From 1bd3d8b929cfc708f3892b12745ed3c847dacd79 Mon Sep 17 00:00:00 2001 From: Jean Rouge Date: Wed, 29 May 2019 14:04:13 -0700 Subject: [PATCH] Not asking for sudo passwords for password-less sudo users any more Running hack/make-rules/test-e2e-node.sh or test/e2e_node/conformance/run_test.sh with a password-less sudo user on a dev box right now requires to first create a password for that user, and then type it every time one wants to run these tests. This patch is fixing this by not asking for sudo credentials if it seems the user can run any command without a password. Signed-off-by: Jean Rouge --- hack/make-rules/test-e2e-node.sh | 15 +++++++++++---- test/e2e_node/conformance/run_test.sh | 14 +++++++++++--- test/e2e_node/node_container_manager_test.go | 2 +- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/hack/make-rules/test-e2e-node.sh b/hack/make-rules/test-e2e-node.sh index 0b8efff34ea..ec8f663a994 100755 --- a/hack/make-rules/test-e2e-node.sh +++ b/hack/make-rules/test-e2e-node.sh @@ -154,10 +154,17 @@ if [ "${remote}" = true ] ; then exit $? else - # Refresh sudo credentials for local run - if ! ping -c 1 -q metadata.google.internal &> /dev/null; then - echo "Updating sudo credentials" - sudo -v || exit 1 + # Refresh sudo credentials if needed + if ping -c 1 -q metadata.google.internal &> /dev/null; then + echo 'Running on CGE, not asking for sudo credentials' + elif sudo --non-interactive "$(which bash)" -c true 2> /dev/null; then + # if we can run bash without a password, it's a pretty safe bet that either + # we can run any command without a password, or that sudo credentials + # are already cached - and they've just been re-cached + echo 'No need to refresh sudo credentials' + else + echo 'Updating sudo credentials' + sudo --validate || exit 1 fi # Do not use any network plugin by default. User could override the flags with diff --git a/test/e2e_node/conformance/run_test.sh b/test/e2e_node/conformance/run_test.sh index cd7e2684fcc..5d4dd4a4611 100755 --- a/test/e2e_node/conformance/run_test.sh +++ b/test/e2e_node/conformance/run_test.sh @@ -24,9 +24,17 @@ # TODO(random-liu): Use standard tool to start kubelet in production way (such # as systemd, supervisord etc.) -# Refresh sudo credentials if not running on GCE. -if ! ping -c 1 -q metadata.google.internal &> /dev/null; then - sudo -v || exit 1 +# Refresh sudo credentials if needed +if ping -c 1 -q metadata.google.internal &> /dev/null; then + echo 'Running on CGE, not asking for sudo credentials' +elif sudo --non-interactive "$(which bash)" -c true 2> /dev/null; then + # if we can run bash without a password, it's a pretty safe bet that either + # we can run any command without a password, or that sudo credentials + # are already cached - and they've just been re-cached + echo 'No need to refresh sudo credentials' +else + echo 'Updating sudo credentials' + sudo --validate || exit 1 fi # FOCUS is ginkgo focus to select which tests to run. By default, FOCUS is diff --git a/test/e2e_node/node_container_manager_test.go b/test/e2e_node/node_container_manager_test.go index a15631ec798..2be3d1ed6f4 100644 --- a/test/e2e_node/node_container_manager_test.go +++ b/test/e2e_node/node_container_manager_test.go @@ -60,7 +60,7 @@ func setDesiredConfiguration(initialConfig *kubeletconfig.KubeletConfiguration) var _ = framework.KubeDescribe("Node Container Manager [Serial]", func() { f := framework.NewDefaultFramework("node-container-manager") Describe("Validate Node Allocatable [NodeFeature:NodeAllocatable]", func() { - It("set's up the node and runs the test", func() { + It("sets up the node and runs the test", func() { framework.ExpectNoError(runTest(f)) }) })