Updating broken test

Signed-off-by: suvaanshkumar <[email protected]>
open-cluster-management-io · Jan 8, 2025 · 76f5f99 · 76f5f99
1 parent 8fa0860
commit 76f5f99
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 41 deletions.
diff --git a/pkg/registration/register/aws_irsa/aws.go b/pkg/registration/register/aws_irsa/aws.go
@@ -3,6 +3,7 @@ package aws_irsa
 import (
 	"context"
 	"fmt"
+	"k8s.io/apimachinery/pkg/api/meta"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -38,12 +39,11 @@ func (v *v1AWSIRSAControl) isApproved(name string) (bool, error) {
 	}
 	v1Managedcluster := managedcluster.(*v1.ManagedCluster)
 	approved := false
-	for _, condition := range v1Managedcluster.Status.Conditions {
-		if condition.Type == v1.ManagedClusterConditionHubDenied {
-			return false, nil
-		} else if condition.Type == v1.ManagedClusterConditionHubAccepted {
-			approved = true
-		}
+	condition := meta.FindStatusCondition(v1Managedcluster.Status.Conditions, v1.ManagedClusterConditionHubAccepted)
+	if condition != nil {
+		approved = true
+	} else {
+		return false, nil
 	}
 	return approved, nil
 }

diff --git a/pkg/registration/register/aws_irsa/aws_test.go b/pkg/registration/register/aws_irsa/aws_test.go
@@ -1,6 +1,8 @@
 package aws_irsa
 
 import (
+	"fmt"
+	"open-cluster-management.io/ocm/test/integration/util"
 	"reflect"
 	"testing"
 
@@ -49,32 +51,36 @@ func TestBuildKubeconfig(t *testing.T) {
 		caData         []byte
 		clientCertFile string
 		clientKeyFile  string
+		AuthInfoExec   *clientcmdapi.ExecConfig
 	}{
 		{
-			name:           "without proxy",
-			server:         "https://127.0.0.1:6443",
-			caData:         []byte("fake-ca-bundle"),
-			clientCertFile: "tls.crt",
-			clientKeyFile:  "tls.key",
-		},
-		{
-			name:           "with proxy",
-			server:         "https://127.0.0.1:6443",
-			caData:         []byte("fake-ca-bundle-with-proxy-ca"),
-			proxyURL:       "https://127.0.0.1:3129",
-			clientCertFile: "tls.crt",
-			clientKeyFile:  "tls.key",
+			name:   "without proxy",
+			server: "https://127.0.0.1:6443",
+			AuthInfoExec: &clientcmdapi.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+				Command:    "aws",
+				Args: []string{
+					"--region",
+					"us-west-2",
+					"eks",
+					"get-token",
+					"--cluster-name",
+					"hub-cluster1",
+					"--output",
+					"json",
+					"--role",
+					fmt.Sprintf("arn:aws:iam::123456789012:role/ocm-hub-%s", ManagedClusterIAMRoleSuffix),
+				},
+			},
 		},
 	}
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
 			bootstrapKubeconfig := &clientcmdapi.Config{
 				Clusters: map[string]*clientcmdapi.Cluster{
 					"default-cluster": {
-						Server:                   c.server,
-						InsecureSkipTLSVerify:    false,
-						CertificateAuthorityData: c.caData,
-						ProxyURL:                 c.proxyURL,
+						Server:                c.server,
+						InsecureSkipTLSVerify: false,
 					}},
 				// Define a context that connects the auth info and cluster, and set it as the default
 				Contexts: map[string]*clientcmdapi.Context{register.DefaultKubeConfigContext: {
@@ -92,6 +98,8 @@ func TestBuildKubeconfig(t *testing.T) {
 			}
 
 			registerImpl := &AWSIRSADriver{}
+			registerImpl.hubClusterArn = util.HubClusterArn
+			registerImpl.managedClusterRoleSuffix = ManagedClusterIAMRoleSuffix
 			kubeconfig := registerImpl.BuildKubeConfigFromTemplate(bootstrapKubeconfig)
 			currentContext, ok := kubeconfig.Contexts[kubeconfig.CurrentContext]
 			if !ok {
@@ -107,26 +115,23 @@ func TestBuildKubeconfig(t *testing.T) {
 				t.Errorf("expected server %q, but got %q", c.server, cluster.Server)
 			}
 
-			if cluster.ProxyURL != c.proxyURL {
-				t.Errorf("expected proxy URL %q, but got %q", c.proxyURL, cluster.ProxyURL)
-			}
-
-			if !reflect.DeepEqual(cluster.CertificateAuthorityData, c.caData) {
-				t.Errorf("expected ca data %v, but got %v", c.caData, cluster.CertificateAuthorityData)
-			}
-
 			authInfo, ok := kubeconfig.AuthInfos[currentContext.AuthInfo]
 			if !ok {
 				t.Errorf("auth info %q not found: %v", currentContext.AuthInfo, kubeconfig)
 			}
 
-			if authInfo.ClientCertificate != c.clientCertFile {
-				t.Errorf("expected client certificate %q, but got %q", c.clientCertFile, authInfo.ClientCertificate)
+			if authInfo.Exec.APIVersion != c.AuthInfoExec.APIVersion {
+				t.Errorf("The value of api version is %s but is expected to be %s", authInfo.Exec.APIVersion, c.AuthInfoExec.APIVersion)
 			}
 
-			if authInfo.ClientKey != c.clientKeyFile {
-				t.Errorf("expected client key %q, but got %q", c.clientKeyFile, authInfo.ClientKey)
+			if authInfo.Exec.Command != c.AuthInfoExec.Command {
+				t.Errorf("Value of AuthInfo.Exec.Command is expected to be %s but got %s", authInfo.Exec.Command, c.AuthInfoExec.Command)
 			}
+
+			if !reflect.DeepEqual(authInfo.Exec.Args, c.AuthInfoExec.Args) {
+				t.Errorf("Value of AuthInfo.Exec.Args is expected to be %s but got  %s", authInfo.Exec.Args, c.AuthInfoExec.Args)
+			}
+
 		})
 	}
 }
diff --git a/pkg/registration/spoke/spokeagent.go b/pkg/registration/spoke/spokeagent.go
@@ -190,8 +190,7 @@ func (o *SpokeAgentConfig) RunSpokeAgentWithSpokeInformers(ctx context.Context,
 
 	// initiate registration driver
 	var registerDriver register.RegisterDriver
-	var registrationOption = o.registrationOption
-	if registrationOption.RegistrationAuth == AwsIrsaAuthType {
+	if o.registrationOption.RegistrationAuth == AwsIrsaAuthType {
 		registerDriver = awsIrsa.NewAWSIRSADriver(o.registrationOption.ManagedClusterArn,
 			o.registrationOption.ManagedClusterRoleSuffix,
 			o.registrationOption.HubClusterArn,

diff --git a/test/integration/registration/spokecluster_aws_joining_test.go b/test/integration/registration/spokecluster_aws_joining_test.go
@@ -80,9 +80,11 @@ var _ = ginkgo.Describe("Joining Process for aws flow", func() {
 			err = authn.ApproveSpokeClusterCSR(kubeClient, managedClusterName, time.Hour*24)
 			gomega.Expect(err).To(gomega.HaveOccurred())
 
-			// ensure that generated hub-kubeconfig-secret is correct
+			// Kubeconfig secret in integration test for AWS won't be able to connect to hub server, since it is not in the eks environment
+			// So we only  ensure that generated hub-kubeconfig-secret has a correct format
+
 			gomega.Eventually(func() error {
-				secret, err := util.GetFilledAWSHubKubeConfigSecret(kubeClient, testNamespace, hubKubeconfigSecret)
+				secret, err := util.GetHubKubeConfigFromSecret(kubeClient, testNamespace, hubKubeconfigSecret)
 				if err != nil {
 					return err
 				}

diff --git a/test/integration/util/authentication.go b/test/integration/util/authentication.go
@@ -516,7 +516,7 @@ func PrepareSpokeAgentNamespace(kubeClient kubernetes.Interface, namespace strin
 }
 
 func GetFilledHubKubeConfigSecret(kubeClient kubernetes.Interface, secretNamespace, secretName string) (*corev1.Secret, error) {
-	secret, err := GetFilledAWSHubKubeConfigSecret(kubeClient, secretNamespace, secretName)
+	secret, err := GetHubKubeConfigFromSecret(kubeClient, secretNamespace, secretName)
 	if err != nil {
 		return nil, err
 	}
@@ -530,7 +530,7 @@ func GetFilledHubKubeConfigSecret(kubeClient kubernetes.Interface, secretNamespa
 	return secret, nil
 }
 
-func GetFilledAWSHubKubeConfigSecret(kubeClient kubernetes.Interface, secretNamespace, secretName string) (*corev1.Secret, error) {
+func GetHubKubeConfigFromSecret(kubeClient kubernetes.Interface, secretNamespace, secretName string) (*corev1.Secret, error) {
 	secret, err := kubeClient.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{})
 	if err != nil {
 		return nil, err