fix golint failures of test/e2e/auth

2025-07-23 11:50:44 +00:00 · 2019-05-12 22:57:24 +08:00 · 2019-05-12 22:57:24 +08:00 · a4825d1cb8
commit a4825d1cb8
parent ace60e8acb
10 changed files with 112 additions and 112 deletions
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@ -600,7 +600,6 @@ staging/src/k8s.io/sample-apiserver/pkg/registry/wardle/flunder
 staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller
 staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller/v1alpha1
 test/e2e
 test/e2e/auth
 test/e2e/autoscaling
 test/e2e/chaosmonkey
 test/e2e/common
--- a/test/e2e/auth/audit.go
+++ b/test/e2e/auth/audit.go
@ -42,7 +42,7 @@ import (
 	imageutils "k8s.io/kubernetes/test/utils/image"
 	jsonpatch "github.com/evanphx/json-patch"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 )
 var (
@ -62,12 +62,12 @@ var (
 var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 	f := framework.NewDefaultFramework("audit")
 	var namespace string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		framework.SkipUnlessProviderIs("gce")
 		namespace = f.Namespace.Name
 	})
-	It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() {
 		pod := &apiv1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-pod",
@ -201,7 +201,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
-	It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() {
 		podLabels := map[string]string{"name": "audit-deployment-pod"}
 		d := e2edeploy.NewDeployment("audit-deployment", int32(1), podLabels, "redis", imageutils.GetE2EImage(imageutils.Redis), apps.RecreateDeploymentStrategyType)
@ -328,7 +328,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
-	It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() {
 		configMap := &apiv1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-configmap",
@ -461,7 +461,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
-	It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() {
 		secret := &apiv1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-secret",
@ -593,7 +593,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
-	It("should audit API calls to create and delete custom resource definition.", func() {
+	ginkgo.It("should audit API calls to create and delete custom resource definition.", func() {
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to load config")
 		apiExtensionClient, err := apiextensionclientset.NewForConfig(config)
@ -654,12 +654,12 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 	})
 	// test authorizer annotations, RBAC is required.
-	It("should audit API calls to get a pod with unauthorized user.", func() {
+	ginkgo.It("should audit API calls to get a pod with unauthorized user.", func() {
 		if !auth.IsRBACEnabled(f.ClientSet.RbacV1beta1()) {
 			framework.Skipf("RBAC not enabled.")
 		}
-		By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
+		ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err)
 		config.Impersonate = restclient.ImpersonationConfig{
@ -691,8 +691,8 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
-	It("should list pods as impersonated user.", func() {
+	ginkgo.It("should list pods as impersonated user.", func() {
-		By("Creating a kubernetes client that impersonates an authorized user")
+		ginkgo.By("Creating a kubernetes client that impersonates an authorized user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err)
 		config.Impersonate = restclient.ImpersonationConfig{
--- a/test/e2e/auth/audit_dynamic.go
+++ b/test/e2e/auth/audit_dynamic.go
@ -21,7 +21,7 @@ import (
 	"strings"
 	"time"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 	auditregv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
 	apiv1 "k8s.io/api/core/v1"
@ -44,10 +44,10 @@ import (
 var _ = SIGDescribe("[Feature:DynamicAudit]", func() {
 	f := framework.NewDefaultFramework("audit")
-	It("should dynamically audit API calls", func() {
+	ginkgo.It("should dynamically audit API calls", func() {
 		namespace := f.Namespace.Name
-		By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
+		ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to fetch config")
--- a/test/e2e/auth/certificates.go
+++ b/test/e2e/auth/certificates.go
@ -31,13 +31,13 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	"k8s.io/kubernetes/test/utils"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 )
 var _ = SIGDescribe("Certificates API", func() {
 	f := framework.NewDefaultFramework("certificates")
-	It("should support building a client with a CSR", func() {
+	ginkgo.It("should support building a client with a CSR", func() {
 		const commonName = "tester-csr"
 		pk, err := utils.NewPrivateKey()
--- a/test/e2e/auth/framework.go
+++ b/test/e2e/auth/framework.go
@ -18,6 +18,7 @@ package auth
 import "github.com/onsi/ginkgo"
 // SIGDescribe annotates the test with the SIG label.
 func SIGDescribe(text string, body func()) bool {
 	return ginkgo.Describe("[sig-auth] "+text, body)
 }
--- a/test/e2e/auth/metadata_concealment.go
+++ b/test/e2e/auth/metadata_concealment.go
@ -23,16 +23,16 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	jobutil "k8s.io/kubernetes/test/e2e/framework/job"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 	imageutil "k8s.io/kubernetes/test/utils/image"
 )
 var _ = SIGDescribe("Metadata Concealment", func() {
 	f := framework.NewDefaultFramework("metadata-concealment")
-	It("should run a check-metadata-concealment job to completion", func() {
+	ginkgo.It("should run a check-metadata-concealment job to completion", func() {
 		framework.SkipUnlessProviderIs("gce")
-		By("Creating a job")
+		ginkgo.By("Creating a job")
 		job := &batch.Job{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "check-metadata-concealment",
@ -57,7 +57,7 @@ var _ = SIGDescribe("Metadata Concealment", func() {
 		job, err := jobutil.CreateJob(f.ClientSet, f.Namespace.Name, job)
 		framework.ExpectNoError(err, "failed to create job (%s:%s)", f.Namespace.Name, job.Name)
-		By("Ensuring job reaches completions")
+		ginkgo.By("Ensuring job reaches completions")
 		err = jobutil.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1))
 		framework.ExpectNoError(err, "failed to ensure job completion (%s:%s)", f.Namespace.Name, job.Name)
 	})
--- a/test/e2e/auth/node_authn.go
+++ b/test/e2e/auth/node_authn.go
@ -25,8 +25,8 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	imageutils "k8s.io/kubernetes/test/utils/image"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/gomega"
 )
 var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
@ -34,12 +34,12 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 	f := framework.NewDefaultFramework("node-authn")
 	var ns string
 	var nodeIPs []string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		ns = f.Namespace.Name
 		nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
 		framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns)
-		Expect(len(nodeList.Items)).NotTo(BeZero())
+		gomega.Expect(len(nodeList.Items)).NotTo(gomega.BeZero())
 		pickedNode := nodeList.Items[0]
 		nodeIPs = framework.GetNodeAddresses(&pickedNode, v1.NodeExternalIP)
@ -50,20 +50,20 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 		saName := "default"
 		sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
 		framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName)
-		Expect(len(sa.Secrets)).NotTo(BeZero())
+		gomega.Expect(len(sa.Secrets)).NotTo(gomega.BeZero())
 	})
-	It("The kubelet's main port 10250 should reject requests with no credentials", func() {
+	ginkgo.It("The kubelet's main port 10250 should reject requests with no credentials", func() {
 		pod := createNodeAuthTestPod(f)
 		for _, nodeIP := range nodeIPs {
 			// Anonymous authentication is disabled by default
 			result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort))
-			Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
+			gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
 		}
 	})
-	It("The kubelet can delegate ServiceAccount tokens to the API server", func() {
+	ginkgo.It("The kubelet can delegate ServiceAccount tokens to the API server", func() {
-		By("create a new ServiceAccount for authentication")
+		ginkgo.By("create a new ServiceAccount for authentication")
 		trueValue := true
 		newSA := &v1.ServiceAccount{
 			ObjectMeta: metav1.ObjectMeta{
@ -84,7 +84,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 					"%{http_code}",
 					"cat /var/run/secrets/kubernetes.io/serviceaccount/token",
 					nodeIP, ports.KubeletPort))
-			Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
+			gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
 		}
 	})
 })
--- a/test/e2e/auth/node_authz.go
+++ b/test/e2e/auth/node_authz.go
@ -30,13 +30,13 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	imageutils "k8s.io/kubernetes/test/utils/image"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/gomega"
 )
 const (
-	NodesGroup     = "system:nodes"
+	nodesGroup     = "system:nodes"
-	NodeNamePrefix = "system:node:"
+	nodeNamePrefix = "system:node:"
 )
 var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
@ -48,47 +48,47 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 	var asUser string
 	var defaultSaSecret string
 	var nodeName string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		ns = f.Namespace.Name
 		nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
 		framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns)
-		Expect(len(nodeList.Items)).NotTo(Equal(0))
+		gomega.Expect(len(nodeList.Items)).NotTo(gomega.Equal(0))
 		nodeName = nodeList.Items[0].Name
-		asUser = NodeNamePrefix + nodeName
+		asUser = nodeNamePrefix + nodeName
 		saName := "default"
 		sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
-		Expect(len(sa.Secrets)).NotTo(Equal(0))
+		gomega.Expect(len(sa.Secrets)).NotTo(gomega.Equal(0))
 		framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName)
 		defaultSaSecret = sa.Secrets[0].Name
-		By("Creating a kubernetes client that impersonates a node")
+		ginkgo.By("Creating a kubernetes client that impersonates a node")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to load kubernetes client config")
 		config.Impersonate = restclient.ImpersonationConfig{
 			UserName: asUser,
-			Groups:   []string{NodesGroup},
+			Groups:   []string{nodesGroup},
 		}
 		c, err = clientset.NewForConfig(config)
 		framework.ExpectNoError(err, "failed to create Clientset for the given config: %+v", *config)
 	})
-	It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
+	ginkgo.It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().Secrets(ns).Get("foo", metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
-	It("Getting an existing secret should exit with the Forbidden error", func() {
+	ginkgo.It("Getting an existing secret should exit with the Forbidden error", func() {
 		_, err := c.CoreV1().Secrets(ns).Get(defaultSaSecret, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
-	It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() {
+	ginkgo.It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().ConfigMaps(ns).Get("foo", metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
-	It("Getting an existing configmap should exit with the Forbidden error", func() {
+	ginkgo.It("Getting an existing configmap should exit with the Forbidden error", func() {
-		By("Create a configmap for testing")
+		ginkgo.By("Create a configmap for testing")
 		configmap := &v1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: ns,
@ -101,11 +101,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap)
 		framework.ExpectNoError(err, "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap)
 		_, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
-	It("Getting a secret for a workload the node has access to should succeed", func() {
+	ginkgo.It("Getting a secret for a workload the node has access to should succeed", func() {
-		By("Create a secret for testing")
+		ginkgo.By("Create a secret for testing")
 		secret := &v1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: ns,
@ -118,11 +118,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret)
 		framework.ExpectNoError(err, "failed to create secret (%s:%s)", ns, secret.Name)
-		By("Node should not get the secret")
+		ginkgo.By("Node should not get the secret")
 		_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
-		By("Create a pod that use the secret")
+		ginkgo.By("Create a pod that use the secret")
 		pod := &v1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "pause",
@ -151,7 +151,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err = f.ClientSet.CoreV1().Pods(ns).Create(pod)
 		framework.ExpectNoError(err, "failed to create pod (%s:%s)", ns, pod.Name)
-		By("The node should able to access the secret")
+		ginkgo.By("The node should able to access the secret")
 		itv := framework.Poll
 		dur := 1 * time.Minute
 		err = wait.Poll(itv, dur, func() (bool, error) {
@ -165,7 +165,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		framework.ExpectNoError(err, "failed to get secret after trying every %v for %v (%s:%s)", itv, dur, ns, secret.Name)
 	})
-	It("A node shouldn't be able to create another node", func() {
+	ginkgo.It("A node shouldn't be able to create another node", func() {
 		node := &v1.Node{
 			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
 			TypeMeta: metav1.TypeMeta{
@ -173,14 +173,14 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 				APIVersion: "v1",
 			},
 		}
-		By(fmt.Sprintf("Create node foo by user: %v", asUser))
+		ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser))
 		_, err := c.CoreV1().Nodes().Create(node)
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
-	It("A node shouldn't be able to delete another node", func() {
+	ginkgo.It("A node shouldn't be able to delete another node", func() {
-		By(fmt.Sprintf("Create node foo by user: %v", asUser))
+		ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser))
 		err := c.CoreV1().Nodes().Delete("foo", &metav1.DeleteOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 })
--- a/test/e2e/auth/pod_security_policy.go
+++ b/test/e2e/auth/pod_security_policy.go
@ -37,8 +37,8 @@ import (
 	imageutils "k8s.io/kubernetes/test/utils/image"
 	utilpointer "k8s.io/utils/pointer"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/gomega"
 )
 const nobodyUser = int64(65534)
@ -51,7 +51,7 @@ var _ = SIGDescribe("PodSecurityPolicy", func() {
 	// with reduced privileges.
 	var c clientset.Interface
 	var ns string // Test namespace, for convenience
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		if !framework.IsPodSecurityPolicyEnabled(f) {
 			framework.Skipf("PodSecurityPolicy not enabled")
 		}
@ -60,7 +60,7 @@ var _ = SIGDescribe("PodSecurityPolicy", func() {
 		}
 		ns = f.Namespace.Name
-		By("Creating a kubernetes client that impersonates the default service account")
+		ginkgo.By("Creating a kubernetes client that impersonates the default service account")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err)
 		config.Impersonate = restclient.ImpersonationConfig{
@ -70,24 +70,24 @@ var _ = SIGDescribe("PodSecurityPolicy", func() {
 		c, err = clientset.NewForConfig(config)
 		framework.ExpectNoError(err)
-		By("Binding the edit role to the default SA")
+		ginkgo.By("Binding the edit role to the default SA")
 		err = auth.BindClusterRole(f.ClientSet.RbacV1beta1(), "edit", ns,
 			rbacv1beta1.Subject{Kind: rbacv1beta1.ServiceAccountKind, Namespace: ns, Name: "default"})
 		framework.ExpectNoError(err)
 	})
-	It("should forbid pod creation when no PSP is available", func() {
+	ginkgo.It("should forbid pod creation when no PSP is available", func() {
-		By("Running a restricted pod")
+		ginkgo.By("Running a restricted pod")
 		_, err := c.CoreV1().Pods(ns).Create(restrictedPod("restricted"))
 		expectForbidden(err)
 	})
-	It("should enforce the restricted policy.PodSecurityPolicy", func() {
+	ginkgo.It("should enforce the restricted policy.PodSecurityPolicy", func() {
-		By("Creating & Binding a restricted policy for the test service account")
+		ginkgo.By("Creating & Binding a restricted policy for the test service account")
 		_, cleanup := createAndBindPSP(f, restrictedPSP("restrictive"))
 		defer cleanup()
-		By("Running a restricted pod")
+		ginkgo.By("Running a restricted pod")
 		pod, err := c.CoreV1().Pods(ns).Create(restrictedPod("allowed"))
 		framework.ExpectNoError(err)
 		framework.ExpectNoError(framework.WaitForPodNameRunningInNamespace(c, pod.Name, pod.Namespace))
@ -98,8 +98,8 @@ var _ = SIGDescribe("PodSecurityPolicy", func() {
 		})
 	})
-	It("should allow pods under the privileged policy.PodSecurityPolicy", func() {
+	ginkgo.It("should allow pods under the privileged policy.PodSecurityPolicy", func() {
-		By("Creating & Binding a privileged policy for the test service account")
+		ginkgo.By("Creating & Binding a privileged policy for the test service account")
 		// Ensure that the permissive policy is used even in the presence of the restricted policy.
 		_, cleanup := createAndBindPSP(f, restrictedPSP("restrictive"))
 		defer cleanup()
@ -115,26 +115,26 @@ var _ = SIGDescribe("PodSecurityPolicy", func() {
 			p, err = c.CoreV1().Pods(ns).Get(p.Name, metav1.GetOptions{})
 			framework.ExpectNoError(err)
 			validated, found := p.Annotations[psputil.ValidatedPSPAnnotation]
-			Expect(found).To(BeTrue(), "PSP annotation not found")
+			gomega.Expect(found).To(gomega.BeTrue(), "PSP annotation not found")
-			Expect(validated).To(Equal(expectedPSP.Name), "Unexpected validated PSP")
+			gomega.Expect(validated).To(gomega.Equal(expectedPSP.Name), "Unexpected validated PSP")
 		})
 	})
 })
 func expectForbidden(err error) {
-	Expect(err).To(HaveOccurred(), "should be forbidden")
+	gomega.Expect(err).To(gomega.HaveOccurred(), "should be forbidden")
-	Expect(apierrs.IsForbidden(err)).To(BeTrue(), "should be forbidden error")
+	gomega.Expect(apierrs.IsForbidden(err)).To(gomega.BeTrue(), "should be forbidden error")
 }
 func testPrivilegedPods(tester func(pod *v1.Pod)) {
-	By("Running a privileged pod", func() {
+	ginkgo.By("Running a privileged pod", func() {
 		privileged := restrictedPod("privileged")
 		privileged.Spec.Containers[0].SecurityContext.Privileged = boolPtr(true)
 		privileged.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil
 		tester(privileged)
 	})
-	By("Running a HostPath pod", func() {
+	ginkgo.By("Running a HostPath pod", func() {
 		hostpath := restrictedPod("hostpath")
 		hostpath.Spec.Containers[0].VolumeMounts = []v1.VolumeMount{{
 			Name:      "hp",
@ -149,26 +149,26 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) {
 		tester(hostpath)
 	})
-	By("Running a HostNetwork pod", func() {
+	ginkgo.By("Running a HostNetwork pod", func() {
 		hostnet := restrictedPod("hostnet")
 		hostnet.Spec.HostNetwork = true
 		tester(hostnet)
 	})
-	By("Running a HostPID pod", func() {
+	ginkgo.By("Running a HostPID pod", func() {
 		hostpid := restrictedPod("hostpid")
 		hostpid.Spec.HostPID = true
 		tester(hostpid)
 	})
-	By("Running a HostIPC pod", func() {
+	ginkgo.By("Running a HostIPC pod", func() {
 		hostipc := restrictedPod("hostipc")
 		hostipc.Spec.HostIPC = true
 		tester(hostipc)
 	})
 	if common.IsAppArmorSupported() {
-		By("Running a custom AppArmor profile pod", func() {
+		ginkgo.By("Running a custom AppArmor profile pod", func() {
 			aa := restrictedPod("apparmor")
 			// Every node is expected to have the docker-default profile.
 			aa.Annotations[apparmor.ContainerAnnotationKeyPrefix+"pause"] = "localhost/docker-default"
@ -176,13 +176,13 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) {
 		})
 	}
-	By("Running an unconfined Seccomp pod", func() {
+	ginkgo.By("Running an unconfined Seccomp pod", func() {
 		unconfined := restrictedPod("seccomp")
 		unconfined.Annotations[v1.SeccompPodAnnotationKey] = "unconfined"
 		tester(unconfined)
 	})
-	By("Running a SYS_ADMIN pod", func() {
+	ginkgo.By("Running a SYS_ADMIN pod", func() {
 		sysadmin := restrictedPod("sysadmin")
 		sysadmin.Spec.Containers[0].SecurityContext.Capabilities = &v1.Capabilities{
 			Add: []v1.Capability{"SYS_ADMIN"},
@ -191,14 +191,14 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) {
 		tester(sysadmin)
 	})
-	By("Running a RunAsGroup pod", func() {
+	ginkgo.By("Running a RunAsGroup pod", func() {
 		sysadmin := restrictedPod("runasgroup")
 		gid := int64(0)
 		sysadmin.Spec.Containers[0].SecurityContext.RunAsGroup = &gid
 		tester(sysadmin)
 	})
-	By("Running a RunAsUser pod", func() {
+	ginkgo.By("Running a RunAsUser pod", func() {
 		sysadmin := restrictedPod("runasuser")
 		uid := int64(0)
 		sysadmin.Spec.Containers[0].SecurityContext.RunAsUser = &uid
--- a/test/e2e/auth/service_accounts.go
+++ b/test/e2e/auth/service_accounts.go
@ -33,8 +33,8 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	imageutils "k8s.io/kubernetes/test/utils/image"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/gomega"
 )
 var mountImage = imageutils.GetE2EImage(imageutils.Mounttest)
@ -42,11 +42,11 @@ var mountImage = imageutils.GetE2EImage(imageutils.Mounttest)
 var _ = SIGDescribe("ServiceAccounts", func() {
 	f := framework.NewDefaultFramework("svcaccounts")
-	It("should ensure a single API token exists", func() {
+	ginkgo.It("should ensure a single API token exists", func() {
 		// wait for the service account to reference a single secret
 		var secrets []v1.ObjectReference
 		framework.ExpectNoError(wait.Poll(time.Millisecond*500, time.Second*10, func() (bool, error) {
-			By("waiting for a single token reference")
+			ginkgo.By("waiting for a single token reference")
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			if apierrors.IsNotFound(err) {
 				e2elog.Logf("default service account was not found")
@ -71,20 +71,20 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// make sure the reference doesn't flutter
 		{
-			By("ensuring the single token reference persists")
+			ginkgo.By("ensuring the single token reference persists")
 			time.Sleep(2 * time.Second)
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			framework.ExpectNoError(err)
-			Expect(sa.Secrets).To(Equal(secrets))
+			gomega.Expect(sa.Secrets).To(gomega.Equal(secrets))
 		}
 		// delete the referenced secret
-		By("deleting the service account token")
+		ginkgo.By("deleting the service account token")
 		framework.ExpectNoError(f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(secrets[0].Name, nil))
 		// wait for the referenced secret to be removed, and another one autocreated
 		framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) {
-			By("waiting for a new token reference")
+			ginkgo.By("waiting for a new token reference")
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			if err != nil {
 				e2elog.Logf("error getting default service account: %v", err)
@ -109,15 +109,15 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// make sure the reference doesn't flutter
 		{
-			By("ensuring the single token reference persists")
+			ginkgo.By("ensuring the single token reference persists")
 			time.Sleep(2 * time.Second)
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			framework.ExpectNoError(err)
-			Expect(sa.Secrets).To(Equal(secrets))
+			gomega.Expect(sa.Secrets).To(gomega.Equal(secrets))
 		}
 		// delete the reference from the service account
-		By("deleting the reference to the service account token")
+		ginkgo.By("deleting the reference to the service account token")
 		{
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			framework.ExpectNoError(err)
@ -128,7 +128,7 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// wait for another one to be autocreated
 		framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) {
-			By("waiting for a new token to be created and added")
+			ginkgo.By("waiting for a new token to be created and added")
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			if err != nil {
 				e2elog.Logf("error getting default service account: %v", err)
@ -149,11 +149,11 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// make sure the reference doesn't flutter
 		{
-			By("ensuring the single token reference persists")
+			ginkgo.By("ensuring the single token reference persists")
 			time.Sleep(2 * time.Second)
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("default", metav1.GetOptions{})
 			framework.ExpectNoError(err)
-			Expect(sa.Secrets).To(Equal(secrets))
+			gomega.Expect(sa.Secrets).To(gomega.Equal(secrets))
 		}
 	})
@ -174,7 +174,7 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// Standard get, update retry loop
 		framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) {
-			By("getting the auto-created API token")
+			ginkgo.By("getting the auto-created API token")
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get("mount-test", metav1.GetOptions{})
 			if apierrors.IsNotFound(err) {
 				e2elog.Logf("mount-test service account was not found")
@ -231,19 +231,19 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		framework.ExpectNoError(err)
 		// CA and namespace should be identical
-		Expect(mountedCA).To(Equal(rootCAContent))
+		gomega.Expect(mountedCA).To(gomega.Equal(rootCAContent))
-		Expect(mountedNamespace).To(Equal(f.Namespace.Name))
+		gomega.Expect(mountedNamespace).To(gomega.Equal(f.Namespace.Name))
 		// Token should be a valid credential that identifies the pod's service account
 		tokenReview := &authenticationv1.TokenReview{Spec: authenticationv1.TokenReviewSpec{Token: mountedToken}}
 		tokenReview, err = f.ClientSet.AuthenticationV1().TokenReviews().Create(tokenReview)
 		framework.ExpectNoError(err)
-		Expect(tokenReview.Status.Authenticated).To(Equal(true))
+		gomega.Expect(tokenReview.Status.Authenticated).To(gomega.Equal(true))
-		Expect(tokenReview.Status.Error).To(Equal(""))
+		gomega.Expect(tokenReview.Status.Error).To(gomega.Equal(""))
-		Expect(tokenReview.Status.User.Username).To(Equal("system:serviceaccount:" + f.Namespace.Name + ":" + sa.Name))
+		gomega.Expect(tokenReview.Status.User.Username).To(gomega.Equal("system:serviceaccount:" + f.Namespace.Name + ":" + sa.Name))
 		groups := sets.NewString(tokenReview.Status.User.Groups...)
-		Expect(groups.Has("system:authenticated")).To(Equal(true), fmt.Sprintf("expected system:authenticated group, had %v", groups.List()))
+		gomega.Expect(groups.Has("system:authenticated")).To(gomega.Equal(true), fmt.Sprintf("expected system:authenticated group, had %v", groups.List()))
-		Expect(groups.Has("system:serviceaccounts")).To(Equal(true), fmt.Sprintf("expected system:serviceaccounts group, had %v", groups.List()))
+		gomega.Expect(groups.Has("system:serviceaccounts")).To(gomega.Equal(true), fmt.Sprintf("expected system:serviceaccounts group, had %v", groups.List()))
-		Expect(groups.Has("system:serviceaccounts:"+f.Namespace.Name)).To(Equal(true), fmt.Sprintf("expected system:serviceaccounts:"+f.Namespace.Name+" group, had %v", groups.List()))
+		gomega.Expect(groups.Has("system:serviceaccounts:"+f.Namespace.Name)).To(gomega.Equal(true), fmt.Sprintf("expected system:serviceaccounts:"+f.Namespace.Name+" group, had %v", groups.List()))
 	})
 	/*
@ -285,7 +285,7 @@ var _ = SIGDescribe("ServiceAccounts", func() {
 		// Standard get, update retry loop
 		framework.ExpectNoError(wait.Poll(time.Millisecond*500, framework.ServiceAccountProvisionTimeout, func() (bool, error) {
-			By("getting the auto-created API token")
+			ginkgo.By("getting the auto-created API token")
 			sa, err := f.ClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Get(mountSA.Name, metav1.GetOptions{})
 			if apierrors.IsNotFound(err) {
 				e2elog.Logf("mount service account was not found")