You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@yunikorn.apache.org by GitBox <gi...@apache.org> on 2022/11/03 13:37:23 UTC
[GitHub] [yunikorn-k8shim] pbacsko opened a new pull request, #472: [YUNIKORN-1323] Add e2e tests for group handling
pbacsko opened a new pull request, #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472
### What is this PR for?
End-to-end tests which validate that the user-info annotation is properly added by the admission controller.
### What type of PR is it?
* [ ] - Bug Fix
* [x] - Improvement
* [ ] - Feature
* [ ] - Documentation
* [ ] - Hot Fix
* [ ] - Refactoring
### Todos
* [ ] - Task
### What is the Jira issue?
https://issues.apache.org/jira/browse/YUNIKORN-1323
### How should this be tested?
### Screenshots (if appropriate)
### Questions:
* [ ] - The licenses files need update.
* [ ] - There is breaking changes for older versions.
* [ ] - It needs documentation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] pbacsko commented on a diff in pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
pbacsko commented on code in PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#discussion_r1029273862
##########
test/e2e/admission_controller/admission_controller_suite_test.go:
##########
@@ -58,6 +60,39 @@ var testPod = v1.Pod{
},
}
+var testDeployment = appsv1.Deployment{
+ Spec: appsv1.DeploymentSpec{
+ Replicas: &replicas,
+ Selector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app": "sleepjob",
+ },
+ },
+ Template: v1.PodTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: map[string]string{
+ "app": "sleepjob",
+ },
+ },
+ Spec: v1.PodSpec{
+ Containers: []v1.Container{
+ {
+ Name: "sleepjob",
+ Image: "alpine:latest",
+ Command: []string{"sleep", "30"},
+ },
+ },
+ },
+ },
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] craigcondit commented on a diff in pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
craigcondit commented on code in PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#discussion_r1034144429
##########
test/e2e/admission_controller/admission_controller_test.go:
##########
@@ -107,6 +110,139 @@ var _ = ginkgo.Describe("AdmissionController", func() {
gomega.Ω(invalidCm).ShouldNot(gomega.BeNil())
})
+ ginkgo.It("Check that annotation is added to a pod & cannot be modified", func() {
+ ginkgo.By("Create a pod")
+ pod, err := kubeClient.CreatePod(&testPod, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deletePod(pod, ns)
+
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", pod.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ pod, err = kubeClient.GetPod(pod.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+
+ ginkgo.By("Attempt to update userinfo annotation")
+ _, err = kubeClient.UpdatePodWithAnnotation(pod, ns, "yunikorn.apache.org/user.info", "shouldnotsucceed")
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ })
+
+ ginkgo.It("Check that annotation is added to a deployment", func() {
+ ginkgo.By("Create a deployment")
+ deployment, err := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
+ ginkgo.By("Get running pod")
+ var pods *v1.PodList
+ pods, err = kubeClient.GetPods(ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Found %d pods in namespace %s\n", len(pods.Items), ns)
+ gomega.Ω(len(pods.Items)).To(gomega.Equal(1))
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Running pod is %s\n", pods.Items[0].Name)
+ pod, err2 := kubeClient.GetPod(pods.Items[0].Name, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+ })
+
+ ginkgo.It("Check that deployment is rejected when controller users are not trusted", func() {
+ ginkgo.By("Retrieve existing configmap")
+ configMap, err := kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ if configMap.Data == nil {
+ configMap.Data = make(map[string]string)
+ }
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "false"
+ ginkgo.By("Update configmap")
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ time.Sleep(time.Second) // should be enough to allow the admission controller to pick up the changes
+
+ ginkgo.By("Create a deployment")
+ deployment, err2 := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+
+ // pod is not expected to appear
+ ginkgo.By("Check for sleep pods (should time out)")
+ err = kubeClient.WaitForPodBySelector(ns, fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]),
+ 10*time.Second)
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Error: %v\n", err)
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ ginkgo.By("Check deployment status")
+ deployment, err = kubeClient.GetDeployment(testDeployment.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Replicas: %d, AvailableReplicas: %d, ReadyReplicas: %d\n",
+ deployment.Status.Replicas, deployment.Status.AvailableReplicas, deployment.Status.ReadyReplicas)
+ gomega.Ω(deployment.Status.Replicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.AvailableReplicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.ReadyReplicas).To(gomega.Equal(int32(0)))
+
+ // restore setting
+ ginkgo.By("Restore trustController setting")
+ configMap, err = kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "true"
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
Review Comment:
That will definitely introduce a delay, but doesn't verify that YuniKorn has applied the config. We may want to follow-up later with a more comprehensive method to check that config has been applied. This is fine for now though.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] wilfred-s commented on pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
wilfred-s commented on PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#issuecomment-1325836493
Kicked off the two failed tests again. K8s 1.25 failed for both default and plugin but at different points.
Does not look like a code issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] codecov[bot] commented on pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#issuecomment-1302156365
# [Codecov](https://codecov.io/gh/apache/yunikorn-k8shim/pull/472?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#472](https://codecov.io/gh/apache/yunikorn-k8shim/pull/472?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (761c254) into [master](https://codecov.io/gh/apache/yunikorn-k8shim/commit/26fe2dfffb6954073169587e67743296961edf72?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (26fe2df) will **not change** coverage.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #472 +/- ##
=======================================
Coverage 68.01% 68.01%
=======================================
Files 42 42
Lines 6916 6916
=======================================
Hits 4704 4704
Misses 2042 2042
Partials 170 170
```
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] pbacsko commented on pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
pbacsko commented on PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#issuecomment-1326560050
> LGTM, would like to see the K8s 1.25 tests pass before we commit
We have a green build, but I think the tests are still flaky. We can give it a go and if they're very unstable then we'll figure out something.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] pbacsko commented on pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
pbacsko commented on PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#issuecomment-1325374785
> Is it possible to check the "do not trust controllers" case inside the e2e tests? Would be nice to have that one added if possible. Checking user allowed users is I think not possible with the test setup we use which is OK to skip.
Actually both can be tested, because the configmap can be updated and changes are applied on-the-fly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] wilfred-s commented on a diff in pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
wilfred-s commented on code in PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#discussion_r1018569352
##########
test/e2e/admission_controller/admission_controller_suite_test.go:
##########
@@ -58,6 +60,39 @@ var testPod = v1.Pod{
},
}
+var testDeployment = appsv1.Deployment{
+ Spec: appsv1.DeploymentSpec{
+ Replicas: &replicas,
+ Selector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app": "sleepjob",
+ },
+ },
+ Template: v1.PodTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: map[string]string{
+ "app": "sleepjob",
+ },
+ },
+ Spec: v1.PodSpec{
+ Containers: []v1.Container{
+ {
+ Name: "sleepjob",
+ Image: "alpine:latest",
+ Command: []string{"sleep", "30"},
+ },
+ },
+ },
+ },
Review Comment:
This template will come back in a number of places we might want to factor this out so we can re-use.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] pbacsko commented on pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
pbacsko commented on PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#issuecomment-1323618998
> Is it possible to check the "do not trust controllers" case inside the e2e tests? Would be nice to have that one added if possible. Checking user allowed users is I think not possible with the test setup we use which is OK to skip.
Let me think about this one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] wilfred-s commented on a diff in pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
wilfred-s commented on code in PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#discussion_r1033324770
##########
test/e2e/admission_controller/admission_controller_test.go:
##########
@@ -107,6 +110,139 @@ var _ = ginkgo.Describe("AdmissionController", func() {
gomega.Ω(invalidCm).ShouldNot(gomega.BeNil())
})
+ ginkgo.It("Check that annotation is added to a pod & cannot be modified", func() {
+ ginkgo.By("Create a pod")
+ pod, err := kubeClient.CreatePod(&testPod, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deletePod(pod, ns)
+
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", pod.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ pod, err = kubeClient.GetPod(pod.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+
+ ginkgo.By("Attempt to update userinfo annotation")
+ _, err = kubeClient.UpdatePodWithAnnotation(pod, ns, "yunikorn.apache.org/user.info", "shouldnotsucceed")
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ })
+
+ ginkgo.It("Check that annotation is added to a deployment", func() {
+ ginkgo.By("Create a deployment")
+ deployment, err := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
+ ginkgo.By("Get running pod")
+ var pods *v1.PodList
+ pods, err = kubeClient.GetPods(ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Found %d pods in namespace %s\n", len(pods.Items), ns)
+ gomega.Ω(len(pods.Items)).To(gomega.Equal(1))
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Running pod is %s\n", pods.Items[0].Name)
+ pod, err2 := kubeClient.GetPod(pods.Items[0].Name, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+ })
+
+ ginkgo.It("Check that deployment is rejected when controller users are not trusted", func() {
+ ginkgo.By("Retrieve existing configmap")
+ configMap, err := kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ if configMap.Data == nil {
+ configMap.Data = make(map[string]string)
+ }
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "false"
+ ginkgo.By("Update configmap")
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ time.Sleep(time.Second) // should be enough to allow the admission controller to pick up the changes
+
+ ginkgo.By("Create a deployment")
+ deployment, err2 := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+
+ // pod is not expected to appear
+ ginkgo.By("Check for sleep pods (should time out)")
+ err = kubeClient.WaitForPodBySelector(ns, fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]),
+ 10*time.Second)
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Error: %v\n", err)
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ ginkgo.By("Check deployment status")
+ deployment, err = kubeClient.GetDeployment(testDeployment.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Replicas: %d, AvailableReplicas: %d, ReadyReplicas: %d\n",
+ deployment.Status.Replicas, deployment.Status.AvailableReplicas, deployment.Status.ReadyReplicas)
+ gomega.Ω(deployment.Status.Replicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.AvailableReplicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.ReadyReplicas).To(gomega.Equal(int32(0)))
+
+ // restore setting
+ ginkgo.By("Restore trustController setting")
+ configMap, err = kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "true"
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
Review Comment:
Should have a sleep here like in the other places we do the update
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] pbacsko commented on a diff in pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
pbacsko commented on code in PR #472:
URL: https://github.com/apache/yunikorn-k8shim/pull/472#discussion_r1033624421
##########
test/e2e/admission_controller/admission_controller_test.go:
##########
@@ -107,6 +110,139 @@ var _ = ginkgo.Describe("AdmissionController", func() {
gomega.Ω(invalidCm).ShouldNot(gomega.BeNil())
})
+ ginkgo.It("Check that annotation is added to a pod & cannot be modified", func() {
+ ginkgo.By("Create a pod")
+ pod, err := kubeClient.CreatePod(&testPod, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deletePod(pod, ns)
+
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", pod.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ pod, err = kubeClient.GetPod(pod.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+
+ ginkgo.By("Attempt to update userinfo annotation")
+ _, err = kubeClient.UpdatePodWithAnnotation(pod, ns, "yunikorn.apache.org/user.info", "shouldnotsucceed")
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ })
+
+ ginkgo.It("Check that annotation is added to a deployment", func() {
+ ginkgo.By("Create a deployment")
+ deployment, err := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+ err = kubeClient.WaitForPodBySelector(ns,
+ fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]), 10*time.Second)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
+ ginkgo.By("Get running pod")
+ var pods *v1.PodList
+ pods, err = kubeClient.GetPods(ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Found %d pods in namespace %s\n", len(pods.Items), ns)
+ gomega.Ω(len(pods.Items)).To(gomega.Equal(1))
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Running pod is %s\n", pods.Items[0].Name)
+ pod, err2 := kubeClient.GetPod(pods.Items[0].Name, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ userinfo := pod.Annotations["yunikorn.apache.org/user.info"]
+ gomega.Ω(userinfo).Should(gomega.Not(gomega.BeNil()))
+ })
+
+ ginkgo.It("Check that deployment is rejected when controller users are not trusted", func() {
+ ginkgo.By("Retrieve existing configmap")
+ configMap, err := kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ if configMap.Data == nil {
+ configMap.Data = make(map[string]string)
+ }
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "false"
+ ginkgo.By("Update configmap")
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ time.Sleep(time.Second) // should be enough to allow the admission controller to pick up the changes
+
+ ginkgo.By("Create a deployment")
+ deployment, err2 := kubeClient.CreateDeployment(&testDeployment, ns)
+ gomega.Ω(err2).ShouldNot(gomega.HaveOccurred())
+ defer deleteDeployment(deployment, ns)
+
+ // pod is not expected to appear
+ ginkgo.By("Check for sleep pods (should time out)")
+ err = kubeClient.WaitForPodBySelector(ns, fmt.Sprintf("app=%s", testDeployment.ObjectMeta.Labels["app"]),
+ 10*time.Second)
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Error: %v\n", err)
+ gomega.Ω(err).Should(gomega.HaveOccurred())
+ ginkgo.By("Check deployment status")
+ deployment, err = kubeClient.GetDeployment(testDeployment.Name, ns)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ fmt.Fprintf(ginkgo.GinkgoWriter, "Replicas: %d, AvailableReplicas: %d, ReadyReplicas: %d\n",
+ deployment.Status.Replicas, deployment.Status.AvailableReplicas, deployment.Status.ReadyReplicas)
+ gomega.Ω(deployment.Status.Replicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.AvailableReplicas).To(gomega.Equal(int32(0)))
+ gomega.Ω(deployment.Status.ReadyReplicas).To(gomega.Equal(int32(0)))
+
+ // restore setting
+ ginkgo.By("Restore trustController setting")
+ configMap, err = kubeClient.GetConfigMap(constants.ConfigMapName, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+ configMap.Data[amConf.AMAccessControlTrustControllers] = "true"
+ _, err = kubeClient.UpdateConfigMap(configMap, configmanager.YuniKornTestConfig.YkNamespace)
+ gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
+
Review Comment:
Added an `EventHandler` type which can wait for a configmap update event. Got a green build so it seems to do the job.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [yunikorn-k8shim] wilfred-s closed pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
Posted by GitBox <gi...@apache.org>.
wilfred-s closed pull request #472: [YUNIKORN-1323] Add e2e tests for group handling
URL: https://github.com/apache/yunikorn-k8shim/pull/472
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@yunikorn.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org