github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #69993 from Pradip-Khakurel/issue-#34059-annotate-auth-e2e-errors

Browse Source 
make error messages more helpful for some e2e auth tests
This commit is contained in:
k8s-ci-robot 2018-10-23 02:08:22 -07:00 committed by GitHub
commit b1fbdfe76b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/e2e/auth/metadata_concealment.go
View File

@ -55,10 +55,10 @@ var _ = SIGDescribe("Metadata Concealment", func() {
}, },
} }
job, err := framework.CreateJob(f.ClientSet, f.Namespace.Name, job) job, err := framework.CreateJob(f.ClientSet, f.Namespace.Name, job)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create job (%s:%s)", f.Namespace.Name, job.Name)
By("Ensuring job reaches completions") By("Ensuring job reaches completions")
err = framework.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1)) err = framework.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1))
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to ensure job completion (%s:%s)", f.Namespace.Name, job.Name)
}) })
}) })

9
test/e2e/auth/node_authn.go
View File

@ -38,7 +38,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
ns = f.Namespace.Name ns = f.Namespace.Name
nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{}) nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to list nodes in namespace: %s", ns)
Expect(len(nodeList.Items)).NotTo(BeZero()) Expect(len(nodeList.Items)).NotTo(BeZero())
pickedNode := nodeList.Items[0] pickedNode := nodeList.Items[0]
@ -47,8 +47,9 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
nodeIPs = append(nodeIPs, framework.GetNodeAddresses(&pickedNode, v1.NodeInternalIP)...) nodeIPs = append(nodeIPs, framework.GetNodeAddresses(&pickedNode, v1.NodeInternalIP)...)
// make sure ServiceAccount admission controller is enabled, so secret generation on SA creation works // make sure ServiceAccount admission controller is enabled, so secret generation on SA creation works
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get("default", metav1.GetOptions{}) saName := "default"
Expect(err).NotTo(HaveOccurred()) sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred(), "failed to retrieve service account (%s:%s)", ns, saName)
Expect(len(sa.Secrets)).NotTo(BeZero()) Expect(len(sa.Secrets)).NotTo(BeZero())
}) })
@ -72,7 +73,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
AutomountServiceAccountToken: &trueValue, AutomountServiceAccountToken: &trueValue,
} }
_, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Create(newSA) _, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Create(newSA)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create service account (%s:%s)", ns, newSA.Name)
pod := createNodeAuthTestPod(f) pod := createNodeAuthTestPod(f)

23
test/e2e/auth/node_authz.go
View File

@ -51,23 +51,24 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
ns = f.Namespace.Name ns = f.Namespace.Name
nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{}) nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to list nodes in namespace: %s", ns)
Expect(len(nodeList.Items)).NotTo(Equal(0)) Expect(len(nodeList.Items)).NotTo(Equal(0))
nodeName = nodeList.Items[0].Name nodeName = nodeList.Items[0].Name
asUser = NodeNamePrefix + nodeName asUser = NodeNamePrefix + nodeName
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get("default", metav1.GetOptions{}) saName := "default"
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
Expect(len(sa.Secrets)).NotTo(Equal(0)) Expect(len(sa.Secrets)).NotTo(Equal(0))
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to retrieve service account (%s:%s)", ns, saName)
defaultSaSecret = sa.Secrets[0].Name defaultSaSecret = sa.Secrets[0].Name
By("Creating a kubernetes client that impersonates a node") By("Creating a kubernetes client that impersonates a node")
config, err := framework.LoadConfig() config, err := framework.LoadConfig()
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to load kubernetes client config")
config.Impersonate = restclient.ImpersonationConfig{ config.Impersonate = restclient.ImpersonationConfig{
UserName: asUser, UserName: asUser,
Groups: []string{NodesGroup}, Groups: []string{NodesGroup},
} }
c, err = clientset.NewForConfig(config) c, err = clientset.NewForConfig(config)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create Clientset for the given config: %+v", *config)
}) })
It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() { It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
@ -97,7 +98,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}, },
} }
_, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap) _, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap)
_, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{}) _, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{})
Expect(apierrors.IsForbidden(err)).Should(Equal(true)) Expect(apierrors.IsForbidden(err)).Should(Equal(true))
}) })
@ -114,7 +115,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}, },
} }
_, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret) _, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create secret (%s:%s)", ns, secret.Name)
By("Node should not get the secret") By("Node should not get the secret")
_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{}) _, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
@ -147,10 +148,12 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
} }
_, err = f.ClientSet.CoreV1().Pods(ns).Create(pod) _, err = f.ClientSet.CoreV1().Pods(ns).Create(pod)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to create pod (%s:%s)", ns, pod.Name)
By("The node should able to access the secret") By("The node should able to access the secret")
err = wait.Poll(framework.Poll, 1*time.Minute, func() (bool, error) { itv := framework.Poll
dur := 1 * time.Minute
err = wait.Poll(itv, dur, func() (bool, error) {
_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{}) _, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
if err != nil { if err != nil {
framework.Logf("Failed to get secret %v, err: %v", secret.Name, err) framework.Logf("Failed to get secret %v, err: %v", secret.Name, err)
@ -158,7 +161,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
} }
return true, nil return true, nil
}) })
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred(), "failed to get secret after trying every %v for %v (%s:%s)", itv, dur, ns, secret.Name)
}) })
It("A node shouldn't be able to create another node", func() { It("A node shouldn't be able to create another node", func() {