test/extended/cli/mustgather: Separate gather_audit_logs test

[1] is removing these from the default gather, because they're mostly useful for internal debugging, less useful in end-user bug reports, and can run to hundreds of megabytes. But we still want to ensure that they work as expected when they are explicitly requested. This commit pulls the audit-log checks out of the test-case for the generic invocation. And it adds a new test case with those checks after an explict gather_audit_logs request. The annotation change was generated with: $ hack/verify-generated-bindata.sh [1]: openshift/must-gather#143
openshift · Apr 16, 2020 · e86b60e · e86b60e
1 parent 4d0922f
commit e86b60e
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 57 deletions.
diff --git a/test/extended/cli/mustgather.go b/test/extended/cli/mustgather.go
@@ -30,56 +30,21 @@ var _ = g.Describe("[sig-cli] oc adm must-gather", func() {
 	defer g.GinkgoRecover()
 	oc := exutil.NewCLI("oc-adm-must-gather").AsAdmin()
 	g.It("runs successfully", func() {
-		// makes some tokens that should not show in the audit logs
-		const tokenName = "must-gather-audit-logs-token-plus-some-padding-here-to-make-the-limit"
-		oauthClient := oauthv1client.NewForConfigOrDie(oc.AdminConfig())
-		_, err1 := oauthClient.OAuthAccessTokens().Create(context.Background(), &oauthv1.OAuthAccessToken{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: tokenName,
-			},
-			ClientName:  "openshift-challenging-client",
-			ExpiresIn:   30,
-			Scopes:      []string{"user:info"},
-			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
-			UserName:    "a",
-			UserUID:     "1",
-		}, metav1.CreateOptions{})
-		o.Expect(err1).ToNot(o.HaveOccurred())
-		_, err2 := oauthClient.OAuthAuthorizeTokens().Create(context.Background(), &oauthv1.OAuthAuthorizeToken{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: tokenName,
-			},
-			ClientName:  "openshift-challenging-client",
-			ExpiresIn:   30,
-			Scopes:      []string{"user:info"},
-			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
-			UserName:    "a",
-			UserUID:     "1",
-		}, metav1.CreateOptions{})
-		o.Expect(err2).ToNot(o.HaveOccurred())
-		// let audit log writes occurs to disk (best effort, should be enough to make the test fail most of the time)
-		time.Sleep(10 * time.Second)
-
 		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
 		o.Expect(err).ToNot(o.HaveOccurred())
 		defer os.RemoveAll(tempDir)
 		o.Expect(oc.Run("adm", "must-gather").Args("--dest-dir", tempDir).Execute()).To(o.Succeed())
 
 		pluginOutputDir := getPluginOutputDir(oc, tempDir)
 
-		auditDirectories := [][]string{
-			{pluginOutputDir, "audit_logs", "kube-apiserver"},
-			{pluginOutputDir, "audit_logs", "openshift-apiserver"},
-		}
-
-		expectedDirectories := append([][]string{
+		expectedDirectories := [][]string{
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io"},
 			{pluginOutputDir, "cluster-scoped-resources", "operator.openshift.io"},
 			{pluginOutputDir, "cluster-scoped-resources", "core"},
 			{pluginOutputDir, "cluster-scoped-resources", "apiregistration.k8s.io"},
 			{pluginOutputDir, "namespaces", "openshift"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver-operator"},
-		}, auditDirectories...)
+		}
 
 		expectedFiles := [][]string{
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io", "apiservers.yaml"},
@@ -99,8 +64,6 @@ var _ = g.Describe("[sig-cli] oc adm must-gather", func() {
 			{pluginOutputDir, "cluster-scoped-resources", "config.openshift.io", "schedulers.yaml"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver", "core", "configmaps.yaml"},
 			{pluginOutputDir, "namespaces", "openshift-kube-apiserver", "core", "secrets.yaml"},
-			{pluginOutputDir, "audit_logs", "kube-apiserver.audit_logs_listing"},
-			{pluginOutputDir, "audit_logs", "openshift-apiserver.audit_logs_listing"},
 			{pluginOutputDir, "host_service_logs", "masters", "crio_service.log"},
 			{pluginOutputDir, "host_service_logs", "masters", "kubelet_service.log"},
 		}
@@ -122,9 +85,85 @@ var _ = g.Describe("[sig-cli] oc adm must-gather", func() {
 		if len(emptyFiles) > 0 {
 			o.Expect(fmt.Errorf("expected files should not be empty: %s", strings.Join(emptyFiles, ","))).NotTo(o.HaveOccurred())
 		}
+	})
+
+	g.It("runs successfully with options", func() {
+		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
+		o.Expect(err).ToNot(o.HaveOccurred())
+		defer os.RemoveAll(tempDir)
+		args := []string{
+			"--dest-dir", tempDir,
+			"--source-dir", "/artifacts",
+			"--",
+			"/bin/bash", "-c",
+			"ls -l > /artifacts/ls.log",
+		}
+		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
+		expectedFilePath := path.Join(getPluginOutputDir(oc, tempDir), "ls.log")
+		o.Expect(expectedFilePath).To(o.BeAnExistingFile())
+		stat, err := os.Stat(expectedFilePath)
+		o.Expect(err).ToNot(o.HaveOccurred())
+		o.Expect(stat.Size()).To(o.BeNumerically(">", 0))
+	})
+
+	g.It("runs successfully for audit logs", func() {
+		// makes some tokens that should not show in the audit logs
+		const tokenName = "must-gather-audit-logs-token-plus-some-padding-here-to-make-the-limit"
+		oauthClient := oauthv1client.NewForConfigOrDie(oc.AdminConfig())
+		_, err1 := oauthClient.OAuthAccessTokens().Create(context.Background(), &oauthv1.OAuthAccessToken{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: tokenName,
+			},
+			ClientName:  "openshift-challenging-client",
+			ExpiresIn:   30,
+			Scopes:      []string{"user:info"},
+			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
+			UserName:    "a",
+			UserUID:     "1",
+		}, metav1.CreateOptions{})
+		o.Expect(err1).ToNot(o.HaveOccurred())
+		_, err2 := oauthClient.OAuthAuthorizeTokens().Create(context.Background(), &oauthv1.OAuthAuthorizeToken{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: tokenName,
+			},
+			ClientName:  "openshift-challenging-client",
+			ExpiresIn:   30,
+			Scopes:      []string{"user:info"},
+			RedirectURI: "https://127.0.0.1:12000/oauth/token/implicit",
+			UserName:    "a",
+			UserUID:     "1",
+		}, metav1.CreateOptions{})
+		o.Expect(err2).ToNot(o.HaveOccurred())
+
+		// let audit log writes occurs to disk (best effort, should be enough to make the test fail most of the time)
+		time.Sleep(10 * time.Second)
+
+		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
+		o.Expect(err).ToNot(o.HaveOccurred())
+		defer os.RemoveAll(tempDir)
+
+		args := []string{
+			"--dest-dir", tempDir,
+			"--",
+			"/usr/bin/gather_audit_logs",
+		}
+
+		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
+
+		pluginOutputDir := getPluginOutputDir(oc, tempDir)
+
+		expectedDirectories := [][]string{
+			{pluginOutputDir, "audit_logs", "kube-apiserver"},
+			{pluginOutputDir, "audit_logs", "openshift-apiserver"},
+		}
+
+		expectedFiles := [][]string{
+			{pluginOutputDir, "audit_logs", "kube-apiserver.audit_logs_listing"},
+			{pluginOutputDir, "audit_logs", "openshift-apiserver.audit_logs_listing"},
+		}
 
 		// make sure we do not log OAuth tokens
-		for _, auditDirectory := range auditDirectories {
+		for _, auditDirectory := range expectedDirectories {
 			eventsChecked := 0
 			err := filepath.Walk(path.Join(auditDirectory...), func(path string, info os.FileInfo, err error) error {
 				g.By(path)
@@ -164,25 +203,20 @@ var _ = g.Describe("[sig-cli] oc adm must-gather", func() {
 			o.Expect(err).ToNot(o.HaveOccurred())
 			o.Expect(eventsChecked).To(o.BeNumerically(">", 10000))
 		}
-	})
 
-	g.It("runs successfully with options", func() {
-		tempDir, err := ioutil.TempDir("", "test.oc-adm-must-gather.")
-		o.Expect(err).ToNot(o.HaveOccurred())
-		defer os.RemoveAll(tempDir)
-		args := []string{
-			"--dest-dir", tempDir,
-			"--source-dir", "/artifacts",
-			"--",
-			"/bin/bash", "-c",
-			"ls -l > /artifacts/ls.log",
+		emptyFiles := []string{}
+		for _, expectedFile := range expectedFiles {
+			expectedFilePath := path.Join(expectedFile...)
+			o.Expect(expectedFilePath).To(o.BeAnExistingFile())
+			stat, err := os.Stat(expectedFilePath)
+			o.Expect(err).ToNot(o.HaveOccurred())
+			if size := stat.Size(); size < 50 {
+				emptyFiles = append(emptyFiles, expectedFilePath)
+			}
+		}
+		if len(emptyFiles) > 0 {
+			o.Expect(fmt.Errorf("expected files should not be empty: %s", strings.Join(emptyFiles, ","))).NotTo(o.HaveOccurred())
 		}
-		o.Expect(oc.Run("adm", "must-gather").Args(args...).Execute()).To(o.Succeed())
-		expectedFilePath := path.Join(getPluginOutputDir(oc, tempDir), "ls.log")
-		o.Expect(expectedFilePath).To(o.BeAnExistingFile())
-		stat, err := os.Stat(expectedFilePath)
-		o.Expect(err).ToNot(o.HaveOccurred())
-		o.Expect(stat.Size()).To(o.BeNumerically(">", 0))
 	})
 })
 

diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go