From 051d6a5f735eed2ad4e516dafda639ee7d1161f1 Mon Sep 17 00:00:00 2001 From: Frank Budinsky Date: Mon, 1 Apr 2024 13:15:05 -0400 Subject: [PATCH] Fix authz-ingress test flake (#14812) --- .../security/authorization/authz-ingress/index.md | 5 +++++ .../security/authorization/authz-ingress/snips.sh | 11 +++++++---- .../security/authorization/authz-ingress/test.sh | 7 ++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/index.md b/content/en/docs/tasks/security/authorization/authz-ingress/index.md index 67a128838d..305f4bb41a 100644 --- a/content/en/docs/tasks/security/authorization/authz-ingress/index.md +++ b/content/en/docs/tasks/security/authorization/authz-ingress/index.md @@ -57,6 +57,11 @@ Create the gateway: {{< text bash >}} $ kubectl apply -f @samples/httpbin/gateway-api/httpbin-gateway.yaml@ -n foo +{{< /text >}} + +Wait for the gateway to be ready: + +{{< text bash >}} $ kubectl wait --for=condition=programmed gtw -n foo httpbin-gateway {{< /text >}} diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh b/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh index 8064117111..a64579e5c9 100644 --- a/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh +++ b/content/en/docs/tasks/security/authorization/authz-ingress/snips.sh @@ -37,23 +37,26 @@ kubectl get pods -n istio-system -o name -l istio=ingressgateway | sed 's|pod/|| snip_before_you_begin_4() { kubectl apply -f samples/httpbin/gateway-api/httpbin-gateway.yaml -n foo -kubectl wait --for=condition=programmed gtw -n foo httpbin-gateway } snip_before_you_begin_5() { -kubectl get pods -n foo -o name -l gateway.networking.k8s.io/gateway-name=httpbin-gateway | sed 's|pod/||' | while read -r pod; do istioctl proxy-config log "$pod" -n foo --level rbac:debug; done +kubectl wait --for=condition=programmed gtw -n foo httpbin-gateway } snip_before_you_begin_6() { +kubectl get pods -n foo -o name -l gateway.networking.k8s.io/gateway-name=httpbin-gateway | sed 's|pod/||' | while read -r pod; do istioctl proxy-config log "$pod" -n foo --level rbac:debug; done +} + +snip_before_you_begin_7() { export INGRESS_HOST=$(kubectl get gtw httpbin-gateway -n foo -o jsonpath='{.status.addresses[0].value}') export INGRESS_PORT=$(kubectl get gtw httpbin-gateway -n foo -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') } -snip_before_you_begin_7() { +snip_before_you_begin_8() { curl "$INGRESS_HOST:$INGRESS_PORT"/headers -s -o /dev/null -w "%{http_code}\n" } -! IFS=$'\n' read -r -d '' snip_before_you_begin_7_out <<\ENDSNIP +! IFS=$'\n' read -r -d '' snip_before_you_begin_8_out <<\ENDSNIP 200 ENDSNIP diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/test.sh b/content/en/docs/tasks/security/authorization/authz-ingress/test.sh index f07e0d5183..12887648d8 100644 --- a/content/en/docs/tasks/security/authorization/authz-ingress/test.sh +++ b/content/en/docs/tasks/security/authorization/authz-ingress/test.sh @@ -34,8 +34,9 @@ _wait_for_deployment foo httpbin if [ "$GATEWAY_API" == "true" ]; then snip_before_you_begin_4 - _verify_contains snip_before_you_begin_5 "rbac: debug" - snip_before_you_begin_6 + kubectl wait --for=condition=programmed gtw -n foo httpbin-gateway --timeout=90s + _verify_contains snip_before_you_begin_6 "rbac: debug" + snip_before_you_begin_7 else snip_before_you_begin_2 _verify_contains snip_before_you_begin_3 "rbac: debug" @@ -44,7 +45,7 @@ else _set_ingress_environment_variables fi -_verify_same snip_before_you_begin_7 "$snip_before_you_begin_7_out" +_verify_same snip_before_you_begin_8 "$snip_before_you_begin_8_out" if [ "$GATEWAY_API" == "true" ]; then snip_network_load_balancer_2