e2e/authorizer: fix priming race

kcp-dev · Jan 27, 2023 · b569732 · b569732
1 parent 3268428
commit b569732
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/test/e2e/authorizer/authorizer_test.go b/test/e2e/authorizer/authorizer_test.go
@@ -81,16 +81,16 @@ func TestAuthorizer(t *testing.T) {
 
 	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1, []string{"user-1", "user-2", "user-3"}, nil, false)
 
-	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace1"), []string{"user-1"}, nil, true)
-	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace1"), []string{"user-2"}, nil, false)
-	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace2"), []string{"user-3"}, nil, false)
-	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace2"), []string{"user-2"}, nil, true)
-
 	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org2.Join("workspace1"), []string{"user-1"}, nil, true)
 	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org2.Join("workspace1"), []string{"user-2"}, nil, false)
 	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org2.Join("workspace2"), []string{"user-3"}, nil, false)
 	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org2.Join("workspace2"), []string{"user-2"}, nil, true)
 
+	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace1"), []string{"user-1"}, nil, true)
+	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace1"), []string{"user-2"}, nil, false)
+	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace2"), []string{"user-3"}, nil, false)
+	framework.AdmitWorkspaceAccess(ctx, t, kubeClusterClient, org1.Join("workspace2"), []string{"user-2"}, nil, true) // last, to be used for priming below
+
 	user1KubeClusterClient, err := kcpkubernetesclientset.NewForConfig(framework.StaticTokenUserConfig("user-1", cfg))
 	require.NoError(t, err)
 	user1KubeDiscoveryClient, err := kcpdiscovery.NewForConfig(framework.StaticTokenUserConfig("user-1", cfg))
@@ -102,7 +102,8 @@ func TestAuthorizer(t *testing.T) {
 
 	t.Logf("Priming the authorization cache")
 	require.Eventually(t, func() bool {
-		_, err := user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
+		// test *last* of the admitted permissions
+		_, err := user2KubeClusterClient.Cluster(org1.Join("workspace2")).CoreV1().Secrets("default").List(ctx, metav1.ListOptions{})
 		return err == nil
 	}, 2*wait.ForeverTestTimeout, 100*time.Millisecond)