Capture action items to complete the integration test

kubernetes-sigs · Mar 1, 2024 · ee34584 · ee34584
1 parent b3a4d6f
commit ee34584
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/admission-webhook/integration_tests/integration_test.go b/admission-webhook/integration_tests/integration_test.go
@@ -367,6 +367,18 @@ func TestDeployV1CredSpecGetAllVersions(t *testing.T) {
 }
 
 func TestPossibleToUpdatePodWithNewCert(t *testing.T) {
+	/** TODO:
+		 * - update the webhook pod to use the new flag
+	     * - make a request to create a pod to make sure it works (already done)
+	     * - get a blessed certificate from the API server
+		 *   (https://github.com/kubernetes-sigs/windows-gmsa/blob/141/admission-webhook/deploy/create-signed-cert.sh)
+	     * - update existing secret in place and wait for the pod to get new secrets which can take time
+		 *   (https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) - similar to what you are doing here
+	     * - kubectl exec into the running pod to see that the secret changed
+		 *   (using utils like https://github.com/ycheng-kareo/windows-gmsa/blob/watch-reload-cert/admission-webhook/integration_tests/kube.go#L199)
+	     * - make a request to create a pod to verify that it still works (pod := waitForPodToComeUp(t, testConfig.Namespace, "app="+testName))
+		 * - add a separate test to verify that requests to the webhook always return during this process
+	*/
 	testName := "possible-to-update-pod-with-new-cert"
 	credSpecTemplates := []string{"credspec-0"}
 	newSecretTemplate := "new-secret"