e2e: Better error reporting in firewall test

Clearly report the particular ip/port that failed.
2025-07-29 06:27:05 +00:00 · 2018-11-06 13:04:50 -05:00 · 2018-11-06 13:04:50 -05:00 · c136a99bf2
commit c136a99bf2
parent 0400871df9
2 changed files with 23 additions and 14 deletions
--- a/test/e2e/framework/util.go
+++ b/test/e2e/framework/util.go
@ -4941,7 +4941,7 @@ func getMaster(c clientset.Interface) Address {
 func GetAllMasterAddresses(c clientset.Interface) []string {
 	master := getMaster(c)

-	var ips sets.String
+	ips := sets.NewString()
 	switch TestContext.Provider {
 	case "gce", "gke":
 		if master.externalIP != "" {
--- a/test/e2e/network/firewall.go
+++ b/test/e2e/network/firewall.go
@ -18,6 +18,7 @@ package network

 import (
 	"fmt"
+	"time"

 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@ -172,19 +173,27 @@ var _ = SIGDescribe("Firewall rule", func() {

 		By("Checking well known ports on master and nodes are not exposed externally")
 		nodeAddrs := framework.NodeAddresses(nodes, v1.NodeExternalIP)
-		Expect(len(nodeAddrs)).NotTo(BeZero())
-		masterAddresses := framework.GetAllMasterAddresses(cs)
-		for _, masterAddr := range masterAddresses {
-			flag, _ := framework.TestNotReachableHTTPTimeout(masterAddr, ports.InsecureKubeControllerManagerPort, gce.FirewallTestTcpTimeout)
-			Expect(flag).To(BeTrue())
-			flag, _ = framework.TestNotReachableHTTPTimeout(masterAddr, ports.SchedulerPort, gce.FirewallTestTcpTimeout)
-			Expect(flag).To(BeTrue())
-			flag, _ = framework.TestNotReachableHTTPTimeout(nodeAddrs[0], ports.KubeletPort, gce.FirewallTestTcpTimeout)
-			Expect(flag).To(BeTrue())
-			flag, _ = framework.TestNotReachableHTTPTimeout(nodeAddrs[0], ports.KubeletReadOnlyPort, gce.FirewallTestTcpTimeout)
-			Expect(flag).To(BeTrue())
-			flag, _ = framework.TestNotReachableHTTPTimeout(nodeAddrs[0], ports.ProxyStatusPort, gce.FirewallTestTcpTimeout)
-			Expect(flag).To(BeTrue())
+		if len(nodeAddrs) == 0 {
+			framework.Failf("did not find any node addresses")
 		}
+
+		masterAddresses := framework.GetAllMasterAddresses(cs)
+		for _, masterAddress := range masterAddresses {
+			assertNotReachableHTTPTimeout(masterAddress, ports.InsecureKubeControllerManagerPort, gce.FirewallTestTcpTimeout)
+			assertNotReachableHTTPTimeout(masterAddress, ports.SchedulerPort, gce.FirewallTestTcpTimeout)
+		}
+		assertNotReachableHTTPTimeout(nodeAddrs[0], ports.KubeletPort, gce.FirewallTestTcpTimeout)
+		assertNotReachableHTTPTimeout(nodeAddrs[0], ports.KubeletReadOnlyPort, gce.FirewallTestTcpTimeout)
+		assertNotReachableHTTPTimeout(nodeAddrs[0], ports.ProxyStatusPort, gce.FirewallTestTcpTimeout)
 	})
 })
+
+func assertNotReachableHTTPTimeout(ip string, port int, timeout time.Duration) {
+	unreachable, err := framework.TestNotReachableHTTPTimeout(ip, port, timeout)
+	if err != nil {
+		framework.Failf("Unexpected error checking for reachability of %s:%d: %v", ip, port, err)
+	}
+	if !unreachable {
+		framework.Failf("Was unexpectedly able to reach %s:%d", ip, port)
+	}
+}