github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #69993 from Pradip-Khakurel/issue-#34059-annotate-auth-e2e-errors 

make error messages more helpful for some e2e auth tests
pull/58/head
k8s-ci-robot 2018-10-23 02:08:22 -07:00 committed by GitHub
parent 4d182cec03 8c4fd312c9
commit b1fbdfe76b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/e2e/auth/metadata_concealment.go
View File

@ -55,10 +55,10 @@ var _ = SIGDescribe("Metadata Concealment", func() {
},
}
job, err := framework.CreateJob(f.ClientSet, f.Namespace.Name, job)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create job (%s:%s)", f.Namespace.Name, job.Name)
By("Ensuring job reaches completions")
err = framework.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1))
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to ensure job completion (%s:%s)", f.Namespace.Name, job.Name)
})
})

9
test/e2e/auth/node_authn.go
View File

@ -38,7 +38,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
ns = f.Namespace.Name
nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to list nodes in namespace: %s", ns)
Expect(len(nodeList.Items)).NotTo(BeZero())
pickedNode := nodeList.Items[0]
@ -47,8 +47,9 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
nodeIPs = append(nodeIPs, framework.GetNodeAddresses(&pickedNode, v1.NodeInternalIP)...)
// make sure ServiceAccount admission controller is enabled, so secret generation on SA creation works
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get("default", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())
saName := "default"
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred(), "failed to retrieve service account (%s:%s)", ns, saName)
Expect(len(sa.Secrets)).NotTo(BeZero())
})
@ -72,7 +73,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
AutomountServiceAccountToken: &trueValue,
}
_, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Create(newSA)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create service account (%s:%s)", ns, newSA.Name)
pod := createNodeAuthTestPod(f)

23
test/e2e/auth/node_authz.go
View File

@ -51,23 +51,24 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
ns = f.Namespace.Name
nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to list nodes in namespace: %s", ns)
Expect(len(nodeList.Items)).NotTo(Equal(0))
nodeName = nodeList.Items[0].Name
asUser = NodeNamePrefix + nodeName
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get("default", metav1.GetOptions{})
saName := "default"
sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
Expect(len(sa.Secrets)).NotTo(Equal(0))
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to retrieve service account (%s:%s)", ns, saName)
defaultSaSecret = sa.Secrets[0].Name
By("Creating a kubernetes client that impersonates a node")
config, err := framework.LoadConfig()
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to load kubernetes client config")
config.Impersonate = restclient.ImpersonationConfig{
UserName: asUser,
Groups: []string{NodesGroup},
}
c, err = clientset.NewForConfig(config)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create Clientset for the given config: %+v", *config)
})
It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
@ -97,7 +98,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
},
}
_, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap)
_, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{})
Expect(apierrors.IsForbidden(err)).Should(Equal(true))
})
@ -114,7 +115,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
},
}
_, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create secret (%s:%s)", ns, secret.Name)
By("Node should not get the secret")
_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
@ -147,10 +148,12 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}
_, err = f.ClientSet.CoreV1().Pods(ns).Create(pod)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to create pod (%s:%s)", ns, pod.Name)
By("The node should able to access the secret")
err = wait.Poll(framework.Poll, 1*time.Minute, func() (bool, error) {
itv := framework.Poll
dur := 1 * time.Minute
err = wait.Poll(itv, dur, func() (bool, error) {
_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
if err != nil {
framework.Logf("Failed to get secret %v, err: %v", secret.Name, err)
@ -158,7 +161,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}
return true, nil
})
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred(), "failed to get secret after trying every %v for %v (%s:%s)", itv, dur, ns, secret.Name)
})
It("A node shouldn't be able to create another node", func() {