github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

integration: add retries to node authorizer tests

Browse Source
This commit is contained in:
Eric Chiang 2018-01-09 13:44:55 -08:00
parent eff07b6f55
commit ce0a8303d6
2 changed files with 158 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/integration/auth/BUILD
View File

@ -58,6 +58,7 @@ go_test(
"//vendor/k8s.io/apimachinery/pkg/labels:go_default_library", "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library", "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/watch:go_default_library", "//vendor/k8s.io/apimachinery/pkg/watch:go_default_library",
"//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
"//vendor/k8s.io/apiserver/pkg/authentication/group:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/group:go_default_library",

267
test/integration/auth/node_test.go
View File

@ -20,8 +20,6 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"path/filepath"
"runtime"
"testing" "testing"
"time" "time"
@ -29,6 +27,7 @@ import (
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/authentication/request/bearertoken" "k8s.io/apiserver/pkg/authentication/request/bearertoken"
"k8s.io/apiserver/pkg/authentication/token/tokenfile" "k8s.io/apiserver/pkg/authentication/token/tokenfile"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
@ -149,125 +148,159 @@ func TestNodeAuthorizer(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
getSecret := func(client clientset.Interface) error { getSecret := func(client clientset.Interface) func() error {
_, err := client.Core().Secrets("ns").Get("mysecret", metav1.GetOptions{}) return func() error {
return err _, err := client.Core().Secrets("ns").Get("mysecret", metav1.GetOptions{})
return err
}
} }
getPVSecret := func(client clientset.Interface) error { getPVSecret := func(client clientset.Interface) func() error {
_, err := client.Core().Secrets("ns").Get("mypvsecret", metav1.GetOptions{}) return func() error {
return err _, err := client.Core().Secrets("ns").Get("mypvsecret", metav1.GetOptions{})
return err
}
} }
getConfigMap := func(client clientset.Interface) error { getConfigMap := func(client clientset.Interface) func() error {
_, err := client.Core().ConfigMaps("ns").Get("myconfigmap", metav1.GetOptions{}) return func() error {
return err _, err := client.Core().ConfigMaps("ns").Get("myconfigmap", metav1.GetOptions{})
return err
}
} }
getPVC := func(client clientset.Interface) error { getPVC := func(client clientset.Interface) func() error {
_, err := client.Core().PersistentVolumeClaims("ns").Get("mypvc", metav1.GetOptions{}) return func() error {
return err _, err := client.Core().PersistentVolumeClaims("ns").Get("mypvc", metav1.GetOptions{})
return err
}
} }
getPV := func(client clientset.Interface) error { getPV := func(client clientset.Interface) func() error {
_, err := client.Core().PersistentVolumes().Get("mypv", metav1.GetOptions{}) return func() error {
return err _, err := client.Core().PersistentVolumes().Get("mypv", metav1.GetOptions{})
return err
}
} }
createNode2NormalPod := func(client clientset.Interface) error { createNode2NormalPod := func(client clientset.Interface) func() error {
_, err := client.Core().Pods("ns").Create(&api.Pod{ return func() error {
ObjectMeta: metav1.ObjectMeta{Name: "node2normalpod"}, _, err := client.Core().Pods("ns").Create(&api.Pod{
Spec: api.PodSpec{ ObjectMeta: metav1.ObjectMeta{Name: "node2normalpod"},
NodeName: "node2", Spec: api.PodSpec{
Containers: []api.Container{{Name: "image", Image: "busybox"}}, NodeName: "node2",
Volumes: []api.Volume{ Containers: []api.Container{{Name: "image", Image: "busybox"}},
{Name: "secret", VolumeSource: api.VolumeSource{Secret: &api.SecretVolumeSource{SecretName: "mysecret"}}}, Volumes: []api.Volume{
{Name: "cm", VolumeSource: api.VolumeSource{ConfigMap: &api.ConfigMapVolumeSource{LocalObjectReference: api.LocalObjectReference{Name: "myconfigmap"}}}}, {Name: "secret", VolumeSource: api.VolumeSource{Secret: &api.SecretVolumeSource{SecretName: "mysecret"}}},
{Name: "pvc", VolumeSource: api.VolumeSource{PersistentVolumeClaim: &api.PersistentVolumeClaimVolumeSource{ClaimName: "mypvc"}}}, {Name: "cm", VolumeSource: api.VolumeSource{ConfigMap: &api.ConfigMapVolumeSource{LocalObjectReference: api.LocalObjectReference{Name: "myconfigmap"}}}},
{Name: "pvc", VolumeSource: api.VolumeSource{PersistentVolumeClaim: &api.PersistentVolumeClaimVolumeSource{ClaimName: "mypvc"}}},
},
}, },
}, })
}) return err
return err }
} }
updateNode2NormalPodStatus := func(client clientset.Interface) error { updateNode2NormalPodStatus := func(client clientset.Interface) func() error {
startTime := metav1.NewTime(time.Now()) return func() error {
_, err := client.Core().Pods("ns").UpdateStatus(&api.Pod{ startTime := metav1.NewTime(time.Now())
ObjectMeta: metav1.ObjectMeta{Name: "node2normalpod"}, _, err := client.Core().Pods("ns").UpdateStatus(&api.Pod{
Status: api.PodStatus{StartTime: &startTime}, ObjectMeta: metav1.ObjectMeta{Name: "node2normalpod"},
}) Status: api.PodStatus{StartTime: &startTime},
return err })
return err
}
} }
deleteNode2NormalPod := func(client clientset.Interface) error { deleteNode2NormalPod := func(client clientset.Interface) func() error {
zero := int64(0) return func() error {
return client.Core().Pods("ns").Delete("node2normalpod", &metav1.DeleteOptions{GracePeriodSeconds: &zero}) zero := int64(0)
return client.Core().Pods("ns").Delete("node2normalpod", &metav1.DeleteOptions{GracePeriodSeconds: &zero})
}
} }
createNode2MirrorPod := func(client clientset.Interface) error { createNode2MirrorPod := func(client clientset.Interface) func() error {
_, err := client.Core().Pods("ns").Create(&api.Pod{ return func() error {
ObjectMeta: metav1.ObjectMeta{ _, err := client.Core().Pods("ns").Create(&api.Pod{
Name: "node2mirrorpod", ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{api.MirrorPodAnnotationKey: "true"}, Name: "node2mirrorpod",
}, Annotations: map[string]string{api.MirrorPodAnnotationKey: "true"},
Spec: api.PodSpec{ },
NodeName: "node2", Spec: api.PodSpec{
Containers: []api.Container{{Name: "image", Image: "busybox"}}, NodeName: "node2",
}, Containers: []api.Container{{Name: "image", Image: "busybox"}},
}) },
return err })
return err
}
} }
deleteNode2MirrorPod := func(client clientset.Interface) error { deleteNode2MirrorPod := func(client clientset.Interface) func() error {
zero := int64(0) return func() error {
return client.Core().Pods("ns").Delete("node2mirrorpod", &metav1.DeleteOptions{GracePeriodSeconds: &zero}) zero := int64(0)
return client.Core().Pods("ns").Delete("node2mirrorpod", &metav1.DeleteOptions{GracePeriodSeconds: &zero})
}
} }
createNode2 := func(client clientset.Interface) error { createNode2 := func(client clientset.Interface) func() error {
_, err := client.Core().Nodes().Create(&api.Node{ObjectMeta: metav1.ObjectMeta{Name: "node2"}}) return func() error {
return err _, err := client.Core().Nodes().Create(&api.Node{ObjectMeta: metav1.ObjectMeta{Name: "node2"}})
return err
}
} }
updateNode2Status := func(client clientset.Interface) error { updateNode2Status := func(client clientset.Interface) func() error {
_, err := client.Core().Nodes().UpdateStatus(&api.Node{ return func() error {
ObjectMeta: metav1.ObjectMeta{Name: "node2"}, _, err := client.Core().Nodes().UpdateStatus(&api.Node{
Status: api.NodeStatus{}, ObjectMeta: metav1.ObjectMeta{Name: "node2"},
}) Status: api.NodeStatus{},
return err })
return err
}
} }
deleteNode2 := func(client clientset.Interface) error { deleteNode2 := func(client clientset.Interface) func() error {
return client.Core().Nodes().Delete("node2", nil) return func() error {
return client.Core().Nodes().Delete("node2", nil)
}
} }
createNode2NormalPodEviction := func(client clientset.Interface) error { createNode2NormalPodEviction := func(client clientset.Interface) func() error {
return client.Policy().Evictions("ns").Evict(&policy.Eviction{ return func() error {
TypeMeta: metav1.TypeMeta{ return client.Policy().Evictions("ns").Evict(&policy.Eviction{
APIVersion: "policy/v1beta1", TypeMeta: metav1.TypeMeta{
Kind: "Eviction", APIVersion: "policy/v1beta1",
}, Kind: "Eviction",
ObjectMeta: metav1.ObjectMeta{ },
Name: "node2normalpod", ObjectMeta: metav1.ObjectMeta{
Namespace: "ns", Name: "node2normalpod",
}, Namespace: "ns",
}) },
})
}
} }
createNode2MirrorPodEviction := func(client clientset.Interface) error { createNode2MirrorPodEviction := func(client clientset.Interface) func() error {
return client.Policy().Evictions("ns").Evict(&policy.Eviction{ return func() error {
TypeMeta: metav1.TypeMeta{ return client.Policy().Evictions("ns").Evict(&policy.Eviction{
APIVersion: "policy/v1beta1", TypeMeta: metav1.TypeMeta{
Kind: "Eviction", APIVersion: "policy/v1beta1",
}, Kind: "Eviction",
ObjectMeta: metav1.ObjectMeta{ },
Name: "node2mirrorpod", ObjectMeta: metav1.ObjectMeta{
Namespace: "ns", Name: "node2mirrorpod",
}, Namespace: "ns",
}) },
})
}
} }
capacity := 50 capacity := 50
updatePVCCapacity := func(client clientset.Interface) error { updatePVCCapacity := func(client clientset.Interface) func() error {
capacity++ return func() error {
statusString := fmt.Sprintf("{\"status\": {\"capacity\": {\"storage\": \"%dG\"}}}", capacity) capacity++
patchBytes := []byte(statusString) statusString := fmt.Sprintf("{\"status\": {\"capacity\": {\"storage\": \"%dG\"}}}", capacity)
_, err := client.Core().PersistentVolumeClaims("ns").Patch("mypvc", types.StrategicMergePatchType, patchBytes, "status") patchBytes := []byte(statusString)
return err _, err := client.Core().PersistentVolumeClaims("ns").Patch("mypvc", types.StrategicMergePatchType, patchBytes, "status")
return err
}
} }
updatePVCPhase := func(client clientset.Interface) error { updatePVCPhase := func(client clientset.Interface) func() error {
patchBytes := []byte(`{"status":{"phase": "Bound"}}`) return func() error {
_, err := client.Core().PersistentVolumeClaims("ns").Patch("mypvc", types.StrategicMergePatchType, patchBytes, "status") patchBytes := []byte(`{"status":{"phase": "Bound"}}`)
return err _, err := client.Core().PersistentVolumeClaims("ns").Patch("mypvc", types.StrategicMergePatchType, patchBytes, "status")
return err
}
} }
nodeanonClient := clientsetForToken(tokenNodeUnknown, clientConfig) nodeanonClient := clientsetForToken(tokenNodeUnknown, clientConfig)
@ -386,23 +419,37 @@ func TestNodeAuthorizer(t *testing.T) {
expectForbidden(t, updatePVCPhase(node2Client)) expectForbidden(t, updatePVCPhase(node2Client))
} }
func expectForbidden(t *testing.T, err error) { // expect executes a function a set number of times until it either returns the
if !errors.IsForbidden(err) { // expected error or executes too many times. It returns if the retries timed
_, file, line, _ := runtime.Caller(1) // out and the last error returned by the method.
t.Errorf("%s:%d: Expected forbidden error, got %v", filepath.Base(file), line, err) func expect(f func() error, wantErr func(error) bool) (timeout bool, lastErr error) {
err := wait.PollImmediate(time.Second, 30*time.Second, func() (bool, error) {
lastErr = f()
if wantErr(lastErr) {
return true, nil
}
return false, nil
})
return err == nil, lastErr
}
func expectForbidden(t *testing.T, f func() error) {
t.Helper()
if ok, err := expect(f, errors.IsForbidden); !ok {
t.Errorf("Expected forbidden error, got %v", err)
} }
} }
func expectNotFound(t *testing.T, err error) { func expectNotFound(t *testing.T, f func() error) {
if !errors.IsNotFound(err) { t.Helper()
_, file, line, _ := runtime.Caller(1) if ok, err := expect(f, errors.IsNotFound); !ok {
t.Errorf("%s:%d: Expected notfound error, got %v", filepath.Base(file), line, err) t.Errorf("Expected notfound error, got %v", err)
} }
} }
func expectAllowed(t *testing.T, err error) { func expectAllowed(t *testing.T, f func() error) {
if err != nil { t.Helper()
_, file, line, _ := runtime.Caller(1) if ok, err := expect(f, func(e error) bool { return e == nil }); !ok {
t.Errorf("%s:%d: Expected no error, got %v", filepath.Base(file), line, err) t.Errorf("Expected no error, got %v", err)
} }
} }