make service_account e2e test verify that RootCA cert file exists

test/e2e/service_accounts.go

@@ -37,6 +37,7 @@ var _ = Describe("ServiceAccounts", func() {
 	It("should mount an API token into pods", func() {
 		var tokenName string
 		var tokenContent string
+		var rootCAContent string
 
 		// Standard get, update retry loop
 		expectNoError(wait.Poll(time.Millisecond*500, time.Second*10, func() (bool, error) {
@@ -54,6 +55,7 @@ var _ = Describe("ServiceAccounts", func() {
 			}
 			tokenName = secrets.Items[0].Name
 			tokenContent = string(secrets.Items[0].Data[api.ServiceAccountTokenKey])
+			rootCAContent = string(secrets.Items[0].Data[api.ServiceAccountRootCAKey])
 			return true, nil
 		}))
 
@@ -64,12 +66,19 @@ var _ = Describe("ServiceAccounts", func() {
 			Spec: api.PodSpec{
 				Containers: []api.Container{
 					{
-						Name:  "service-account-test",
+						Name:  "token-test",
 						Image: "gcr.io/google_containers/mounttest:0.2",
 						Args: []string{
 							fmt.Sprintf("--file_content=%s/%s", serviceaccount.DefaultAPITokenMountPath, api.ServiceAccountTokenKey),
 						},
 					},
+					{
+						Name:  "root-ca-test",
+						Image: "gcr.io/google_containers/mounttest:0.2",
+						Args: []string{
+							fmt.Sprintf("--file_content=%s/%s", serviceaccount.DefaultAPITokenMountPath, api.ServiceAccountRootCAKey),
+						},
+					},
 				},
 				RestartPolicy: api.RestartPolicyNever,
 			},
@@ -78,5 +87,8 @@ var _ = Describe("ServiceAccounts", func() {
 		f.TestContainerOutput("consume service account token", pod, 0, []string{
 			fmt.Sprintf(`content of file "%s/%s": %s`, serviceaccount.DefaultAPITokenMountPath, api.ServiceAccountTokenKey, tokenContent),
 		})
+		f.TestContainerOutput("consume service account root CA", pod, 1, []string{
+			fmt.Sprintf(`content of file "%s/%s": %s`, serviceaccount.DefaultAPITokenMountPath, api.ServiceAccountRootCAKey, rootCAContent),
+		})
 	})
 })