diff --git a/hack/.staticcheck_failures b/hack/.staticcheck_failures index 19060e68c17..b53a43a9462 100644 --- a/hack/.staticcheck_failures +++ b/hack/.staticcheck_failures @@ -53,7 +53,6 @@ test/e2e/apps test/e2e/autoscaling test/e2e/instrumentation/logging/stackdriver test/e2e/instrumentation/monitoring -test/integration/auth test/integration/deployment test/integration/etcd test/integration/examples diff --git a/test/integration/auth/BUILD b/test/integration/auth/BUILD index f97b600dada..0f2afcbabcc 100644 --- a/test/integration/auth/BUILD +++ b/test/integration/auth/BUILD @@ -53,13 +53,10 @@ go_test( "//staging/src/k8s.io/api/policy/v1beta1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/api/storage/v1:go_default_library", - "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library", - "//staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", @@ -79,7 +76,6 @@ go_test( "//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/tokentest:go_default_library", "//staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook:go_default_library", "//staging/src/k8s.io/client-go/kubernetes:go_default_library", - "//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library", "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library", "//staging/src/k8s.io/client-go/rest:go_default_library", "//staging/src/k8s.io/client-go/tools/cache:go_default_library", diff --git a/test/integration/auth/auth_test.go b/test/integration/auth/auth_test.go index da3e85e78aa..3ecfab3a7fd 100644 --- a/test/integration/auth/auth_test.go +++ b/test/integration/auth/auth_test.go @@ -460,11 +460,11 @@ func TestAuthModeAlwaysAllow(t *testing.T) { } func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() b, _ := ioutil.ReadAll(resp.Body) if _, ok := r.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", r) @@ -541,11 +541,11 @@ func TestAuthModeAlwaysDeny(t *testing.T) { } func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() if resp.StatusCode != http.StatusForbidden { t.Logf("case %v", r) t.Errorf("Expected status Forbidden but got status %v", resp.Status) @@ -610,11 +610,11 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() b, _ := ioutil.ReadAll(resp.Body) if _, ok := r.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", r) @@ -662,11 +662,11 @@ func TestBobIsForbidden(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all of bob's actions to return Forbidden if resp.StatusCode != http.StatusForbidden { t.Logf("case %v", r) @@ -705,11 +705,11 @@ func TestUnknownUserIsUnauthorized(t *testing.T) { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all of unauthenticated user's request to be "Unauthorized" if resp.StatusCode != http.StatusUnauthorized { t.Logf("case %v", r) @@ -769,11 +769,11 @@ func TestImpersonateIsForbidden(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all of bob's actions to return Forbidden if resp.StatusCode != http.StatusForbidden { t.Logf("case %v", r) @@ -794,11 +794,11 @@ func TestImpersonateIsForbidden(t *testing.T) { req.Header.Set("Impersonate-User", "alice") func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all the requests to be allowed, don't care what they actually do if resp.StatusCode == http.StatusForbidden { t.Logf("case %v", r) @@ -820,11 +820,11 @@ func TestImpersonateIsForbidden(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all of bob's actions to return Forbidden if resp.StatusCode != http.StatusForbidden { t.Logf("case %v", r) @@ -845,11 +845,11 @@ func TestImpersonateIsForbidden(t *testing.T) { req.Header.Set("Impersonate-User", serviceaccount.MakeUsername("default", "default")) func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all the requests to be allowed, don't care what they actually do if resp.StatusCode == http.StatusForbidden { t.Logf("case %v", r) @@ -926,11 +926,11 @@ func TestAuthorizationAttributeDetermination(t *testing.T) { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() found := false for i := currentAuthorizationAttributesIndex; i < len(trackingAuthorizer.requestAttributes); i++ { @@ -1024,11 +1024,11 @@ func TestNamespaceAuthorization(t *testing.T) { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() b, _ := ioutil.ReadAll(resp.Body) if _, ok := r.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", r) @@ -1109,11 +1109,11 @@ func TestKindAuthorization(t *testing.T) { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() b, _ := ioutil.ReadAll(resp.Body) if _, ok := r.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", r) @@ -1173,11 +1173,11 @@ func TestReadOnlyAuthorization(t *testing.T) { req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() if _, ok := r.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", r) t.Errorf("Expected status one of %v, but got %v", r.statusCodes, resp.StatusCode) @@ -1223,11 +1223,11 @@ func TestWebhookTokenAuthenticator(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", r) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() // Expect all of Bob's actions to return Forbidden if resp.StatusCode != http.StatusForbidden { t.Logf("case %v", r) diff --git a/test/integration/auth/bootstraptoken_test.go b/test/integration/auth/bootstraptoken_test.go index fc589a4bfcd..06ef1c89b5c 100644 --- a/test/integration/auth/bootstraptoken_test.go +++ b/test/integration/auth/bootstraptoken_test.go @@ -160,11 +160,11 @@ func TestBootstrapTokenAuth(t *testing.T) { func() { resp, err := transport.RoundTrip(req) - defer resp.Body.Close() if err != nil { t.Logf("case %v", test.name) t.Fatalf("unexpected error: %v", err) } + defer resp.Body.Close() b, _ := ioutil.ReadAll(resp.Body) if _, ok := test.request.statusCodes[resp.StatusCode]; !ok { t.Logf("case %v", test.name) diff --git a/test/integration/auth/node_test.go b/test/integration/auth/node_test.go index 3c5885c7528..73c7b3ed843 100644 --- a/test/integration/auth/node_test.go +++ b/test/integration/auth/node_test.go @@ -27,16 +27,13 @@ import ( corev1 "k8s.io/api/core/v1" policy "k8s.io/api/policy/v1beta1" storagev1 "k8s.io/api/storage/v1" - apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" utilfeature "k8s.io/apiserver/pkg/util/feature" clientset "k8s.io/client-go/kubernetes" - "k8s.io/client-go/kubernetes/scheme" featuregatetesting "k8s.io/component-base/featuregate/testing" kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" "k8s.io/kubernetes/pkg/features" @@ -656,17 +653,3 @@ func expectAllowed(t *testing.T, f func() error) { t.Errorf("Expected no error, got %v", err) } } - -// crdFromManifest reads a .json/yaml file and returns the CRD in it. -func crdFromManifest(filename string) (*apiextensionsv1beta1.CustomResourceDefinition, error) { - var crd apiextensionsv1beta1.CustomResourceDefinition - data, err := ioutil.ReadFile(filename) - if err != nil { - return nil, err - } - - if err := runtime.DecodeInto(scheme.Codecs.UniversalDecoder(), data, &crd); err != nil { - return nil, err - } - return &crd, nil -} diff --git a/test/integration/auth/rbac_test.go b/test/integration/auth/rbac_test.go index da7461fb920..f8f265fd6c5 100644 --- a/test/integration/auth/rbac_test.go +++ b/test/integration/auth/rbac_test.go @@ -30,7 +30,6 @@ import ( "time" rbacapi "k8s.io/api/rbac/v1" - apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" @@ -78,12 +77,6 @@ func clientsetForToken(user string, config *restclient.Config) (clientset.Interf return clientset.NewForConfigOrDie(&configCopy), clientset.NewForConfigOrDie(&configCopy) } -func crdClientsetForToken(user string, config *restclient.Config) apiextensionsclient.Interface { - configCopy := *config - configCopy.BearerToken = user - return apiextensionsclient.NewForConfigOrDie(&configCopy) -} - type testRESTOptionsGetter struct { config *master.Config } @@ -723,6 +716,9 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) { // existed prior to v1.14, but with user modifications. t.Logf("Modifying default `system:discovery` ClusterRoleBinding") discRoleBinding, err := client.RbacV1().ClusterRoleBindings().Get("system:discovery", metav1.GetOptions{}) + if err != nil { + t.Fatalf("Failed to get `system:discovery` ClusterRoleBinding: %v", err) + } discRoleBinding.Annotations["rbac.authorization.kubernetes.io/autoupdate"] = "false" discRoleBinding.Annotations["rbac-discovery-upgrade-test"] = "pass" discRoleBinding.Subjects = []rbacapi.Subject{ @@ -737,6 +733,9 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) { } t.Logf("Modifying default `system:basic-user` ClusterRoleBinding") basicUserRoleBinding, err := client.RbacV1().ClusterRoleBindings().Get("system:basic-user", metav1.GetOptions{}) + if err != nil { + t.Fatalf("Failed to get `system:basic-user` ClusterRoleBinding: %v", err) + } basicUserRoleBinding.Annotations["rbac.authorization.kubernetes.io/autoupdate"] = "false" basicUserRoleBinding.Annotations["rbac-discovery-upgrade-test"] = "pass" if basicUserRoleBinding, err = client.RbacV1().ClusterRoleBindings().Update(basicUserRoleBinding); err != nil {