k8s.io/kubernetes@v1.29.3/test/cmd/legacy-script.sh (about) 1 #!/usr/bin/env bash 2 3 # Copyright 2016 The Kubernetes Authors. 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 # This contains util code for testing kubectl. 18 19 set -o errexit 20 set -o nounset 21 set -o pipefail 22 23 # Set locale to ensure english responses from kubectl commands 24 export LANG=C 25 26 KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../.. 27 # Expects the following has already been done by whatever sources this script 28 # source "${KUBE_ROOT}/hack/lib/init.sh" 29 # source "${KUBE_ROOT}/hack/lib/test.sh" 30 source "${KUBE_ROOT}/test/cmd/apply.sh" 31 source "${KUBE_ROOT}/test/cmd/apps.sh" 32 source "${KUBE_ROOT}/test/cmd/auth_whoami.sh" 33 source "${KUBE_ROOT}/test/cmd/authentication.sh" 34 source "${KUBE_ROOT}/test/cmd/authorization.sh" 35 source "${KUBE_ROOT}/test/cmd/batch.sh" 36 source "${KUBE_ROOT}/test/cmd/certificate.sh" 37 source "${KUBE_ROOT}/test/cmd/convert.sh" 38 source "${KUBE_ROOT}/test/cmd/core.sh" 39 source "${KUBE_ROOT}/test/cmd/crd.sh" 40 source "${KUBE_ROOT}/test/cmd/create.sh" 41 source "${KUBE_ROOT}/test/cmd/debug.sh" 42 source "${KUBE_ROOT}/test/cmd/delete.sh" 43 source "${KUBE_ROOT}/test/cmd/diff.sh" 44 source "${KUBE_ROOT}/test/cmd/discovery.sh" 45 source "${KUBE_ROOT}/test/cmd/events.sh" 46 source "${KUBE_ROOT}/test/cmd/exec.sh" 47 source "${KUBE_ROOT}/test/cmd/generic-resources.sh" 48 source "${KUBE_ROOT}/test/cmd/get.sh" 49 source "${KUBE_ROOT}/test/cmd/help.sh" 50 source "${KUBE_ROOT}/test/cmd/kubeconfig.sh" 51 source "${KUBE_ROOT}/test/cmd/node-management.sh" 52 source "${KUBE_ROOT}/test/cmd/plugins.sh" 53 source "${KUBE_ROOT}/test/cmd/proxy.sh" 54 source "${KUBE_ROOT}/test/cmd/rbac.sh" 55 source "${KUBE_ROOT}/test/cmd/request-timeout.sh" 56 source "${KUBE_ROOT}/test/cmd/results.sh" 57 source "${KUBE_ROOT}/test/cmd/run.sh" 58 source "${KUBE_ROOT}/test/cmd/save-config.sh" 59 source "${KUBE_ROOT}/test/cmd/storage.sh" 60 source "${KUBE_ROOT}/test/cmd/template-output.sh" 61 source "${KUBE_ROOT}/test/cmd/version.sh" 62 source "${KUBE_ROOT}/test/cmd/wait.sh" 63 64 65 ETCD_HOST=${ETCD_HOST:-127.0.0.1} 66 ETCD_PORT=${ETCD_PORT:-2379} 67 SECURE_API_PORT=${SECURE_API_PORT:-6443} 68 API_HOST=${API_HOST:-127.0.0.1} 69 KUBELET_HEALTHZ_PORT=${KUBELET_HEALTHZ_PORT:-10248} 70 SECURE_CTLRMGR_PORT=${SECURE_CTLRMGR_PORT:-10257} 71 PROXY_HOST=127.0.0.1 # kubectl only serves on localhost. 72 73 IMAGE_NGINX="registry.k8s.io/nginx:1.7.9" 74 export IMAGE_DEPLOYMENT_R1="registry.k8s.io/nginx:test-cmd" # deployment-revision1.yaml 75 export IMAGE_DEPLOYMENT_R2="$IMAGE_NGINX" # deployment-revision2.yaml 76 export IMAGE_PERL="registry.k8s.io/perl" 77 export IMAGE_PAUSE_V2="registry.k8s.io/pause:2.0" 78 export IMAGE_DAEMONSET_R2="registry.k8s.io/pause:latest" 79 export IMAGE_DAEMONSET_R2_2="registry.k8s.io/nginx:test-cmd" # rollingupdate-daemonset-rv2.yaml 80 export IMAGE_STATEFULSET_R1="registry.k8s.io/nginx-slim:0.7" 81 export IMAGE_STATEFULSET_R2="registry.k8s.io/nginx-slim:0.8" 82 83 # Expose kubectl directly for readability 84 PATH="${KUBE_OUTPUT_HOSTBIN}":$PATH 85 86 # Define variables for resource types to prevent typos. 87 clusterroles="clusterroles" 88 configmaps="configmaps" 89 csr="csr" 90 cronjob="cronjobs" 91 deployments="deployments" 92 namespaces="namespaces" 93 nodes="nodes" 94 persistentvolumeclaims="persistentvolumeclaims" 95 persistentvolumes="persistentvolumes" 96 pods="pods" 97 podtemplates="podtemplates" 98 replicasets="replicasets" 99 replicationcontrollers="replicationcontrollers" 100 roles="roles" 101 secrets="secrets" 102 selfsubjectreviews="selfsubjectreviews" 103 serviceaccounts="serviceaccounts" 104 services="services" 105 statefulsets="statefulsets" 106 storageclass="storageclass" 107 subjectaccessreviews="subjectaccessreviews" 108 customresourcedefinitions="customresourcedefinitions" 109 daemonsets="daemonsets" 110 controllerrevisions="controllerrevisions" 111 job="jobs" 112 113 # A junit-style XML test report will be generated in the directory specified by KUBE_JUNIT_REPORT_DIR, if set. 114 # If KUBE_JUNIT_REPORT_DIR is unset, and ARTIFACTS is set, then use what is set in ARTIFACTS. 115 if [[ -z "${KUBE_JUNIT_REPORT_DIR:-}" && -n "${ARTIFACTS:-}" ]]; then 116 export KUBE_JUNIT_REPORT_DIR="${ARTIFACTS}" 117 fi 118 119 # include shell2junit library 120 sh2ju="${KUBE_ROOT}/third_party/forked/shell2junit/sh2ju.sh" 121 if [[ -f "${sh2ju}" ]]; then 122 source "${sh2ju}" 123 else 124 echo "failed to find third_party/forked/shell2junit/sh2ju.sh" 125 exit 1 126 fi 127 128 # record_command runs the command and records its output/error messages in junit format 129 # it expects the first to be the name of the command 130 # Example: 131 # record_command run_kubectl_tests 132 # 133 # WARNING: Variable changes in the command will NOT be effective after record_command returns. 134 # This is because the command runs in subshell. 135 function record_command() { 136 set +o nounset 137 set +o errexit 138 139 local name="$1" 140 local output="${KUBE_JUNIT_REPORT_DIR:-/tmp/junit-results}" 141 echo "Recording: ${name}" 142 echo "Running command: $*" 143 juLog -output="${output}" -class="test-cmd" -name="${name}" "$@" 144 local exitCode=$? 145 if [[ ${exitCode} -ne 0 ]]; then 146 # Record failures for any non-canary commands 147 if [ "${name}" != "record_command_canary" ]; then 148 echo "Error when running ${name}" 149 foundError="${foundError}""${name}"", " 150 fi 151 elif [ "${name}" == "record_command_canary" ]; then 152 # If the canary command passed, fail 153 echo "record_command_canary succeeded unexpectedly" 154 foundError="${foundError}""${name}"", " 155 fi 156 157 set -o nounset 158 set -o errexit 159 } 160 161 # Ensure our record_command stack correctly propagates and detects errexit failures in invoked commands - see https://issue.k8s.io/84871 162 foundError="" 163 function record_command_canary() 164 { 165 set -o nounset 166 set -o errexit 167 bogus-expected-to-fail 168 set +o nounset 169 set +o errexit 170 } 171 KUBE_JUNIT_REPORT_DIR=$(mktemp -d /tmp/record_command_canary.XXXXX) record_command record_command_canary 172 if [[ -n "${foundError}" ]]; then 173 echo "FAILED TESTS: record_command_canary" 174 exit 1 175 fi 176 177 # Stops the running kubectl proxy, if there is one. 178 function stop-proxy() 179 { 180 [[ -n "${PROXY_PORT-}" ]] && kube::log::status "Stopping proxy on port ${PROXY_PORT}" 181 [[ -n "${PROXY_PID-}" ]] && kill -9 "${PROXY_PID}" 1>&2 2>/dev/null 182 [[ -n "${PROXY_PORT_FILE-}" ]] && rm -f "${PROXY_PORT_FILE}" 183 PROXY_PID= 184 PROXY_PORT= 185 PROXY_PORT_FILE= 186 } 187 188 # Starts "kubect proxy" to test the client proxy. $1: api_prefix 189 function start-proxy() 190 { 191 stop-proxy 192 193 PROXY_PORT_FILE=$(mktemp proxy-port.out.XXXXX) 194 kube::log::status "Starting kubectl proxy on random port; output file in ${PROXY_PORT_FILE}; args: ${1-}" 195 196 197 if [ $# -eq 0 ]; then 198 kubectl proxy --port=0 --www=. 1>"${PROXY_PORT_FILE}" 2>&1 & 199 else 200 kubectl proxy --port=0 --www=. --api-prefix="$1" 1>"${PROXY_PORT_FILE}" 2>&1 & 201 fi 202 PROXY_PID=$! 203 PROXY_PORT= 204 205 local attempts=0 206 while [[ -z ${PROXY_PORT} ]]; do 207 if (( attempts > 9 )); then 208 kill "${PROXY_PID}" 209 kube::log::error_exit "Couldn't start proxy. Failed to read port after ${attempts} tries. Got: $(cat "${PROXY_PORT_FILE}")" 210 fi 211 sleep .5 212 kube::log::status "Attempt ${attempts} to read ${PROXY_PORT_FILE}..." 213 PROXY_PORT=$(sed 's/.*Starting to serve on 127.0.0.1:\([0-9]*\)$/\1/'< "${PROXY_PORT_FILE}") 214 attempts=$((attempts+1)) 215 done 216 217 kube::log::status "kubectl proxy running on port ${PROXY_PORT}" 218 219 # We try checking kubectl proxy 30 times with 1s delays to avoid occasional 220 # failures. 221 if [ $# -eq 0 ]; then 222 kube::util::wait_for_url "http://127.0.0.1:${PROXY_PORT}/healthz" "kubectl proxy" 223 else 224 kube::util::wait_for_url "http://127.0.0.1:${PROXY_PORT}/$1/healthz" "kubectl proxy --api-prefix=$1" 225 fi 226 } 227 228 function cleanup() 229 { 230 stop-proxy 231 [[ -n "${CTLRMGR_PID-}" ]] && kill -9 "${CTLRMGR_PID}" 1>&2 2>/dev/null 232 [[ -n "${KUBELET_PID-}" ]] && kill -9 "${KUBELET_PID}" 1>&2 2>/dev/null 233 [[ -n "${APISERVER_PID-}" ]] && kill -9 "${APISERVER_PID}" 1>&2 2>/dev/null 234 235 kube::etcd::cleanup 236 rm -rf "${KUBE_TEMP}" 237 238 local junit_dir="${KUBE_JUNIT_REPORT_DIR:-/tmp/junit-results}" 239 echo "junit report dir:" "${junit_dir}" 240 241 kube::log::status "Clean up complete" 242 } 243 244 # Executes curl against the proxy. $1 is the path to use, $2 is the desired 245 # return code. Prints a helpful message on failure. 246 function check-curl-proxy-code() 247 { 248 local status 249 local -r address=$1 250 local -r desired=$2 251 local -r full_address="${PROXY_HOST}:${PROXY_PORT}${address}" 252 status=$(curl -w "%{http_code}" --silent --output /dev/null "${full_address}") 253 if [ "${status}" == "${desired}" ]; then 254 return 0 255 fi 256 echo "For address ${full_address}, got ${status} but wanted ${desired}" 257 return 1 258 } 259 260 # TODO: Remove this function when we do the retry inside the kubectl commands. See #15333. 261 function kubectl-with-retry() 262 { 263 ERROR_FILE="${KUBE_TEMP}/kubectl-error" 264 preserve_err_file=${PRESERVE_ERR_FILE:-false} 265 for count in {0..3}; do 266 kubectl "$@" 2> "${ERROR_FILE}" || true 267 if grep -q "the object has been modified" "${ERROR_FILE}"; then 268 kube::log::status "retry $1, error: $(cat "${ERROR_FILE}")" 269 rm "${ERROR_FILE}" 270 sleep $((2**count)) 271 else 272 if [ "$preserve_err_file" != true ] ; then 273 rm "${ERROR_FILE}" 274 fi 275 break 276 fi 277 done 278 } 279 280 # Waits for the pods with the given label to match the list of names. Don't call 281 # this function unless you know the exact pod names, or expect no pods. 282 # $1: label to match 283 # $2: list of pod names sorted by name 284 # Example invocation: 285 # wait-for-pods-with-label "app=foo" "nginx-0nginx-1" 286 function wait-for-pods-with-label() 287 { 288 local i 289 for i in $(seq 1 10); do 290 kubeout=$(kubectl get po -l "$1" --output=go-template --template='{{range.items}}{{.metadata.name}}{{end}}' --sort-by metadata.name "${kube_flags[@]}") 291 if [[ $kubeout = "$2" ]]; then 292 return 293 fi 294 echo Waiting for pods: "$2", found "$kubeout" 295 sleep "$i" 296 done 297 kube::log::error_exit "Timeout waiting for pods with label $1" 298 } 299 300 # Code to be run before running the tests. 301 setup() { 302 kube::util::trap_add cleanup EXIT SIGINT 303 kube::util::ensure-temp-dir 304 # ensure ~/.kube/config isn't loaded by tests 305 HOME="${KUBE_TEMP}" 306 307 kube::etcd::start 308 309 # Find a standard sed instance for use with edit scripts 310 kube::util::ensure-gnu-sed 311 312 kube::log::status "Building kubectl" 313 make -C "${KUBE_ROOT}" WHAT="cmd/kubectl cmd/kubectl-convert" 314 315 # Check kubectl 316 kube::log::status "Running kubectl with no options" 317 "${KUBE_OUTPUT_HOSTBIN}/kubectl" 318 319 # TODO: we need to note down the current default namespace and set back to this 320 # namespace after the tests are done. 321 CONTEXT="test" 322 kubectl config set-credentials test-admin --token admin-token 323 kubectl config set-cluster local --insecure-skip-tls-verify --server "https://127.0.0.1:${SECURE_API_PORT}" 324 kubectl config set-context "${CONTEXT}" --user test-admin --cluster local 325 kubectl config use-context "${CONTEXT}" 326 kubectl config view 327 328 kube::log::status "Setup complete" 329 } 330 331 # Runs all kubectl tests. 332 # Requires an env var SUPPORTED_RESOURCES which is a comma separated list of 333 # resources for which tests should be run. 334 runTests() { 335 foundError="" 336 337 if [ -z "${SUPPORTED_RESOURCES:-}" ]; then 338 echo "Need to set SUPPORTED_RESOURCES env var. It is a list of resources that are supported and hence should be tested. Set it to (*) to test all resources" 339 exit 1 340 fi 341 kube::log::status "Checking kubectl version" 342 kubectl version 343 344 # Generate a random namespace name, based on the current time (to make 345 # debugging slightly easier) and a random number. Don't use `date +%N` 346 # because that doesn't work on OSX. 347 create_and_use_new_namespace() { 348 local ns_name 349 ns_name="namespace-$(date +%s)-${RANDOM}" 350 kube::log::status "Creating namespace ${ns_name}" 351 kubectl create namespace "${ns_name}" 352 kubectl config set-context "${CONTEXT}" --namespace="${ns_name}" 353 } 354 355 kube_flags=( '-s' "https://127.0.0.1:${SECURE_API_PORT}" '--insecure-skip-tls-verify' ) 356 357 kube_flags_without_token=( "${kube_flags[@]}" ) 358 359 # token defined in hack/testdata/auth-tokens.csv 360 kube_flags_with_token=( "${kube_flags_without_token[@]}" '--token=admin-token' ) 361 362 if [[ -z "${ALLOW_SKEW:-}" ]]; then 363 kube_flags+=('--match-server-version') 364 kube_flags_with_token+=('--match-server-version') 365 fi 366 if kube::test::if_supports_resource "${nodes}" ; then 367 [ "$(kubectl get nodes -o go-template='{{ .apiVersion }}' "${kube_flags[@]}")" == "v1" ] 368 fi 369 370 # Define helper variables for fields to prevent typos. 371 # They will be used in some other files under test/cmd, 372 # Let's export them as https://github.com/koalaman/shellcheck/wiki/SC2034 suggested. 373 export id_field=".metadata.name" 374 export labels_field=".metadata.labels" 375 export annotations_field=".metadata.annotations" 376 export service_selector_field=".spec.selector" 377 export rc_replicas_field=".spec.replicas" 378 export rc_status_replicas_field=".status.replicas" 379 export rc_container_image_field=".spec.template.spec.containers" 380 export rs_replicas_field=".spec.replicas" 381 export port_field="(index .spec.ports 0).port" 382 export port_name="(index .spec.ports 0).name" 383 export second_port_field="(index .spec.ports 1).port" 384 export second_port_name="(index .spec.ports 1).name" 385 export image_field="(index .spec.containers 0).image" 386 export pod_container_name_field="(index .spec.containers 0).name" 387 export container_name_field="(index .spec.template.spec.containers 0).name" 388 export hpa_min_field=".spec.minReplicas" 389 export hpa_max_field=".spec.maxReplicas" 390 export hpa_cpu_field="(index .spec.metrics 0).resource.target.averageUtilization" 391 export template_labels=".spec.template.metadata.labels.name" 392 export statefulset_replicas_field=".spec.replicas" 393 export statefulset_observed_generation=".status.observedGeneration" 394 export job_parallelism_field=".spec.parallelism" 395 export deployment_replicas=".spec.replicas" 396 export secret_data=".data" 397 export secret_type=".type" 398 export change_cause_annotation='.*kubernetes.io/change-cause.*' 399 export pdb_min_available=".spec.minAvailable" 400 export pdb_max_unavailable=".spec.maxUnavailable" 401 export generation_field=".metadata.generation" 402 export container_len="(len .spec.template.spec.containers)" 403 export image_field0="(index .spec.template.spec.containers 0).image" 404 export image_field1="(index .spec.template.spec.containers 1).image" 405 406 # Make sure "default" namespace exists. 407 if kube::test::if_supports_resource "${namespaces}" ; then 408 output_message=$(kubectl get "${kube_flags[@]}" namespaces) 409 if ! grep -q "default" <<< "${output_message}"; then 410 # Create default namespace 411 kubectl create "${kube_flags[@]}" ns default 412 fi 413 fi 414 415 # Make sure "kubernetes" service exists. 416 if kube::test::if_supports_resource "${services}" ; then 417 # Attempt to create the kubernetes service, tolerating failure (since it might already exist) 418 kubectl create "${kube_flags[@]}" -f hack/testdata/kubernetes-service.yaml || true 419 # Require the service to exist (either we created it or the API server did) 420 kubectl get "${kube_flags[@]}" -f hack/testdata/kubernetes-service.yaml 421 fi 422 423 cleanup_tests(){ 424 kube::test::clear_all 425 if [[ -n "${foundError}" ]]; then 426 echo "FAILED TESTS: ""${foundError}" 427 exit 1 428 fi 429 } 430 431 if [[ -n "${WHAT-}" ]]; then 432 for pkg in ${WHAT} 433 do 434 # running of kubeadm is captured in hack/make-targets/test-cmd.sh 435 if [[ "${pkg}" != "kubeadm" ]]; then 436 record_command "run_${pkg}_tests" 437 fi 438 done 439 cleanup_tests 440 return 441 fi 442 443 ######################### 444 # Kubectl version # 445 ######################### 446 447 record_command run_kubectl_version_tests 448 449 ############################ 450 # Kubectl result reporting # 451 ############################ 452 453 record_command run_kubectl_results_tests 454 455 ####################### 456 # kubectl config set # 457 ####################### 458 459 record_command run_kubectl_config_set_tests 460 461 ############################## 462 # kubectl config set-cluster # 463 ############################## 464 465 record_command run_kubectl_config_set_cluster_tests 466 467 ################################## 468 # kubectl config set-credentials # 469 ################################## 470 471 record_command run_kubectl_config_set_credentials_tests 472 473 ####################### 474 # kubectl local proxy # 475 ####################### 476 477 record_command run_kubectl_local_proxy_tests 478 479 ######################### 480 # RESTMapper evaluation # 481 ######################### 482 483 record_command run_RESTMapper_evaluation_tests 484 485 # find all resources 486 kubectl "${kube_flags[@]}" api-resources 487 # find all namespaced resources that support list by name and get them 488 kubectl "${kube_flags[@]}" api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl "${kube_flags[@]}" get -o name 489 490 ################ 491 # Cluster Role # 492 ################ 493 494 if kube::test::if_supports_resource "${clusterroles}" ; then 495 record_command run_clusterroles_tests 496 fi 497 498 ######## 499 # Role # 500 ######## 501 if kube::test::if_supports_resource "${roles}" ; then 502 record_command run_role_tests 503 fi 504 505 ######################### 506 # Assert short name # 507 ######################### 508 509 if kube::test::if_supports_resource "${customresourcedefinitions}" && kube::test::if_supports_resource "${pods}" && kube::test::if_supports_resource "${configmaps}" ; then 510 record_command run_assert_short_name_tests 511 fi 512 513 ######################### 514 # Assert singular name # 515 ######################### 516 517 if kube::test::if_supports_resource "${customresourcedefinitions}" && kube::test::if_supports_resource "${pods}" ; then 518 record_command run_assert_singular_name_tests 519 fi 520 521 ######################### 522 # Ambiguous short name # 523 ######################### 524 525 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then 526 record_command run_ambiguous_shortname_tests 527 fi 528 529 ######################### 530 # Assert categories # 531 ######################### 532 533 ## test if a category is exported during discovery 534 if kube::test::if_supports_resource "${pods}" ; then 535 record_command run_assert_categories_tests 536 fi 537 538 ########################### 539 # POD creation / deletion # 540 ########################### 541 542 if kube::test::if_supports_resource "${pods}" ; then 543 record_command run_pod_tests 544 fi 545 546 if kube::test::if_supports_resource "${pods}" ; then 547 record_command run_save_config_tests 548 fi 549 550 if kube::test::if_supports_resource "${pods}" ; then 551 record_command run_kubectl_create_error_tests 552 fi 553 554 if kube::test::if_supports_resource "${pods}" ; then 555 record_command run_kubectl_apply_tests 556 record_command run_kubectl_server_side_apply_tests 557 record_command run_kubectl_run_tests 558 record_command run_kubectl_create_filter_tests 559 fi 560 561 if kube::test::if_supports_resource "${deployments}" ; then 562 record_command run_kubectl_apply_deployments_tests 563 fi 564 565 ################ 566 # Kubectl diff # 567 ################ 568 record_command run_kubectl_diff_tests 569 record_command run_kubectl_diff_same_names 570 571 ############### 572 # Kubectl get # 573 ############### 574 575 if kube::test::if_supports_resource "${pods}" ; then 576 record_command run_kubectl_get_tests 577 fi 578 579 ################ 580 # Kubectl help # 581 ################ 582 583 record_command run_kubectl_help_tests 584 585 ################## 586 # Kubectl events # 587 ################## 588 589 if kube::test::if_supports_resource "${cronjob}" ; then 590 record_command run_kubectl_events_tests 591 fi 592 593 ################ 594 # Kubectl exec # 595 ################ 596 597 if kube::test::if_supports_resource "${pods}"; then 598 record_command run_kubectl_exec_pod_tests 599 if kube::test::if_supports_resource "${replicasets}" && kube::test::if_supports_resource "${configmaps}"; then 600 record_command run_kubectl_exec_resource_name_tests 601 fi 602 fi 603 604 ###################### 605 # Create # 606 ###################### 607 if kube::test::if_supports_resource "${secrets}" ; then 608 record_command run_create_secret_tests 609 fi 610 if kube::test::if_supports_resource "${deployments}"; then 611 record_command run_kubectl_create_kustomization_directory_tests 612 record_command run_kubectl_create_validate_tests 613 fi 614 615 ###################### 616 # Convert # 617 ###################### 618 if kube::test::if_supports_resource "${deployments}"; then 619 record_command run_convert_tests 620 fi 621 622 ###################### 623 # Delete # 624 ###################### 625 if kube::test::if_supports_resource "${configmaps}" ; then 626 record_command run_kubectl_delete_allnamespaces_tests 627 fi 628 629 ###################### 630 # Delete --interactive # 631 ###################### 632 if kube::test::if_supports_resource "${configmaps}" ; then 633 record_command run_kubectl_delete_interactive_tests 634 fi 635 636 ################## 637 # Global timeout # 638 ################## 639 640 if kube::test::if_supports_resource "${pods}" ; then 641 record_command run_kubectl_request_timeout_tests 642 fi 643 644 ##################################### 645 # CustomResourceDefinitions # 646 ##################################### 647 648 # customresourcedefinitions cleanup after themselves. 649 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then 650 record_command run_crd_tests 651 fi 652 653 ##################################### 654 # Recursive Resources via directory # 655 ##################################### 656 657 if kube::test::if_supports_resource "${pods}" ; then 658 record_command run_recursive_resources_tests 659 fi 660 661 662 ############## 663 # Namespaces # 664 ############## 665 if kube::test::if_supports_resource "${namespaces}" ; then 666 record_command run_namespace_tests 667 fi 668 669 670 ########### 671 # Secrets # 672 ########### 673 if kube::test::if_supports_resource "${namespaces}" ; then 674 if kube::test::if_supports_resource "${secrets}" ; then 675 record_command run_secrets_test 676 fi 677 fi 678 679 680 ###################### 681 # ConfigMap # 682 ###################### 683 684 if kube::test::if_supports_resource "${namespaces}"; then 685 if kube::test::if_supports_resource "${configmaps}" ; then 686 record_command run_configmap_tests 687 fi 688 fi 689 690 #################### 691 # Client Config # 692 #################### 693 694 record_command run_client_config_tests 695 696 #################### 697 # Service Accounts # 698 #################### 699 700 if kube::test::if_supports_resource "${namespaces}" && kube::test::if_supports_resource "${serviceaccounts}" ; then 701 record_command run_service_accounts_tests 702 fi 703 704 #################### 705 # Job # 706 #################### 707 708 if kube::test::if_supports_resource "${job}" ; then 709 record_command run_job_tests 710 record_command run_create_job_tests 711 fi 712 713 ################# 714 # Pod templates # 715 ################# 716 717 if kube::test::if_supports_resource "${podtemplates}" ; then 718 record_command run_pod_templates_tests 719 fi 720 721 ############ 722 # Services # 723 ############ 724 725 if kube::test::if_supports_resource "${services}" ; then 726 record_command run_service_tests 727 fi 728 729 ################## 730 # DaemonSets # 731 ################## 732 733 if kube::test::if_supports_resource "${daemonsets}" ; then 734 record_command run_daemonset_tests 735 if kube::test::if_supports_resource "${controllerrevisions}"; then 736 record_command run_daemonset_history_tests 737 fi 738 fi 739 740 ########################### 741 # Replication controllers # 742 ########################### 743 744 if kube::test::if_supports_resource "${namespaces}" ; then 745 if kube::test::if_supports_resource "${replicationcontrollers}" ; then 746 record_command run_rc_tests 747 fi 748 fi 749 750 ###################### 751 # Deployments # 752 ###################### 753 754 if kube::test::if_supports_resource "${deployments}" ; then 755 record_command run_deployment_tests 756 fi 757 758 ###################### 759 # Replica Sets # 760 ###################### 761 762 if kube::test::if_supports_resource "${replicasets}" ; then 763 record_command run_rs_tests 764 fi 765 766 ################# 767 # Stateful Sets # 768 ################# 769 770 if kube::test::if_supports_resource "${statefulsets}" ; then 771 record_command run_stateful_set_tests 772 if kube::test::if_supports_resource "${controllerrevisions}"; then 773 record_command run_statefulset_history_tests 774 fi 775 fi 776 777 ###################### 778 # Lists # 779 ###################### 780 781 if kube::test::if_supports_resource "${services}" ; then 782 if kube::test::if_supports_resource "${deployments}" ; then 783 record_command run_lists_tests 784 fi 785 fi 786 787 788 ###################### 789 # Multiple Resources # 790 ###################### 791 if kube::test::if_supports_resource "${services}" ; then 792 if kube::test::if_supports_resource "${replicationcontrollers}" ; then 793 record_command run_multi_resources_tests 794 fi 795 fi 796 797 ###################### 798 # Persistent Volumes # 799 ###################### 800 801 if kube::test::if_supports_resource "${persistentvolumes}" ; then 802 record_command run_persistent_volumes_tests 803 fi 804 805 ############################ 806 # Persistent Volume Claims # 807 ############################ 808 809 if kube::test::if_supports_resource "${persistentvolumeclaims}" ; then 810 record_command run_persistent_volume_claims_tests 811 fi 812 813 ############################ 814 # Storage Classes # 815 ############################ 816 817 if kube::test::if_supports_resource "${storageclass}" ; then 818 record_command run_storage_class_tests 819 fi 820 821 ######### 822 # Nodes # 823 ######### 824 825 if kube::test::if_supports_resource "${nodes}" ; then 826 record_command run_nodes_tests 827 fi 828 829 ######################## 830 # Authentication 831 ######################## 832 833 record_command run_exec_credentials_tests 834 record_command run_exec_credentials_interactive_tests 835 836 if kube::test::if_supports_resource "${selfsubjectreviews}" ; then 837 record_command run_kubectl_auth_whoami_tests 838 fi 839 840 ######################## 841 # authorization.k8s.io # 842 ######################## 843 844 if kube::test::if_supports_resource "${subjectaccessreviews}" ; then 845 record_command run_authorization_tests 846 fi 847 848 # kubectl auth can-i 849 # kube-apiserver is started with authorization mode AlwaysAllow, so kubectl can-i always returns yes 850 if kube::test::if_supports_resource "${subjectaccessreviews}" ; then 851 output_message=$(kubectl auth can-i '*' '*' 2>&1 "${kube_flags[@]}") 852 kube::test::if_has_string "${output_message}" "yes" 853 854 output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}") 855 kube::test::if_has_string "${output_message}" "yes" 856 857 output_message=$(kubectl auth can-i get invalid_resource 2>&1 "${kube_flags[@]}") 858 kube::test::if_has_string "${output_message}" "the server doesn't have a resource type" 859 860 output_message=$(kubectl auth can-i get /logs/ 2>&1 "${kube_flags[@]}") 861 kube::test::if_has_string "${output_message}" "yes" 862 863 output_message=$(! kubectl auth can-i get /logs/ --subresource=log 2>&1 "${kube_flags[@]}") 864 kube::test::if_has_string "${output_message}" "subresource can not be used with NonResourceURL" 865 866 output_message=$(kubectl auth can-i list jobs.batch/bar -n foo --quiet 2>&1 "${kube_flags[@]}") 867 kube::test::if_empty_string "${output_message}" 868 869 output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}"; echo $?) 870 kube::test::if_has_string "${output_message}" '0' 871 872 output_message=$(kubectl auth can-i get pods --subresource=log --quiet 2>&1 "${kube_flags[@]}"; echo $?) 873 kube::test::if_has_string "${output_message}" '0' 874 875 # kubectl auth can-i get '*' does not warn about namespaced scope or print an error 876 output_message=$(kubectl auth can-i get '*' 2>&1 "${kube_flags[@]}") 877 kube::test::if_has_not_string "${output_message}" "Warning" 878 879 # kubectl auth can-i get foo does not print a namespaced warning message, and only prints a single lookup error 880 output_message=$(kubectl auth can-i get foo 2>&1 "${kube_flags[@]}") 881 kube::test::if_has_string "${output_message}" "Warning: the server doesn't have a resource type 'foo'" 882 kube::test::if_has_not_string "${output_message}" "Warning: resource 'foo' is not namespace scoped" 883 884 # kubectl auth can-i get pods does not print a namespaced warning message or a lookup error 885 output_message=$(kubectl auth can-i get pods 2>&1 "${kube_flags[@]}") 886 kube::test::if_has_not_string "${output_message}" "Warning" 887 888 # kubectl auth can-i get nodes prints a namespaced warning message 889 output_message=$(kubectl auth can-i get nodes 2>&1 "${kube_flags[@]}") 890 kube::test::if_has_string "${output_message}" "Warning: resource 'nodes' is not namespace scoped" 891 892 # kubectl auth can-i get nodes --all-namespaces does not print a namespaced warning message 893 output_message=$(kubectl auth can-i get nodes --all-namespaces 2>&1 "${kube_flags[@]}") 894 kube::test::if_has_not_string "${output_message}" "Warning: resource 'nodes' is not namespace scoped" 895 fi 896 897 # kubectl auth reconcile 898 if kube::test::if_supports_resource "${clusterroles}" ; then 899 # dry-run command 900 kubectl auth reconcile --dry-run=client "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml 901 kube::test::get_object_assert 'rolebindings -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" '' 902 kube::test::get_object_assert 'roles -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" '' 903 kube::test::get_object_assert 'clusterrolebindings -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" '' 904 kube::test::get_object_assert 'clusterroles -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" '' 905 906 # command 907 kubectl auth reconcile "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml 908 kube::test::get_object_assert 'rolebindings -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-RB:' 909 kube::test::get_object_assert 'roles -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-R:' 910 kube::test::get_object_assert 'clusterrolebindings -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-CRB:' 911 kube::test::get_object_assert 'clusterroles -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-CR:' 912 913 failure_message=$(! kubectl auth reconcile "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-v1beta1.yaml 2>&1 ) 914 kube::test::if_has_string "${failure_message}" 'only rbac.authorization.k8s.io/v1 is supported' 915 916 kubectl delete "${kube_flags[@]}" rolebindings,role,clusterroles,clusterrolebindings -n some-other-random -l test-cmd=auth 917 fi 918 919 920 921 ##################### 922 # Retrieve multiple # 923 ##################### 924 925 if kube::test::if_supports_resource "${nodes}" ; then 926 if kube::test::if_supports_resource "${services}" ; then 927 record_command run_retrieve_multiple_tests 928 fi 929 fi 930 931 932 ##################### 933 # Resource aliasing # 934 ##################### 935 936 if kube::test::if_supports_resource "${services}" ; then 937 if kube::test::if_supports_resource "${replicationcontrollers}" ; then 938 record_command run_resource_aliasing_tests 939 fi 940 fi 941 942 ########### 943 # Explain # 944 ########### 945 946 if kube::test::if_supports_resource "${pods}" ; then 947 record_command run_kubectl_explain_tests 948 fi 949 950 ############################## 951 # CRD Deletion / Re-creation # 952 ############################## 953 954 if kube::test::if_supports_resource "${namespaces}" ; then 955 record_command run_crd_deletion_recreation_tests 956 fi 957 958 ########### 959 # Swagger # 960 ########### 961 962 record_command run_swagger_tests 963 964 ##################### 965 # Kubectl --sort-by # 966 ##################### 967 968 if kube::test::if_supports_resource "${pods}" ; then 969 record_command run_kubectl_sort_by_tests 970 fi 971 972 ############################ 973 # Kubectl --all-namespaces # 974 ############################ 975 976 if kube::test::if_supports_resource "${pods}" ; then 977 if kube::test::if_supports_resource "${nodes}" ; then 978 record_command run_kubectl_all_namespace_tests 979 fi 980 fi 981 982 ############################ 983 # Kubectl deprecated APIs # 984 ############################ 985 986 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then 987 record_command run_deprecated_api_tests 988 fi 989 990 991 ###################### 992 # kubectl --template # 993 ###################### 994 995 if kube::test::if_supports_resource "${pods}" ; then 996 record_command run_template_output_tests 997 fi 998 999 ################ 1000 # Certificates # 1001 ################ 1002 1003 if kube::test::if_supports_resource "${csr}" ; then 1004 record_command run_certificates_tests 1005 fi 1006 1007 ###################### 1008 # Cluster Management # 1009 ###################### 1010 if kube::test::if_supports_resource "${nodes}" ; then 1011 record_command run_cluster_management_tests 1012 fi 1013 1014 ########### 1015 # Plugins # 1016 ########### 1017 1018 record_command run_plugins_tests 1019 1020 1021 ################# 1022 # Impersonation # 1023 ################# 1024 record_command run_impersonation_tests 1025 1026 #################### 1027 # kubectl wait # 1028 #################### 1029 1030 record_command run_wait_tests 1031 1032 #################### 1033 # kubectl debug # 1034 #################### 1035 if kube::test::if_supports_resource "${pods}" ; then 1036 record_command run_kubectl_debug_pod_tests 1037 record_command run_kubectl_debug_general_tests 1038 record_command run_kubectl_debug_baseline_tests 1039 record_command run_kubectl_debug_restricted_tests 1040 record_command run_kubectl_debug_netadmin_tests 1041 fi 1042 if kube::test::if_supports_resource "${nodes}" ; then 1043 record_command run_kubectl_debug_node_tests 1044 record_command run_kubectl_debug_general_node_tests 1045 record_command run_kubectl_debug_baseline_node_tests 1046 record_command run_kubectl_debug_restricted_node_tests 1047 record_command run_kubectl_debug_netadmin_node_tests 1048 fi 1049 1050 cleanup_tests 1051 }