Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The problem with tests here is that they use shared state - there is one big bulk of secrets created and reused for most tests. This creates issues with debugging, adding new tests, false positives etc.
Since it's not feasible to start with a clean slate for each test when using "real" Kubernetes clusters (such as kind, in this instance), I refactored all tests to use client-go's so-called fake clientset. This behaves like a proper clientset for most of the basic operations - and I could simulate RBAC issues by using
PrependReactor
, a builtin feature of this fake clientset.This means that:
(Note on test performance: tests could run in parallel and pretty much instantly, but that would require a bit of metrics refactoring [making them native Prometheus objects, not instant metrics] and I didn't want to complicate the PR any more.)
I ran these tests locally + tested all relevant CI jobs on my fork.