From 6791ba2590726912f9014e00abb139e7522e5ee1 Mon Sep 17 00:00:00 2001
From: kidddddddddddddddddddddd <1062602710@qq.com>
Date: Sat, 7 May 2022 11:58:06 +0800
Subject: [PATCH] test/e2e/auth: enhance assertions

---
 test/e2e/auth/certificates.go     | 32 +++++++++++++++++++++-------
 test/e2e/auth/node_authz.go       | 30 +++++++++++++++++++-------
 test/e2e/auth/service_accounts.go | 35 +++++++++++++++++++++----------
 3 files changed, 70 insertions(+), 27 deletions(-)

diff --git a/test/e2e/auth/certificates.go b/test/e2e/auth/certificates.go
index da6f1c68601..ba37827e90d 100644
--- a/test/e2e/auth/certificates.go
+++ b/test/e2e/auth/certificates.go
@@ -243,7 +243,9 @@ var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
 					}
 				}
 			}
-			framework.ExpectEqual(found, true, fmt.Sprintf("expected certificates API group/version, got %#v", discoveryGroups.Groups))
+			if !found {
+				framework.Failf("expected certificates API group/version, got %#v", discoveryGroups.Groups)
+			}
 		}
 
 		ginkgo.By("getting /apis/certificates.k8s.io")
@@ -258,7 +260,9 @@ var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
 					break
 				}
 			}
-			framework.ExpectEqual(found, true, fmt.Sprintf("expected certificates API version, got %#v", group.Versions))
+			if !found {
+				framework.Failf("expected certificates API version, got %#v", group.Versions)
+			}
 		}
 
 		ginkgo.By("getting /apis/certificates.k8s.io/" + csrVersion)
@@ -276,9 +280,15 @@ var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
 					foundStatus = true
 				}
 			}
-			framework.ExpectEqual(foundCSR, true, fmt.Sprintf("expected certificatesigningrequests, got %#v", resources.APIResources))
-			framework.ExpectEqual(foundApproval, true, fmt.Sprintf("expected certificatesigningrequests/approval, got %#v", resources.APIResources))
-			framework.ExpectEqual(foundStatus, true, fmt.Sprintf("expected certificatesigningrequests/status, got %#v", resources.APIResources))
+			if !foundCSR {
+				framework.Failf("expected certificatesigningrequests, got %#v", resources.APIResources)
+			}
+			if !foundApproval {
+				framework.Failf("expected certificatesigningrequests/approval, got %#v", resources.APIResources)
+			}
+			if !foundStatus {
+				framework.Failf("expected certificatesigningrequests/status, got %#v", resources.APIResources)
+			}
 		}
 
 		// Main resource create/read/update/watch operations
@@ -323,10 +333,14 @@ var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
 		for sawAnnotations := false; !sawAnnotations; {
 			select {
 			case evt, ok := <-csrWatch.ResultChan():
-				framework.ExpectEqual(ok, true, "watch channel should not close")
+				if !ok {
+					framework.Fail("watch channel should not close")
+				}
 				framework.ExpectEqual(evt.Type, watch.Modified)
 				watchedCSR, isCSR := evt.Object.(*certificatesv1.CertificateSigningRequest)
-				framework.ExpectEqual(isCSR, true, fmt.Sprintf("expected CSR, got %T", evt.Object))
+				if !isCSR {
+					framework.Failf("expected CSR, got %T", evt.Object)
+				}
 				if watchedCSR.Annotations["patched"] == "true" {
 					framework.Logf("saw patched and updated annotations")
 					sawAnnotations = true
@@ -404,7 +418,9 @@ var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
 		err = csrClient.Delete(context.TODO(), createdCSR.Name, metav1.DeleteOptions{})
 		framework.ExpectNoError(err)
 		_, err = csrClient.Get(context.TODO(), createdCSR.Name, metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsNotFound(err), true, fmt.Sprintf("expected 404, got %#v", err))
+		if !apierrors.IsNotFound(err) {
+			framework.Failf("expected 404, got %#v", err)
+		}
 		csrs, err = csrClient.List(context.TODO(), metav1.ListOptions{FieldSelector: "spec.signerName=" + signerName})
 		framework.ExpectNoError(err)
 		framework.ExpectEqual(len(csrs.Items), 2, "filtered list should have 2 items")
diff --git a/test/e2e/auth/node_authz.go b/test/e2e/auth/node_authz.go
index ab238c0339a..53f5d564018 100644
--- a/test/e2e/auth/node_authz.go
+++ b/test/e2e/auth/node_authz.go
@@ -19,10 +19,10 @@ package auth
 import (
 	"context"
 	"fmt"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"time"
 
 	v1 "k8s.io/api/core/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
@@ -69,7 +69,9 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 	})
 	ginkgo.It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().Secrets(ns).Get(context.TODO(), "foo", metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 
 	ginkgo.It("Getting an existing secret should exit with the Forbidden error", func() {
@@ -84,12 +86,16 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().Secrets(ns).Create(context.TODO(), secret, metav1.CreateOptions{})
 		framework.ExpectNoError(err, "failed to create secret (%s:%s) %+v", ns, secret.Name, *secret)
 		_, err = c.CoreV1().Secrets(ns).Get(context.TODO(), secret.Name, metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 
 	ginkgo.It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().ConfigMaps(ns).Get(context.TODO(), "foo", metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 
 	ginkgo.It("Getting an existing configmap should exit with the Forbidden error", func() {
@@ -106,7 +112,9 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(context.TODO(), configmap, metav1.CreateOptions{})
 		framework.ExpectNoError(err, "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap)
 		_, err = c.CoreV1().ConfigMaps(ns).Get(context.TODO(), configmap.Name, metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 
 	ginkgo.It("Getting a secret for a workload the node has access to should succeed", func() {
@@ -125,7 +133,9 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 
 		ginkgo.By("Node should not get the secret")
 		_, err = c.CoreV1().Secrets(ns).Get(context.TODO(), secret.Name, metav1.GetOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 
 		ginkgo.By("Create a pod that use the secret")
 		pod := &v1.Pod{
@@ -187,12 +197,16 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		defer func() {
 			f.ClientSet.CoreV1().Nodes().Delete(context.TODO(), node.Name, metav1.DeleteOptions{})
 		}()
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 
 	ginkgo.It("A node shouldn't be able to delete another node", func() {
 		ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser))
 		err := c.CoreV1().Nodes().Delete(context.TODO(), "foo", metav1.DeleteOptions{})
-		framework.ExpectEqual(apierrors.IsForbidden(err), true)
+		if !apierrors.IsForbidden(err) {
+			framework.Failf("should be a forbidden error, got %#v", err)
+		}
 	})
 })
diff --git a/test/e2e/auth/service_accounts.go b/test/e2e/auth/service_accounts.go
index bbbba91f154..82fedea16cc 100644
--- a/test/e2e/auth/service_accounts.go
+++ b/test/e2e/auth/service_accounts.go
@@ -113,13 +113,21 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		tokenReview := &authenticationv1.TokenReview{Spec: authenticationv1.TokenReviewSpec{Token: mountedToken}}
 		tokenReview, err = f.ClientSet.AuthenticationV1().TokenReviews().Create(context.TODO(), tokenReview, metav1.CreateOptions{})
 		framework.ExpectNoError(err)
-		framework.ExpectEqual(tokenReview.Status.Authenticated, true)
+		if !tokenReview.Status.Authenticated {
+			framework.Fail("tokenReview is not authenticated")
+		}
 		framework.ExpectEqual(tokenReview.Status.Error, "")
 		framework.ExpectEqual(tokenReview.Status.User.Username, "system:serviceaccount:"+f.Namespace.Name+":"+sa.Name)
 		groups := sets.NewString(tokenReview.Status.User.Groups...)
-		framework.ExpectEqual(groups.Has("system:authenticated"), true, fmt.Sprintf("expected system:authenticated group, had %v", groups.List()))
-		framework.ExpectEqual(groups.Has("system:serviceaccounts"), true, fmt.Sprintf("expected system:serviceaccounts group, had %v", groups.List()))
-		framework.ExpectEqual(groups.Has("system:serviceaccounts:"+f.Namespace.Name), true, fmt.Sprintf("expected system:serviceaccounts:"+f.Namespace.Name+" group, had %v", groups.List()))
+		if !groups.Has("system:authenticated") {
+			framework.Failf("expected system:authenticated group, had %v", groups.List())
+		}
+		if !groups.Has("system:serviceaccounts") {
+			framework.Failf("expected system:serviceaccounts group, had %v", groups.List())
+		}
+		if !groups.Has("system:serviceaccounts:" + f.Namespace.Name) {
+			framework.Failf("expected system:serviceaccounts:%s group, had %v", f.Namespace.Name, groups.List())
+		}
 	})
 
 	/*
@@ -671,8 +679,9 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 				break
 			}
 		}
-		framework.ExpectEqual(eventFound, true, "failed to find %v event", watch.Added)
-
+		if !eventFound {
+			framework.Failf("failed to find %v event", watch.Added)
+		}
 		ginkgo.By("patching the ServiceAccount")
 		boolFalse := false
 		testServiceAccountPatchData, err := json.Marshal(v1.ServiceAccount{
@@ -688,8 +697,9 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 				break
 			}
 		}
-		framework.ExpectEqual(eventFound, true, "failed to find %v event", watch.Modified)
-
+		if !eventFound {
+			framework.Failf("failed to find %v event", watch.Modified)
+		}
 		ginkgo.By("finding ServiceAccount in list of all ServiceAccounts (by LabelSelector)")
 		serviceAccountList, err := f.ClientSet.CoreV1().ServiceAccounts("").List(context.TODO(), metav1.ListOptions{LabelSelector: testServiceAccountStaticLabelsFlat})
 		framework.ExpectNoError(err, "failed to list ServiceAccounts by LabelSelector")
@@ -700,8 +710,9 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 				break
 			}
 		}
-		framework.ExpectEqual(foundServiceAccount, true, "failed to find the created ServiceAccount")
-
+		if !foundServiceAccount {
+			framework.Fail("failed to find the created ServiceAccount")
+		}
 		ginkgo.By("deleting the ServiceAccount")
 		err = f.ClientSet.CoreV1().ServiceAccounts(testNamespaceName).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{})
 		framework.ExpectNoError(err, "failed to delete the ServiceAccount by Collection")
@@ -712,7 +723,9 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 				break
 			}
 		}
-		framework.ExpectEqual(eventFound, true, "failed to find %v event", watch.Deleted)
+		if !eventFound {
+			framework.Failf("failed to find %v event", watch.Deleted)
+		}
 	})
 
 	/*