diff --git a/Makefile b/Makefile index ccc19ca996..c3d3c6de70 100644 --- a/Makefile +++ b/Makefile @@ -272,11 +272,15 @@ binary-e2e-tools: generate-source ## Build tools e2e test binary. binary-e2e-must-gather: generate-source ## Build must-gather e2e test binary. go test -c -v -o bin/e2e-nrop-must-gather.test ./test/e2e/must-gather +.PHONY: binary-e2e-tls +binary-e2e-tls: generate-source ## Build TLS e2e test binary. + go test -c -v -o bin/e2e-nrop-tls.test ./test/e2e/tls + # backward compatibility binary-must-gather-e2e: binary-e2e-must-gather .PHONY: binary-e2e-all -binary-e2e-all: goversion binary-e2e-install binary-e2e-upgrade binary-e2e-rte binary-e2e-sched binary-e2e-uninstall binary-e2e-serial binary-e2e-tools binary-e2e-must-gather runner-e2e-serial build-pause introspect-data ## Build all e2e test binaries. +binary-e2e-all: goversion binary-e2e-install binary-e2e-upgrade binary-e2e-rte binary-e2e-sched binary-e2e-uninstall binary-e2e-serial binary-e2e-tools binary-e2e-must-gather binary-e2e-tls runner-e2e-serial build-pause introspect-data ## Build all e2e test binaries. .PHONY: runner-e2e-serial runner-e2e-serial: bin/envsubst ## Render and validate the serial e2e runner script. @@ -327,6 +331,9 @@ build-e2e-all: generate-source fmt vet binary-e2e-all ## Build all e2e tests. .PHONY: build-e2e-must-gather build-e2e-must-gather: fmt vet binary-e2e-must-gather ## Build must-gather e2e tests. +.PHONY: build-e2e-tls +build-e2e-tls: fmt vet binary-e2e-tls ## Build TLS e2e tests. + # backward compatibility build-must-gather-e2e: build-e2e-must-gather diff --git a/hack/run-test-e2e.sh b/hack/run-test-e2e.sh index 71b014bd37..e9d0b52587 100755 --- a/hack/run-test-e2e.sh +++ b/hack/run-test-e2e.sh @@ -43,6 +43,11 @@ if [ "$ENABLE_SCHED_TESTS" = true ]; then echo "Running NROScheduler install test suite" ${BIN_DIR}/e2e-nrop-sched-install.test ${NO_COLOR} --ginkgo.v --ginkgo.timeout=5h --ginkgo.fail-fast --ginkgo.junit-report=${REPORT_DIR}/sched-install.xml + # TLS suite needs the scheduler deployed (above). It skips on clusters without + # config.openshift.io/v1 APIServer (e.g. kind in GitHub Actions). + echo "Running TLS e2e suite" + ${BIN_DIR}/e2e-nrop-tls.test ${NO_COLOR} --ginkgo.v --ginkgo.timeout=1h --ginkgo.fail-fast --ginkgo.junit-report=${REPORT_DIR}/e2e-tls.xml + echo "Running Functional Tests: ${GINKGO_SUITS}" # -v: print out the text and location for each spec before running it and flush output to stdout in realtime # -timeout: exit the suite after the specified time diff --git a/test/e2e/tls/tls_suite_test.go b/test/e2e/tls/tls_suite_test.go index 9ba14f59c0..8d77eb9497 100644 --- a/test/e2e/tls/tls_suite_test.go +++ b/test/e2e/tls/tls_suite_test.go @@ -17,10 +17,18 @@ package tls import ( + "context" "testing" + configv1 "github.com/openshift/api/config/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/api/meta" + "sigs.k8s.io/controller-runtime/pkg/client" + e2eclient "github.com/openshift-kni/numaresources-operator/test/internal/clients" + ctrltls "github.com/openshift/controller-runtime-common/pkg/tls" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) @@ -33,4 +41,17 @@ func TestTLS(t *testing.T) { var _ = BeforeSuite(func() { By("Creating all test resources") Expect(e2eclient.ClientsEnabled).To(BeTrue(), "failed to create runtime-controller client") + + // TLS specs compare the secondary scheduler to the cluster TLS profile from + // config.openshift.io/v1 APIServer. Vanilla Kubernetes (e.g. kind in GitHub + // Actions) has no such API; skip the whole suite instead of failing. + ctx := context.Background() + apiServer := &configv1.APIServer{} + err := e2eclient.Client.Get(ctx, client.ObjectKey{Name: ctrltls.APIServerName}, apiServer) + if err != nil { + if apierrors.IsNotFound(err) || meta.IsNoMatchError(err) { + Skip("TLS suite requires OpenShift APIServer TLS profile (config.openshift.io/v1); not available on this cluster") + } + Expect(err).NotTo(HaveOccurred()) + } })