mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Add ServiceAccount resource lifecycle test
This commit is contained in:
parent
b35fdbc037
commit
23d4367cff
@ -18,6 +18,7 @@ package auth
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"path"
|
"path"
|
||||||
"regexp"
|
"regexp"
|
||||||
@ -29,9 +30,11 @@ import (
|
|||||||
rbacv1 "k8s.io/api/rbac/v1"
|
rbacv1 "k8s.io/api/rbac/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
"k8s.io/apimachinery/pkg/types"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
"k8s.io/apimachinery/pkg/util/uuid"
|
"k8s.io/apimachinery/pkg/util/uuid"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
|
watch "k8s.io/apimachinery/pkg/watch"
|
||||||
"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
|
"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
|
||||||
"k8s.io/kubernetes/test/e2e/framework"
|
"k8s.io/kubernetes/test/e2e/framework"
|
||||||
e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"
|
e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"
|
||||||
@ -621,6 +624,92 @@ var _ = SIGDescribe("ServiceAccounts", func() {
|
|||||||
framework.ExpectNoError(podErr)
|
framework.ExpectNoError(podErr)
|
||||||
framework.Logf("completed pod")
|
framework.Logf("completed pod")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
ginkgo.It("should run through the lifecycle of a ServiceAccount", func() {
|
||||||
|
testNamespaceName := f.Namespace.Name
|
||||||
|
testServiceAccountName := "testserviceaccount"
|
||||||
|
testSecretName := "testsecret"
|
||||||
|
testServiceAccountStaticLabels := map[string]string{"test-serviceaccount-static": "true"}
|
||||||
|
testServiceAccountStaticLabelsFlat := "test-serviceaccount-static=true"
|
||||||
|
|
||||||
|
ginkgo.By("creating a ServiceAccount")
|
||||||
|
testServiceAccount := v1.ServiceAccount{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: testServiceAccountName,
|
||||||
|
Labels: testServiceAccountStaticLabels,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
_, err := f.ClientSet.CoreV1().ServiceAccounts(testNamespaceName).Create(context.TODO(), &testServiceAccount, metav1.CreateOptions{})
|
||||||
|
framework.ExpectNoError(err, "failed to create a ServiceAccount")
|
||||||
|
ginkgo.By("creating a Secret")
|
||||||
|
testSecret := v1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: testSecretName,
|
||||||
|
},
|
||||||
|
Data: map[string][]byte{
|
||||||
|
"test-field": []byte("test-value"),
|
||||||
|
},
|
||||||
|
Type: "Opaque",
|
||||||
|
}
|
||||||
|
_, err = f.ClientSet.CoreV1().Secrets(testNamespaceName).Create(context.TODO(), &testSecret, metav1.CreateOptions{})
|
||||||
|
framework.ExpectNoError(err, "failed to create a Secret")
|
||||||
|
|
||||||
|
fmt.Println("watching for the ServiceAccount to be added")
|
||||||
|
resourceWatchTimeoutSeconds := int64(180)
|
||||||
|
resourceWatch, err := f.ClientSet.CoreV1().ServiceAccounts(testNamespaceName).Watch(context.TODO(), metav1.ListOptions{LabelSelector: testServiceAccountStaticLabelsFlat, TimeoutSeconds: &resourceWatchTimeoutSeconds})
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err, "failed to setup watch on newly created ServiceAccount")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
resourceWatchChan := resourceWatch.ResultChan()
|
||||||
|
for watchEvent := range resourceWatchChan {
|
||||||
|
if watchEvent.Type == watch.Added {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
defer func() {
|
||||||
|
ginkgo.By("deleting the ServiceAccount")
|
||||||
|
err = f.ClientSet.CoreV1().ServiceAccounts(testNamespaceName).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{})
|
||||||
|
framework.ExpectNoError(err, "failed to delete the ServiceAccount by Collection")
|
||||||
|
for watchEvent := range resourceWatchChan {
|
||||||
|
if watchEvent.Type == watch.Deleted {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ginkgo.By("deleting the Secret")
|
||||||
|
err = f.ClientSet.CoreV1().Secrets(testNamespaceName).Delete(context.TODO(), testSecretName, metav1.DeleteOptions{})
|
||||||
|
framework.ExpectNoError(err, "failed to delete the Secret")
|
||||||
|
}()
|
||||||
|
|
||||||
|
ginkgo.By("patching the ServiceAccount")
|
||||||
|
testServiceAccountPatchData, err := json.Marshal(map[string]interface{}{
|
||||||
|
"secrets": []map[string]interface{}{{
|
||||||
|
"name": testSecretName,
|
||||||
|
}},
|
||||||
|
})
|
||||||
|
framework.ExpectNoError(err, "failed to marshal JSON patch for the ServiceAccount")
|
||||||
|
_, err = f.ClientSet.CoreV1().ServiceAccounts(testNamespaceName).Patch(context.TODO(), testServiceAccountName, types.StrategicMergePatchType, []byte(testServiceAccountPatchData), metav1.PatchOptions{})
|
||||||
|
framework.ExpectNoError(err, "failed to patch the ServiceAccount")
|
||||||
|
for watchEvent := range resourceWatchChan {
|
||||||
|
if watchEvent.Type == watch.Modified {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ginkgo.By("finding ServiceAccount in list of all ServiceAccounts (by LabelSelector)")
|
||||||
|
serviceAccountList, err := f.ClientSet.CoreV1().ServiceAccounts("").List(context.TODO(), metav1.ListOptions{LabelSelector: testServiceAccountStaticLabelsFlat})
|
||||||
|
foundServiceAccount := false
|
||||||
|
for _, serviceAccountItem := range serviceAccountList.Items {
|
||||||
|
if serviceAccountItem.ObjectMeta.Name == testServiceAccountName && serviceAccountItem.ObjectMeta.Namespace == testNamespaceName && serviceAccountItem.Secrets[0].Name == testSecretName {
|
||||||
|
foundServiceAccount = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
framework.ExpectEqual(foundServiceAccount, true, "failed to find the created ServiceAccount")
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
var reportLogsParser = regexp.MustCompile("([a-zA-Z0-9-_]*)=([a-zA-Z0-9-_]*)$")
|
var reportLogsParser = regexp.MustCompile("([a-zA-Z0-9-_]*)=([a-zA-Z0-9-_]*)$")
|
||||||
|
Loading…
Reference in New Issue
Block a user