Skip to content

Commit

Permalink
Fix TestAPIExportAuthorizers flake
Browse files Browse the repository at this point in the history
Wrap verifying service-provider-2-admin is denied access to shadowed
cowboys in an Eventually.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
  • Loading branch information
ncdc committed Feb 1, 2023
1 parent 8db9070 commit bc8fb6a
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions test/e2e/virtual/apiexport/authorizer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
extensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
kcpapiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/kcp/clientset/versioned"
"k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
Expand Down Expand Up @@ -447,10 +447,17 @@ metadata:
return true, ""
}, wait.ForeverTestTimeout, 100*time.Millisecond, "listing claimed resources failed")

t.Logf("verify that service-provider-2-admin cannot lists CRD shadowed sherriffs resources in the tenant workspace %q via the virtual apiexport apiserver", tenantShadowCRDPath)
_, err = user2DynamicVWClient.Cluster(logicalcluster.Name(tenantShadowCRDWorkspace.Spec.Cluster).Path()).Resource(schema.GroupVersionResource{Version: "v1alpha1", Resource: "cowboys", Group: "wildwest.dev"}).List(ctx, metav1.ListOptions{})
require.Error(t, err, "expected error, got none")
require.True(t, errors.IsNotFound(err))
t.Logf("verify that service-provider-2-admin cannot list CRD shadowed cowboy resources in the tenant workspace %q via the virtual apiexport apiserver", tenantShadowCRDPath)
framework.Eventually(t, func() (bool, string) {
_, err = user2DynamicVWClient.Cluster(logicalcluster.Name(tenantShadowCRDWorkspace.Spec.Cluster).Path()).Resource(schema.GroupVersionResource{Version: "v1alpha1", Resource: "cowboys", Group: "wildwest.dev"}).List(ctx, metav1.ListOptions{})
if err == nil {
return false, "expected error, got none"
}
if !apierrors.IsNotFound(err) {
return false, fmt.Sprintf("expected a not-found error, but got %v", err)
}
return true, ""
}, wait.ForeverTestTimeout, 100*time.Millisecond, "expected service-provider-2-admin to be denied to shadowed cowboy resources")
}

var scheme *runtime.Scheme
Expand Down

0 comments on commit bc8fb6a

Please sign in to comment.