From b04ae898cad2240866fcb597c9d996bcbc86b8b9 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 19 Dec 2025 13:57:12 -0800 Subject: [PATCH] update integration test expectations for k8s 1.35 libs --- .../concierge_impersonation_proxy_test.go | 27 ++++++------------- .../supervisor_oidcclientsecret_test.go | 2 +- 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index 004d18541..a4abb9e61 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -777,26 +777,15 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl }) _, errUID := testlib.NewKubeclient(t, nestedImpersonationUIDOnly).Kubernetes.CoreV1().Secrets("foo").Get(ctx, "bar", metav1.GetOptions{}) - msg := `Internal Server Error: "/api/v1/namespaces/foo/secrets/bar": requested [{UID some-awesome-uid authentication.k8s.io/v1 }] without impersonating a user` - full := fmt.Sprintf(`an error on the server (%q) has prevented the request from succeeding (get secrets bar)`, msg) - require.EqualError(t, errUID, full) - require.True(t, apierrors.IsInternalError(errUID), errUID) + msg := `requested [{UID some-awesome-uid authentication.k8s.io/v1 }] without impersonating a user` + require.EqualError(t, errUID, msg) + require.True(t, apierrors.IsBadRequest(errUID), errUID) // starting in k8s 1.35 libs, this was changed from internal error to bad request require.Equal(t, &apierrors.StatusError{ ErrStatus: metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusInternalServerError, - Reason: metav1.StatusReasonInternalError, - Details: &metav1.StatusDetails{ - Name: "bar", - Kind: "secrets", - Causes: []metav1.StatusCause{ - { - Type: metav1.CauseTypeUnexpectedServerResponse, - Message: msg, - }, - }, - }, - Message: full, + Status: metav1.StatusFailure, + Code: http.StatusBadRequest, + Reason: metav1.StatusReasonBadRequest, + Message: msg, }, }, errUID) @@ -1408,7 +1397,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl whoami, errWho := impersonationProxyAdminRestClientAsAnonymous.Post().Body([]byte(`{}`)).AbsPath("/apis/identity.concierge." + env.APIGroupSuffix + "/v1alpha1/whoamirequests").DoRaw(ctx) require.NoError(t, errWho, testlib.Sdump(errWho)) - require.True(t, strings.HasPrefix(string(whoami), `{"kind":"WhoAmIRequest","apiVersion":"identity.concierge.`+env.APIGroupSuffix+`/v1alpha1","metadata":{"creationTimestamp":null},"spec":{},"status":{"kubernetesUserInfo":{"user":{"username":"system:anonymous","groups":["system:unauthenticated"],"extra":{"original-user-info.impersonation-proxy.concierge.pinniped.dev":["{\"username\":`), string(whoami)) + require.True(t, strings.HasPrefix(string(whoami), `{"kind":"WhoAmIRequest","apiVersion":"identity.concierge.`+env.APIGroupSuffix+`/v1alpha1","metadata":{},"spec":{},"status":{"kubernetesUserInfo":{"user":{"username":"system:anonymous","groups":["system:unauthenticated"],"extra":{"original-user-info.impersonation-proxy.concierge.pinniped.dev":["{\"username\":`), string(whoami)) healthz, errHealth := impersonationProxyAdminRestClientAsAnonymous.Get().AbsPath("/healthz").DoRaw(ctx) require.NoError(t, errHealth, testlib.Sdump(errHealth)) diff --git a/test/integration/supervisor_oidcclientsecret_test.go b/test/integration/supervisor_oidcclientsecret_test.go index 47f22a39e..610a8b12a 100644 --- a/test/integration/supervisor_oidcclientsecret_test.go +++ b/test/integration/supervisor_oidcclientsecret_test.go @@ -261,7 +261,7 @@ func TestKubectlOIDCClientSecretRequest_Parallel(t *testing.T) { if tt.wantErr != "" { require.EqualError(t, err, tt.wantErr) } else { - require.NoError(t, err) + require.NoError(t, err, "got stdout:\n%s\ngot stderr:\n%s", stdOut.String(), stdErr.String()) } tt.assertOnStdOut(t, oidcClient.Name, stdOut.String())