Fix readonly PD attach (don't try to format).
Add an e2e test to verify that PDs are attached and detached correctly.
Add an e2e test to verify that readonly PDs can be attached to >1 pods.
e2e auth breakage it caused. The fix is to not set project/zone/kube_master
to the empty string partway through the script, which I should have
realized was a bad idea in the first place.
Also make sure all POST operations return 201 by default.
Removes the remainder of the asych logic in RESTStorage and
leaves it up to the API server to expose that behavior.
Before we get too many suites baked, I want to get spec randomization
in, just so no one accidentally thinks things flow from top to bottom.
The random seed is printed with every run:
Random Seed: 1423194521 - Will randomize all specs
and can be reproduced using --ginkgo.seed
* Add a test/e2e/shell.go that slurps up everything in hack/e2e-suite
and runs it as a bash test, borrowing all the code from hack/e2e.go.
* Rip out all the crap in hack/e2e.go that deal with multiple tests
* Move hack/e2e-suite/goe2e.sh to hack/ginkgo-e2e.sh so that it
doesn't get slurped up.
This will allow us greated isolation between test case runs without the
need to include randomized uuids to many of the fields in the pods,
services and rcs creation requests.
Tested:
- Ran two instances of `e2e -t TestLivenessHttp -t TestLivenessExec`
simultaneously and confirmed that pod names did not clash and that
both of them completed successfully.
Start to use unique names for the pods and services. Later, we will
replace that by the use of namespaces.
We are also discussing using a versioned api, however that refactor can
happen on a follow up commit as well.
Tested by running cmd/e2e -t Pods against an API server in GCE.
This is another step in removing external dependencies of the Go e2e tests.
Remove references to this file on list of files required to run e2e tests.
Also use an unique name for the pod, so that failure in cleanup of a
previous run should not break a new run with a name conflict.
Tested by running cmd/e2e -t TestPodUpdate against an API server in GCE.
This is another step in removing external dependencies of the Go e2e tests.
Also remove other references to this file.
Tested by running cmd/e2e -t TestKubeletSendsEvent against an API server in GCE.
Avoid importing the YAML files from the examples/ tree, instead just
define the api.Pod structs in the Go source code.
Tested by running the TestLivenessHttp and TestLivenessExec tests
against a test cluster.
Use the --ginkgo.focus flag which accepts a regexp to define which tests
should be run. Create a regexp matching a full word that is exactly one
of the test names passed as -t parameters.
Tested with cmd/e2e -t TestLivenessHttp -t TestLivenessExec, confirmed
that 2 tests were executed and 9 were skipped.
Instead of forcing the NoColor flag to on at runtime, make it default to
being on in a way that it's still possible to override it by passing e2e
the --ginkgo.noColor=false command-line flag.
Tested by running the tests with and without the flag and confirming
that both worked as expected.
Use ginkgo's native support for JUnit in order to generate the XML file.
This is a first step in better integration of our e2e tests with
Jenkins. In order to improve the logged information, we will probably
need to have more native ginkgo tests but this step allows us to see
what Jenkins can already do with this information and what we need to
tweak to improve it.
Tested by running the full e2e tests and inspecting the contents of
junit.xml on the top of the tree.
Textual output is still generated on the console to keep the current
goe2e.sh logs available until the full conversion of our Jenkins
instance to use the JUnit XML is completed.
In order to adopt ginkgo incrementally, let's start by replacing
test/e2e/driver.go with a call to ginkgo runner and convert each of the
other tests to a small Decscribe() snippet that simply calls the legacy
TestXYZ function.
From this basis we can take further incremental steps by converting
individual tests to native ginkgo format, using Fail() for all failure
cases, using By() for logs, enabling JUnit reports, etc.
Tested:
- cmd/e2e builds and `make check` passes.
- Running _output/bin/.../e2e on an alive cluster works.
- Running the full hack/e2e-test.sh works as expected.
This commit reimplements hack/e2e-suite/liveness.sh in Go as part of cmd/e2e.
Tested by running it on a live cluster:
$ cmd/e2e --host=https://w.x.y.z --provider=gce -t TestLivenessHttp -t TestLivenessExec
I0122 08:12:53.183298 6502 liveness.go:72] Restart count of pod liveness-exec-6f917474-a251-11e4-8cc2-d4ae52bb3eea increased from 0 to 1 during the test
I0122 08:13:23.605471 6502 liveness.go:72] Restart count of pod liveness-http-84d28569-a251-11e4-8cc2-d4ae52bb3eea increased from 0 to 1 during the test
Also ran the full e2e suite including kube-up/kube-down to confirm it works.
* Add --orderseed, shuffle order every time, report order for repeatability
* Add --times, acts like a multi-deck shoe
* Remove fixed numbering in TAP output (this is actually not needed;
TAP output is just done by outputting what assertion count you're on.)
This is essentially just a port of f3a992aa and 369064c6 (minus
reporting, which can be handled later when we make TAP, etc, better).
This syntax is akin to what Python unittest uses for running a subset of the tests.
If a test gets skipped, log it. If an invalid test test is passed to --test, warn about it.
Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
Without this, tests which create a master
will panic with a nil pointer when the periodic
podCache update runs.
Deleted unused FakePodInfoGetter.
Added FakeKubeletClient.
Passed to master.New.
Required a KubeletClient in master.New.
Use some constants for tokens.
Refactor tokenfile creation to function.
Reorder some test cases to make lookups follow creates so they succeed.
Add expected status code to test cases (some are not quite what expected,
so filed bugs #2112, #2113, #2114)
Check expected status codes.
Close Body after each iterations so that we don't run out of file handles
when I add even more test cases in the next PR.
Handle that it is unpredictable whether status 200 or 202 is returned.
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
Callsites no longer allocate a mux.
Master now exposes method to install handlers
which use the master's auth code. Not used
but forks (openshift) are expected to use these
methods. These methods will later be a point
for additional plug-in functionality.
Integration tests now use the master-provided
handler which has auth, rather than using the mux,
which didn't. Fix TestWhoAmI now that /_whoami
sits behind auth.
Added new endpoint /_whoami for debugging authentication.
Added integration test which checks that a user is authenticated
using token authentication.
Rearranged initialization of authenticator to support preceeding.
Moved code from cmd/apiserver to pkg/master.
test/integration/client_test made to use a master object,
instead of an apiserver.Handle.
Subsequent PRs will move more handler-installation into
pkg/master, with the goal that every http.Handler of a
standalone apiserver process can also be tested
in a "testing"-style go test.
In particular, a subsequent PR will test
authorization.
Allows us to define different watch versioning regimes in the future
as well as to encode information with the resource version.
This changes /watch/resources?resourceVersion=3 to start the watch at
4 instead of 3, which means clients can read a resource version and
then send it back to the server. Clients should no longer do math on
resource versions.
* Allows consumers to provide their own transports for common cases.
* Supports KUBE_API_VERSION on test cases for controlling which
api version they test against
* Provides a common flag registration method for CLIs that need
to connect to an API server (to avoid duplicating flags)
* Ensures errors are properly returned by the server
* Add a Context field to client.Config
* Defaults to v1beta1
* apiserver takes -storage_version which controls etcd storage version
and the version of the client used to connect to other apiservers
* Changed signature of client.New to add version parameter
* All controller code and component code prefers the oldest (most common)
server version
* Make Codec separate from Scheme
* Move EncodeOrDie off Scheme to take a Codec
* Make Copy work without a Codec
* Create a "latest" package that imports all versions and
sets global defaults for "most recent encoding"
* v1beta1 is the current "latest", v1beta2 exists
* Kill DefaultCodec, replace it with "latest.Codec"
* This updates the client and etcd to store the latest known version
* EmbeddedObject is per schema and per package now
* Move runtime.DefaultScheme to api.Scheme
* Split out WatchEvent since it's not an API object today, treat it
like a special object in api
* Kill DefaultResourceVersioner, instead place it on "latest" (as the
package that understands all packages)
* Move objDiff to runtime.ObjectDiff
Convert host:port and URLs passed to client.New() into the proper
values, and return an error if the value is invalid. Change CLI
to return an error if -master is invalid. Remove Client.rawRequest
which was not in use, and fix the involved tests. Add NewOrDie
Preserves the behavior of the client to not auth when a non-https
URL is passed (although in the future this should be corrected).
Brendan Burns