Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
b1fbdfe7
Unverified
Commit
b1fbdfe7
authored
Oct 23, 2018
by
k8s-ci-robot
Committed by
GitHub
Oct 23, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #69993 from Pradip-Khakurel/issue-#34059-annotate-auth-e2e-errors
make error messages more helpful for some e2e auth tests
parents
4d182cec
8c4fd312
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
20 additions
and
16 deletions
+20
-16
metadata_concealment.go
test/e2e/auth/metadata_concealment.go
+2
-2
node_authn.go
test/e2e/auth/node_authn.go
+5
-4
node_authz.go
test/e2e/auth/node_authz.go
+13
-10
No files found.
test/e2e/auth/metadata_concealment.go
View file @
b1fbdfe7
...
@@ -55,10 +55,10 @@ var _ = SIGDescribe("Metadata Concealment", func() {
...
@@ -55,10 +55,10 @@ var _ = SIGDescribe("Metadata Concealment", func() {
},
},
}
}
job
,
err
:=
framework
.
CreateJob
(
f
.
ClientSet
,
f
.
Namespace
.
Name
,
job
)
job
,
err
:=
framework
.
CreateJob
(
f
.
ClientSet
,
f
.
Namespace
.
Name
,
job
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create job (%s:%s)"
,
f
.
Namespace
.
Name
,
job
.
Name
)
By
(
"Ensuring job reaches completions"
)
By
(
"Ensuring job reaches completions"
)
err
=
framework
.
WaitForJobComplete
(
f
.
ClientSet
,
f
.
Namespace
.
Name
,
job
.
Name
,
int32
(
1
))
err
=
framework
.
WaitForJobComplete
(
f
.
ClientSet
,
f
.
Namespace
.
Name
,
job
.
Name
,
int32
(
1
))
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to ensure job completion (%s:%s)"
,
f
.
Namespace
.
Name
,
job
.
Name
)
})
})
})
})
test/e2e/auth/node_authn.go
View file @
b1fbdfe7
...
@@ -38,7 +38,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
...
@@ -38,7 +38,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
ns
=
f
.
Namespace
.
Name
ns
=
f
.
Namespace
.
Name
nodeList
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Nodes
()
.
List
(
metav1
.
ListOptions
{})
nodeList
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Nodes
()
.
List
(
metav1
.
ListOptions
{})
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to list nodes in namespace: %s"
,
ns
)
Expect
(
len
(
nodeList
.
Items
))
.
NotTo
(
BeZero
())
Expect
(
len
(
nodeList
.
Items
))
.
NotTo
(
BeZero
())
pickedNode
:=
nodeList
.
Items
[
0
]
pickedNode
:=
nodeList
.
Items
[
0
]
...
@@ -47,8 +47,9 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
...
@@ -47,8 +47,9 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
nodeIPs
=
append
(
nodeIPs
,
framework
.
GetNodeAddresses
(
&
pickedNode
,
v1
.
NodeInternalIP
)
...
)
nodeIPs
=
append
(
nodeIPs
,
framework
.
GetNodeAddresses
(
&
pickedNode
,
v1
.
NodeInternalIP
)
...
)
// make sure ServiceAccount admission controller is enabled, so secret generation on SA creation works
// make sure ServiceAccount admission controller is enabled, so secret generation on SA creation works
sa
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Get
(
"default"
,
metav1
.
GetOptions
{})
saName
:=
"default"
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
sa
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Get
(
saName
,
metav1
.
GetOptions
{})
Expect
(
err
)
.
NotTo
(
HaveOccurred
(),
"failed to retrieve service account (%s:%s)"
,
ns
,
saName
)
Expect
(
len
(
sa
.
Secrets
))
.
NotTo
(
BeZero
())
Expect
(
len
(
sa
.
Secrets
))
.
NotTo
(
BeZero
())
})
})
...
@@ -72,7 +73,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
...
@@ -72,7 +73,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
AutomountServiceAccountToken
:
&
trueValue
,
AutomountServiceAccountToken
:
&
trueValue
,
}
}
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Create
(
newSA
)
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Create
(
newSA
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create service account (%s:%s)"
,
ns
,
newSA
.
Name
)
pod
:=
createNodeAuthTestPod
(
f
)
pod
:=
createNodeAuthTestPod
(
f
)
...
...
test/e2e/auth/node_authz.go
View file @
b1fbdfe7
...
@@ -51,23 +51,24 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
...
@@ -51,23 +51,24 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
ns
=
f
.
Namespace
.
Name
ns
=
f
.
Namespace
.
Name
nodeList
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Nodes
()
.
List
(
metav1
.
ListOptions
{})
nodeList
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Nodes
()
.
List
(
metav1
.
ListOptions
{})
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to list nodes in namespace: %s"
,
ns
)
Expect
(
len
(
nodeList
.
Items
))
.
NotTo
(
Equal
(
0
))
Expect
(
len
(
nodeList
.
Items
))
.
NotTo
(
Equal
(
0
))
nodeName
=
nodeList
.
Items
[
0
]
.
Name
nodeName
=
nodeList
.
Items
[
0
]
.
Name
asUser
=
NodeNamePrefix
+
nodeName
asUser
=
NodeNamePrefix
+
nodeName
sa
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Get
(
"default"
,
metav1
.
GetOptions
{})
saName
:=
"default"
sa
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ServiceAccounts
(
ns
)
.
Get
(
saName
,
metav1
.
GetOptions
{})
Expect
(
len
(
sa
.
Secrets
))
.
NotTo
(
Equal
(
0
))
Expect
(
len
(
sa
.
Secrets
))
.
NotTo
(
Equal
(
0
))
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to retrieve service account (%s:%s)"
,
ns
,
saName
)
defaultSaSecret
=
sa
.
Secrets
[
0
]
.
Name
defaultSaSecret
=
sa
.
Secrets
[
0
]
.
Name
By
(
"Creating a kubernetes client that impersonates a node"
)
By
(
"Creating a kubernetes client that impersonates a node"
)
config
,
err
:=
framework
.
LoadConfig
()
config
,
err
:=
framework
.
LoadConfig
()
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to load kubernetes client config"
)
config
.
Impersonate
=
restclient
.
ImpersonationConfig
{
config
.
Impersonate
=
restclient
.
ImpersonationConfig
{
UserName
:
asUser
,
UserName
:
asUser
,
Groups
:
[]
string
{
NodesGroup
},
Groups
:
[]
string
{
NodesGroup
},
}
}
c
,
err
=
clientset
.
NewForConfig
(
config
)
c
,
err
=
clientset
.
NewForConfig
(
config
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create Clientset for the given config: %+v"
,
*
config
)
})
})
It
(
"Getting a non-existent secret should exit with the Forbidden error, not a NotFound error"
,
func
()
{
It
(
"Getting a non-existent secret should exit with the Forbidden error, not a NotFound error"
,
func
()
{
...
@@ -97,7 +98,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
...
@@ -97,7 +98,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
},
},
}
}
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ConfigMaps
(
ns
)
.
Create
(
configmap
)
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
ConfigMaps
(
ns
)
.
Create
(
configmap
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create configmap (%s:%s) %+v"
,
ns
,
configmap
.
Name
,
*
configmap
)
_
,
err
=
c
.
CoreV1
()
.
ConfigMaps
(
ns
)
.
Get
(
configmap
.
Name
,
metav1
.
GetOptions
{})
_
,
err
=
c
.
CoreV1
()
.
ConfigMaps
(
ns
)
.
Get
(
configmap
.
Name
,
metav1
.
GetOptions
{})
Expect
(
apierrors
.
IsForbidden
(
err
))
.
Should
(
Equal
(
true
))
Expect
(
apierrors
.
IsForbidden
(
err
))
.
Should
(
Equal
(
true
))
})
})
...
@@ -114,7 +115,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
...
@@ -114,7 +115,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
},
},
}
}
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Secrets
(
ns
)
.
Create
(
secret
)
_
,
err
:=
f
.
ClientSet
.
CoreV1
()
.
Secrets
(
ns
)
.
Create
(
secret
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create secret (%s:%s)"
,
ns
,
secret
.
Name
)
By
(
"Node should not get the secret"
)
By
(
"Node should not get the secret"
)
_
,
err
=
c
.
CoreV1
()
.
Secrets
(
ns
)
.
Get
(
secret
.
Name
,
metav1
.
GetOptions
{})
_
,
err
=
c
.
CoreV1
()
.
Secrets
(
ns
)
.
Get
(
secret
.
Name
,
metav1
.
GetOptions
{})
...
@@ -147,10 +148,12 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
...
@@ -147,10 +148,12 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}
}
_
,
err
=
f
.
ClientSet
.
CoreV1
()
.
Pods
(
ns
)
.
Create
(
pod
)
_
,
err
=
f
.
ClientSet
.
CoreV1
()
.
Pods
(
ns
)
.
Create
(
pod
)
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to create pod (%s:%s)"
,
ns
,
pod
.
Name
)
By
(
"The node should able to access the secret"
)
By
(
"The node should able to access the secret"
)
err
=
wait
.
Poll
(
framework
.
Poll
,
1
*
time
.
Minute
,
func
()
(
bool
,
error
)
{
itv
:=
framework
.
Poll
dur
:=
1
*
time
.
Minute
err
=
wait
.
Poll
(
itv
,
dur
,
func
()
(
bool
,
error
)
{
_
,
err
=
c
.
CoreV1
()
.
Secrets
(
ns
)
.
Get
(
secret
.
Name
,
metav1
.
GetOptions
{})
_
,
err
=
c
.
CoreV1
()
.
Secrets
(
ns
)
.
Get
(
secret
.
Name
,
metav1
.
GetOptions
{})
if
err
!=
nil
{
if
err
!=
nil
{
framework
.
Logf
(
"Failed to get secret %v, err: %v"
,
secret
.
Name
,
err
)
framework
.
Logf
(
"Failed to get secret %v, err: %v"
,
secret
.
Name
,
err
)
...
@@ -158,7 +161,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
...
@@ -158,7 +161,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
}
}
return
true
,
nil
return
true
,
nil
})
})
Expect
(
err
)
.
NotTo
(
HaveOccurred
())
Expect
(
err
)
.
NotTo
(
HaveOccurred
()
,
"failed to get secret after trying every %v for %v (%s:%s)"
,
itv
,
dur
,
ns
,
secret
.
Name
)
})
})
It
(
"A node shouldn't be able to create another node"
,
func
()
{
It
(
"A node shouldn't be able to create another node"
,
func
()
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment