github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-11 13:02:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #129053 from stlaz/e2e_ctb_parallel

Browse Source 
e2e: ctb: make it possible to run the tests in parallel
This commit is contained in:
Kubernetes Prow Robot 2025-01-11 20:52:31 -08:00 committed by GitHub
commit d8093cc403
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
test/e2e/auth/projected_clustertrustbundle.go
View File

@ -29,6 +29,7 @@ import (
mathrand "math/rand/v2"
"os"
"regexp"
"strings"
"time"
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
@ -56,14 +57,13 @@ const (
noSignerKey = "no-signer"
)
// TODO: running the tests in parallel should be possible
var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjection, framework.WithSerial(), func() {
var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjection, func() {
f := framework.NewDefaultFramework("projected-clustertrustbundle")
f.NamespacePodSecurityLevel = admissionapi.LevelBaseline
initCTBs, pemMapping := initCTBData()
ginkgo.JustBeforeEach(func(ctx context.Context) {
ginkgo.BeforeEach(func(ctx context.Context) {
cleanup := mustInitCTBs(ctx, f, initCTBs)
ginkgo.DeferCleanup(cleanup)
})
@ -78,7 +78,7 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
}{
{
name: "name of an existing CTB",
ctbName: "test.test.signer-one.4",
ctbName: "test.test.signer-one.4" + f.UniqueName,
expectedOutput: expectedRegexFromPEMs(initCTBs[4].Spec.TrustBundle),
},
{
@ -145,10 +145,11 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
},
} {
ginkgo.It(tt.name, func(ctx context.Context) {
signerName := tt.signerName + f.UniqueName
pod := podForCTBProjection(v1.VolumeProjection{
ClusterTrustBundle: &v1.ClusterTrustBundleProjection{
Path: "trust-bundle.crt",
SignerName: &tt.signerName,
SignerName: &signerName,
LabelSelector: tt.selector,
Optional: tt.optionalVolume,
},
@ -172,7 +173,7 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
ctb: &v1.ClusterTrustBundleProjection{
Optional: ptr.To(false),
Path: "trust-bundle.crt",
SignerName: ptr.To(testSignerOneName),
SignerName: ptr.To(testSignerOneName + f.UniqueName),
LabelSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"signer.alive": "unknown",
@ -238,14 +239,14 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
pod := podForCTBProjection(
v1.VolumeProjection{
ClusterTrustBundle: &v1.ClusterTrustBundleProjection{
Name: ptr.To("test.test.signer-one.4"),
Name: ptr.To("test.test.signer-one.4" + f.UniqueName),
Path: "trust-anchors.pem",
},
},
v1.VolumeProjection{
ClusterTrustBundle: &v1.ClusterTrustBundleProjection{
Path: "trust-bundle.crt",
SignerName: ptr.To(testSignerOneName),
SignerName: ptr.To(testSignerOneName + f.UniqueName),
LabelSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"signer.alive": "false",
@ -269,17 +270,17 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
var cleanups []func(ctx context.Context)
var projections []v1.VolumeProjection
defer func() {
ginkgo.DeferCleanup(func(ctx context.Context) {
for _, c := range cleanups {
c(ctx)
}
}()
})
for i := range numCTBs {
ctb := ctbForCA(fmt.Sprintf("test.test:signer-hundreds:%d", i), "test.test/signer-hundreds", mustMakeCAPEM(fmt.Sprintf("root%d", i)), nil)
initCTBs = append(initCTBs, ctb)
cleanups = append(cleanups, mustCreateCTB(ctx, f, ctb))
projections = append(projections, v1.VolumeProjection{ClusterTrustBundle: &v1.ClusterTrustBundleProjection{ // TODO: maybe mount them all to a single pod?
Name: ptr.To(fmt.Sprintf("test.test:signer-hundreds:%d", i)),
Name: ptr.To(fmt.Sprintf("test.test:signer-hundreds%s:%d", f.UniqueName, i)),
Path: fmt.Sprintf("trust-anchors-%d.pem", i),
},
})
@ -367,7 +368,7 @@ var _ = SIGDescribe(feature.ClusterTrustBundle, feature.ClusterTrustBundleProjec
pod := podForCTBProjection(v1.VolumeProjection{
ClusterTrustBundle: &v1.ClusterTrustBundleProjection{
Path: "trust-anchors.pem",
SignerName: ptr.To("test.test/signer-hundreds"),
SignerName: ptr.To("test.test/signer-hundreds" + f.UniqueName),
LabelSelector: &metav1.LabelSelector{}, // == match everything
},
})
@ -503,7 +504,7 @@ func mustInitCTBs(ctx context.Context, f *framework.Framework, ctbs []*certifica
cleanups := []func(context.Context){}
for _, ctb := range ctbs {
ctb := ctb
cleanups = append(cleanups, mustCreateCTB(ctx, f, ctb))
cleanups = append(cleanups, mustCreateCTB(ctx, f, ctb.DeepCopy()))
}
return func(ctx context.Context) {
@ -514,6 +515,8 @@ func mustInitCTBs(ctx context.Context, f *framework.Framework, ctbs []*certifica
}
func mustCreateCTB(ctx context.Context, f *framework.Framework, ctb *certificatesv1alpha1.ClusterTrustBundle) func(context.Context) {
mutateCTBForTesting(ctb, f.UniqueName)
if _, err := f.ClientSet.CertificatesV1alpha1().ClusterTrustBundles().Create(ctx, ctb, metav1.CreateOptions{}); err != nil {
framework.Failf("Error while creating ClusterTrustBundle: %v", err)
}
@ -588,3 +591,21 @@ func ctbsToPEMs(ctbs []*certificatesv1alpha1.ClusterTrustBundle) []string {
}
return certPEMs
}
// mutateCTBForTesting mutates the .spec.signerName and .name so that the created cluster
// objects are unique and the tests can run in parallel
func mutateCTBForTesting(ctb *certificatesv1alpha1.ClusterTrustBundle, uniqueName string) {
signer := ctb.Spec.SignerName
if len(signer) == 0 {
ctb.Name += uniqueName
return
}
newSigner := ctb.Spec.SignerName + uniqueName
ctb.Name = strings.Replace(ctb.Name, signerNameToCTBName(signer), signerNameToCTBName(newSigner), 1)
ctb.Spec.SignerName = newSigner
}
func signerNameToCTBName(signerName string) string {
return strings.ReplaceAll(signerName, "/", ":")
}