mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #28468 from wojtek-t/integration_namespace_2
Automatic merge from submit-queue Migrate some integration tests to run in dedicated namespace.
This commit is contained in:
commit
b4ee63f6a1
@ -49,7 +49,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/auth/authorizer/abac"
|
"k8s.io/kubernetes/pkg/auth/authorizer/abac"
|
||||||
"k8s.io/kubernetes/pkg/auth/user"
|
"k8s.io/kubernetes/pkg/auth/user"
|
||||||
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api/v1"
|
"k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api/v1"
|
||||||
"k8s.io/kubernetes/pkg/master"
|
|
||||||
"k8s.io/kubernetes/pkg/serviceaccount"
|
"k8s.io/kubernetes/pkg/serviceaccount"
|
||||||
"k8s.io/kubernetes/plugin/pkg/admission/admit"
|
"k8s.io/kubernetes/plugin/pkg/admission/admit"
|
||||||
"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/tokentest"
|
"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/tokentest"
|
||||||
@ -193,7 +192,9 @@ var aNode string = `
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
var aEvent string = `
|
|
||||||
|
func aEvent(namespace string) string {
|
||||||
|
return `
|
||||||
{
|
{
|
||||||
"kind": "Event",
|
"kind": "Event",
|
||||||
"apiVersion": "` + testapi.Default.GroupVersion().String() + `",
|
"apiVersion": "` + testapi.Default.GroupVersion().String() + `",
|
||||||
@ -202,12 +203,13 @@ var aEvent string = `
|
|||||||
},
|
},
|
||||||
"involvedObject": {
|
"involvedObject": {
|
||||||
"kind": "Pod",
|
"kind": "Pod",
|
||||||
"namespace": "default",
|
"namespace": "` + namespace + `",
|
||||||
"name": "a",
|
"name": "a",
|
||||||
"apiVersion": "v1"
|
"apiVersion": "v1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
}
|
||||||
|
|
||||||
var aBinding string = `
|
var aBinding string = `
|
||||||
{
|
{
|
||||||
@ -287,7 +289,7 @@ func addTimeoutFlag(URLString string) string {
|
|||||||
return u.String()
|
return u.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
func getTestRequests() []struct {
|
func getTestRequests(namespace string) []struct {
|
||||||
verb string
|
verb string
|
||||||
URL string
|
URL string
|
||||||
body string
|
body string
|
||||||
@ -301,63 +303,63 @@ func getTestRequests() []struct {
|
|||||||
}{
|
}{
|
||||||
// Normal methods on pods
|
// Normal methods on pods
|
||||||
{"GET", path("pods", "", ""), "", code200},
|
{"GET", path("pods", "", ""), "", code200},
|
||||||
{"GET", path("pods", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("pods", namespace, ""), "", code200},
|
||||||
{"POST", timeoutPath("pods", api.NamespaceDefault, ""), aPod, code201},
|
{"POST", timeoutPath("pods", namespace, ""), aPod, code201},
|
||||||
{"PUT", timeoutPath("pods", api.NamespaceDefault, "a"), aPod, code200},
|
{"PUT", timeoutPath("pods", namespace, "a"), aPod, code200},
|
||||||
{"GET", path("pods", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("pods", namespace, "a"), "", code200},
|
||||||
// GET and POST for /exec should return Bad Request (400) since the pod has not been assigned a node yet.
|
// GET and POST for /exec should return Bad Request (400) since the pod has not been assigned a node yet.
|
||||||
{"GET", path("pods", api.NamespaceDefault, "a") + "/exec", "", code400},
|
{"GET", path("pods", namespace, "a") + "/exec", "", code400},
|
||||||
{"POST", path("pods", api.NamespaceDefault, "a") + "/exec", "", code400},
|
{"POST", path("pods", namespace, "a") + "/exec", "", code400},
|
||||||
// PUT for /exec should return Method Not Allowed (405).
|
// PUT for /exec should return Method Not Allowed (405).
|
||||||
{"PUT", path("pods", api.NamespaceDefault, "a") + "/exec", "", code405},
|
{"PUT", path("pods", namespace, "a") + "/exec", "", code405},
|
||||||
// GET and POST for /portforward should return Bad Request (400) since the pod has not been assigned a node yet.
|
// GET and POST for /portforward should return Bad Request (400) since the pod has not been assigned a node yet.
|
||||||
{"GET", path("pods", api.NamespaceDefault, "a") + "/portforward", "", code400},
|
{"GET", path("pods", namespace, "a") + "/portforward", "", code400},
|
||||||
{"POST", path("pods", api.NamespaceDefault, "a") + "/portforward", "", code400},
|
{"POST", path("pods", namespace, "a") + "/portforward", "", code400},
|
||||||
// PUT for /portforward should return Method Not Allowed (405).
|
// PUT for /portforward should return Method Not Allowed (405).
|
||||||
{"PUT", path("pods", api.NamespaceDefault, "a") + "/portforward", "", code405},
|
{"PUT", path("pods", namespace, "a") + "/portforward", "", code405},
|
||||||
{"PATCH", path("pods", api.NamespaceDefault, "a"), "{%v}", code200},
|
{"PATCH", path("pods", namespace, "a"), "{%v}", code200},
|
||||||
{"DELETE", timeoutPath("pods", api.NamespaceDefault, "a"), deleteNow, code200},
|
{"DELETE", timeoutPath("pods", namespace, "a"), deleteNow, code200},
|
||||||
|
|
||||||
// Non-standard methods (not expected to work,
|
// Non-standard methods (not expected to work,
|
||||||
// but expected to pass/fail authorization prior to
|
// but expected to pass/fail authorization prior to
|
||||||
// failing validation.
|
// failing validation.
|
||||||
{"OPTIONS", path("pods", api.NamespaceDefault, ""), "", code405},
|
{"OPTIONS", path("pods", namespace, ""), "", code405},
|
||||||
{"OPTIONS", path("pods", api.NamespaceDefault, "a"), "", code405},
|
{"OPTIONS", path("pods", namespace, "a"), "", code405},
|
||||||
{"HEAD", path("pods", api.NamespaceDefault, ""), "", code405},
|
{"HEAD", path("pods", namespace, ""), "", code405},
|
||||||
{"HEAD", path("pods", api.NamespaceDefault, "a"), "", code405},
|
{"HEAD", path("pods", namespace, "a"), "", code405},
|
||||||
{"TRACE", path("pods", api.NamespaceDefault, ""), "", code405},
|
{"TRACE", path("pods", namespace, ""), "", code405},
|
||||||
{"TRACE", path("pods", api.NamespaceDefault, "a"), "", code405},
|
{"TRACE", path("pods", namespace, "a"), "", code405},
|
||||||
{"NOSUCHVERB", path("pods", api.NamespaceDefault, ""), "", code405},
|
{"NOSUCHVERB", path("pods", namespace, ""), "", code405},
|
||||||
|
|
||||||
// Normal methods on services
|
// Normal methods on services
|
||||||
{"GET", path("services", "", ""), "", code200},
|
{"GET", path("services", "", ""), "", code200},
|
||||||
{"GET", path("services", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("services", namespace, ""), "", code200},
|
||||||
{"POST", timeoutPath("services", api.NamespaceDefault, ""), aService, code201},
|
{"POST", timeoutPath("services", namespace, ""), aService, code201},
|
||||||
// Create an endpoint for the service (this is done automatically by endpoint controller
|
// Create an endpoint for the service (this is done automatically by endpoint controller
|
||||||
// whenever a service is created, but this test does not run that controller)
|
// whenever a service is created, but this test does not run that controller)
|
||||||
{"POST", timeoutPath("endpoints", api.NamespaceDefault, ""), emptyEndpoints, code201},
|
{"POST", timeoutPath("endpoints", namespace, ""), emptyEndpoints, code201},
|
||||||
// Should return service unavailable when endpoint.subset is empty.
|
// Should return service unavailable when endpoint.subset is empty.
|
||||||
{"GET", pathWithPrefix("proxy", "services", api.NamespaceDefault, "a") + "/", "", code503},
|
{"GET", pathWithPrefix("proxy", "services", namespace, "a") + "/", "", code503},
|
||||||
{"PUT", timeoutPath("services", api.NamespaceDefault, "a"), aService, code200},
|
{"PUT", timeoutPath("services", namespace, "a"), aService, code200},
|
||||||
{"GET", path("services", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("services", namespace, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("endpoints", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("endpoints", namespace, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("services", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("services", namespace, "a"), "", code200},
|
||||||
|
|
||||||
// Normal methods on replicationControllers
|
// Normal methods on replicationControllers
|
||||||
{"GET", path("replicationControllers", "", ""), "", code200},
|
{"GET", path("replicationControllers", "", ""), "", code200},
|
||||||
{"GET", path("replicationControllers", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("replicationControllers", namespace, ""), "", code200},
|
||||||
{"POST", timeoutPath("replicationControllers", api.NamespaceDefault, ""), aRC, code201},
|
{"POST", timeoutPath("replicationControllers", namespace, ""), aRC, code201},
|
||||||
{"PUT", timeoutPath("replicationControllers", api.NamespaceDefault, "a"), aRC, code200},
|
{"PUT", timeoutPath("replicationControllers", namespace, "a"), aRC, code200},
|
||||||
{"GET", path("replicationControllers", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("replicationControllers", namespace, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("replicationControllers", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("replicationControllers", namespace, "a"), "", code200},
|
||||||
|
|
||||||
// Normal methods on endpoints
|
// Normal methods on endpoints
|
||||||
{"GET", path("endpoints", "", ""), "", code200},
|
{"GET", path("endpoints", "", ""), "", code200},
|
||||||
{"GET", path("endpoints", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("endpoints", namespace, ""), "", code200},
|
||||||
{"POST", timeoutPath("endpoints", api.NamespaceDefault, ""), aEndpoints, code201},
|
{"POST", timeoutPath("endpoints", namespace, ""), aEndpoints, code201},
|
||||||
{"PUT", timeoutPath("endpoints", api.NamespaceDefault, "a"), aEndpoints, code200},
|
{"PUT", timeoutPath("endpoints", namespace, "a"), aEndpoints, code200},
|
||||||
{"GET", path("endpoints", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("endpoints", namespace, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("endpoints", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("endpoints", namespace, "a"), "", code200},
|
||||||
|
|
||||||
// Normal methods on nodes
|
// Normal methods on nodes
|
||||||
{"GET", path("nodes", "", ""), "", code200},
|
{"GET", path("nodes", "", ""), "", code200},
|
||||||
@ -368,30 +370,30 @@ func getTestRequests() []struct {
|
|||||||
|
|
||||||
// Normal methods on events
|
// Normal methods on events
|
||||||
{"GET", path("events", "", ""), "", code200},
|
{"GET", path("events", "", ""), "", code200},
|
||||||
{"GET", path("events", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("events", namespace, ""), "", code200},
|
||||||
{"POST", timeoutPath("events", api.NamespaceDefault, ""), aEvent, code201},
|
{"POST", timeoutPath("events", namespace, ""), aEvent(namespace), code201},
|
||||||
{"PUT", timeoutPath("events", api.NamespaceDefault, "a"), aEvent, code200},
|
{"PUT", timeoutPath("events", namespace, "a"), aEvent(namespace), code200},
|
||||||
{"GET", path("events", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("events", namespace, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("events", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("events", namespace, "a"), "", code200},
|
||||||
|
|
||||||
// Normal methods on bindings
|
// Normal methods on bindings
|
||||||
{"GET", path("bindings", api.NamespaceDefault, ""), "", code405},
|
{"GET", path("bindings", namespace, ""), "", code405},
|
||||||
{"POST", timeoutPath("pods", api.NamespaceDefault, ""), aPod, code201}, // Need a pod to bind or you get a 404
|
{"POST", timeoutPath("pods", namespace, ""), aPod, code201}, // Need a pod to bind or you get a 404
|
||||||
{"POST", timeoutPath("bindings", api.NamespaceDefault, ""), aBinding, code201},
|
{"POST", timeoutPath("bindings", namespace, ""), aBinding, code201},
|
||||||
{"PUT", timeoutPath("bindings", api.NamespaceDefault, "a"), aBinding, code404},
|
{"PUT", timeoutPath("bindings", namespace, "a"), aBinding, code404},
|
||||||
{"GET", path("bindings", api.NamespaceDefault, "a"), "", code404}, // No bindings instances
|
{"GET", path("bindings", namespace, "a"), "", code404}, // No bindings instances
|
||||||
{"DELETE", timeoutPath("bindings", api.NamespaceDefault, "a"), "", code404},
|
{"DELETE", timeoutPath("bindings", namespace, "a"), "", code404},
|
||||||
|
|
||||||
// Non-existent object type.
|
// Non-existent object type.
|
||||||
{"GET", path("foo", "", ""), "", code404},
|
{"GET", path("foo", "", ""), "", code404},
|
||||||
{"POST", path("foo", api.NamespaceDefault, ""), `{"foo": "foo"}`, code404},
|
{"POST", path("foo", namespace, ""), `{"foo": "foo"}`, code404},
|
||||||
{"PUT", path("foo", api.NamespaceDefault, "a"), `{"foo": "foo"}`, code404},
|
{"PUT", path("foo", namespace, "a"), `{"foo": "foo"}`, code404},
|
||||||
{"GET", path("foo", api.NamespaceDefault, "a"), "", code404},
|
{"GET", path("foo", namespace, "a"), "", code404},
|
||||||
{"DELETE", timeoutPath("foo", api.NamespaceDefault, ""), "", code404},
|
{"DELETE", timeoutPath("foo", namespace, ""), "", code404},
|
||||||
|
|
||||||
// Special verbs on nodes
|
// Special verbs on nodes
|
||||||
{"GET", pathWithPrefix("proxy", "nodes", api.NamespaceDefault, "a"), "", code404},
|
{"GET", pathWithPrefix("proxy", "nodes", namespace, "a"), "", code404},
|
||||||
{"GET", pathWithPrefix("redirect", "nodes", api.NamespaceDefault, "a"), "", code404},
|
{"GET", pathWithPrefix("redirect", "nodes", namespace, "a"), "", code404},
|
||||||
// TODO: test .../watch/..., which doesn't end before the test timeout.
|
// TODO: test .../watch/..., which doesn't end before the test timeout.
|
||||||
// TODO: figure out how to create a node so that it can successfully proxy/redirect.
|
// TODO: figure out how to create a node so that it can successfully proxy/redirect.
|
||||||
|
|
||||||
@ -412,26 +414,18 @@ func getTestRequests() []struct {
|
|||||||
//
|
//
|
||||||
// TODO(etune): write a fuzz test of the REST API.
|
// TODO(etune): write a fuzz test of the REST API.
|
||||||
func TestAuthModeAlwaysAllow(t *testing.T) {
|
func TestAuthModeAlwaysAllow(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// Set up a master
|
// Set up a master
|
||||||
var m *master.Master
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
ns := framework.CreateTestingNamespace("auth-always-allow", s, t)
|
||||||
m, err := master.New(masterConfig)
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
previousResourceVersion := make(map[string]float64)
|
previousResourceVersion := make(map[string]float64)
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
var bodyStr string
|
var bodyStr string
|
||||||
if r.body != "" {
|
if r.body != "" {
|
||||||
sub := ""
|
sub := ""
|
||||||
@ -440,8 +434,7 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
|
|||||||
if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
|
if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
|
||||||
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
||||||
}
|
}
|
||||||
namespace := "default"
|
sub += fmt.Sprintf(",\r\n\"namespace\": %q", ns.Name)
|
||||||
sub += fmt.Sprintf(",\r\n\"namespace\": %q", namespace)
|
|
||||||
}
|
}
|
||||||
bodyStr = fmt.Sprintf(r.body, sub)
|
bodyStr = fmt.Sprintf(r.body, sub)
|
||||||
}
|
}
|
||||||
@ -518,26 +511,18 @@ func getPreviousResourceVersionKey(url, id string) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAuthModeAlwaysDeny(t *testing.T) {
|
func TestAuthModeAlwaysDeny(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// Set up a master
|
// Set up a master
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authorizer = apiserver.NewAlwaysDenyAuthorizer()
|
masterConfig.Authorizer = apiserver.NewAlwaysDenyAuthorizer()
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-always-deny", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -573,31 +558,23 @@ func (allowAliceAuthorizer) Authorize(a authorizer.Attributes) error {
|
|||||||
// TestAliceNotForbiddenOrUnauthorized tests a user who is known to
|
// TestAliceNotForbiddenOrUnauthorized tests a user who is known to
|
||||||
// the authentication system and authorized to do any actions.
|
// the authentication system and authorized to do any actions.
|
||||||
func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
|
|
||||||
// Set up a master
|
// Set up a master
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = allowAliceAuthorizer{}
|
masterConfig.Authorizer = allowAliceAuthorizer{}
|
||||||
masterConfig.AdmissionControl = admit.NewAlwaysAdmit()
|
masterConfig.AdmissionControl = admit.NewAlwaysAdmit()
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-alice-not-forbidden", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
previousResourceVersion := make(map[string]float64)
|
previousResourceVersion := make(map[string]float64)
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := AliceToken
|
token := AliceToken
|
||||||
var bodyStr string
|
var bodyStr string
|
||||||
if r.body != "" {
|
if r.body != "" {
|
||||||
@ -607,8 +584,7 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
|||||||
if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
|
if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
|
||||||
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
||||||
}
|
}
|
||||||
namespace := "default"
|
sub += fmt.Sprintf(",\r\n\"namespace\": %q", ns.Name)
|
||||||
sub += fmt.Sprintf(",\r\n\"namespace\": %q", namespace)
|
|
||||||
}
|
}
|
||||||
bodyStr = fmt.Sprintf(r.body, sub)
|
bodyStr = fmt.Sprintf(r.body, sub)
|
||||||
}
|
}
|
||||||
@ -654,27 +630,19 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
|||||||
// the authentication system but not authorized to do any actions
|
// the authentication system but not authorized to do any actions
|
||||||
// should receive "Forbidden".
|
// should receive "Forbidden".
|
||||||
func TestBobIsForbidden(t *testing.T) {
|
func TestBobIsForbidden(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = allowAliceAuthorizer{}
|
masterConfig.Authorizer = allowAliceAuthorizer{}
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-bob-forbidden", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := BobToken
|
token := BobToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -704,29 +672,21 @@ func TestBobIsForbidden(t *testing.T) {
|
|||||||
// An authorization module is installed in this scenario for integration
|
// An authorization module is installed in this scenario for integration
|
||||||
// test purposes, but requests aren't expected to reach it.
|
// test purposes, but requests aren't expected to reach it.
|
||||||
func TestUnknownUserIsUnauthorized(t *testing.T) {
|
func TestUnknownUserIsUnauthorized(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
|
|
||||||
// Set up a master
|
// Set up a master
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = allowAliceAuthorizer{}
|
masterConfig.Authorizer = allowAliceAuthorizer{}
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-unknown-unauthorized", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := UnknownToken
|
token := UnknownToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -776,27 +736,20 @@ func (impersonateAuthorizer) Authorize(a authorizer.Attributes) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestImpersonateIsForbidden(t *testing.T) {
|
func TestImpersonateIsForbidden(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// Set up a master
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = impersonateAuthorizer{}
|
masterConfig.Authorizer = impersonateAuthorizer{}
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-impersonate-forbidden", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
// bob can't perform actions himself
|
// bob can't perform actions himself
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := BobToken
|
token := BobToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -821,7 +774,7 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// bob can impersonate alice to do other things
|
// bob can impersonate alice to do other things
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := BobToken
|
token := BobToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -846,7 +799,7 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// alice can't impersonate bob
|
// alice can't impersonate bob
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := AliceToken
|
token := AliceToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -872,7 +825,7 @@ func TestImpersonateIsForbidden(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// alice can impersonate a service account
|
// alice can impersonate a service account
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
token := BobToken
|
token := BobToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
|
||||||
@ -928,24 +881,17 @@ func (a *trackingAuthorizer) Authorize(attributes authorizer.Attributes) error {
|
|||||||
|
|
||||||
// TestAuthorizationAttributeDetermination tests that authorization attributes are built correctly
|
// TestAuthorizationAttributeDetermination tests that authorization attributes are built correctly
|
||||||
func TestAuthorizationAttributeDetermination(t *testing.T) {
|
func TestAuthorizationAttributeDetermination(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
trackingAuthorizer := &trackingAuthorizer{}
|
trackingAuthorizer := &trackingAuthorizer{}
|
||||||
|
|
||||||
var m *master.Master
|
// Set up a master
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = trackingAuthorizer
|
masterConfig.Authorizer = trackingAuthorizer
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-attribute-determination", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
@ -999,26 +945,19 @@ func TestAuthorizationAttributeDetermination(t *testing.T) {
|
|||||||
// TestNamespaceAuthorization tests that authorization can be controlled
|
// TestNamespaceAuthorization tests that authorization can be controlled
|
||||||
// by namespace.
|
// by namespace.
|
||||||
func TestNamespaceAuthorization(t *testing.T) {
|
func TestNamespaceAuthorization(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
a := newAuthorizerWithContents(t, `{"namespace": "foo"}
|
a := newAuthorizerWithContents(t, `{"namespace": "auth-namespace"}
|
||||||
`)
|
`)
|
||||||
|
|
||||||
var m *master.Master
|
// Set up a master
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = a
|
masterConfig.Authorizer = a
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-namespace", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
previousResourceVersion := make(map[string]float64)
|
previousResourceVersion := make(map[string]float64)
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
@ -1031,15 +970,15 @@ func TestNamespaceAuthorization(t *testing.T) {
|
|||||||
statusCodes map[int]bool // allowed status codes.
|
statusCodes map[int]bool // allowed status codes.
|
||||||
}{
|
}{
|
||||||
|
|
||||||
{"POST", timeoutPath("pods", "foo", ""), "foo", aPod, code201},
|
{"POST", timeoutPath("pods", ns.Name, ""), "foo", aPod, code201},
|
||||||
{"GET", path("pods", "foo", ""), "foo", "", code200},
|
{"GET", path("pods", ns.Name, ""), "foo", "", code200},
|
||||||
{"GET", path("pods", "foo", "a"), "foo", "", code200},
|
{"GET", path("pods", ns.Name, "a"), "foo", "", code200},
|
||||||
{"DELETE", timeoutPath("pods", "foo", "a"), "foo", "", code200},
|
{"DELETE", timeoutPath("pods", ns.Name, "a"), "foo", "", code200},
|
||||||
|
|
||||||
{"POST", timeoutPath("pods", "bar", ""), "bar", aPod, code403},
|
{"POST", timeoutPath("pods", "foo", ""), "bar", aPod, code403},
|
||||||
{"GET", path("pods", "bar", ""), "bar", "", code403},
|
{"GET", path("pods", "foo", ""), "bar", "", code403},
|
||||||
{"GET", path("pods", "bar", "a"), "bar", "", code403},
|
{"GET", path("pods", "foo", "a"), "bar", "", code403},
|
||||||
{"DELETE", timeoutPath("pods", "bar", "a"), "bar", "", code403},
|
{"DELETE", timeoutPath("pods", "foo", "a"), "bar", "", code403},
|
||||||
|
|
||||||
{"POST", timeoutPath("pods", api.NamespaceDefault, ""), "", aPod, code403},
|
{"POST", timeoutPath("pods", api.NamespaceDefault, ""), "", aPod, code403},
|
||||||
{"GET", path("pods", "", ""), "", "", code403},
|
{"GET", path("pods", "", ""), "", "", code403},
|
||||||
@ -1058,6 +997,7 @@ func TestNamespaceAuthorization(t *testing.T) {
|
|||||||
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
sub += fmt.Sprintf(",\r\n\"resourceVersion\": \"%v\"", resVersion)
|
||||||
}
|
}
|
||||||
namespace := r.namespace
|
namespace := r.namespace
|
||||||
|
// FIXME: Is that correct?
|
||||||
if len(namespace) == 0 {
|
if len(namespace) == 0 {
|
||||||
namespace = "default"
|
namespace = "default"
|
||||||
}
|
}
|
||||||
@ -1103,28 +1043,19 @@ func TestNamespaceAuthorization(t *testing.T) {
|
|||||||
// TestKindAuthorization tests that authorization can be controlled
|
// TestKindAuthorization tests that authorization can be controlled
|
||||||
// by namespace.
|
// by namespace.
|
||||||
func TestKindAuthorization(t *testing.T) {
|
func TestKindAuthorization(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
|
|
||||||
// Set up a master
|
|
||||||
a := newAuthorizerWithContents(t, `{"resource": "services"}
|
a := newAuthorizerWithContents(t, `{"resource": "services"}
|
||||||
`)
|
`)
|
||||||
|
|
||||||
var m *master.Master
|
// Set up a master
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = a
|
masterConfig.Authorizer = a
|
||||||
m, err := master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-kind", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
previousResourceVersion := make(map[string]float64)
|
previousResourceVersion := make(map[string]float64)
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
@ -1135,15 +1066,15 @@ func TestKindAuthorization(t *testing.T) {
|
|||||||
body string
|
body string
|
||||||
statusCodes map[int]bool // allowed status codes.
|
statusCodes map[int]bool // allowed status codes.
|
||||||
}{
|
}{
|
||||||
{"POST", timeoutPath("services", api.NamespaceDefault, ""), aService, code201},
|
{"POST", timeoutPath("services", ns.Name, ""), aService, code201},
|
||||||
{"GET", path("services", api.NamespaceDefault, ""), "", code200},
|
{"GET", path("services", ns.Name, ""), "", code200},
|
||||||
{"GET", path("services", api.NamespaceDefault, "a"), "", code200},
|
{"GET", path("services", ns.Name, "a"), "", code200},
|
||||||
{"DELETE", timeoutPath("services", api.NamespaceDefault, "a"), "", code200},
|
{"DELETE", timeoutPath("services", ns.Name, "a"), "", code200},
|
||||||
|
|
||||||
{"POST", timeoutPath("pods", api.NamespaceDefault, ""), aPod, code403},
|
{"POST", timeoutPath("pods", ns.Name, ""), aPod, code403},
|
||||||
{"GET", path("pods", "", ""), "", code403},
|
{"GET", path("pods", "", ""), "", code403},
|
||||||
{"GET", path("pods", api.NamespaceDefault, "a"), "", code403},
|
{"GET", path("pods", ns.Name, "a"), "", code403},
|
||||||
{"DELETE", timeoutPath("pods", api.NamespaceDefault, "a"), "", code403},
|
{"DELETE", timeoutPath("pods", ns.Name, "a"), "", code403},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, r := range requests {
|
for _, r := range requests {
|
||||||
@ -1197,28 +1128,18 @@ func TestKindAuthorization(t *testing.T) {
|
|||||||
// TestReadOnlyAuthorization tests that authorization can be controlled
|
// TestReadOnlyAuthorization tests that authorization can be controlled
|
||||||
// by namespace.
|
// by namespace.
|
||||||
func TestReadOnlyAuthorization(t *testing.T) {
|
func TestReadOnlyAuthorization(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
// This file has alice and bob in it.
|
// This file has alice and bob in it.
|
||||||
|
|
||||||
// Set up a master
|
|
||||||
a := newAuthorizerWithContents(t, `{"readonly": true}`)
|
a := newAuthorizerWithContents(t, `{"readonly": true}`)
|
||||||
|
|
||||||
var m *master.Master
|
// Set up a master
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = getTestTokenAuth()
|
masterConfig.Authenticator = getTestTokenAuth()
|
||||||
masterConfig.Authorizer = a
|
masterConfig.Authorizer = a
|
||||||
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
m, err := master.New(masterConfig)
|
ns := framework.CreateTestingNamespace("auth-read-only", s, t)
|
||||||
if err != nil {
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
@ -1228,8 +1149,8 @@ func TestReadOnlyAuthorization(t *testing.T) {
|
|||||||
body string
|
body string
|
||||||
statusCodes map[int]bool // allowed status codes.
|
statusCodes map[int]bool // allowed status codes.
|
||||||
}{
|
}{
|
||||||
{"POST", path("pods", "", ""), aPod, code403},
|
{"POST", path("pods", ns.Name, ""), aPod, code403},
|
||||||
{"GET", path("pods", "", ""), "", code200},
|
{"GET", path("pods", ns.Name, ""), "", code200},
|
||||||
{"GET", path("pods", api.NamespaceDefault, "a"), "", code404},
|
{"GET", path("pods", api.NamespaceDefault, "a"), "", code404},
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1262,15 +1183,6 @@ func TestReadOnlyAuthorization(t *testing.T) {
|
|||||||
// authenticator to call out to a remote web server for authentication
|
// authenticator to call out to a remote web server for authentication
|
||||||
// decisions.
|
// decisions.
|
||||||
func TestWebhookTokenAuthenticator(t *testing.T) {
|
func TestWebhookTokenAuthenticator(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
var m *master.Master
|
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
defer s.Close()
|
|
||||||
|
|
||||||
authServer := newTestWebhookTokenAuthServer()
|
authServer := newTestWebhookTokenAuthServer()
|
||||||
defer authServer.Close()
|
defer authServer.Close()
|
||||||
authenticator, err := getTestWebhookTokenAuth(authServer.URL)
|
authenticator, err := getTestWebhookTokenAuth(authServer.URL)
|
||||||
@ -1278,17 +1190,19 @@ func TestWebhookTokenAuthenticator(t *testing.T) {
|
|||||||
t.Fatalf("error starting webhook token authenticator server: %v", err)
|
t.Fatalf("error starting webhook token authenticator server: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set up a master
|
||||||
masterConfig := framework.NewIntegrationTestMasterConfig()
|
masterConfig := framework.NewIntegrationTestMasterConfig()
|
||||||
masterConfig.Authenticator = authenticator
|
masterConfig.Authenticator = authenticator
|
||||||
masterConfig.Authorizer = allowAliceAuthorizer{}
|
masterConfig.Authorizer = allowAliceAuthorizer{}
|
||||||
m, err = master.New(masterConfig)
|
_, s := framework.RunAMaster(masterConfig)
|
||||||
if err != nil {
|
defer s.Close()
|
||||||
t.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
ns := framework.CreateTestingNamespace("auth-webhook-token", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
for _, r := range getTestRequests() {
|
for _, r := range getTestRequests(ns.Name) {
|
||||||
// Expect Bob's requests to all fail.
|
// Expect Bob's requests to all fail.
|
||||||
token := BobToken
|
token := BobToken
|
||||||
bodyBytes := bytes.NewReader([]byte(r.body))
|
bodyBytes := bytes.NewReader([]byte(r.body))
|
||||||
|
@ -44,7 +44,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestClient(t *testing.T) {
|
func TestClient(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -116,7 +116,7 @@ func TestClient(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAtomicPut(t *testing.T) {
|
func TestAtomicPut(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -208,7 +208,7 @@ func TestAtomicPut(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestPatch(t *testing.T) {
|
func TestPatch(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -317,7 +317,7 @@ func TestPatch(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestPatchWithCreateOnUpdate(t *testing.T) {
|
func TestPatchWithCreateOnUpdate(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -428,7 +428,7 @@ func TestPatchWithCreateOnUpdate(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAPIVersions(t *testing.T) {
|
func TestAPIVersions(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -450,7 +450,7 @@ func TestAPIVersions(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestSingleWatch(t *testing.T) {
|
func TestSingleWatch(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
ns := framework.CreateTestingNamespace("single-watch", s, t)
|
ns := framework.CreateTestingNamespace("single-watch", s, t)
|
||||||
@ -535,7 +535,7 @@ func TestMultiWatch(t *testing.T) {
|
|||||||
const watcherCount = 50
|
const watcherCount = 50
|
||||||
rt.GOMAXPROCS(watcherCount)
|
rt.GOMAXPROCS(watcherCount)
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
ns := framework.CreateTestingNamespace("multi-watch", s, t)
|
ns := framework.CreateTestingNamespace("multi-watch", s, t)
|
||||||
@ -794,7 +794,7 @@ func TestSelfLinkOnNamespace(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
c := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
|
@ -32,7 +32,7 @@ import (
|
|||||||
|
|
||||||
// TestConfigMap tests apiserver-side behavior of creation of ConfigMaps and pods that consume them.
|
// TestConfigMap tests apiserver-side behavior of creation of ConfigMaps and pods that consume them.
|
||||||
func TestConfigMap(t *testing.T) {
|
func TestConfigMap(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
|
@ -34,12 +34,12 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestDynamicClient(t *testing.T) {
|
func TestDynamicClient(t *testing.T) {
|
||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
_, s := framework.RunAMaster(nil)
|
||||||
framework.DeleteAllEtcdKeys()
|
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
|
ns := framework.CreateTestingNamespace("dynamic-client", s, t)
|
||||||
|
defer framework.DeleteTestingNamespace(ns, s, t)
|
||||||
|
|
||||||
gv := testapi.Default.GroupVersion()
|
gv := testapi.Default.GroupVersion()
|
||||||
config := &restclient.Config{
|
config := &restclient.Config{
|
||||||
Host: s.URL,
|
Host: s.URL,
|
||||||
@ -86,13 +86,13 @@ func TestDynamicClient(t *testing.T) {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
actual, err := client.Pods(framework.TestNS).Create(pod)
|
actual, err := client.Pods(ns.Name).Create(pod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unexpected error when creating pod: %v", err)
|
t.Fatalf("unexpected error when creating pod: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// check dynamic list
|
// check dynamic list
|
||||||
unstructuredList, err := dynamicClient.Resource(&resource, framework.TestNS).List(&v1.ListOptions{})
|
unstructuredList, err := dynamicClient.Resource(&resource, ns.Name).List(&v1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unexpected error when listing pods: %v", err)
|
t.Fatalf("unexpected error when listing pods: %v", err)
|
||||||
}
|
}
|
||||||
@ -111,7 +111,7 @@ func TestDynamicClient(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// check dynamic get
|
// check dynamic get
|
||||||
unstruct, err := dynamicClient.Resource(&resource, framework.TestNS).Get(actual.Name)
|
unstruct, err := dynamicClient.Resource(&resource, ns.Name).Get(actual.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unexpected error when getting pod %q: %v", actual.Name, err)
|
t.Fatalf("unexpected error when getting pod %q: %v", actual.Name, err)
|
||||||
}
|
}
|
||||||
@ -126,12 +126,12 @@ func TestDynamicClient(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// delete the pod dynamically
|
// delete the pod dynamically
|
||||||
err = dynamicClient.Resource(&resource, framework.TestNS).Delete(actual.Name, nil)
|
err = dynamicClient.Resource(&resource, ns.Name).Delete(actual.Name, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unexpected error when deleting pod: %v", err)
|
t.Fatalf("unexpected error when deleting pod: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
list, err := client.Pods(framework.TestNS).List(api.ListOptions{})
|
list, err := client.Pods(ns.Name).List(api.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unexpected error when listing pods: %v", err)
|
t.Fatalf("unexpected error when listing pods: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -188,7 +188,7 @@ func TestSchedulerExtender(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
restClient := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
restClient := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
|
@ -51,6 +51,7 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/master"
|
"k8s.io/kubernetes/pkg/master"
|
||||||
"k8s.io/kubernetes/pkg/runtime"
|
"k8s.io/kubernetes/pkg/runtime"
|
||||||
"k8s.io/kubernetes/pkg/storage/storagebackend"
|
"k8s.io/kubernetes/pkg/storage/storagebackend"
|
||||||
|
utilnet "k8s.io/kubernetes/pkg/util/net"
|
||||||
"k8s.io/kubernetes/plugin/pkg/admission/admit"
|
"k8s.io/kubernetes/plugin/pkg/admission/admit"
|
||||||
|
|
||||||
"github.com/pborman/uuid"
|
"github.com/pborman/uuid"
|
||||||
@ -152,6 +153,14 @@ func startMasterOrDie(masterConfig *master.Config) (*master.Master, *httptest.Se
|
|||||||
return m, s
|
return m, s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func parseCIDROrDie(cidr string) *net.IPNet {
|
||||||
|
_, parsed, err := net.ParseCIDR(cidr)
|
||||||
|
if err != nil {
|
||||||
|
glog.Fatalf("error while parsing CIDR: %s", cidr)
|
||||||
|
}
|
||||||
|
return parsed
|
||||||
|
}
|
||||||
|
|
||||||
// Returns a basic master config.
|
// Returns a basic master config.
|
||||||
func NewMasterConfig() *master.Config {
|
func NewMasterConfig() *master.Config {
|
||||||
config := storagebackend.Config{
|
config := storagebackend.Config{
|
||||||
@ -208,6 +217,9 @@ func NewMasterConfig() *master.Config {
|
|||||||
AdmissionControl: admit.NewAlwaysAdmit(),
|
AdmissionControl: admit.NewAlwaysAdmit(),
|
||||||
Serializer: api.Codecs,
|
Serializer: api.Codecs,
|
||||||
EnableWatchCache: true,
|
EnableWatchCache: true,
|
||||||
|
// Set those values to avoid annoying warnings in logs.
|
||||||
|
ServiceClusterIPRange: parseCIDROrDie("10.0.0.0/24"),
|
||||||
|
ServiceNodePortRange: utilnet.PortRange{Base: 30000, Size: 2768},
|
||||||
},
|
},
|
||||||
KubeletClient: kubeletclient.FakeKubeletClient{},
|
KubeletClient: kubeletclient.FakeKubeletClient{},
|
||||||
}
|
}
|
||||||
@ -347,21 +359,12 @@ func StartPods(numPods int, host string, restClient *client.Client) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Merge this into startMasterOrDie.
|
func RunAMaster(masterConfig *master.Config) (*master.Master, *httptest.Server) {
|
||||||
func RunAMaster(t *testing.T) (*master.Master, *httptest.Server) {
|
if masterConfig == nil {
|
||||||
masterConfig := NewMasterConfig()
|
masterConfig = NewMasterConfig()
|
||||||
masterConfig.EnableProfiling = true
|
masterConfig.EnableProfiling = true
|
||||||
m, err := master.New(masterConfig)
|
|
||||||
if err != nil {
|
|
||||||
// TODO: Return error.
|
|
||||||
glog.Fatalf("error in bringing up the master: %v", err)
|
|
||||||
}
|
}
|
||||||
|
return startMasterOrDie(masterConfig)
|
||||||
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
||||||
m.Handler.ServeHTTP(w, req)
|
|
||||||
}))
|
|
||||||
|
|
||||||
return m, s
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Task is a function passed to worker goroutines by RunParallel.
|
// Task is a function passed to worker goroutines by RunParallel.
|
||||||
|
@ -42,7 +42,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func testPrefix(t *testing.T, prefix string) {
|
func testPrefix(t *testing.T, prefix string) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
resp, err := http.Get(s.URL + prefix)
|
resp, err := http.Get(s.URL + prefix)
|
||||||
@ -71,7 +71,7 @@ func TestExtensionsPrefix(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestWatchSucceedsWithoutArgs(t *testing.T) {
|
func TestWatchSucceedsWithoutArgs(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
resp, err := http.Get(s.URL + "/api/v1/namespaces?watch=1")
|
resp, err := http.Get(s.URL + "/api/v1/namespaces?watch=1")
|
||||||
@ -118,7 +118,7 @@ func extensionsPath(resource, namespace, name string) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAutoscalingGroupBackwardCompatibility(t *testing.T) {
|
func TestAutoscalingGroupBackwardCompatibility(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
@ -261,7 +261,7 @@ func TestBatchGroupBackwardCompatibility(t *testing.T) {
|
|||||||
if *testapi.Batch.GroupVersion() == v2alpha1.SchemeGroupVersion {
|
if *testapi.Batch.GroupVersion() == v2alpha1.SchemeGroupVersion {
|
||||||
t.Skip("Shared job storage is not required for batch/v2alpha1.")
|
t.Skip("Shared job storage is not required for batch/v2alpha1.")
|
||||||
}
|
}
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
transport := http.DefaultTransport
|
transport := http.DefaultTransport
|
||||||
|
|
||||||
@ -314,7 +314,7 @@ func TestBatchGroupBackwardCompatibility(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAccept(t *testing.T) {
|
func TestAccept(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
resp, err := http.Get(s.URL + "/api/")
|
resp, err := http.Get(s.URL + "/api/")
|
||||||
|
@ -86,7 +86,7 @@ func checkForExpectedMetrics(t *testing.T, metrics []*prometheuspb.MetricFamily,
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestMasterProcessMetrics(t *testing.T) {
|
func TestMasterProcessMetrics(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
metrics, err := scrapeMetrics(s)
|
metrics, err := scrapeMetrics(s)
|
||||||
@ -103,7 +103,7 @@ func TestMasterProcessMetrics(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestApiserverMetrics(t *testing.T) {
|
func TestApiserverMetrics(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
// Make a request to the apiserver to ensure there's at least one data point
|
// Make a request to the apiserver to ensure there's at least one data point
|
||||||
|
@ -108,7 +108,7 @@ func TestPersistentVolumeRecycler(t *testing.T) {
|
|||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
glog.V(2).Infof("TestPersistentVolumeRecycler started")
|
glog.V(2).Infof("TestPersistentVolumeRecycler started")
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -158,7 +158,7 @@ func TestPersistentVolumeDeleter(t *testing.T) {
|
|||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
glog.V(2).Infof("TestPersistentVolumeDeleter started")
|
glog.V(2).Infof("TestPersistentVolumeDeleter started")
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -212,7 +212,7 @@ func TestPersistentVolumeBindRace(t *testing.T) {
|
|||||||
// Test a race binding many claims to a PV that is pre-bound to a specific
|
// Test a race binding many claims to a PV that is pre-bound to a specific
|
||||||
// PVC. Only this specific PVC should get bound.
|
// PVC. Only this specific PVC should get bound.
|
||||||
glog.V(2).Infof("TestPersistentVolumeBindRace started")
|
glog.V(2).Infof("TestPersistentVolumeBindRace started")
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
testClient, ctrl, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -279,7 +279,7 @@ func TestPersistentVolumeClaimLabelSelector(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -354,7 +354,7 @@ func TestPersistentVolumeClaimLabelSelectorMatchExpressions(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -448,7 +448,7 @@ func TestPersistentVolumeMultiPVs(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -532,7 +532,7 @@ func TestPersistentVolumeMultiPVsPVCs(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, binder, watchPV, watchPVC := createClients(t, s)
|
testClient, binder, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -613,7 +613,7 @@ func TestPersistentVolumeProvisionMultiPVCs(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, binder, watchPV, watchPVC := createClients(t, s)
|
testClient, binder, watchPV, watchPVC := createClients(t, s)
|
||||||
@ -692,7 +692,7 @@ func TestPersistentVolumeMultiPVsDiffAccessModes(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
testClient, controller, watchPV, watchPVC := createClients(t, s)
|
||||||
|
@ -30,7 +30,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestPodUpdateActiveDeadlineSeconds(t *testing.T) {
|
func TestPodUpdateActiveDeadlineSeconds(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
ns := framework.CreateTestingNamespace("pod-activedeadline-update", s, t)
|
ns := framework.CreateTestingNamespace("pod-activedeadline-update", s, t)
|
||||||
@ -147,7 +147,7 @@ func TestPodUpdateActiveDeadlineSeconds(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestPodReadOnlyFilesystem(t *testing.T) {
|
func TestPodReadOnlyFilesystem(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
isReadOnly := true
|
isReadOnly := true
|
||||||
|
@ -64,8 +64,7 @@ func TestQuota(t *testing.T) {
|
|||||||
<-initializationCh
|
<-initializationCh
|
||||||
m.Handler.ServeHTTP(w, req)
|
m.Handler.ServeHTTP(w, req)
|
||||||
}))
|
}))
|
||||||
// TODO: https://github.com/kubernetes/kubernetes/issues/25412
|
defer s.Close()
|
||||||
//defer s.Close()
|
|
||||||
admissionCh := make(chan struct{})
|
admissionCh := make(chan struct{})
|
||||||
clientset := clientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
clientset := clientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
admission, err := resourcequota.NewResourceQuota(clientset, quotainstall.NewRegistry(clientset), 5, admissionCh)
|
admission, err := resourcequota.NewResourceQuota(clientset, quotainstall.NewRegistry(clientset), 5, admissionCh)
|
||||||
|
@ -53,7 +53,7 @@ func TestUnschedulableNodes(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
restClient := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
restClient := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
@ -292,7 +292,7 @@ func TestMultiScheduler(t *testing.T) {
|
|||||||
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
// TODO: Limit the test to a single non-default namespace and clean this up at the end.
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
// TODO: Uncomment when fix #19254
|
// TODO: Uncomment when fix #19254
|
||||||
// This seems to be a different issue - it still doesn't work.
|
// This seems to be a different issue - it still doesn't work.
|
||||||
// defer s.Close()
|
// defer s.Close()
|
||||||
@ -473,7 +473,7 @@ func createPod(client *client.Client, name string, annotation map[string]string)
|
|||||||
func TestAllocatable(t *testing.T) {
|
func TestAllocatable(t *testing.T) {
|
||||||
framework.DeleteAllEtcdKeys()
|
framework.DeleteAllEtcdKeys()
|
||||||
|
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
// 1. create and start default-scheduler
|
// 1. create and start default-scheduler
|
||||||
|
@ -38,7 +38,7 @@ func deleteSecretOrErrorf(t *testing.T, c *client.Client, ns, name string) {
|
|||||||
|
|
||||||
// TestSecrets tests apiserver-side behavior of creation of secret objects and their use by pods.
|
// TestSecrets tests apiserver-side behavior of creation of secret objects and their use by pods.
|
||||||
func TestSecrets(t *testing.T) {
|
func TestSecrets(t *testing.T) {
|
||||||
_, s := framework.RunAMaster(t)
|
_, s := framework.RunAMaster(nil)
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
client := client.NewOrDie(&restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: testapi.Default.GroupVersion()}})
|
||||||
|
Loading…
Reference in New Issue
Block a user