From ca8e68be2e8d41a89aa55e61ca19804c2d42c10f Mon Sep 17 00:00:00 2001 From: letli Date: Fri, 15 Jul 2022 15:28:06 +0800 Subject: [PATCH 1/2] fix-kubelet_test-sa-secrets https://pks.ci.cf-app.com/teams/dev/pipelines/pks-api-1.15.x-service-adapter-1.17/jobs/run-integration-tests-aws/builds/5 sa.Secrets is not useful remove it --- src/tests/integration-tests/generic/kubelet_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tests/integration-tests/generic/kubelet_test.go b/src/tests/integration-tests/generic/kubelet_test.go index b5442ac1..749f3141 100644 --- a/src/tests/integration-tests/generic/kubelet_test.go +++ b/src/tests/integration-tests/generic/kubelet_test.go @@ -64,10 +64,10 @@ var _ = Describe("Kubelet", func() { Expect(err).NotTo(HaveOccurred()) // Wait for kube-controller-manager to create a token - Eventually(func() bool { - sa, _ = kubeclient.CoreV1().ServiceAccounts("default").Get(context.TODO(), "robot-beep-bop", metav1.GetOptions{}) - return len(sa.Secrets) != 0 - }).Should(BeTrue()) + Eventually(func() error { + sa, err = kubeclient.CoreV1().ServiceAccounts("default").Get(context.TODO(), "robot-beep-bop", metav1.GetOptions{}) + return err + }).Should(BeNil()) }) AfterEach(func() { From 89fd8fff51bb7a2d1a809a380c712a153c0d2f8e Mon Sep 17 00:00:00 2001 From: letli Date: Mon, 18 Jul 2022 19:26:18 +0800 Subject: [PATCH 2/2] create saSecret by CoreV1 --- .../integration-tests/generic/kubelet_test.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/tests/integration-tests/generic/kubelet_test.go b/src/tests/integration-tests/generic/kubelet_test.go index 749f3141..7a6f61d5 100644 --- a/src/tests/integration-tests/generic/kubelet_test.go +++ b/src/tests/integration-tests/generic/kubelet_test.go @@ -1,17 +1,17 @@ package generic_test import ( + "context" "crypto/tls" "fmt" "net/http" "time" - "context" . "tests/test_helpers" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" ) @@ -63,6 +63,18 @@ var _ = Describe("Kubelet", func() { sa, err = kubeclient.CoreV1().ServiceAccounts("default").Create(context.TODO(), sa, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) + saSecret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "robot-beep-bop", + Annotations: map[string]string{ + "kubernetes.io/service-account.name": "robot-beep-bop", + }, + }, + Type: "kubernetes.io/service-account-token", + } + saSecret, err = kubeclient.CoreV1().Secrets("default").Create(context.TODO(), saSecret, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + // Wait for kube-controller-manager to create a token Eventually(func() error { sa, err = kubeclient.CoreV1().ServiceAccounts("default").Get(context.TODO(), "robot-beep-bop", metav1.GetOptions{}) @@ -75,7 +87,7 @@ var _ = Describe("Kubelet", func() { }) It("Should reject unauthorized Service Account curl", func() { - secret, err := kubeclient.CoreV1().Secrets("default").Get(context.TODO(), sa.Secrets[0].Name, metav1.GetOptions{}) + secret, err := kubeclient.CoreV1().Secrets("default").Get(context.TODO(), sa.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) resp, err := CurlInsecureWithToken(endpoint, string(secret.Data["token"]))