-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds RBAC error during apply end-to-end test case #1425
Conversation
08815d0
to
905607b
Compare
905607b
to
b39f4ce
Compare
/lgtm |
assertContains "namespace/test created" | ||
assertContains "rolebinding.rbac.authorization.k8s.io/admin created" | ||
assertContains "serviceaccount/user created" | ||
wait 2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I understand what this wait
is doing. Can you add a comment here to make it easier to understand?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may not need the wait
, but it helps insure there is sufficient time for the resources to actually be spun up on the cluster (e.g namespace/test
) after they've been created in the API Server. The best way to do this is to do a kubectl wait for=<CONDITION>
, but this is a shortcut. Checkout the bash code for assertPodExists
and assertPodNotExists
which uses kubectl wait ...
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The wait
is a bash function defined earlier in the script which calls sleep
. The number is the number of seconds to sleep.
kubectl config set-credentials user --token="$(kubectl get secrets -ojsonpath='{.data.token}' \ | ||
"$(kubectl get sa user -ojsonpath='{.secrets[0].name}')" \ | ||
| base64 -d)" > $OUTPUT_DIR/status | ||
kubectl config set-context kind-kind:user --cluster=kind-kind --user=user > $OUTPUT_DIR/status |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can drop > $OUTPUT_DIR/status
from these lines. Each of these commands will overwrite the contents of that output anyways so if we're not reading the contents the output shouldn't need to be saved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main reason for the > $OUTPUT_DIR/status
: it keeps the output from being polluted. We'd rather just have .
or E
than the entire command output, which is what would happen without the redirection. This could probably be changed with a verbose
flag, but I haven't created it yet.
b39f4ce
to
191088a
Compare
Output for this test case:
|
failed
and the object does not end up in the inventory.