E2E token test more reliable

Signed-off-by: Ruben Vargas <[email protected]>
jaegertracing · Jan 16, 2020 · 7d1c1fc · 7d1c1fc
1 parent f100fc9
commit 7d1c1fc
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 37 deletions.
diff --git a/test/e2e/elasticsearch_token_propagation_test.go b/test/e2e/elasticsearch_token_propagation_test.go
@@ -15,7 +15,6 @@ import (
 
 	framework "github.com/operator-framework/operator-sdk/pkg/test"
 	"github.com/operator-framework/operator-sdk/pkg/test/e2eutil"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/uber/jaeger-client-go/config"
@@ -34,34 +33,35 @@ import (
 
 // Test parameters
 const name = "token-prop"
-const username = "user-test-token"
-const password = "any"
 const collectorPodImageName = "jaeger-collector"
 const testServiceName = "token-propagation"
-const test_account = "token-test-user"
+const testAccount = "token-test-user"
 
 type TokenTestSuite struct {
 	suite.Suite
-	exampleJaeger        *v1.Jaeger
-	queryName            string
-	collectorName        string
-	queryServiceEndPoint string
-	host                 string
-	token                string
+	exampleJaeger         *v1.Jaeger
+	queryName             string
+	collectorName         string
+	queryServiceEndPoint  string
+	host                  string
+	token                 string
+	testServiceAccount    *corev1.ServiceAccount
+	testRoleBinding       *rbac.ClusterRoleBinding
+	delegationRoleBinding *rbac.ClusterRoleBinding
 }
 
 func (suite *TokenTestSuite) SetupSuite() {
 	t = suite.T()
 	if !isOpenShift(t) {
 		t.Skipf("Test %s is currently supported only on OpenShift because es-operator runs only on OpenShift\n", t.Name())
 	}
-	assert.NoError(t, framework.AddToFrameworkScheme(apis.AddToScheme, &v1.JaegerList{
+	require.NoError(t, framework.AddToFrameworkScheme(apis.AddToScheme, &v1.JaegerList{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Jaeger",
 			APIVersion: "jaegertracing.io/v1",
 		},
 	}))
-	assert.NoError(t, framework.AddToFrameworkScheme(apis.AddToScheme, &esv1.ElasticsearchList{
+	require.NoError(t, framework.AddToFrameworkScheme(apis.AddToScheme, &esv1.ElasticsearchList{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Elasticsearch",
 			APIVersion: "logging.openshift.io/v1",
@@ -82,7 +82,27 @@ func (suite *TokenTestSuite) SetupSuite() {
 	suite.deployJaegerWithPropagationEnabled()
 }
 
+func (suite *TokenTestSuite) cleanAccountBindings() {
+	if !debugMode || !t.Failed() {
+		err := fw.Client.Delete(goctx.Background(), suite.testServiceAccount)
+		require.NoError(t, err, "Error deleting test service account")
+		err = e2eutil.WaitForDeletion(t, fw.Client.Client, suite.testServiceAccount, retryInterval, timeout)
+		require.NoError(t, err)
+
+		err = fw.Client.Delete(goctx.Background(), suite.testRoleBinding)
+		require.NoError(t, err, "Error deleting test service account bindings")
+		err = e2eutil.WaitForDeletion(t, fw.Client.Client, suite.testRoleBinding, retryInterval, timeout)
+		require.NoError(t, err)
+
+		err = fw.Client.Delete(goctx.Background(), suite.delegationRoleBinding)
+		require.NoError(t, err, "Error deleting delegation bindings")
+		err = e2eutil.WaitForDeletion(t, fw.Client.Client, suite.delegationRoleBinding, retryInterval, timeout)
+		require.NoError(t, err)
+	}
+}
+
 func (suite *TokenTestSuite) TearDownSuite() {
+	suite.cleanAccountBindings()
 	undeployJaegerInstance(suite.exampleJaeger)
 	handleSuiteTearDown()
 }
@@ -95,8 +115,14 @@ func (suite *TokenTestSuite) TestTokenPropagationNoToken() {
 	}
 	err := wait.Poll(retryInterval, timeout, func() (done bool, err error) {
 		req, err := http.NewRequest(http.MethodGet, suite.queryServiceEndPoint, nil)
+		if err != nil {
+			return false, err
+		}
 		resp, err := client.Do(req)
 		defer resp.Body.Close()
+		if err != nil {
+			return false, err
+		}
 		require.Equal(t, http.StatusForbidden, resp.StatusCode)
 		return true, nil
 	})
@@ -127,30 +153,37 @@ func (suite *TokenTestSuite) TestTokenPropagationValidToken() {
 	/* Try to reach query endpoint */
 	err = wait.Poll(retryInterval, timeout, func() (done bool, err error) {
 		req, err := http.NewRequest(http.MethodGet, suite.queryServiceEndPoint, nil)
+		if err != nil {
+			return false, err
+		}
 		req.Header.Add("Authorization", "Bearer "+suite.token)
 		resp, err := client.Do(req)
 		defer resp.Body.Close()
-		require.Equal(t, http.StatusOK, resp.StatusCode)
-		if resp.StatusCode != http.StatusOK {
-			return false, errors.New("Query service returns http code: " + string(resp.StatusCode))
+		if err != nil {
+			return false, err
 		}
-		bodyBytes, err := ioutil.ReadAll(resp.Body)
-		bodyString := string(bodyBytes)
-		if !strings.Contains(bodyString, "errors\":null") {
-			return false, errors.New("query service returns errors: " + bodyString)
+		if resp.StatusCode == http.StatusOK {
+			bodyBytes, err := ioutil.ReadAll(resp.Body)
+			require.NoError(t, err)
+			bodyString := string(bodyBytes)
+			if !strings.Contains(bodyString, "errors\":null") {
+				return false, errors.New("query service returns errors: " + bodyString)
+			}
+			return true, nil
 		}
-		return true, nil
+		return false, errors.New(fmt.Sprintf("query service return http code: %d", resp.StatusCode))
 	})
 	require.NoError(t, err, "Token propagation test failed")
 }
 
 func (suite *TokenTestSuite) deployJaegerWithPropagationEnabled() {
 	queryName := fmt.Sprintf("%s-query", name)
 	collectorName := fmt.Sprintf("%s-collector", name)
-	bindOperatorWithAuthDelegator()
-	createTestServiceAccount()
+	suite.bindOperatorWithAuthDelegator()
+	suite.createTestServiceAccount()
 	suite.token = testAccountToken()
-
+	require.NotEmpty(t, suite.token)
+	println(suite.token)
 	suite.exampleJaeger = jaegerInstance()
 	err := fw.Client.Create(goctx.Background(),
 		suite.exampleJaeger,
@@ -177,8 +210,8 @@ func TestTokenSuite(t *testing.T) {
 	suite.Run(t, new(TokenTestSuite))
 }
 
-func bindOperatorWithAuthDelegator() {
-	roleBinding := rbac.ClusterRoleBinding{
+func (suite *TokenTestSuite) bindOperatorWithAuthDelegator() {
+	suite.delegationRoleBinding = &rbac.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "jaeger-operator:system:auth-delegator",
 			Namespace: namespace,
@@ -194,7 +227,7 @@ func bindOperatorWithAuthDelegator() {
 		},
 	}
 	err := fw.Client.Create(goctx.Background(),
-		&roleBinding,
+		suite.delegationRoleBinding,
 		&framework.CleanupOptions{
 			TestContext:   ctx,
 			Timeout:       timeout,
@@ -203,31 +236,31 @@ func bindOperatorWithAuthDelegator() {
 	require.NoError(t, err, "Error binding operator service account with auth-delegator")
 }
 
-func createTestServiceAccount() {
+func (suite *TokenTestSuite) createTestServiceAccount() {
 
-	serviceAccount := corev1.ServiceAccount{
+	suite.testServiceAccount = &corev1.ServiceAccount{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      test_account,
+			Name:      testAccount,
 			Namespace: namespace,
 		},
 	}
 	err := fw.Client.Create(goctx.Background(),
-		&serviceAccount,
+		suite.testServiceAccount,
 		&framework.CleanupOptions{
 			TestContext:   ctx,
 			Timeout:       timeout,
 			RetryInterval: retryInterval,
 		})
 	require.NoError(t, err, "Error deploying example Jaeger")
 
-	roleBinding := rbac.ClusterRoleBinding{
+	suite.testRoleBinding = &rbac.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      test_account + "-bind",
+			Name:      testAccount + "-bind",
 			Namespace: namespace,
 		},
 		Subjects: []rbac.Subject{{
 			Kind:      "ServiceAccount",
-			Name:      serviceAccount.Name,
+			Name:      suite.testServiceAccount.Name,
 			Namespace: namespace,
 		}},
 		RoleRef: rbac.RoleRef{
@@ -237,7 +270,7 @@ func createTestServiceAccount() {
 	}
 
 	err = fw.Client.Create(goctx.Background(),
-		&roleBinding,
+		suite.testRoleBinding,
 		&framework.CleanupOptions{
 			TestContext:   ctx,
 			Timeout:       timeout,
@@ -253,13 +286,13 @@ func testAccountToken() string {
 		serviceAccount := corev1.ServiceAccount{}
 		e := fw.Client.Get(goctx.Background(), types.NamespacedName{
 			Namespace: namespace,
-			Name:      test_account,
+			Name:      testAccount,
 		}, &serviceAccount)
 		if e != nil {
 			return false, e
 		}
 		for _, s := range serviceAccount.Secrets {
-			if strings.HasPrefix(s.Name, test_account+"-token") {
+			if strings.HasPrefix(s.Name, testAccount+"-token") {
 				secretName = s.Name
 				return true, nil
 			}

diff --git a/test/e2e/utils.go b/test/e2e/utils.go
@@ -36,7 +36,7 @@ import (
 
 var (
 	retryInterval        = time.Second * 5
-	timeout              = time.Minute * 2
+	timeout              = time.Minute * 5
 	storageNamespace     = os.Getenv("STORAGE_NAMESPACE")
 	kafkaNamespace       = os.Getenv("KAFKA_NAMESPACE")
 	debugMode            = getBoolEnv("DEBUG_MODE", false)