Fixed gke auth update wait condition.

Lookup whoami on gke using gcloud auth list. Make sure we do not run the test on any cluster older than 1.7. Fix for Mehdy Fixes for LavaLamp
2017-08-21 15:45:51 -07:00 · 2017-08-21 15:45:51 -07:00 · 3b9485bba3
parent 225a2f50bd
commit 3b9485bba3
2 changed files with 24 additions and 18 deletions
--- a/test/e2e/apimachinery/BUILD
+++ b/test/e2e/apimachinery/BUILD
@ -51,7 +51,7 @@ go_library(
        "//vendor/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/watch:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/authentication/serviceaccount:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/storage/names:go_default_library",
        "//vendor/k8s.io/client-go/discovery:go_default_library",
        "//vendor/k8s.io/client-go/kubernetes:go_default_library",
--- a/test/e2e/apimachinery/aggregator.go
+++ b/test/e2e/apimachinery/aggregator.go
@ -33,11 +33,12 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/apiserver/pkg/authentication/serviceaccount"
+	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/util/cert"
 	apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
 	rbacapi "k8s.io/kubernetes/pkg/apis/rbac"
 	utilversion "k8s.io/kubernetes/pkg/util/version"
 	"k8s.io/kubernetes/test/e2e/framework"
 	samplev1alpha1 "k8s.io/sample-apiserver/pkg/apis/wardle/v1alpha1"
@ -50,6 +51,8 @@ type aggregatorContext struct {
 	apiserverSigningCert []byte
 }
 var serverAggregatorVersion = utilversion.MustParseSemantic("v1.7.0")
 var _ = SIGDescribe("Aggregator", func() {
 	f := framework.NewDefaultFramework("aggregator")
 	framework.AddCleanupAction(func() {
@ -58,6 +61,7 @@ var _ = SIGDescribe("Aggregator", func() {
 	It("Should be able to support the 1.7 Sample API Server using the current Aggregator", func() {
 		// Make sure the relevant provider supports Agggregator
 		framework.SkipUnlessServerVersionGTE(serverAggregatorVersion, f.ClientSet.Discovery())
 		framework.SkipUnlessProviderIs("gce", "gke")
 		// Testing a 1.7 version of the sample-apiserver
@ -161,12 +165,8 @@ func TestSampleAPIServer(f *framework.Framework, image, namespaceName string) {
 	ns := f.Namespace.Name
 	if framework.ProviderIs("gke") {
 		// kubectl create clusterrolebinding user-cluster-admin-binding --clusterrole=cluster-admin --user=user@domain.com
-		framework.BindClusterRole(client.RbacV1beta1(), "cluster-admin", ns,
+		authenticated := rbacv1beta1.Subject{Kind: rbacv1beta1.GroupKind, Name: user.AllAuthenticated}
-			rbacv1beta1.Subject{Kind: rbacv1beta1.ServiceAccountKind, Namespace: ns, Name: "default"})
+		framework.BindClusterRole(client.RbacV1beta1(), "cluster-admin", ns, authenticated)
 		err := framework.WaitForAuthorizationUpdate(client.AuthorizationV1beta1(),
 			serviceaccount.MakeUsername(ns, "default"),
 			"", "get", schema.GroupResource{Group: "storage.k8s.io", Resource: "storageclasses"}, true)
 		framework.ExpectNoError(err, "Failed to update authorization: %v", err)
 	}
 	// kubectl create -f namespace.yaml
@ -319,16 +319,22 @@ func TestSampleAPIServer(f *framework.Framework, image, namespaceName string) {
 	framework.ExpectNoError(err, "creating cluster resource rule")
 	urlRule, err := rbacapi.NewRule("get").URLs("*").Rule()
 	framework.ExpectNoError(err, "creating cluster url rule")
-	roleLabels := map[string]string{"kubernetes.io/bootstrapping": "wardle-default"}
+	err = wait.Poll(100*time.Millisecond, 30*time.Second, func() (bool, error) {
-	role := rbacapi.ClusterRole{
+		roleLabels := map[string]string{"kubernetes.io/bootstrapping": "wardle-default"}
-		ObjectMeta: metav1.ObjectMeta{
+		role := rbacapi.ClusterRole{
-			Name:   "wardler",
+			ObjectMeta: metav1.ObjectMeta{
-			Labels: roleLabels,
+				Name:   "wardler",
-		},
+				Labels: roleLabels,
-		Rules: []rbacapi.PolicyRule{resourceRule, urlRule},
+			},
-	}
+			Rules: []rbacapi.PolicyRule{resourceRule, urlRule},
-	_, err = iclient.Rbac().ClusterRoles().Create(&role)
+		}
-	framework.ExpectNoError(err, "creating cluster role %s", "wardler")
+		_, err = iclient.Rbac().ClusterRoles().Create(&role)
 		if err != nil {
 			return false, nil
 		}
 		return true, nil
 	})
 	framework.ExpectNoError(err, "creating cluster role wardler - may not have permissions")
 	// kubectl create -f auth-reader.yaml
 	_, err = client.RbacV1beta1().RoleBindings("kube-system").Create(&rbacv1beta1.RoleBinding{