diff --git a/hack/.golint_failures b/hack/.golint_failures index 064c109f162..311a96ee845 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -600,7 +600,6 @@ staging/src/k8s.io/sample-apiserver/pkg/registry/wardle/flunder staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller/v1alpha1 test/e2e -test/e2e/auth test/e2e/autoscaling test/e2e/chaosmonkey test/e2e/common diff --git a/test/e2e/auth/audit.go b/test/e2e/auth/audit.go index 579341831ad..dcd05853dbd 100644 --- a/test/e2e/auth/audit.go +++ b/test/e2e/auth/audit.go @@ -42,7 +42,7 @@ import ( imageutils "k8s.io/kubernetes/test/utils/image" jsonpatch "github.com/evanphx/json-patch" - . "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo" ) var ( @@ -62,12 +62,12 @@ var ( var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { f := framework.NewDefaultFramework("audit") var namespace string - BeforeEach(func() { + ginkgo.BeforeEach(func() { framework.SkipUnlessProviderIs("gce") namespace = f.Namespace.Name }) - It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() { + ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() { pod := &apiv1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "audit-pod", @@ -201,7 +201,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) }) - It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() { + ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() { podLabels := map[string]string{"name": "audit-deployment-pod"} d := e2edeploy.NewDeployment("audit-deployment", int32(1), podLabels, "redis", imageutils.GetE2EImage(imageutils.Redis), apps.RecreateDeploymentStrategyType) @@ -328,7 +328,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) }) - It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() { + ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() { configMap := &apiv1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "audit-configmap", @@ -461,7 +461,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) }) - It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() { + ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() { secret := &apiv1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "audit-secret", @@ -593,7 +593,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) }) - It("should audit API calls to create and delete custom resource definition.", func() { + ginkgo.It("should audit API calls to create and delete custom resource definition.", func() { config, err := framework.LoadConfig() framework.ExpectNoError(err, "failed to load config") apiExtensionClient, err := apiextensionclientset.NewForConfig(config) @@ -654,12 +654,12 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) // test authorizer annotations, RBAC is required. - It("should audit API calls to get a pod with unauthorized user.", func() { + ginkgo.It("should audit API calls to get a pod with unauthorized user.", func() { if !auth.IsRBACEnabled(f.ClientSet.RbacV1beta1()) { framework.Skipf("RBAC not enabled.") } - By("Creating a kubernetes client that impersonates an unauthorized anonymous user") + ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user") config, err := framework.LoadConfig() framework.ExpectNoError(err) config.Impersonate = restclient.ImpersonationConfig{ @@ -691,8 +691,8 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() { }) }) - It("should list pods as impersonated user.", func() { - By("Creating a kubernetes client that impersonates an authorized user") + ginkgo.It("should list pods as impersonated user.", func() { + ginkgo.By("Creating a kubernetes client that impersonates an authorized user") config, err := framework.LoadConfig() framework.ExpectNoError(err) config.Impersonate = restclient.ImpersonationConfig{ diff --git a/test/e2e/auth/audit_dynamic.go b/test/e2e/auth/audit_dynamic.go index cb6183aadd0..671e60e145b 100644 --- a/test/e2e/auth/audit_dynamic.go +++ b/test/e2e/auth/audit_dynamic.go @@ -21,7 +21,7 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo" auditregv1alpha1 "k8s.io/api/auditregistration/v1alpha1" apiv1 "k8s.io/api/core/v1" @@ -44,10 +44,10 @@ import ( var _ = SIGDescribe("[Feature:DynamicAudit]", func() { f := framework.NewDefaultFramework("audit") - It("should dynamically audit API calls", func() { + ginkgo.It("should dynamically audit API calls", func() { namespace := f.Namespace.Name - By("Creating a kubernetes client that impersonates an unauthorized anonymous user") + ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user") config, err := framework.LoadConfig() framework.ExpectNoError(err, "failed to fetch config") diff --git a/test/e2e/auth/certificates.go b/test/e2e/auth/certificates.go index 50b25bade47..4aca1875c48 100644 --- a/test/e2e/auth/certificates.go +++ b/test/e2e/auth/certificates.go @@ -31,13 +31,13 @@ import ( e2elog "k8s.io/kubernetes/test/e2e/framework/log" "k8s.io/kubernetes/test/utils" - . "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo" ) var _ = SIGDescribe("Certificates API", func() { f := framework.NewDefaultFramework("certificates") - It("should support building a client with a CSR", func() { + ginkgo.It("should support building a client with a CSR", func() { const commonName = "tester-csr" pk, err := utils.NewPrivateKey() diff --git a/test/e2e/auth/framework.go b/test/e2e/auth/framework.go index 7f186e87886..70bfc631fcd 100644 --- a/test/e2e/auth/framework.go +++ b/test/e2e/auth/framework.go @@ -18,6 +18,7 @@ package auth import "github.com/onsi/ginkgo" +// SIGDescribe annotates the test with the SIG label. func SIGDescribe(text string, body func()) bool { return ginkgo.Describe("[sig-auth] "+text, body) } diff --git a/test/e2e/auth/metadata_concealment.go b/test/e2e/auth/metadata_concealment.go index e3d94acb3a2..5d9c3f70b5d 100644 --- a/test/e2e/auth/metadata_concealment.go +++ b/test/e2e/auth/metadata_concealment.go @@ -23,16 +23,16 @@ import ( "k8s.io/kubernetes/test/e2e/framework" jobutil "k8s.io/kubernetes/test/e2e/framework/job" - . "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo" imageutil "k8s.io/kubernetes/test/utils/image" ) var _ = SIGDescribe("Metadata Concealment", func() { f := framework.NewDefaultFramework("metadata-concealment") - It("should run a check-metadata-concealment job to completion", func() { + ginkgo.It("should run a check-metadata-concealment job to completion", func() { framework.SkipUnlessProviderIs("gce") - By("Creating a job") + ginkgo.By("Creating a job") job := &batch.Job{ ObjectMeta: metav1.ObjectMeta{ Name: "check-metadata-concealment", @@ -57,7 +57,7 @@ var _ = SIGDescribe("Metadata Concealment", func() { job, err := jobutil.CreateJob(f.ClientSet, f.Namespace.Name, job) framework.ExpectNoError(err, "failed to create job (%s:%s)", f.Namespace.Name, job.Name) - By("Ensuring job reaches completions") + ginkgo.By("Ensuring job reaches completions") err = jobutil.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1)) framework.ExpectNoError(err, "failed to ensure job completion (%s:%s)", f.Namespace.Name, job.Name) }) diff --git a/test/e2e/auth/node_authn.go b/test/e2e/auth/node_authn.go index ff7d311e8af..60bcddb3761 100644 --- a/test/e2e/auth/node_authn.go +++ b/test/e2e/auth/node_authn.go @@ -25,8 +25,8 @@ import ( "k8s.io/kubernetes/test/e2e/framework" imageutils "k8s.io/kubernetes/test/utils/image" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/onsi/ginkgo" + "github.com/onsi/gomega" ) var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { @@ -34,12 +34,12 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { f := framework.NewDefaultFramework("node-authn") var ns string var nodeIPs []string - BeforeEach(func() { + ginkgo.BeforeEach(func() { ns = f.Namespace.Name nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{}) framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns) - Expect(len(nodeList.Items)).NotTo(BeZero()) + gomega.Expect(len(nodeList.Items)).NotTo(gomega.BeZero()) pickedNode := nodeList.Items[0] nodeIPs = framework.GetNodeAddresses(&pickedNode, v1.NodeExternalIP) @@ -50,20 +50,20 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { saName := "default" sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{}) framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName) - Expect(len(sa.Secrets)).NotTo(BeZero()) + gomega.Expect(len(sa.Secrets)).NotTo(gomega.BeZero()) }) - It("The kubelet's main port 10250 should reject requests with no credentials", func() { + ginkgo.It("The kubelet's main port 10250 should reject requests with no credentials", func() { pod := createNodeAuthTestPod(f) for _, nodeIP := range nodeIPs { // Anonymous authentication is disabled by default result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort)) - Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials") + gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials") } }) - It("The kubelet can delegate ServiceAccount tokens to the API server", func() { - By("create a new ServiceAccount for authentication") + ginkgo.It("The kubelet can delegate ServiceAccount tokens to the API server", func() { + ginkgo.By("create a new ServiceAccount for authentication") trueValue := true newSA := &v1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ @@ -84,7 +84,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { "%{http_code}", "cat /var/run/secrets/kubernetes.io/serviceaccount/token", nodeIP, ports.KubeletPort)) - Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server") + gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server") } }) }) diff --git a/test/e2e/auth/node_authz.go b/test/e2e/auth/node_authz.go index 10492cfc4df..edbb5391ea8 100644 --- a/test/e2e/auth/node_authz.go +++ b/test/e2e/auth/node_authz.go @@ -30,13 +30,13 @@ import ( e2elog "k8s.io/kubernetes/test/e2e/framework/log" imageutils "k8s.io/kubernetes/test/utils/image" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/onsi/ginkgo" + "github.com/onsi/gomega" ) const ( - NodesGroup = "system:nodes" - NodeNamePrefix = "system:node:" + nodesGroup = "system:nodes" + nodeNamePrefix = "system:node:" ) var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { @@ -48,47 +48,47 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { var asUser string var defaultSaSecret string var nodeName string - BeforeEach(func() { + ginkgo.BeforeEach(func() { ns = f.Namespace.Name nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{}) framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns) - Expect(len(nodeList.Items)).NotTo(Equal(0)) + gomega.Expect(len(nodeList.Items)).NotTo(gomega.Equal(0)) nodeName = nodeList.Items[0].Name - asUser = NodeNamePrefix + nodeName + asUser = nodeNamePrefix + nodeName saName := "default" sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{}) - Expect(len(sa.Secrets)).NotTo(Equal(0)) + gomega.Expect(len(sa.Secrets)).NotTo(gomega.Equal(0)) framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName) defaultSaSecret = sa.Secrets[0].Name - By("Creating a kubernetes client that impersonates a node") + ginkgo.By("Creating a kubernetes client that impersonates a node") config, err := framework.LoadConfig() framework.ExpectNoError(err, "failed to load kubernetes client config") config.Impersonate = restclient.ImpersonationConfig{ UserName: asUser, - Groups: []string{NodesGroup}, + Groups: []string{nodesGroup}, } c, err = clientset.NewForConfig(config) framework.ExpectNoError(err, "failed to create Clientset for the given config: %+v", *config) }) - It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() { + ginkgo.It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() { _, err := c.CoreV1().Secrets(ns).Get("foo", metav1.GetOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) - It("Getting an existing secret should exit with the Forbidden error", func() { + ginkgo.It("Getting an existing secret should exit with the Forbidden error", func() { _, err := c.CoreV1().Secrets(ns).Get(defaultSaSecret, metav1.GetOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) - It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() { + ginkgo.It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() { _, err := c.CoreV1().ConfigMaps(ns).Get("foo", metav1.GetOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) - It("Getting an existing configmap should exit with the Forbidden error", func() { - By("Create a configmap for testing") + ginkgo.It("Getting an existing configmap should exit with the Forbidden error", func() { + ginkgo.By("Create a configmap for testing") configmap := &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: ns, @@ -101,11 +101,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { _, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap) framework.ExpectNoError(err, "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap) _, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) - It("Getting a secret for a workload the node has access to should succeed", func() { - By("Create a secret for testing") + ginkgo.It("Getting a secret for a workload the node has access to should succeed", func() { + ginkgo.By("Create a secret for testing") secret := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ Namespace: ns, @@ -118,11 +118,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { _, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret) framework.ExpectNoError(err, "failed to create secret (%s:%s)", ns, secret.Name) - By("Node should not get the secret") + ginkgo.By("Node should not get the secret") _, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) - By("Create a pod that use the secret") + ginkgo.By("Create a pod that use the secret") pod := &v1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "pause", @@ -151,7 +151,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { _, err = f.ClientSet.CoreV1().Pods(ns).Create(pod) framework.ExpectNoError(err, "failed to create pod (%s:%s)", ns, pod.Name) - By("The node should able to access the secret") + ginkgo.By("The node should able to access the secret") itv := framework.Poll dur := 1 * time.Minute err = wait.Poll(itv, dur, func() (bool, error) { @@ -165,7 +165,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { framework.ExpectNoError(err, "failed to get secret after trying every %v for %v (%s:%s)", itv, dur, ns, secret.Name) }) - It("A node shouldn't be able to create another node", func() { + ginkgo.It("A node shouldn't be able to create another node", func() { node := &v1.Node{ ObjectMeta: metav1.ObjectMeta{Name: "foo"}, TypeMeta: metav1.TypeMeta{ @@ -173,14 +173,14 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { APIVersion: "v1", }, } - By(fmt.Sprintf("Create node foo by user: %v", asUser)) + ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser)) _, err := c.CoreV1().Nodes().Create(node) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) - It("A node shouldn't be able to delete another node", func() { - By(fmt.Sprintf("Create node foo by user: %v", asUser)) + ginkgo.It("A node shouldn't be able to delete another node", func() { + ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser)) err := c.CoreV1().Nodes().Delete("foo", &metav1.DeleteOptions{}) - Expect(apierrors.IsForbidden(err)).Should(Equal(true)) + gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true)) }) }) diff --git a/test/e2e/auth/pod_security_policy.go b/test/e2e/auth/pod_security_policy.go index d47cd846fcf..9d779896975 100644 --- a/test/e2e/auth/pod_security_policy.go +++ b/test/e2e/auth/pod_security_policy.go @@ -37,8 +37,8 @@ import ( imageutils "k8s.io/kubernetes/test/utils/image" utilpointer "k8s.io/utils/pointer" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/onsi/ginkgo" + "github.com/onsi/gomega" ) const nobodyUser = int64(65534) @@ -51,7 +51,7 @@ var _ = SIGDescribe("PodSecurityPolicy", func() { // with reduced privileges. var c clientset.Interface var ns string // Test namespace, for convenience - BeforeEach(func() { + ginkgo.BeforeEach(func() { if !framework.IsPodSecurityPolicyEnabled(f) { framework.Skipf("PodSecurityPolicy not enabled") } @@ -60,7 +60,7 @@ var _ = SIGDescribe("PodSecurityPolicy", func() { } ns = f.Namespace.Name - By("Creating a kubernetes client that impersonates the default service account") + ginkgo.By("Creating a kubernetes client that impersonates the default service account") config, err := framework.LoadConfig() framework.ExpectNoError(err) config.Impersonate = restclient.ImpersonationConfig{ @@ -70,24 +70,24 @@ var _ = SIGDescribe("PodSecurityPolicy", func() { c, err = clientset.NewForConfig(config) framework.ExpectNoError(err) - By("Binding the edit role to the default SA") + ginkgo.By("Binding the edit role to the default SA") err = auth.BindClusterRole(f.ClientSet.RbacV1beta1(), "edit", ns, rbacv1beta1.Subject{Kind: rbacv1beta1.ServiceAccountKind, Namespace: ns, Name: "default"}) framework.ExpectNoError(err) }) - It("should forbid pod creation when no PSP is available", func() { - By("Running a restricted pod") + ginkgo.It("should forbid pod creation when no PSP is available", func() { + ginkgo.By("Running a restricted pod") _, err := c.CoreV1().Pods(ns).Create(restrictedPod("restricted")) expectForbidden(err) }) - It("should enforce the restricted policy.PodSecurityPolicy", func() { - By("Creating & Binding a restricted policy for the test service account") + ginkgo.It("should enforce the restricted policy.PodSecurityPolicy", func() { + ginkgo.By("Creating & Binding a restricted policy for the test service account") _, cleanup := createAndBindPSP(f, restrictedPSP("restrictive")) defer cleanup() - By("Running a restricted pod") + ginkgo.By("Running a restricted pod") pod, err := c.CoreV1().Pods(ns).Create(restrictedPod("allowed")) framework.ExpectNoError(err) framework.ExpectNoError(framework.WaitForPodNameRunningInNamespace(c, pod.Name, pod.Namespace)) @@ -98,8 +98,8 @@ var _ = SIGDescribe("PodSecurityPolicy", func() { }) }) - It("should allow pods under the privileged policy.PodSecurityPolicy", func() { - By("Creating & Binding a privileged policy for the test service account") + ginkgo.It("should allow pods under the privileged policy.PodSecurityPolicy", func() { + ginkgo.By("Creating & Binding a privileged policy for the test service account") // Ensure that the permissive policy is used even in the presence of the restricted policy. _, cleanup := createAndBindPSP(f, restrictedPSP("restrictive")) defer cleanup() @@ -115,26 +115,26 @@ var _ = SIGDescribe("PodSecurityPolicy", func() { p, err = c.CoreV1().Pods(ns).Get(p.Name, metav1.GetOptions{}) framework.ExpectNoError(err) validated, found := p.Annotations[psputil.ValidatedPSPAnnotation] - Expect(found).To(BeTrue(), "PSP annotation not found") - Expect(validated).To(Equal(expectedPSP.Name), "Unexpected validated PSP") + gomega.Expect(found).To(gomega.BeTrue(), "PSP annotation not found") + gomega.Expect(validated).To(gomega.Equal(expectedPSP.Name), "Unexpected validated PSP") }) }) }) func expectForbidden(err error) { - Expect(err).To(HaveOccurred(), "should be forbidden") - Expect(apierrs.IsForbidden(err)).To(BeTrue(), "should be forbidden error") + gomega.Expect(err).To(gomega.HaveOccurred(), "should be forbidden") + gomega.Expect(apierrs.IsForbidden(err)).To(gomega.BeTrue(), "should be forbidden error") } func testPrivilegedPods(tester func(pod *v1.Pod)) { - By("Running a privileged pod", func() { + ginkgo.By("Running a privileged pod", func() { privileged := restrictedPod("privileged") privileged.Spec.Containers[0].SecurityContext.Privileged = boolPtr(true) privileged.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil tester(privileged) }) - By("Running a HostPath pod", func() { + ginkgo.By("Running a HostPath pod", func() { hostpath := restrictedPod("hostpath") hostpath.Spec.Containers[0].VolumeMounts = []v1.VolumeMount{{ Name: "hp", @@ -149,26 +149,26 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) { tester(hostpath) }) - By("Running a HostNetwork pod", func() { + ginkgo.By("Running a HostNetwork pod", func() { hostnet := restrictedPod("hostnet") hostnet.Spec.HostNetwork = true tester(hostnet) }) - By("Running a HostPID pod", func() { + ginkgo.By("Running a HostPID pod", func() { hostpid := restrictedPod("hostpid") hostpid.Spec.HostPID = true tester(hostpid) }) - By("Running a HostIPC pod", func() { + ginkgo.By("Running a HostIPC pod", func() { hostipc := restrictedPod("hostipc") hostipc.Spec.HostIPC = true tester(hostipc) }) if common.IsAppArmorSupported() { - By("Running a custom AppArmor profile pod", func() { + ginkgo.By("Running a custom AppArmor profile pod", func() { aa := restrictedPod("apparmor") // Every node is expected to have the docker-default profile. aa.Annotations[apparmor.ContainerAnnotationKeyPrefix+"pause"] = "localhost/docker-default" @@ -176,13 +176,13 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) { }) } - By("Running an unconfined Seccomp pod", func() { + ginkgo.By("Running an unconfined Seccomp pod", func() { unconfined := restrictedPod("seccomp") unconfined.Annotations[v1.SeccompPodAnnotationKey] = "unconfined" tester(unconfined) }) - By("Running a SYS_ADMIN pod", func() { + ginkgo.By("Running a SYS_ADMIN pod", func() { sysadmin := restrictedPod("sysadmin") sysadmin.Spec.Containers[0].SecurityContext.Capabilities = &v1.Capabilities{ Add: []v1.Capability{"SYS_ADMIN"}, @@ -191,14 +191,14 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) { tester(sysadmin) }) - By("Running a RunAsGroup pod", func() { + ginkgo.By("Running a RunAsGroup pod", func() { sysadmin := restrictedPod("runasgroup") gid := int64(0) sysadmin.Spec.Containers[0].SecurityContext.RunAsGroup = &gid tester(sysadmin) }) - By("Running a RunAsUser pod", func() { + ginkgo.By("Running a RunAsUser pod", func() { sysadmin := restrictedPod("runasuser") uid := int64(0) sysadmin.Spec.Containers[0].SecurityContext.RunAsUser = &uid diff --git a/test/e2e/auth/service_accounts.go b/test/e2e/auth/service_accounts.go index 2140e9c0c9b..e3ca96000aa 100644 --- a/test/e2e/auth/service_accounts.go +++ b/test/e2e/auth/service_accounts.go @@ -33,8 +33,8 @@ import ( e2elog "k8s.io/kubernetes/test/e2e/framework/log" imageutils "k8s.io/kubernetes/test/utils/image" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/onsi/ginkgo" + "github.com/onsi/gomega" ) var mountImage = imageutils.GetE2EImage(imageutils.Mounttest) @@ -42,11 +42,11 @@ var mountImage = imageutils.GetE2EImage(imageutils.Mounttest) var _ = SIGDescribe("ServiceAccounts", func() { f := framework.NewDefaultFramework("svcaccounts") - It("should ensure a single API token exists", func() { + ginkgo.It("should ensure a single API token exists", func() { // wait for the service account to reference a single secret var secrets []v1.ObjectReference framework.ExpectNoError(wait.Poll(time.Millisecond*500, time.Second*10, func() (bool, error) { - By("waiting for a single token reference") + ginkgo.By("waiting for a single token reference") sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) if apierrors.IsNotFound(err) { e2elog.Logf("default service account was not found") @@ -71,20 +71,20 @@ var _ = SIGDescribe("ServiceAccounts", func() { // make sure the reference doesn't flutter { - By("ensuring the single token reference persists") + ginkgo.By("ensuring the single token reference persists") time.Sleep(2 * time.Second) sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) framework.ExpectNoError(err) - Expect(sa.Secrets).To(Equal(secrets)) + gomega.Expect(sa.Secrets).To(gomega.Equal(secrets)) } // delete the referenced secret - By("deleting the service account token") + ginkgo.By("deleting the service account token") framework.ExpectNoError(f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(secrets[0].Name, nil)) // wait for the referenced secret to be removed, and another one autocreated framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) { - By("waiting for a new token reference") + ginkgo.By("waiting for a new token reference") sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) if err != nil { e2elog.Logf("error getting default service account: %v", err) @@ -109,15 +109,15 @@ var _ = SIGDescribe("ServiceAccounts", func() { // make sure the reference doesn't flutter { - By("ensuring the single token reference persists") + ginkgo.By("ensuring the single token reference persists") time.Sleep(2 * time.Second) sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) framework.ExpectNoError(err) - Expect(sa.Secrets).To(Equal(secrets)) + gomega.Expect(sa.Secrets).To(gomega.Equal(secrets)) } // delete the reference from the service account - By("deleting the reference to the service account token") + ginkgo.By("deleting the reference to the service account token") { sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) framework.ExpectNoError(err) @@ -128,7 +128,7 @@ var _ = SIGDescribe("ServiceAccounts", func() { // wait for another one to be autocreated framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) { - By("waiting for a new token to be created and added") + ginkgo.By("waiting for a new token to be created and added") sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) if err != nil { e2elog.Logf("error getting default service account: %v", err) @@ -149,11 +149,11 @@ var _ = SIGDescribe("ServiceAccounts", func() { // make sure the reference doesn't flutter { - By("ensuring the single token reference persists") + ginkgo.By("ensuring the single token reference persists") time.Sleep(2 * time.Second) sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{}) framework.ExpectNoError(err) - Expect(sa.Secrets).To(Equal(secrets)) + gomega.Expect(sa.Secrets).To(gomega.Equal(secrets)) } }) @@ -174,7 +174,7 @@ var _ = SIGDescribe("ServiceAccounts", func() { // Standard get, update retry loop framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) { - By("getting the auto-created API token") + ginkgo.By("getting the auto-created API token") sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("mount-test", metav1.GetOptions{}) if apierrors.IsNotFound(err) { e2elog.Logf("mount-test service account was not found") @@ -231,19 +231,19 @@ var _ = SIGDescribe("ServiceAccounts", func() { framework.ExpectNoError(err) // CA and namespace should be identical - Expect(mountedCA).To(Equal(rootCAContent)) - Expect(mountedNamespace).To(Equal(f.Namespace.Name)) + gomega.Expect(mountedCA).To(gomega.Equal(rootCAContent)) + gomega.Expect(mountedNamespace).To(gomega.Equal(f.Namespace.Name)) // Token should be a valid credential that identifies the pod's service account tokenReview := &authenticationv1.TokenReview{Spec: authenticationv1.TokenReviewSpec{Token: mountedToken}} tokenReview, err = f.ClientSet.AuthenticationV1().TokenReviews().Create(tokenReview) framework.ExpectNoError(err) - Expect(tokenReview.Status.Authenticated).To(Equal(true)) - Expect(tokenReview.Status.Error).To(Equal("")) - Expect(tokenReview.Status.User.Username).To(Equal("system:serviceaccount:" + f.Namespace.Name + ":" + sa.Name)) + gomega.Expect(tokenReview.Status.Authenticated).To(gomega.Equal(true)) + gomega.Expect(tokenReview.Status.Error).To(gomega.Equal("")) + gomega.Expect(tokenReview.Status.User.Username).To(gomega.Equal("system:serviceaccount:" + f.Namespace.Name + ":" + sa.Name)) groups := sets.NewString(tokenReview.Status.User.Groups...) - Expect(groups.Has("system:authenticated")).To(Equal(true), fmt.Sprintf("expected system:authenticated group, had %v", groups.List())) - Expect(groups.Has("system:serviceaccounts")).To(Equal(true), fmt.Sprintf("expected system:serviceaccounts group, had %v", groups.List())) - Expect(groups.Has("system:serviceaccounts:"+f.Namespace.Name)).To(Equal(true), fmt.Sprintf("expected system:serviceaccounts:"+f.Namespace.Name+" group, had %v", groups.List())) + gomega.Expect(groups.Has("system:authenticated")).To(gomega.Equal(true), fmt.Sprintf("expected system:authenticated group, had %v", groups.List())) + gomega.Expect(groups.Has("system:serviceaccounts")).To(gomega.Equal(true), fmt.Sprintf("expected system:serviceaccounts group, had %v", groups.List())) + gomega.Expect(groups.Has("system:serviceaccounts:"+f.Namespace.Name)).To(gomega.Equal(true), fmt.Sprintf("expected system:serviceaccounts:"+f.Namespace.Name+" group, had %v", groups.List())) }) /* @@ -285,7 +285,7 @@ var _ = SIGDescribe("ServiceAccounts", func() { // Standard get, update retry loop framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) { - By("getting the auto-created API token") + ginkgo.By("getting the auto-created API token") sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get(mountSA.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { e2elog.Logf("mount service account was not found")