More nodeup golden tests #9248
More nodeup golden tests #9248
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
nodeup/pkg/model/kubelet_test.go
Outdated
| "apiserver-aggregator-ca": mustParsePrivateKey(dummy_key), | ||
| "kube-controller-manager": mustParsePrivateKey(dummy_key), | ||
| "kube-proxy": mustParsePrivateKey(dummy_key), | ||
| "kube-scheduler": mustParsePrivateKey(dummy_key), |
There was a problem hiding this comment.
Would be slightly better to use different certs/keys to catch cases where the code used the wrong CA, but then it's not likely a human would catch the wrong key when reviewing the expected output.
There was a problem hiding this comment.
I don't disagree; I debated actually removing the keys entirely before comparison, but I figured that would be more confusing.
It's the flags and other pod settings (e.g. resources) that I think are particularly valuable in these tests.
There was a problem hiding this comment.
That's a minor point. The more concerning thing would be what to do in my planned refactor that causes the kube-scheduler client cert to be generated out of the nodeup task. It would generate different output on every run.
There was a problem hiding this comment.
I suppose I'd need to access pki.IssueCert through an interface that the tests would mock out.
There was a problem hiding this comment.
Ah - I have two ideas on that front then.
-
If you've put cert generation into a task (which isn't a bad idea, you might be doing that already) then I think we'll be testing the right thing - the task invocation arguments, not the filesystem write calls.
-
Otherwise we can post-process the serialized yaml and either remove the keys or replace them with their key characteristics (e.g. "CN=foo, Validity=Client")
Are you planning on putting cert generation into a task?
There was a problem hiding this comment.
|
/retest |
|
kubernetes/test-infra#17805 should fix e2e. |
|
/retest |
| nodeUpModelContext.KeyStore = &fakeKeyStore{T: t} | ||
| keystore := &fakeCAStore{} | ||
| keystore.T = t | ||
| nodeUpModelContext.KeyStore = keystore |
There was a problem hiding this comment.
What's the reason for the more verbose style?
There was a problem hiding this comment.
Edit: because of the embedded type, it would be &fakeCAStore{fakeKeyStore: fakeKeyStore{t}}
There was a problem hiding this comment.
I suggest creating a NewFakeCAStore(*testing.T). You can push default test data into it as well.
| func (k fakeKeyStore) FindCertificatePool(name string) (*fi.CertificatePool, error) { | ||
| panic("implement me") | ||
| type fakeCAStore struct { | ||
| fakeKeyStore |
There was a problem hiding this comment.
Since you're changing all existing references to fakeKeyStore to fakeCAStore, why keep fakeKeyStore separate?
There was a problem hiding this comment.
I'm not entirely happy with the dual CAStore / KeyStore structure, and I'm hoping we can clean it up over time. I didn't want to add another thing that would need to be untangled later.
There was a problem hiding this comment.
The only things that take just a KeyStore are BuildKubecfg and fi.Context. One thing using the field in fi.Context upcasts it to a VFSCAStore. (The other is fitasks.Keypair.) I don't think the interface split is well-designed.
There was a problem hiding this comment.
I do agree with that - it has resisted my attempts at making them cleaner (thus far)
There was a problem hiding this comment.
It comes down to sharing fi.Context between nodeup and cloudup. Two of the three methods in KeyStore are only needed by specific cloudup tasks.
| @@ -70,53 +71,63 @@ type fakeKeyStore struct { | |||
| T *testing.T | |||
| } | |||
|
|
|||
| var _ fi.Keystore = &fakeKeyStore{} | |||
There was a problem hiding this comment.
Not actually necessary, as this file is assigning it to a field of type CAStore and a CAStore embeds Keystore.
But perhaps this type should be pulled out into a separate file, since it is referenced from tests other than kube_apiserver?
There was a problem hiding this comment.
I like to leave the assignment because it documents that the struct should implement the interface (i.e. it is for reading). That could reveal my language history though ;-)
Agree that it can be pulled out into a separate file - did that, and added some comments, including on the split between CAStore and KeyStore.
| nodeUpModelContext.KeyStore = &fakeKeyStore{T: t} | ||
| keystore := &fakeCAStore{} | ||
| keystore.T = t | ||
| nodeUpModelContext.KeyStore = keystore |
There was a problem hiding this comment.
I suggest creating a NewFakeCAStore(*testing.T). You can push default test data into it as well.
k8s-ci-robot
added
the
lgtm
|
/hold |
k8s-ci-robot
added
do-not-merge/hold
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
kube-controller-manager, kube-proxy, kube-scheduler
k8s-ci-robot
removed
lgtm
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/retest Review the full test history for this PR. Silence the bot with an |
4 similar comments
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/test pull-kops-e2e-kubernetes-aws |
Add tests for kube-controller-manager, kube-proxy, kube-scheduler