test/extended/cli/mustgather: Separate gather_audit_logs test

[1] is removing these from the default gather, because they're mostly
useful for internal debugging, less useful in end-user bug reports,
and can run to hundreds of megabytes.  But we still want to ensure
that they work as expected when they are explicitly requested.  This
commit pulls the audit-log checks out of the test-case for the generic
invocation.  And it adds a new test case with those checks after an
explict gather_audit_logs request.

[1]: openshift/must-gather#143

test/extended/cli/mustgather.go

@@ -29,56 +29,21 @@ var _ = g.Describe("[cli] oc adm must-gather", func() {
 	defer g.GinkgoRecover()
 	oc := util.NewCLI("oc-adm-must-gather", util.KubeConfigPath()).AsAdmin()
 	g.It("runs successfully", func() {
-		// makes some tokens that should not show in the audit logs
-		const tokenName = "must-gather-audit-logs-token-plus-some-padding-here-to-make-the-limit"
-		oauthClient := oauthv1client.NewForConfigOrDie(oc.AdminConfig())
-		_, err1 := oauthClient.OAuthAccessTokens().Create(&oauthv1.OAuthAccessToken{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: tokenName,
-			},
-			ClientName:  "openshift-challenging-client",
-			ExpiresIn:   30,
-			Scopes:      []string{"user:info"},
-			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
-			UserName:    "a",
-			UserUID:     "1",
-		})
-		o.Expect(err1).ToNot(o.HaveOccurred())
-		_, err2 := oauthClient.OAuthAuthorizeTokens().Create(&oauthv1.OAuthAuthorizeToken{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: tokenName,
-			},
-			ClientName:  "openshift-challenging-client",
-			ExpiresIn:   30,
-			Scopes:      []string{"user:info"},
-			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
-			UserName:    "a",
-			UserUID:     "1",
-		})
-		o.Expect(err2).ToNot(o.HaveOccurred())
-		// let audit log writes occurs to disk (best effort, should be enough to make the test fail most of the time)
-		time.Sleep(10 * time.Second)
-
 		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
 		o.Expect(err).ToNot(o.HaveOccurred())
 		defer os.RemoveAll(tempDir)
 		o.Expect(oc.Run("adm", "must-gather").Args("--dest-dir", tempDir).Execute()).To(o.Succeed())
 
 		pluginOutputDir := getPluginOutputDir(oc, tempDir)
 
-		auditDirectories := [][]string{
-			{pluginOutputDir, "audit_logs", "kube-apiserver"},
-			{pluginOutputDir, "audit_logs", "openshift-apiserver"},
-		}
-
-		expectedDirectories := append([][]string{
+		expectedDirectories := [][]string{
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io"},
 			{pluginOutputDir, "cluster-scoped-resources", "operator.openshift.io"},
 			{pluginOutputDir, "cluster-scoped-resources", "core"},
 			{pluginOutputDir, "cluster-scoped-resources", "apiregistration.k8s.io"},
 			{pluginOutputDir, "namespaces", "openshift"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver-operator"},
-		}, auditDirectories...)
+		}
 
 		expectedFiles := [][]string{
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io", "apiservers.yaml"},
@@ -98,8 +63,6 @@ var _ = g.Describe("[cli] oc adm must-gather", func() {
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io", "schedulers.yaml"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver", "core", "configmaps.yaml"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver", "core", "secrets.yaml"},
-			{pluginOutputDir, "audit_logs", "kube-apiserver.audit_logs_listing"},
-			{pluginOutputDir, "audit_logs", "openshift-apiserver.audit_logs_listing"},
 			{pluginOutputDir, "host_service_logs", "masters", "crio_service.log"},
 			{pluginOutputDir, "host_service_logs", "masters", "kubelet_service.log"},
 		}
@@ -121,9 +84,85 @@ var _ = g.Describe("[cli] oc adm must-gather", func() {
 		if len(emptyFiles) > 0 {
 			o.Expect(fmt.Errorf("expected files should not be empty: %s", strings.Join(emptyFiles, ","))).NotTo(o.HaveOccurred())
 		}
+	})
+
+	g.It("runs successfully with options", func() {
+		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
+		o.Expect(err).ToNot(o.HaveOccurred())
+		defer os.RemoveAll(tempDir)
+		args := []string{
+			"--dest-dir", tempDir,
+			"--source-dir", "/artifacts",
+			"--",
+			"/bin/bash", "-c",
+			"ls -l > /artifacts/ls.log",
+		}
+		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
+		expectedFilePath := path.Join(getPluginOutputDir(oc, tempDir), "ls.log")
+		o.Expect(expectedFilePath).To(o.BeAnExistingFile())
+		stat, err := os.Stat(expectedFilePath)
+		o.Expect(err).ToNot(o.HaveOccurred())
+		o.Expect(stat.Size()).To(o.BeNumerically(">", 0))
+	})
+
+	g.It("runs successfully for audit logs", func() {
+		// makes some tokens that should not show in the audit logs
+		const tokenName = "must-gather-audit-logs-token-plus-some-padding-here-to-make-the-limit"
+		oauthClient := oauthv1client.NewForConfigOrDie(oc.AdminConfig())
+		_, err1 := oauthClient.OAuthAccessTokens().Create(&oauthv1.OAuthAccessToken{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: tokenName,
+			},
+			ClientName:  "openshift-challenging-client",
+			ExpiresIn:   30,
+			Scopes:      []string{"user:info"},
+			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
+			UserName:    "a",
+			UserUID:     "1",
+		})
+		o.Expect(err1).ToNot(o.HaveOccurred())
+		_, err2 := oauthClient.OAuthAuthorizeTokens().Create(&oauthv1.OAuthAuthorizeToken{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: tokenName,
+			},
+			ClientName:  "openshift-challenging-client",
+			ExpiresIn:   30,
+			Scopes:      []string{"user:info"},
+			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
+			UserName:    "a",
+			UserUID:     "1",
+		})
+		o.Expect(err2).ToNot(o.HaveOccurred())
+
+		// let audit log writes occurs to disk (best effort, should be enough to make the test fail most of the time)
+		time.Sleep(10 * time.Second)
+
+		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
+		o.Expect(err).ToNot(o.HaveOccurred())
+		defer os.RemoveAll(tempDir)
+
+		args := []string{
+			"--dest-dir", tempDir,
+			"--",
+			"/usr/bin/gather_audit_logs",
+		}
+
+		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
+
+		pluginOutputDir := getPluginOutputDir(oc, tempDir)
+
+		expectedDirectories := [][]string{
+			{pluginOutputDir, "audit_logs", "kube-apiserver"},
+			{pluginOutputDir, "audit_logs", "openshift-apiserver"},
+		}
+
+		expectedFiles := [][]string{
+			{pluginOutputDir, "audit_logs", "kube-apiserver.audit_logs_listing"},
+			{pluginOutputDir, "audit_logs", "openshift-apiserver.audit_logs_listing"},
+		}
 
 		// make sure we do not log OAuth tokens
-		for _, auditDirectory := range auditDirectories {
+		for _, auditDirectory := range expectedDirectories {
 			eventsChecked := 0
 			err := filepath.Walk(path.Join(auditDirectory...), func(path string, info os.FileInfo, err error) error {
 				g.By(path)
@@ -163,26 +202,20 @@ var _ = g.Describe("[cli] oc adm must-gather", func() {
 			o.Expect(err).ToNot(o.HaveOccurred())
 			o.Expect(eventsChecked).To(o.BeNumerically(">", 10000))
 		}
-	})
 
-	g.It("runs successfully with options", func() {
-		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
-		o.Expect(err).ToNot(o.HaveOccurred())
-		defer os.RemoveAll(tempDir)
-		args := []string{
-			"--dest-dir", tempDir,
-			"--source-dir", "/artifacts",
-			"--",
-			"/bin/bash", "-c",
-			"ls -l > /artifacts/ls.log",
+		emptyFiles := []string{}
+		for _, expectedFile := range expectedFiles {
+			expectedFilePath := path.Join(expectedFile...)
+			o.Expect(expectedFilePath).To(o.BeAnExistingFile())
+			stat, err := os.Stat(expectedFilePath)
+			o.Expect(err).ToNot(o.HaveOccurred())
+			if size := stat.Size(); size < 50 {
+				emptyFiles = append(emptyFiles, expectedFilePath)
+			}
+		}
+		if len(emptyFiles) > 0 {
+			o.Expect(fmt.Errorf("expected files should not be empty: %s", strings.Join(emptyFiles, ","))).NotTo(o.HaveOccurred())
 		}
-		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
-		expectedFilePath := path.Join(getPluginOutputDir(oc, tempDir), "ls.log")
-		o.Expect(expectedFilePath).To(o.BeAnExistingFile())
-		stat, err := os.Stat(expectedFilePath)
-		o.Expect(err).ToNot(o.HaveOccurred())
-		o.Expect(stat.Size()).To(o.BeNumerically(">", 0))
-	})
 })
 
 func getPluginOutputDir(oc *util.CLI, tempDir string) string {