diff --git a/test/conformance/testdata/conformance.yaml b/test/conformance/testdata/conformance.yaml index 6297f62a917..869cc88f129 100755 --- a/test/conformance/testdata/conformance.yaml +++ b/test/conformance/testdata/conformance.yaml @@ -1351,6 +1351,13 @@ resource must support get, update, patch.' release: v1.19 file: test/e2e/auth/certificates.go +- testname: OIDC Discovery (ServiceAccountIssuerDiscovery) + codename: '[sig-auth] ServiceAccounts ServiceAccountIssuerDiscovery should support + OIDC discovery of service account issuer [Conformance]' + description: Ensure kube-apiserver serves correct OIDC discovery endpoints by deploying + a Pod that verifies its own token against these endpoints. + release: v1.21 + file: test/e2e/auth/service_accounts.go - testname: Service account tokens auto mount optionally codename: '[sig-auth] ServiceAccounts should allow opting out of API token automount [Conformance]' description: Ensure that Service Account keys are mounted into the Pod only when diff --git a/test/e2e/auth/service_accounts.go b/test/e2e/auth/service_accounts.go index 8e20b568c12..b56745466ae 100644 --- a/test/e2e/auth/service_accounts.go +++ b/test/e2e/auth/service_accounts.go @@ -673,7 +673,15 @@ var _ = SIGDescribe("ServiceAccounts", func() { } }) - ginkgo.It("ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer", func() { + /* + Release: v1.21 + Testname: OIDC Discovery (ServiceAccountIssuerDiscovery) + Description: Ensure kube-apiserver serves correct OIDC discovery + endpoints by deploying a Pod that verifies its own + token against these endpoints. + */ + framework.ConformanceIt("ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer", func() { + // Allow the test pod access to the OIDC discovery non-resource URLs. // The role should have already been automatically created as part of the // RBAC bootstrap policy, but not the role binding. If RBAC is disabled,