Cancel informer watch connections before tearing down the test
apiserver to avoid hitting the 60s http.Server.Shutdown drain timeout.
Each subtest was blocking on open watch connections, adding ~300s to
the total suite runtime.
Decouple the informer lifecycle from the apiserver by using a separate
cancellable context for factory.Start(). Go's defer LIFO ordering
ensures the informer stops before test.cleanUp() shuts down the
server.
Also reduce EncryptionConfigFileChangePollDuration to 1s in TestMain.
Add TestBitFlipCorruptObjectDeletion to exercise the decoder error path
for KEP-3926 using Secrets (protobuf encoding). Unlike the existing
TestAllowUnsafeMalformedObjectDeletionFeature which tests transformer
errors (wrong encryption key), this test uses identity encryption and
corrupts stored bytes directly in etcd, triggering "undecodable" errors
at the protobuf decoder layer.
The informer is given an extended timeout (2 minutes) after deletion
to recover from the exponential backoff accumulated during the
corruption window. The reflector's backoff caps at [30s, 60s) with
jitter, so 2 minutes provides sufficient leeway.
The gate=false subtest is skipped because writing corrupt bytes directly
to etcd emits a watch event that the cacher cannot decode, breaking its
watch. Without the feature gate, the subsequent re-list aborts on the
first decode error (abortOnFirstError aggregator), so the cacher never
recovers and GET requests hang. This differs from the encryption-config
swap tests where no etcd data changes and no watch event is emitted.
This is a known issue to be addressed separately.
Add tests that exercise the AllowUnsafeMalformedObjectDeletion feature
gate for Custom Resources (foos.cr.bar.com), mirroring the existing
Secret-based tests. This covers the dynamic storage registry code path
that is distinct from built-in resources, including unsafe delete with
privilege escalation and LIST behavior for corrupt CR objects.
Refactoring as a preparation for the following commits.
Modernize the test file:
- interface{} -> any
- ioutil.ReadFile -> os.ReadFile
- ptr.To[bool](true) -> ptr.To(true)
- Extract grantUserVerbsOnResource from permitUserToDoVerbOnSecret
to support granting RBAC verbs on arbitrary resources, not just secrets
This has been replaced by `//build:...` for a long time now.
Removal of the old build tag was automated with:
for i in $(git grep -l '^// +build' | grep -v -e '^vendor/'); do if ! grep -q '^// Code generated' "$i"; then sed -i -e '/^\/\/ +build/d' "$i"; fi; done
This change updates the NowFunc to be per KMS provider instead of global
to the API server. This allows integration tests that use distinct
provider names to run in parallel when simulating key expiry.
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
TestKMSv2ProviderKeyIDStaleness runs two tests which both modify
kmsv2.NowFunc temporarily. Those two cannot run in parallel. They can be run in
parallel with other tests because nothing else changes kmsv2.NowFunc.
Found during local testing.
Changing the encryption key doesn't work with watch cache as it doesn't
break decoding newly written objects. A new object will be written using
a new key, and decoded using a new key.
The goal is to make the test apiserver behave as much as kube-apiserver as
possible. This ensures that tests are as realistic as possible out-of-the-box.
If a test needs a special setup, then that should be visible in the test
because it passes additional flags or options.
One historic deviation from that goal was enabling all API groups. That
change (from 7185624688) gets reverted and tests
which happened to rely on this get updated.
Replace DefaultComponentGlobalsRegistry with new instance of componentGlobalsRegistry in test api server.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move kube effective version validation out of component base.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move DefaultComponentGlobalsRegistry out of component base.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
move ComponentGlobalsRegistry out of featuregate pkg.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
remove usage of DefaultComponentGlobalsRegistry in test files.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
change non-test DefaultKubeEffectiveVersion to use DefaultBuildEffectiveVersion.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Restore useDefaultBuildBinaryVersion in effective version.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
rename DefaultKubeEffectiveVersion to DefaultKubeEffectiveVersionForTest.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
pass options.ComponentGlobalsRegistry into config for controller manager and scheduler.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Pass apiserver effective version to DefaultResourceEncodingConfig.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
change statusz registry to take effective version from the components.
Signed-off-by: Siyuan Zhang <sizhang@google.com>
Address review comments
Signed-off-by: Siyuan Zhang <sizhang@google.com>
update vendor
Signed-off-by: Siyuan Zhang <sizhang@google.com>
- add an integration test that exercises the unsafe delete flow
- extend newTransformTest to enable RBAC
- add integration test to verify that LIST returns corrupt object keys
Integration testing has to this point relied on patching serving codecs for built-in APIs. The
test-only patching is removed and replaced by feature gated checks at runtime.
