From 76e259b68eb1dde28f6cdf5b720d398fbbea50a6 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Thu, 15 Jul 2021 15:20:30 +0200 Subject: [PATCH 01/12] Create RBAC according to the test namespace * most tests will use just the serviceAccount that has the same name as the test namespace * tests using ApiServerSource will user serviceAccount that is named as follows: ${namespace}-eventwatcher --- test/conformance/main_test.go | 4 +- test/lib/creation.go | 61 ++++++++++++-------------- test/lib/recordevents/resources.go | 44 +++++-------------- test/lib/setupclientoptions/sources.go | 34 ++++---------- 4 files changed, 49 insertions(+), 94 deletions(-) diff --git a/test/conformance/main_test.go b/test/conformance/main_test.go index 7e812febe1a..066f4feb802 100644 --- a/test/conformance/main_test.go +++ b/test/conformance/main_test.go @@ -33,8 +33,6 @@ import ( ) const ( - roleName = "event-watcher-r" - serviceAccountName = "event-watcher-sa" recordEventsAPIPodName = "api-server-source-logger-pod" recordEventsPingPodName = "ping-source-logger-pod" ) @@ -89,7 +87,7 @@ func addSourcesInitializers() { testlib.ApiServerSourceTypeMeta, setupclientoptions.ApiServerSourceV1ClientSetupOption( ctx, apiSrcName, "Reference", - recordEventsAPIPodName, roleName, serviceAccountName), + recordEventsAPIPodName), ) sourcesTestRunner.AddComponentSetupClientOption( testlib.PingSourceTypeMeta, diff --git a/test/lib/creation.go b/test/lib/creation.go index 119aab886f9..0ffbfdd72a5 100644 --- a/test/lib/creation.go +++ b/test/lib/creation.go @@ -552,7 +552,6 @@ func (c *Client) CreateRoleOrFail(r *rbacv1.Role) { } const ( - ClusterRoleKind = "ClusterRole" RoleKind = "Role" ) @@ -582,38 +581,6 @@ func (c *Client) CreateClusterRoleBindingOrFail(saName, crName, crbName string) c.Tracker.Add(rbacAPIGroup, rbacAPIVersion, "clusterrolebindings", "", crb.GetName()) } -const ( - // the two ServiceAccounts are required for creating new Brokers in the current namespace - saIngressName = "eventing-broker-ingress" - saFilterName = "eventing-broker-filter" - - // the ClusterRoles are preinstalled in Knative Eventing setup - crIngressName = "eventing-broker-ingress" - crFilterName = "eventing-broker-filter" -) - -// CreateRBACResourcesForBrokers creates required RBAC resources for creating Brokers, -// see https://github.com/knative/docs/blob/main/docs/eventing/broker-trigger.md - Manual Setup. -func (c *Client) CreateRBACResourcesForBrokers() { - c.CreateServiceAccountOrFail(saIngressName) - c.CreateServiceAccountOrFail(saFilterName) - // The two RoleBindings are required for running Brokers correctly. - c.CreateRoleBindingOrFail( - saIngressName, - ClusterRoleKind, - crIngressName, - fmt.Sprintf("%s-%s", saIngressName, crIngressName), - c.Namespace, - ) - c.CreateRoleBindingOrFail( - saFilterName, - ClusterRoleKind, - crFilterName, - fmt.Sprintf("%s-%s", saFilterName, crFilterName), - c.Namespace, - ) -} - func (c *Client) applyAdditionalEnv(pod *corev1.PodSpec) { for i := 0; i < len(pod.Containers); i++ { pod.Containers[i].Env = append(pod.Containers[i].Env, c.tracingEnv) @@ -622,3 +589,31 @@ func (c *Client) applyAdditionalEnv(pod *corev1.PodSpec) { } } } + +func CreateRBACPodsEventsGetListWatch(client *Client, name string) { + client.CreateServiceAccountOrFail(name) + client.CreateRoleOrFail(resources.Role(name, + resources.WithRuleForRole(&rbacv1.PolicyRule{ + APIGroups: []string{""}, + Resources: []string{"pods", "events"}, + Verbs: []string{"get", "list", "watch"}}), + )) + client.CreateRoleBindingOrFail(name, RoleKind, name, name, client.Namespace) +} + +func CreateRBACPodsGetEventsAll(client *Client, name string) { + client.CreateServiceAccountOrFail(name) + client.CreateRoleOrFail(resources.Role(name, + resources.WithRuleForRole(&rbacv1.PolicyRule{ + APIGroups: []string{""}, + Resources: []string{"pods"}, + Verbs: []string{"get"}, + }), + resources.WithRuleForRole(&rbacv1.PolicyRule{ + APIGroups: []string{""}, + Resources: []string{"events"}, + Verbs: []string{rbacv1.VerbAll}, + }), + )) + client.CreateRoleBindingOrFail(name, RoleKind, name, name, client.Namespace) +} diff --git a/test/lib/recordevents/resources.go b/test/lib/recordevents/resources.go index 38bd7f2289d..8f19df6905b 100644 --- a/test/lib/recordevents/resources.go +++ b/test/lib/recordevents/resources.go @@ -19,18 +19,17 @@ package recordevents import ( "context" "encoding/json" + "knative.dev/eventing/test" "strings" cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/uuid" pkgtest "knative.dev/pkg/test" testlib "knative.dev/eventing/test/lib" - "knative.dev/eventing/test/lib/resources" ) type EventRecordOption = func(*corev1.Pod, *testlib.Client) error @@ -135,21 +134,13 @@ func serializeHeaders(headers map[string]string) string { } // DeployEventRecordOrFail deploys the recordevents image with necessary sa, roles, rb to execute the image +// By convention, all resources are named according to the client's namespace. +// This allows creating the namespaces, SAs, Roles, RoleBindings in advance by the +// admin user. func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name string, options ...EventRecordOption) *corev1.Pod { - client.CreateServiceAccountOrFail(name) - client.CreateRoleOrFail(resources.Role(name, - resources.WithRuleForRole(&rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"pods"}, - Verbs: []string{"get"}, - }), - resources.WithRuleForRole(&rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"events"}, - Verbs: []string{rbacv1.VerbAll}, - }), - )) - client.CreateRoleBindingOrFail(name, "Role", name, name, client.Namespace) + if !test.EventingFlags.ReuseNamespace { + testlib.CreateRBACPodsGetEventsAll(client, client.Namespace) + } options = append( options, @@ -157,7 +148,7 @@ func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name s envOption("EVENT_GENERATORS", "receiver"), ) - eventRecordPod := recordEventsPod("recordevents", name, name) + eventRecordPod := recordEventsPod("recordevents", name, client.Namespace) client.CreatePodOrFail(eventRecordPod, options...) err := pkgtest.WaitForPodRunning(ctx, client.Kube, name, client.Namespace) if err != nil { @@ -169,20 +160,9 @@ func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name s // DeployEventSenderOrFail deploys the recordevents image with necessary sa, roles, rb to execute the image func DeployEventSenderOrFail(ctx context.Context, client *testlib.Client, name string, sink string, options ...EventRecordOption) *corev1.Pod { - client.CreateServiceAccountOrFail(name) - client.CreateRoleOrFail(resources.Role(name, - resources.WithRuleForRole(&rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"pods"}, - Verbs: []string{"get"}, - }), - resources.WithRuleForRole(&rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"events"}, - Verbs: []string{rbacv1.VerbAll}, - }), - )) - client.CreateRoleBindingOrFail(name, "Role", name, name, client.Namespace) + if !test.EventingFlags.ReuseNamespace { + testlib.CreateRBACPodsGetEventsAll(client, client.Namespace) + } options = append( options, @@ -190,7 +170,7 @@ func DeployEventSenderOrFail(ctx context.Context, client *testlib.Client, name s envOption("SINK", sink), ) - eventRecordPod := recordEventsPod("recordevents", name, name) + eventRecordPod := recordEventsPod("recordevents", name, client.Namespace) client.CreatePodOrFail(eventRecordPod, options...) err := pkgtest.WaitForPodRunning(ctx, client.Kube, name, client.Namespace) if err != nil { diff --git a/test/lib/setupclientoptions/sources.go b/test/lib/setupclientoptions/sources.go index ef9157ca5a0..69b8db4ed28 100644 --- a/test/lib/setupclientoptions/sources.go +++ b/test/lib/setupclientoptions/sources.go @@ -19,10 +19,10 @@ package setupclientoptions import ( "context" "fmt" + "knative.dev/eventing/test" cloudevents "github.com/cloudevents/sdk-go/v2" - rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/util/uuid" sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1" @@ -39,11 +39,13 @@ import ( // to create a new ApiServerSource. It creates a ServiceAccount, a Role, a // RoleBinding, a RecordEvents pod and an ApiServerSource object with the event // mode and RecordEvent pod as its sink. -func ApiServerSourceV1ClientSetupOption(ctx context.Context, name string, mode string, recordEventsPodName string, - roleName string, serviceAccountName string) testlib.SetupClientOption { +func ApiServerSourceV1ClientSetupOption(ctx context.Context, name string, mode string, + recordEventsPodName string) testlib.SetupClientOption { return func(client *testlib.Client) { - // create needed RBAC SA, Role & RoleBinding - createRbacObjects(client, roleName, serviceAccountName) + sa := client.Namespace + "-eventwatcher" + if !test.EventingFlags.ReuseNamespace { + testlib.CreateRBACPodsEventsGetListWatch(client, sa) + } // create event record recordevents.StartEventRecordOrFail(ctx, client, recordEventsPodName) @@ -54,7 +56,7 @@ func ApiServerSourceV1ClientSetupOption(ctx context.Context, name string, mode s Kind: "Event", }}, EventMode: mode, - ServiceAccountName: serviceAccountName, + ServiceAccountName: sa, } spec.Sink = duckv1.Destination{Ref: resources.ServiceKRef(recordEventsPodName)} @@ -101,23 +103,3 @@ func PingSourceV1B2ClientSetupOption(ctx context.Context, name string, recordEve client.WaitForAllTestResourcesReadyOrFail(ctx) } } - -func createRbacObjects(client *testlib.Client, roleName string, - serviceAccountName string) { - // creates ServiceAccount and RoleBinding with a role for reading pods - // and events - r := resources.Role(roleName, - resources.WithRuleForRole(&rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"events", "pods"}, - Verbs: []string{"get", "list", "watch"}})) - client.CreateServiceAccountOrFail(serviceAccountName) - client.CreateRoleOrFail(r) - client.CreateRoleBindingOrFail( - serviceAccountName, - testlib.RoleKind, - roleName, - fmt.Sprintf("%s-%s", serviceAccountName, roleName), - client.Namespace, - ) -} From c5165027ac864ff475e846b25898e4288ba288f3 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Fri, 16 Jul 2021 15:36:39 +0200 Subject: [PATCH 02/12] Script for creating necessary RBAC for conformance tests --- test/conformance/create-namespace-rbac.sh | 110 ++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100755 test/conformance/create-namespace-rbac.sh diff --git a/test/conformance/create-namespace-rbac.sh b/test/conformance/create-namespace-rbac.sh new file mode 100755 index 00000000000..86aea223950 --- /dev/null +++ b/test/conformance/create-namespace-rbac.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script creates test namespaces together with ServiceAccounts, Roles, +# RoleBindings for conformance tests. This script is useful when tests are +# run with --reusenamespace option in restricted environments. See README.md +# for more information. + +set -Eeuo pipefail + +NUM_NAMESPACES=${NUM_NAMESPACES:?"Pass the NUM_NAMESPACES env variable"} +EVENTING_E2E_NAMESPACE="${EVENTING_E2E_NAMESPACE:-eventing-e2e}" + +for i in $(seq 0 "$(("$NUM_NAMESPACES" - 1))"); do + cat < Date: Fri, 16 Jul 2021 15:37:59 +0200 Subject: [PATCH 03/12] Readme for running Conformance tests as project admin --- test/conformance/README.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/test/conformance/README.md b/test/conformance/README.md index 8ab09db71e4..2f4df7cd138 100644 --- a/test/conformance/README.md +++ b/test/conformance/README.md @@ -4,7 +4,7 @@ Conformance tests verifies knative eventing implementation for expected behavior described in [specification](https://github.com/knative/eventing/tree/main/docs/spec). -## Running performance tests +## Running conformance tests Run test with e2e tag and optionally select conformance test @@ -31,3 +31,26 @@ can specify: go test -v -tags e2e knative.dev/eventing/test/conformance -brokername=foo -brokernamespace=bar -run TestBrokerV1Beta1DataPlaneIngress ``` + +## Running conformance tests as a project admin + +It is possible to run the conformance tests by a user with reduced privileges, e.g. project admin. +Some tests require cluster-admin privileges and those tests are excluded from execution in this case. +Running the conformance tests then consists of these steps: +1. The cluster admin creates test namespaces and required RBAC. Each test requires a separate namespace. + By default, the namespace names consist of `eventing-e2e` prefix and numeric suffix starting from 0: + `eventing-e2e0`, `eventing-e2e1`, etc. The prefix can be configured using the EVENTING_E2E_NAMESPACE env + variable. There's a helper script in the current folder that will create all the required resources: + ```shell + NUM_NAMESPACES=40 ./create-namespace-rbac.sh + ``` + Note: There are currently slightly over 30 tests. but the number will grow. So the number of namespaces + needs to be adjusted. +1. The project admin runs the test suite with specific flags: + ```shell + go test -v -tags=e2e,project_admin -count=1 ./test/conformance \ + -reusenamespace \ + -kubeconfig=$PROJECT_ADMIN_KUBECONFIG + ``` + It is expected that the $PROJECT_ADMIN_KUBECONFIG's user is a project admin for all the + created namespaces. From f6d4a4165b7519aeb8b87b7ab0f8a29734864a36 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Fri, 16 Jul 2021 15:38:57 +0200 Subject: [PATCH 04/12] Fix imports --- test/lib/setupclientoptions/sources.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/lib/setupclientoptions/sources.go b/test/lib/setupclientoptions/sources.go index 69b8db4ed28..1c8d038ffb7 100644 --- a/test/lib/setupclientoptions/sources.go +++ b/test/lib/setupclientoptions/sources.go @@ -19,11 +19,10 @@ package setupclientoptions import ( "context" "fmt" - "knative.dev/eventing/test" cloudevents "github.com/cloudevents/sdk-go/v2" - "k8s.io/apimachinery/pkg/util/uuid" + "knative.dev/eventing/test" sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1" sourcesv1beta2 "knative.dev/eventing/pkg/apis/sources/v1beta2" From 0be2eb01db7b3f08753f6676ad062dc50b43f006 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Fri, 16 Jul 2021 15:46:11 +0200 Subject: [PATCH 05/12] Minor update for readme --- test/conformance/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/conformance/README.md b/test/conformance/README.md index 2f4df7cd138..ff42b75c67a 100644 --- a/test/conformance/README.md +++ b/test/conformance/README.md @@ -44,13 +44,12 @@ Running the conformance tests then consists of these steps: ```shell NUM_NAMESPACES=40 ./create-namespace-rbac.sh ``` - Note: There are currently slightly over 30 tests. but the number will grow. So the number of namespaces - needs to be adjusted. + Note: The number of required namespaces might grow over time. 1. The project admin runs the test suite with specific flags: ```shell go test -v -tags=e2e,project_admin -count=1 ./test/conformance \ -reusenamespace \ -kubeconfig=$PROJECT_ADMIN_KUBECONFIG ``` - It is expected that the $PROJECT_ADMIN_KUBECONFIG's user is a project admin for all the + The $PROJECT_ADMIN_KUBECONFIG's user is expected to be a project admin for all the created namespaces. From 98ccb698f8e1327f5b9740446a12dbba2063fb9f Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Fri, 16 Jul 2021 16:03:37 +0200 Subject: [PATCH 06/12] Fix goimport --- test/lib/creation.go | 2 +- test/lib/recordevents/resources.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/lib/creation.go b/test/lib/creation.go index 0ffbfdd72a5..c7a67e7d92e 100644 --- a/test/lib/creation.go +++ b/test/lib/creation.go @@ -552,7 +552,7 @@ func (c *Client) CreateRoleOrFail(r *rbacv1.Role) { } const ( - RoleKind = "Role" + RoleKind = "Role" ) // CreateRoleBindingOrFail will create a RoleBinding or fail the test if there is an error. diff --git a/test/lib/recordevents/resources.go b/test/lib/recordevents/resources.go index 8f19df6905b..9c74d0b6fd7 100644 --- a/test/lib/recordevents/resources.go +++ b/test/lib/recordevents/resources.go @@ -19,9 +19,10 @@ package recordevents import ( "context" "encoding/json" - "knative.dev/eventing/test" "strings" + "knative.dev/eventing/test" + cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" From f38f2da8bbc5e4bd63ba096b577d7741bbea502c Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 08:29:12 +0200 Subject: [PATCH 07/12] Do not fail if ServiceAccount already exists --- test/lib/creation.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/lib/creation.go b/test/lib/creation.go index c7a67e7d92e..277895b79d9 100644 --- a/test/lib/creation.go +++ b/test/lib/creation.go @@ -515,8 +515,8 @@ func (c *Client) CreateServiceAccountOrFail(saName string) { sa := resources.ServiceAccount(saName, namespace) sas := c.Kube.CoreV1().ServiceAccounts(namespace) c.T.Logf("Creating service account %+v", sa) - if _, err := sas.Create(context.Background(), sa, metav1.CreateOptions{}); err != nil { - c.T.Fatalf("Failed to create service account %q: %v", saName, err) + if _, err := sas.Create(context.Background(), sa, metav1.CreateOptions{}); err != nil && !apierrs.IsAlreadyExists(err) { + c.T.Fatalf("Failed to create service account %q: %v", saName, err) } c.Tracker.Add(coreAPIGroup, coreAPIVersion, "serviceaccounts", namespace, saName) From a5b06de57926fb7f05a79fea6c5533571f2bf80d Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 09:47:34 +0200 Subject: [PATCH 08/12] Fix goftm --- test/lib/creation.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/lib/creation.go b/test/lib/creation.go index 277895b79d9..e8867d47db7 100644 --- a/test/lib/creation.go +++ b/test/lib/creation.go @@ -516,7 +516,7 @@ func (c *Client) CreateServiceAccountOrFail(saName string) { sas := c.Kube.CoreV1().ServiceAccounts(namespace) c.T.Logf("Creating service account %+v", sa) if _, err := sas.Create(context.Background(), sa, metav1.CreateOptions{}); err != nil && !apierrs.IsAlreadyExists(err) { - c.T.Fatalf("Failed to create service account %q: %v", saName, err) + c.T.Fatalf("Failed to create service account %q: %v", saName, err) } c.Tracker.Add(coreAPIGroup, coreAPIVersion, "serviceaccounts", namespace, saName) From cbd84853789d01a52822938efb3f05049db79677 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 10:15:55 +0200 Subject: [PATCH 09/12] Mark tests requiring cluster-admin with specific build tag --- test/conformance/broker_tracing_test.go | 1 + .../channel_addressable_resolver_cluster_role_test.go | 1 + .../channel_channelable_manipulator_cluster_role_test.go | 1 + test/conformance/channel_crd_metadata_test.go | 1 + test/conformance/channel_tracing_test.go | 1 + test/conformance/source_crd_metadata_test.go | 1 + test/conformance/source_crd_rbac_test.go | 1 + test/conformance/source_crd_registry_test.go | 1 + 8 files changed, 8 insertions(+) diff --git a/test/conformance/broker_tracing_test.go b/test/conformance/broker_tracing_test.go index 4c292d018b9..ad325479a96 100644 --- a/test/conformance/broker_tracing_test.go +++ b/test/conformance/broker_tracing_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2019 The Knative Authors diff --git a/test/conformance/channel_addressable_resolver_cluster_role_test.go b/test/conformance/channel_addressable_resolver_cluster_role_test.go index d8fe0afed00..139ad72a31e 100644 --- a/test/conformance/channel_addressable_resolver_cluster_role_test.go +++ b/test/conformance/channel_addressable_resolver_cluster_role_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2020 The Knative Authors diff --git a/test/conformance/channel_channelable_manipulator_cluster_role_test.go b/test/conformance/channel_channelable_manipulator_cluster_role_test.go index 8f47c0e9bde..658100693c1 100644 --- a/test/conformance/channel_channelable_manipulator_cluster_role_test.go +++ b/test/conformance/channel_channelable_manipulator_cluster_role_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2020 The Knative Authors diff --git a/test/conformance/channel_crd_metadata_test.go b/test/conformance/channel_crd_metadata_test.go index 33c3fa72106..2b5fc065b12 100644 --- a/test/conformance/channel_crd_metadata_test.go +++ b/test/conformance/channel_crd_metadata_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2020 The Knative Authors diff --git a/test/conformance/channel_tracing_test.go b/test/conformance/channel_tracing_test.go index f9f40ddf63c..69422f2b11a 100644 --- a/test/conformance/channel_tracing_test.go +++ b/test/conformance/channel_tracing_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2019 The Knative Authors diff --git a/test/conformance/source_crd_metadata_test.go b/test/conformance/source_crd_metadata_test.go index 3a810740dfd..0d8bae30ce4 100644 --- a/test/conformance/source_crd_metadata_test.go +++ b/test/conformance/source_crd_metadata_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2020 The Knative Authors diff --git a/test/conformance/source_crd_rbac_test.go b/test/conformance/source_crd_rbac_test.go index e0b54c2d67c..bd8c4c7fb54 100644 --- a/test/conformance/source_crd_rbac_test.go +++ b/test/conformance/source_crd_rbac_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2021 The Knative Authors diff --git a/test/conformance/source_crd_registry_test.go b/test/conformance/source_crd_registry_test.go index ba9cb303a7f..53912e10b31 100644 --- a/test/conformance/source_crd_registry_test.go +++ b/test/conformance/source_crd_registry_test.go @@ -1,4 +1,5 @@ // +build e2e +// +build !project_admin /* Copyright 2020 The Knative Authors From 10a263f0979c7a86b4ad0d93e34734687afbf67d Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 11:41:10 +0200 Subject: [PATCH 10/12] Move the creation of SA,Role,RoleBinding close to namespace creation * since the name of the resources is aligned with the name of the namespace it makes sense to create them only once, at the same time as the namespace --- test/lib/recordevents/resources.go | 4 ---- test/lib/setupclientoptions/sources.go | 9 +-------- test/lib/test_runner.go | 2 ++ 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/test/lib/recordevents/resources.go b/test/lib/recordevents/resources.go index 9c74d0b6fd7..58f43f7ec0d 100644 --- a/test/lib/recordevents/resources.go +++ b/test/lib/recordevents/resources.go @@ -139,10 +139,6 @@ func serializeHeaders(headers map[string]string) string { // This allows creating the namespaces, SAs, Roles, RoleBindings in advance by the // admin user. func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name string, options ...EventRecordOption) *corev1.Pod { - if !test.EventingFlags.ReuseNamespace { - testlib.CreateRBACPodsGetEventsAll(client, client.Namespace) - } - options = append( options, testlib.WithService(name), diff --git a/test/lib/setupclientoptions/sources.go b/test/lib/setupclientoptions/sources.go index 1c8d038ffb7..fe8d5d9ead4 100644 --- a/test/lib/setupclientoptions/sources.go +++ b/test/lib/setupclientoptions/sources.go @@ -22,8 +22,6 @@ import ( cloudevents "github.com/cloudevents/sdk-go/v2" "k8s.io/apimachinery/pkg/util/uuid" - "knative.dev/eventing/test" - sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1" sourcesv1beta2 "knative.dev/eventing/pkg/apis/sources/v1beta2" eventingtestingv1 "knative.dev/eventing/pkg/reconciler/testing/v1" @@ -41,11 +39,6 @@ import ( func ApiServerSourceV1ClientSetupOption(ctx context.Context, name string, mode string, recordEventsPodName string) testlib.SetupClientOption { return func(client *testlib.Client) { - sa := client.Namespace + "-eventwatcher" - if !test.EventingFlags.ReuseNamespace { - testlib.CreateRBACPodsEventsGetListWatch(client, sa) - } - // create event record recordevents.StartEventRecordOrFail(ctx, client, recordEventsPodName) @@ -55,7 +48,7 @@ func ApiServerSourceV1ClientSetupOption(ctx context.Context, name string, mode s Kind: "Event", }}, EventMode: mode, - ServiceAccountName: sa, + ServiceAccountName: client.Namespace + "-eventwatcher", } spec.Sink = duckv1.Destination{Ref: resources.ServiceKRef(recordEventsPodName)} diff --git a/test/lib/test_runner.go b/test/lib/test_runner.go index 986e585981d..4b307f2f2f1 100644 --- a/test/lib/test_runner.go +++ b/test/lib/test_runner.go @@ -166,6 +166,8 @@ func Setup(t *testing.T, runInParallel bool, options ...SetupClientOption) *Clie if !ReuseNamespace { SetupServiceAccount(t, client) SetupPullSecret(t, client) + CreateRBACPodsGetEventsAll(client, client.Namespace) + CreateRBACPodsEventsGetListWatch(client, client.Namespace + "-eventwatcher") } // Run the test case in parallel if needed. From 67e42c2981cb710160551100ce5d615158a28696 Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 11:52:16 +0200 Subject: [PATCH 11/12] Formatting --- test/lib/test_runner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/lib/test_runner.go b/test/lib/test_runner.go index 4b307f2f2f1..4c288b6b07b 100644 --- a/test/lib/test_runner.go +++ b/test/lib/test_runner.go @@ -167,7 +167,7 @@ func Setup(t *testing.T, runInParallel bool, options ...SetupClientOption) *Clie SetupServiceAccount(t, client) SetupPullSecret(t, client) CreateRBACPodsGetEventsAll(client, client.Namespace) - CreateRBACPodsEventsGetListWatch(client, client.Namespace + "-eventwatcher") + CreateRBACPodsEventsGetListWatch(client, client.Namespace+"-eventwatcher") } // Run the test case in parallel if needed. From 513143c0f36a85b2adad07f3a62f8ffc1e4fdbbd Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Mon, 19 Jul 2021 13:00:24 +0200 Subject: [PATCH 12/12] Move remaining creation of SA,Role,RoleBinding --- test/lib/recordevents/resources.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/test/lib/recordevents/resources.go b/test/lib/recordevents/resources.go index 58f43f7ec0d..bdcde92f0e9 100644 --- a/test/lib/recordevents/resources.go +++ b/test/lib/recordevents/resources.go @@ -21,8 +21,6 @@ import ( "encoding/json" "strings" - "knative.dev/eventing/test" - cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" @@ -135,9 +133,6 @@ func serializeHeaders(headers map[string]string) string { } // DeployEventRecordOrFail deploys the recordevents image with necessary sa, roles, rb to execute the image -// By convention, all resources are named according to the client's namespace. -// This allows creating the namespaces, SAs, Roles, RoleBindings in advance by the -// admin user. func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name string, options ...EventRecordOption) *corev1.Pod { options = append( options, @@ -157,10 +152,6 @@ func DeployEventRecordOrFail(ctx context.Context, client *testlib.Client, name s // DeployEventSenderOrFail deploys the recordevents image with necessary sa, roles, rb to execute the image func DeployEventSenderOrFail(ctx context.Context, client *testlib.Client, name string, sink string, options ...EventRecordOption) *corev1.Pod { - if !test.EventingFlags.ReuseNamespace { - testlib.CreateRBACPodsGetEventsAll(client, client.Namespace) - } - options = append( options, envOption("EVENT_GENERATORS", "sender"),