mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-19 15:47:57 +00:00
493ad777b3
* ✨ Add e2e test for token-based authentication with template addons This test validates the token-based authentication feature for template addons introduced in PR #1363. It tests the complete authentication lifecycle including switching between token and CSR authentication modes. Test Flow: 1. Enable token-based authentication for addons on klusterlet 2. Deploy template addon and verify it uses token auth 3. Validate token field exists in hub kubeconfig secret 4. Test addon functionality with token authentication 5. Switch back to CSR-based authentication 6. Verify hub kubeconfig now uses client certificates 7. Test addon functionality with CSR authentication 8. Cleanup all resources Key Features: - Comprehensive validation of both token and CSR authentication - No manual CSR approval needed (auto-approved by system) - Works independently of klusterlet registration driver (grpc/csr) - Uses label "addon-token-auth" for selective test execution 🤖 Generated with Claude Code https://claude.com/claude-code Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * ♻️ Refactor addon token auth test to use BeforeAll/AfterAll hooks Move klusterlet configuration save/restore logic from defer in test function to BeforeAll/AfterAll hooks for better test structure and isolation. Changes: - Save original klusterlet configuration in BeforeAll before any setup - Configure token auth for klusterlet in BeforeAll - Restore original configuration in AfterAll after cleanup - Remove redundant Steps 9-12 (CSR auth switch back) - Renumber remaining steps from 1-10 - Remove unused strings import This ensures the klusterlet's original AddOnKubeClientRegistrationDriver is preserved for other tests and provides clearer separation of test setup/teardown from test logic. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> * ✅ Wait for registration agent rollout before proceeding in token auth test Add explicit wait for registration agent deployment to fully rollout after token authentication configuration is applied. This ensures all replicas are updated and ready before proceeding with the test, preventing race conditions. The wait validates: - ObservedGeneration matches current generation - All replicas are updated with new configuration - All replicas are ready and available 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * ✨ Add deployment generation check to ensure token auth rollout Capture the registration agent deployment generation before updating the klusterlet configuration, then wait for it to increment after the update. This ensures the test waits for the actual new deployment with token auth configuration, not an old one with CSR-based auth. Changes: - Capture initial deployment generation before klusterlet update - Calculate deployment name once based on Singleton vs Default mode - Wait for deployment generation to increment after config change - Verify deployment has fully rolled out with all pods updated and ready This prevents race conditions where the test proceeds while old pods with the previous CSR-based configuration are still running, which was likely causing CI failures. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> * ✨ Add support for hosted mode in addon token auth test This commit adds proper support for hosted mode deployment in the addon token authentication e2e test. In hosted mode, the agent deployments run on the hub cluster instead of the spoke cluster, and the agent namespace is named after the klusterlet name rather than using a fixed namespace. Key changes: - Check for both InstallModeHosted and InstallModeSingletonHosted modes - Use hub.KubeClient instead of spoke.KubeClient in hosted mode - Use klusterlet.Name as agentNamespace in hosted mode - Support InstallModeSingletonHosted for deployment naming This ensures the test works correctly in all deployment modes: Default, Singleton, Hosted, and SingletonHosted. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> --------- Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>