestObserverControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactory(kubeInformerClient, 0) @@ -147,7 +146,7 @@ func TestObserverControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is not yet a serving cert Secret in the installation namespace or it was deleted", func() { diff --git a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go index 4bac5be5..5683e26a 100644 --- a/internal/controller/authenticator/cachecleaner/cachecleaner_test.go +++ b/internal/controller/authenticator/cachecleaner/cachecleaner_test.go @@ -6,7 +6,6 @@ package cachecleaner import ( "context" "testing" - "time" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" @@ -150,7 +149,7 @@ func TestController(t *testing.T) { jwtAuthenticators := informers.Authentication().V1alpha1().JWTAuthenticators() controller := New(cache, webhooks, jwtAuthenticators, testLog) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() informers.Start(ctx.Done()) diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index 6e53876b..5a43751e 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -325,7 +325,7 @@ func TestController(t *testing.T) { controller := New(cache, informers.Authentication().V1alpha1().JWTAuthenticators(), testLog) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() informers.Start(ctx.Done()) diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go index b2dcbf84..4d6a0744 100644 --- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go +++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go @@ -11,7 +11,6 @@ import ( "net/http" "os" "testing" - "time" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -93,7 +92,7 @@ func TestController(t *testing.T) { controller := New(cache, informers.Authentication().V1alpha1().WebhookAuthenticators(), testLog) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() informers.Start(ctx.Done()) diff --git a/internal/controller/impersonatorconfig/impersonator_config_test.go b/internal/controller/impersonatorconfig/impersonator_config_test.go index 60fe1982..65ea68ff 100644 --- a/internal/controller/impersonatorconfig/impersonator_config_test.go +++ b/internal/controller/impersonatorconfig/impersonator_config_test.go @@ -297,8 +297,8 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { var pinnipedAPIClient *pinnipedfake.Clientset var kubeInformerClient *kubernetesfake.Clientset var kubeInformers kubeinformers.SharedInformerFactory - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var startTLSListenerFuncWasCalled int var startTLSListenerFuncError error @@ -369,11 +369,12 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { url := "https://" + addr req, err := http.NewRequestWithContext(context.Background(), "GET", url, nil) r.NoError(err) + var resp *http.Response assert.Eventually(t, func() bool { resp, err = client.Do(req.Clone(context.Background())) //nolint:bodyclose return err == nil - }, 5*time.Second, 5*time.Millisecond) + }, 20*time.Second, 50*time.Millisecond) r.NoError(err) r.Equal(http.StatusOK, resp.StatusCode) @@ -392,13 +393,14 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { url := "https://" + testServerAddr() req, err := http.NewRequestWithContext(context.Background(), "GET", url, nil) r.NoError(err) + expectedErrorRegex := "Get .*: remote error: tls: unrecognized name" expectedErrorRegexCompiled, err := regexp.Compile(expectedErrorRegex) r.NoError(err) assert.Eventually(t, func() bool { _, err = client.Do(req.Clone(context.Background())) //nolint:bodyclose return err != nil && expectedErrorRegexCompiled.MatchString(err.Error()) - }, 5*time.Second, 5*time.Millisecond) + }, 20*time.Second, 50*time.Millisecond) r.Error(err) r.Regexp(expectedErrorRegex, err.Error()) } @@ -416,7 +418,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { &tls.Config{InsecureSkipVerify: true}, //nolint:gosec ) return err != nil && expectedErrorRegexCompiled.MatchString(err.Error()) - }, 5*time.Second, 5*time.Millisecond) + }, 20*time.Second, 50*time.Millisecond) r.Error(err) r.Regexp(expectedErrorRegex, err.Error()) } @@ -456,7 +458,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -465,7 +467,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -552,18 +554,29 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { // If an object is added to the informer's client *before* the informer is started, then waiting is // not needed because the informer's initial "list" will pick up the object. var waitForObjectToAppearInInformer = func(obj kubeclient.Object, informer controllerlib.InformerGetter) { - r.Eventually(func() bool { - gotObj, exists, err := informer.Informer().GetIndexer().GetByKey(installedInNamespace + "/" + obj.GetName()) - return err == nil && exists && reflect.DeepEqual(gotObj.(kubeclient.Object), obj) - }, 10*time.Second, 5*time.Millisecond) + var objFromInformer interface{} + var exists bool + var err error + assert.Eventually(t, func() bool { + objFromInformer, exists, err = informer.Informer().GetIndexer().GetByKey(installedInNamespace + "/" + obj.GetName()) + return err == nil && exists && reflect.DeepEqual(objFromInformer.(kubeclient.Object), obj) + }, 30*time.Second, 10*time.Millisecond) + r.NoError(err) + r.True(exists, "this object should have existed in informer but didn't: %+v", obj) + r.Equal(obj, objFromInformer, "was waiting for expected to be found in informer, but found actual") } // See comment for waitForObjectToAppearInInformer above. var waitForObjectToBeDeletedFromInformer = func(resourceName string, informer controllerlib.InformerGetter) { - r.Eventually(func() bool { - _, exists, err := informer.Informer().GetIndexer().GetByKey(installedInNamespace + "/" + resourceName) + var objFromInformer interface{} + var exists bool + var err error + assert.Eventually(t, func() bool { + objFromInformer, exists, err = informer.Informer().GetIndexer().GetByKey(installedInNamespace + "/" + resourceName) return err == nil && !exists - }, 10*time.Second, 5*time.Millisecond) + }, 30*time.Second, 10*time.Millisecond) + r.NoError(err) + r.False(exists, "this object should have been deleted from informer but wasn't: %s", objFromInformer) } var addObjectToInformerAndWait = func(obj kubeclient.Object, informer controllerlib.InformerGetter) { @@ -835,7 +848,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactoryWithOptions(kubeInformerClient, 0, kubeinformers.WithNamespace(installedInNamespace), @@ -846,7 +859,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() closeTLSListener() }) diff --git a/internal/controller/kubecertagent/annotater_test.go b/internal/controller/kubecertagent/annotater_test.go index bb767a47..379133fa 100644 --- a/internal/controller/kubecertagent/annotater_test.go +++ b/internal/controller/kubecertagent/annotater_test.go @@ -79,8 +79,8 @@ func TestAnnotaterControllerSync(t *testing.T) { var agentInformerClient *kubernetesfake.Clientset var agentInformers kubeinformers.SharedInformerFactory var pinnipedAPIClient *pinnipedfake.Clientset - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var controllerManagerPod, agentPod *corev1.Pod var podsGVR schema.GroupVersionResource @@ -116,7 +116,7 @@ func TestAnnotaterControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: kubeSystemNamespace, @@ -125,8 +125,8 @@ func TestAnnotaterControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeSystemInformers.Start(timeoutContext.Done()) - agentInformers.Start(timeoutContext.Done()) + kubeSystemInformers.Start(cancelContext.Done()) + agentInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -143,7 +143,7 @@ func TestAnnotaterControllerSync(t *testing.T) { pinnipedAPIClient = pinnipedfake.NewSimpleClientset() - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) controllerManagerPod, agentPod = exampleControllerManagerAndAgentPods( kubeSystemNamespace, agentPodNamespace, certPath, keyPath, @@ -173,7 +173,7 @@ func TestAnnotaterControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is an agent pod without annotations set", func() { diff --git a/internal/controller/kubecertagent/creater_test.go b/internal/controller/kubecertagent/creater_test.go index eab57997..13dd9943 100644 --- a/internal/controller/kubecertagent/creater_test.go +++ b/internal/controller/kubecertagent/creater_test.go @@ -94,8 +94,8 @@ func TestCreaterControllerSync(t *testing.T) { var agentInformerClient *kubernetesfake.Clientset var agentInformers kubeinformers.SharedInformerFactory var pinnipedAPIClient *pinnipedfake.Clientset - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var controllerManagerPod, agentPod *corev1.Pod var podsGVR schema.GroupVersionResource @@ -135,7 +135,7 @@ func TestCreaterControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: kubeSystemNamespace, @@ -144,8 +144,8 @@ func TestCreaterControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeSystemInformers.Start(timeoutContext.Done()) - agentInformers.Start(timeoutContext.Done()) + kubeSystemInformers.Start(cancelContext.Done()) + agentInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -162,7 +162,7 @@ func TestCreaterControllerSync(t *testing.T) { pinnipedAPIClient = pinnipedfake.NewSimpleClientset() - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) controllerManagerPod, agentPod = exampleControllerManagerAndAgentPods( kubeSystemNamespace, agentPodNamespace, "ignored for this test", "ignored for this test", @@ -201,7 +201,7 @@ func TestCreaterControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is a controller manager pod", func() { diff --git a/internal/controller/kubecertagent/deleter_test.go b/internal/controller/kubecertagent/deleter_test.go index 2a8b5721..ba5240af 100644 --- a/internal/controller/kubecertagent/deleter_test.go +++ b/internal/controller/kubecertagent/deleter_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package kubecertagent @@ -6,7 +6,6 @@ package kubecertagent import ( "context" "testing" - "time" "github.com/sclevine/spec" "github.com/sclevine/spec/report" @@ -57,8 +56,8 @@ func TestDeleterControllerSync(t *testing.T) { var kubeSystemInformers kubeinformers.SharedInformerFactory var agentInformerClient *kubernetesfake.Clientset var agentInformers kubeinformers.SharedInformerFactory - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var controllerManagerPod, agentPod *corev1.Pod var podsGVR schema.GroupVersionResource @@ -85,7 +84,7 @@ func TestDeleterControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: kubeSystemNamespace, @@ -94,8 +93,8 @@ func TestDeleterControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeSystemInformers.Start(timeoutContext.Done()) - agentInformers.Start(timeoutContext.Done()) + kubeSystemInformers.Start(cancelContext.Done()) + agentInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -109,7 +108,7 @@ func TestDeleterControllerSync(t *testing.T) { it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeAPIClient = kubernetesfake.NewSimpleClientset() @@ -139,7 +138,7 @@ func TestDeleterControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is an agent pod", func() { diff --git a/internal/controller/kubecertagent/execer_test.go b/internal/controller/kubecertagent/execer_test.go index b3789176..7d1092c9 100644 --- a/internal/controller/kubecertagent/execer_test.go +++ b/internal/controller/kubecertagent/execer_test.go @@ -146,8 +146,8 @@ func TestManagerControllerSync(t *testing.T) { var r *require.Assertions var subject controllerlib.Controller - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var pinnipedAPIClient *pinnipedfake.Clientset var kubeInformerFactory kubeinformers.SharedInformerFactory @@ -181,7 +181,7 @@ func TestManagerControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: agentPodNamespace, @@ -190,7 +190,7 @@ func TestManagerControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformerFactory.Start(timeoutContext.Done()) + kubeInformerFactory.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -228,7 +228,7 @@ func TestManagerControllerSync(t *testing.T) { it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) pinnipedAPIClient = pinnipedfake.NewSimpleClientset() kubeClientset = kubernetesfake.NewSimpleClientset() kubeInformerFactory = kubeinformers.NewSharedInformerFactory(kubeClientset, 0) @@ -253,7 +253,7 @@ func TestManagerControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there is not yet any agent pods or they were deleted", func() { diff --git a/internal/controller/supervisorconfig/federation_domain_watcher_test.go b/internal/controller/supervisorconfig/federation_domain_watcher_test.go index df4f20d9..8dda9704 100644 --- a/internal/controller/supervisorconfig/federation_domain_watcher_test.go +++ b/internal/controller/supervisorconfig/federation_domain_watcher_test.go @@ -103,8 +103,8 @@ func TestSync(t *testing.T) { var federationDomainInformerClient *pinnipedfake.Clientset var federationDomainInformers pinnipedinformers.SharedInformerFactory var pinnipedAPIClient *pinnipedfake.Clientset - var timeoutContext context.Context - var timeoutContextCancel context.CancelFunc + var cancelContext context.Context + var cancelContextCancelFunc context.CancelFunc var syncContext *controllerlib.Context var frozenNow time.Time var providersSetter *fakeProvidersSetter @@ -124,7 +124,7 @@ func TestSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: namespace, @@ -133,7 +133,7 @@ func TestSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - federationDomainInformers.Start(timeoutContext.Done()) + federationDomainInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -143,7 +143,7 @@ func TestSync(t *testing.T) { providersSetter = &fakeProvidersSetter{} frozenNow = time.Date(2020, time.September, 23, 7, 42, 0, 0, time.Local) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) federationDomainInformerClient = pinnipedfake.NewSimpleClientset() federationDomainInformers = pinnipedinformers.NewSharedInformerFactory(federationDomainInformerClient, 0) @@ -157,7 +157,7 @@ func TestSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there are some valid FederationDomains in the informer", func() { diff --git a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go index 4fc92a00..a15a2477 100644 --- a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go @@ -10,7 +10,6 @@ import ( "fmt" "sync" "testing" - "time" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" @@ -630,7 +629,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() pinnipedAPIClient := pinnipedfake.NewSimpleClientset() diff --git a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go index eeeb9930..044d1cb0 100644 --- a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go @@ -8,7 +8,6 @@ import ( "errors" "sync" "testing" - "time" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" @@ -412,7 +411,7 @@ func TestSupervisorSecretsControllerSync(t *testing.T) { t.Run(test.name, func(t *testing.T) { // We cannot currently run this test in parallel since it uses the global generateKey function. - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() if test.generateKey != nil { diff --git a/internal/controller/supervisorconfig/jwks_observer_test.go b/internal/controller/supervisorconfig/jwks_observer_test.go index a1e7e3e3..07d6f62b 100644 --- a/internal/controller/supervisorconfig/jwks_observer_test.go +++ b/internal/controller/supervisorconfig/jwks_observer_test.go @@ -7,7 +7,6 @@ import ( "context" "encoding/json" "testing" - "time" "github.com/sclevine/spec" "github.com/sclevine/spec/report" @@ -124,16 +123,16 @@ func TestJWKSObserverControllerSync(t *testing.T) { const installedInNamespace = "some-namespace" var ( - r *require.Assertions - subject controllerlib.Controller - pinnipedInformerClient *pinnipedfake.Clientset - kubeInformerClient *kubernetesfake.Clientset - pinnipedInformers pinnipedinformers.SharedInformerFactory - kubeInformers kubeinformers.SharedInformerFactory - timeoutContext context.Context - timeoutContextCancel context.CancelFunc - syncContext *controllerlib.Context - issuerToJWKSSetter *fakeIssuerToJWKSMapSetter + r *require.Assertions + subject controllerlib.Controller + pinnipedInformerClient *pinnipedfake.Clientset + kubeInformerClient *kubernetesfake.Clientset + pinnipedInformers pinnipedinformers.SharedInformerFactory + kubeInformers kubeinformers.SharedInformerFactory + cancelContext context.Context + cancelContextCancelFunc context.CancelFunc + syncContext *controllerlib.Context + issuerToJWKSSetter *fakeIssuerToJWKSMapSetter ) // Defer starting the informers until the last possible moment so that the @@ -149,7 +148,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -158,15 +157,15 @@ func TestJWKSObserverControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) - pinnipedInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) + pinnipedInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactory(kubeInformerClient, 0) @@ -184,7 +183,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there are no FederationDomains and no JWKS Secrets yet", func() { diff --git a/internal/controller/supervisorconfig/jwks_writer_test.go b/internal/controller/supervisorconfig/jwks_writer_test.go index c528be90..f977c8f8 100644 --- a/internal/controller/supervisorconfig/jwks_writer_test.go +++ b/internal/controller/supervisorconfig/jwks_writer_test.go @@ -12,7 +12,6 @@ import ( "io" "io/ioutil" "testing" - "time" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" @@ -674,7 +673,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { return goodKey, test.generateKeyErr } - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() kubeAPIClient := kubernetesfake.NewSimpleClientset() diff --git a/internal/controller/supervisorconfig/tls_cert_observer_test.go b/internal/controller/supervisorconfig/tls_cert_observer_test.go index f24888a2..3e391942 100644 --- a/internal/controller/supervisorconfig/tls_cert_observer_test.go +++ b/internal/controller/supervisorconfig/tls_cert_observer_test.go @@ -9,7 +9,6 @@ import ( "io/ioutil" "net/url" "testing" - "time" "github.com/sclevine/spec" "github.com/sclevine/spec/report" @@ -130,16 +129,16 @@ func TestTLSCertObserverControllerSync(t *testing.T) { ) var ( - r *require.Assertions - subject controllerlib.Controller - pinnipedInformerClient *pinnipedfake.Clientset - kubeInformerClient *kubernetesfake.Clientset - pinnipedInformers pinnipedinformers.SharedInformerFactory - kubeInformers kubeinformers.SharedInformerFactory - timeoutContext context.Context - timeoutContextCancel context.CancelFunc - syncContext *controllerlib.Context - issuerTLSCertSetter *fakeIssuerTLSCertSetter + r *require.Assertions + subject controllerlib.Controller + pinnipedInformerClient *pinnipedfake.Clientset + kubeInformerClient *kubernetesfake.Clientset + pinnipedInformers pinnipedinformers.SharedInformerFactory + kubeInformers kubeinformers.SharedInformerFactory + cancelContext context.Context + cancelContextCancelFunc context.CancelFunc + syncContext *controllerlib.Context + issuerTLSCertSetter *fakeIssuerTLSCertSetter ) // Defer starting the informers until the last possible moment so that the @@ -156,7 +155,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: installedInNamespace, @@ -165,8 +164,8 @@ func TestTLSCertObserverControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) - pinnipedInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) + pinnipedInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } @@ -179,7 +178,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeInformers = kubeinformers.NewSharedInformerFactory(kubeInformerClient, 0) @@ -197,7 +196,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there are no FederationDomains and no TLS Secrets yet", func() { diff --git a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go index cba27c39..f7397352 100644 --- a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go +++ b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go @@ -624,7 +624,7 @@ func TestController(t *testing.T) { controllerlib.WithInformer, ) - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithCancel(context.Background()) defer cancel() pinnipedInformers.Start(ctx.Done()) diff --git a/internal/controller/supervisorstorage/garbage_collector_test.go b/internal/controller/supervisorstorage/garbage_collector_test.go index a21067ee..a5606cf8 100644 --- a/internal/controller/supervisorstorage/garbage_collector_test.go +++ b/internal/controller/supervisorstorage/garbage_collector_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package supervisorstorage @@ -108,16 +108,16 @@ func TestGarbageCollectorControllerSync(t *testing.T) { ) var ( - r *require.Assertions - subject controllerlib.Controller - kubeInformerClient *kubernetesfake.Clientset - kubeClient *kubernetesfake.Clientset - kubeInformers kubeinformers.SharedInformerFactory - timeoutContext context.Context - timeoutContextCancel context.CancelFunc - syncContext *controllerlib.Context - fakeClock *clock.FakeClock - frozenNow time.Time + r *require.Assertions + subject controllerlib.Controller + kubeInformerClient *kubernetesfake.Clientset + kubeClient *kubernetesfake.Clientset + kubeInformers kubeinformers.SharedInformerFactory + cancelContext context.Context + cancelContextCancelFunc context.CancelFunc + syncContext *controllerlib.Context + fakeClock *clock.FakeClock + frozenNow time.Time ) // Defer starting the informers until the last possible moment so that the @@ -133,7 +133,7 @@ func TestGarbageCollectorControllerSync(t *testing.T) { // Set this at the last second to support calling subject.Name(). syncContext = &controllerlib.Context{ - Context: timeoutContext, + Context: cancelContext, Name: subject.Name(), Key: controllerlib.Key{ Namespace: "", @@ -142,14 +142,14 @@ func TestGarbageCollectorControllerSync(t *testing.T) { } // Must start informers before calling TestRunSynchronously() - kubeInformers.Start(timeoutContext.Done()) + kubeInformers.Start(cancelContext.Done()) controllerlib.TestRunSynchronously(t, subject) } it.Before(func() { r = require.New(t) - timeoutContext, timeoutContextCancel = context.WithTimeout(context.Background(), time.Second*3) + cancelContext, cancelContextCancelFunc = context.WithCancel(context.Background()) kubeInformerClient = kubernetesfake.NewSimpleClientset() kubeClient = kubernetesfake.NewSimpleClientset() @@ -168,7 +168,7 @@ func TestGarbageCollectorControllerSync(t *testing.T) { }) it.After(func() { - timeoutContextCancel() + cancelContextCancelFunc() }) when("there are secrets without the garbage-collect-after annotation", func() { diff --git a/internal/httputil/securityheader/securityheader_test.go b/internal/httputil/securityheader/securityheader_test.go index a0688c1a..7ee7331f 100644 --- a/internal/httputil/securityheader/securityheader_test.go +++ b/internal/httputil/securityheader/securityheader_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package securityheader @@ -22,7 +22,7 @@ func TestWrap(t *testing.T) { }))) t.Cleanup(testServer.Close) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() req, err := http.NewRequestWithContext(ctx, http.MethodGet, testServer.URL, nil) diff --git a/internal/secret/cache_test.go b/internal/secret/cache_test.go index 0934bd58..0a6b500c 100644 --- a/internal/secret/cache_test.go +++ b/internal/secret/cache_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package secret @@ -68,7 +68,7 @@ func TestCacheSynchronized(t *testing.T) { c.SetStateEncoderHashKey(issuer, stateEncoderHashKey) c.SetStateEncoderBlockKey(issuer, stateEncoderBlockKey) - ctx, cancel := context.WithTimeout(context.Background(), time.Second*3) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() eg, _ := errgroup.WithContext(ctx) diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go index eaa7a1b1..8005bcaf 100644 --- a/pkg/oidcclient/login_test.go +++ b/pkg/oidcclient/login_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package oidcclient @@ -941,7 +941,7 @@ func TestHandleAuthCodeCallback(t *testing.T) { require.NoError(t, tt.opt(t)(h)) } - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() resp := httptest.NewRecorder() diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 910d1ac4..e055fccf 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -38,7 +38,7 @@ func TestCLIGetKubeconfigStaticToken(t *testing.T) { library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") // Create a test webhook configuration to use with the CLI. - ctx, cancelFunc := context.WithTimeout(context.Background(), 4*time.Minute) + ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute) defer cancelFunc() authenticator := library.CreateTestWebhookAuthenticator(ctx, t) diff --git a/test/integration/concierge_api_serving_certs_test.go b/test/integration/concierge_api_serving_certs_test.go index 78aefea6..04ee11af 100644 --- a/test/integration/concierge_api_serving_certs_test.go +++ b/test/integration/concierge_api_serving_certs_test.go @@ -78,7 +78,7 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) { kubeClient := library.NewKubernetesClientset(t) aggregatedClient := library.NewAggregatedClientset(t) conciergeClient := library.NewConciergeClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() apiServiceName := "v1alpha1.login.concierge." + env.APIGroupSuffix diff --git a/test/integration/concierge_availability_test.go b/test/integration/concierge_availability_test.go index 575e4fc2..6dc260bf 100644 --- a/test/integration/concierge_availability_test.go +++ b/test/integration/concierge_availability_test.go @@ -20,7 +20,7 @@ func TestGetDeployment(t *testing.T) { env := library.IntegrationEnv(t) client := library.NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() appDeployment, err := client.AppsV1().Deployments(env.ConciergeNamespace).Get(ctx, env.ConciergeAppName, metav1.GetOptions{}) diff --git a/test/integration/concierge_client_test.go b/test/integration/concierge_client_test.go index 1cad0de5..1dc4b6b6 100644 --- a/test/integration/concierge_client_test.go +++ b/test/integration/concierge_client_test.go @@ -59,7 +59,7 @@ func TestClient(t *testing.T) { library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() webhook := library.CreateTestWebhookAuthenticator(ctx, t) diff --git a/test/integration/concierge_credentialissuer_test.go b/test/integration/concierge_credentialissuer_test.go index 4a4881cb..abb4f8be 100644 --- a/test/integration/concierge_credentialissuer_test.go +++ b/test/integration/concierge_credentialissuer_test.go @@ -25,7 +25,7 @@ func TestCredentialIssuer(t *testing.T) { library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() t.Run("test successful CredentialIssuer", func(t *testing.T) { diff --git a/test/integration/concierge_credentialrequest_test.go b/test/integration/concierge_credentialrequest_test.go index 7a37c9c7..de48bf85 100644 --- a/test/integration/concierge_credentialrequest_test.go +++ b/test/integration/concierge_credentialrequest_test.go @@ -27,7 +27,7 @@ func TestUnsuccessfulCredentialRequest(t *testing.T) { library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() response, err := makeRequest(ctx, t, validCredentialRequestSpecWithRealToken(t, corev1.TypedLocalObjectReference{ @@ -137,7 +137,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic // Create a testWebhook so we have a legitimate authenticator to pass to the // TokenCredentialRequest API. - ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() testWebhook := library.CreateTestWebhookAuthenticator(ctx, t) @@ -160,7 +160,7 @@ func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T // Create a testWebhook so we have a legitimate authenticator to pass to the // TokenCredentialRequest API. - ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() testWebhook := library.CreateTestWebhookAuthenticator(ctx, t) @@ -188,7 +188,7 @@ func TestCredentialRequest_OtherwiseValidRequestWithRealTokenShouldFailWhenTheCl library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") - ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() testWebhook := library.CreateTestWebhookAuthenticator(ctx, t) @@ -208,7 +208,7 @@ func makeRequest(ctx context.Context, t *testing.T, spec loginv1alpha1.TokenCred client := library.NewAnonymousConciergeClientset(t) - ctx, cancel := context.WithTimeout(ctx, 10*time.Second) + ctx, cancel := context.WithTimeout(ctx, time.Minute) defer cancel() return client.LoginV1alpha1().TokenCredentialRequests().Create(ctx, &loginv1alpha1.TokenCredentialRequest{ diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index b52c662f..369930f5 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -96,7 +96,7 @@ func TestImpersonationProxy(t *testing.T) { } // At the end of the test, clean up the ConfigMap. t.Cleanup(func() { - ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel = context.WithTimeout(context.Background(), time.Minute) defer cancel() // Delete any version that was created by this test. diff --git a/test/integration/concierge_kubecertagent_test.go b/test/integration/concierge_kubecertagent_test.go index 37392013..73959bf8 100644 --- a/test/integration/concierge_kubecertagent_test.go +++ b/test/integration/concierge_kubecertagent_test.go @@ -30,7 +30,7 @@ func TestKubeCertAgent(t *testing.T) { library.AssertNoRestartsDuringTest(t, env.ConciergeNamespace, "") - ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() kubeClient := library.NewKubernetesClientset(t) diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 84fa8efa..9d6b6787 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -240,7 +240,7 @@ func verifyTokenResponse( nonceParam nonce.Nonce, expectedIDTokenClaims []string, ) { - ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() // Verify the ID Token. @@ -310,7 +310,7 @@ func (s *localCallbackServer) waitForCallback(timeout time.Duration) *http.Reque } func doTokenExchange(t *testing.T, config *oauth2.Config, tokenResponse *oauth2.Token, httpClient *http.Client, provider *coreosoidc.Provider) { - ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() // Form the HTTP POST request with the parameters specified by RFC8693. diff --git a/test/integration/supervisor_storage_garbage_collection_test.go b/test/integration/supervisor_storage_garbage_collection_test.go index c89a66e4..84b82196 100644 --- a/test/integration/supervisor_storage_garbage_collection_test.go +++ b/test/integration/supervisor_storage_garbage_collection_test.go @@ -99,7 +99,7 @@ func createSecret(ctx context.Context, t *testing.T, secrets corev1client.Secret // Make sure the Secret is deleted when the test ends. t.Cleanup(func() { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() err := secrets.Delete(ctx, secret.Name, metav1.DeleteOptions{}) notFound := k8serrors.IsNotFound(err) diff --git a/test/integration/supervisor_storage_test.go b/test/integration/supervisor_storage_test.go index 51d0f70e..5edc4e70 100644 --- a/test/integration/supervisor_storage_test.go +++ b/test/integration/supervisor_storage_test.go @@ -42,13 +42,13 @@ func TestAuthorizeCodeStorage(t *testing.T) { secrets := client.CoreV1().Secrets(env.SupervisorNamespace) t.Cleanup(func() { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() err := secrets.Delete(ctx, name, metav1.DeleteOptions{}) require.NoError(t, err) }) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() // get a session with most of the data filled out diff --git a/test/integration/whoami_test.go b/test/integration/whoami_test.go index de478f52..345347d8 100644 --- a/test/integration/whoami_test.go +++ b/test/integration/whoami_test.go @@ -34,7 +34,7 @@ func TestWhoAmI_Kubeadm(t *testing.T) { // we should add more robust logic around skipping clusters based on vendor _ = library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() whoAmI, err := library.NewConciergeClientset(t).IdentityV1alpha1().WhoAmIRequests(). @@ -63,7 +63,7 @@ func TestWhoAmI_Kubeadm(t *testing.T) { func TestWhoAmI_ServiceAccount_Legacy(t *testing.T) { _ = library.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() kubeClient := library.NewKubernetesClientset(t).CoreV1() @@ -107,7 +107,7 @@ func TestWhoAmI_ServiceAccount_Legacy(t *testing.T) { return false, err } return len(secret.Data[corev1.ServiceAccountTokenKey]) > 0, nil - }, 30*time.Second, time.Second) + }, time.Minute, time.Second) saConfig := library.NewAnonymousClientRestConfig(t) saConfig.BearerToken = string(secret.Data[corev1.ServiceAccountTokenKey]) @@ -140,7 +140,7 @@ func TestWhoAmI_ServiceAccount_Legacy(t *testing.T) { func TestWhoAmI_ServiceAccount_TokenRequest(t *testing.T) { _ = library.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() kubeClient := library.NewKubernetesClientset(t).CoreV1() @@ -258,7 +258,7 @@ func TestWhoAmI_CSR(t *testing.T) { // we should add more robust logic around skipping clusters based on vendor _ = library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() kubeClient := library.NewKubernetesClientset(t) @@ -346,7 +346,7 @@ func TestWhoAmI_CSR(t *testing.T) { func TestWhoAmI_Anonymous(t *testing.T) { _ = library.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() anonymousConfig := library.NewAnonymousClientRestConfig(t) @@ -377,7 +377,7 @@ func TestWhoAmI_Anonymous(t *testing.T) { func TestWhoAmI_ImpersonateDirectly(t *testing.T) { _ = library.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() impersonationConfig := library.NewClientConfig(t) diff --git a/test/library/assertions.go b/test/library/assertions.go index 4db0ee09..90bb4661 100644 --- a/test/library/assertions.go +++ b/test/library/assertions.go @@ -88,7 +88,7 @@ func getRestartCounts(t *testing.T, namespace, labelSelector string) map[string] t.Helper() kubeClient := NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() pods, err := kubeClient.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{LabelSelector: labelSelector}) diff --git a/test/library/client.go b/test/library/client.go index bfb92ee8..1d5fd9e8 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -156,7 +156,7 @@ func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.Ty client := NewConciergeClientset(t) webhooks := client.AuthenticationV1alpha1().WebhookAuthenticators() - createContext, cancel := context.WithTimeout(ctx, 5*time.Second) + createContext, cancel := context.WithTimeout(ctx, time.Minute) defer cancel() webhook, err := webhooks.Create(createContext, &auth1alpha1.WebhookAuthenticator{ @@ -169,7 +169,7 @@ func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.Ty t.Cleanup(func() { t.Helper() t.Logf("cleaning up test WebhookAuthenticator %s/%s", webhook.Namespace, webhook.Name) - deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + deleteCtx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() err := webhooks.Delete(deleteCtx, webhook.Name, metav1.DeleteOptions{}) require.NoErrorf(t, err, "could not cleanup test WebhookAuthenticator %s/%s", webhook.Namespace, webhook.Name) @@ -219,7 +219,7 @@ func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alp client := NewConciergeClientset(t) jwtAuthenticators := client.AuthenticationV1alpha1().JWTAuthenticators() - createContext, cancel := context.WithTimeout(ctx, 5*time.Second) + createContext, cancel := context.WithTimeout(ctx, time.Minute) defer cancel() jwtAuthenticator, err := jwtAuthenticators.Create(createContext, &auth1alpha1.JWTAuthenticator{ @@ -232,7 +232,7 @@ func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alp t.Cleanup(func() { t.Helper() t.Logf("cleaning up test JWTAuthenticator %s/%s", jwtAuthenticator.Namespace, jwtAuthenticator.Name) - deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + deleteCtx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() err := jwtAuthenticators.Delete(deleteCtx, jwtAuthenticator.Name, metav1.DeleteOptions{}) require.NoErrorf(t, err, "could not cleanup test JWTAuthenticator %s/%s", jwtAuthenticator.Namespace, jwtAuthenticator.Name) @@ -255,7 +255,7 @@ func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string t.Helper() testEnv := IntegrationEnv(t) - createContext, cancel := context.WithTimeout(ctx, 5*time.Second) + createContext, cancel := context.WithTimeout(ctx, time.Minute) defer cancel() if issuer == "" { @@ -276,7 +276,7 @@ func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string t.Cleanup(func() { t.Helper() t.Logf("cleaning up test FederationDomain %s/%s", federationDomain.Namespace, federationDomain.Name) - deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + deleteCtx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() err := federationDomains.Delete(deleteCtx, federationDomain.Name, metav1.DeleteOptions{}) notFound := k8serrors.IsNotFound(err) @@ -330,7 +330,7 @@ func RandHex(t *testing.T, numBytes int) string { func CreateTestSecret(t *testing.T, namespace string, baseName string, secretType corev1.SecretType, stringData map[string]string) *corev1.Secret { t.Helper() client := NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() created, err := client.CoreV1().Secrets(namespace).Create(ctx, &corev1.Secret{ @@ -401,7 +401,7 @@ func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityP func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding { t.Helper() client := NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() // Create the ClusterRoleBinding using GenerateName to get a random name. @@ -426,7 +426,7 @@ func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef func WaitForUserToHaveAccess(t *testing.T, user string, groups []string, shouldHaveAccessTo *authorizationv1.ResourceAttributes) { t.Helper() client := NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() RequireEventuallyWithoutError(t, func() (bool, error) { @@ -441,7 +441,7 @@ func WaitForUserToHaveAccess(t *testing.T, user string, groups []string, shouldH return false, err } return subjectAccessReview.Status.Allowed, nil - }, 10*time.Second, 500*time.Millisecond) + }, time.Minute, 500*time.Millisecond) } func testObjectMeta(t *testing.T, baseName string) metav1.ObjectMeta { diff --git a/test/library/dumplogs.go b/test/library/dumplogs.go index dca0d276..f2eaaa4a 100644 --- a/test/library/dumplogs.go +++ b/test/library/dumplogs.go @@ -22,7 +22,7 @@ func DumpLogs(t *testing.T, namespace string, labelSelector string) { } kubeClient := NewKubernetesClientset(t) - ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() logTailLines := int64(40)