work

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
kcp-dev · Jan 6, 2023 · 9bb6208 · 9bb6208
1 parent 48dc557
commit 9bb6208
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 13 deletions.
diff --git a/test/e2e/authorizer/authorizer_test.go b/test/e2e/authorizer/authorizer_test.go
@@ -119,9 +119,9 @@ func TestAuthorizer(t *testing.T) {
 		"with org access, workspace1 non-admin user-2 can access according to local policy": func(t *testing.T) {
 			t.Helper()
 			_, err := user2KubeClusterClient.Cluster(org1.Path().Join("workspace1")).CoreV1().Namespaces().Create(ctx, &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
-			require.Error(t, err, "user-2 should not be able to create namespace in workspace1")
+			require.Errorf(t, err, "user-2 should not be able to create namespace in %s", org1.Path().Join("workspace1"))
 			_, err = user2KubeClusterClient.Cluster(org1.Path().Join("workspace1")).CoreV1().Secrets("default").List(ctx, metav1.ListOptions{})
-			require.NoError(t, err, "user-2 should be able to list secrets in workspace1 as defined in the local policy")
+			require.NoErrorf(t, err, "user-2 should be able to list secrets in %s as defined in the local policy", org1.Path().Join("workspace1"))
 		},
 		"with org access, workspace1 non-admin user-2 can access /healthz, /livez, /readyz etc": func(t *testing.T) {
 			t.Helper()
@@ -148,21 +148,21 @@ func TestAuthorizer(t *testing.T) {
 		"without org access, org1 workspace1 admin user-1 cannot access org2, not even discovery": func(t *testing.T) {
 			t.Helper()
 			_, err := user1KubeClusterClient.Cluster(org2.Path().Join("workspace1")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
-			require.Error(t, err, "user-1 should not be able to list configmaps in a different org")
+			require.Errorf(t, err, "user-1 should not be able to list configmaps in a different org (%s)", org2.Path().Join("workspace1"))
 			_, err = user1KubeDiscoveryClient.Cluster(org2.Path().Join("workspace1")).ServerResourcesForGroupVersion("rbac.authorization.k8s.io/v1") // can't be core because that always returns nil
-			require.Error(t, err, "user-1 should not be able to list server resources in a different org")
+			require.Errorf(t, err, "user-1 should not be able to list server resources in a different org (%s)", org2.Path().Join("workspace1"))
 		},
 		"as org member, workspace1 admin user-1 cannot access workspace2, not even discovery": func(t *testing.T) {
 			t.Helper()
 			_, err := user1KubeClusterClient.Cluster(org1.Path().Join("workspace2")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
-			require.Error(t, err, "user-1 should not be able to list configmaps in a different workspace")
+			require.Errorf(t, err, "user-1 should not be able to list configmaps in a different workspace (%s)", org1.Path().Join("workspace2"))
 			_, err = user1KubeDiscoveryClient.Cluster(org2.Path().Join("workspace1")).ServerResourcesForGroupVersion("rbac.authorization.k8s.io/v1") // can't be core because that always returns nil
-			require.Error(t, err, "user-1 should not be able to list server resources in a different workspace")
+			require.Errorf(t, err, "user-1 should not be able to list server resources in a different workspace (%s)", org1.Path().Join("workspace2"))
 		},
 		"with org access, workspace2 admin user-2 can access workspace2": func(t *testing.T) {
 			t.Helper()
 			_, err := user2KubeClusterClient.Cluster(org1.Path().Join("workspace2")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
-			require.NoError(t, err, "user-2 should be able to list configmaps in workspace2")
+			require.NoError(t, err, "user-2 should be able to list configmaps in workspace2 (%s)", org1.Path().Join("workspace2"))
 		},
 		"cluster admins can use wildcard clusters, non-cluster admin cannot": func(t *testing.T) {
 			t.Helper()
@@ -230,7 +230,7 @@ func TestAuthorizer(t *testing.T) {
 					return false
 				}
 				return true
-			}, wait.ForeverTestTimeout, time.Millisecond*100, "User-3 should now be able to list Namespaces")
+			}, wait.ForeverTestTimeout, time.Millisecond*100, "User-3 should now be able to list Namespaces in %s", org1.Path().Join("workspace2"))
 		},
 		"without org access, a deep SAR with user-1 against org2 succeeds even without org access for user-1": func(t *testing.T) {
 			t.Helper()

diff --git a/test/e2e/framework/workspaces.go b/test/e2e/framework/workspaces.go
@@ -113,13 +113,10 @@ func NewWorkspaceFixtureObject(t *testing.T, server RunningServer, parent logica
 	// type exists. Therefore, we can require.Eventually our way out of this problem. We expect users to create new
 	// types very infrequently, so we do not think this will be a serious UX issue in the product.
 	var ws *tenancyv1beta1.Workspace
-	require.Eventually(t, func() bool {
+	Eventually(t, func() (bool, string) {
 		var err error
 		ws, err = clusterClient.Cluster(parent).TenancyV1beta1().Workspaces().Create(ctx, tmpl, metav1.CreateOptions{})
-		if err != nil {
-			t.Logf("error creating workspace under %s: %v", parent, err)
-		}
-		return err == nil
+		return err == nil, fmt.Sprintf("error creating workspace under %s: %v", parent, err)
 	}, wait.ForeverTestTimeout, time.Millisecond*100, "failed to create %s workspace under %s", tmpl.Spec.Type.Name, parent)
 
 	t.Cleanup(func() {