@@ -47,6 +47,7 @@ import (
4747 "k8s.io/apimachinery/pkg/watch"
4848 watchtools "k8s.io/client-go/tools/watch"
4949 e2e "k8s.io/kubernetes/test/e2e/framework"
50+ e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
5051)
5152
5253const certInspectResultFile = "/tmp/shared/pkiList.json"
@@ -128,7 +129,16 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
128129 // Skip metal jobs if test image pullspec cannot be determined
129130 if jobType .Platform != "metal" || err == nil {
130131 o .Expect (err ).NotTo (o .HaveOccurred ())
131- onDiskPKIContent , err = fetchOnDiskCertificates (ctx , kubeClient , oc .AdminConfig (), masters , openshiftTestImagePullSpec )
132+ readyMasters , skipped := filterReadyNodes (masters )
133+ if len (skipped ) > 0 {
134+ e2e .Logf ("Skipping on-disk cert collection for NotReady control-plane nodes: %v" , skipped )
135+ }
136+ if len (readyMasters ) == 0 {
137+ e2eskipper .Skipf ("No Ready control-plane nodes for on-disk cert collection" )
138+ }
139+
140+ onDiskPKIContent , err = fetchOnDiskCertificates (ctx , kubeClient , oc .AdminConfig (), readyMasters , openshiftTestImagePullSpec )
141+
132142 o .Expect (err ).NotTo (o .HaveOccurred ())
133143 }
134144
@@ -160,14 +170,13 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
160170 o .Expect (err ).NotTo (o .HaveOccurred ())
161171
162172 pkiDir := filepath .Join (exutil .ArtifactDirPath (), "rawTLSInfo" )
163- err = os .MkdirAll (pkiDir , 0755 )
173+ err = os .MkdirAll (pkiDir , 0o755 )
164174 o .Expect (err ).NotTo (o .HaveOccurred ())
165- err = os .WriteFile (filepath .Join (pkiDir , tlsArtifactFilename ), jsonBytes , 0644 )
175+ err = os .WriteFile (filepath .Join (pkiDir , tlsArtifactFilename ), jsonBytes , 0o644 )
166176 o .Expect (err ).NotTo (o .HaveOccurred ())
167177 })
168178
169179 g .It ("all tls artifacts must be registered" , func () {
170-
171180 violationsPKIContent , err := certs .GetPKIInfoFromEmbeddedOwnership (ownership .PKIViolations )
172181 o .Expect (err ).NotTo (o .HaveOccurred ())
173182
@@ -181,7 +190,6 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
181190
182191 _ , err := certgraphutils .LocateCertKeyPairBySecretLocation (currLocation , expectedPKIContent .CertKeyPairs )
183192 if err != nil {
184-
185193 newTLSRegistry .CertKeyPairs = append (newTLSRegistry .CertKeyPairs , certgraphapi.PKIRegistryCertKeyPair {InClusterLocation : & actualPKIContent .InClusterResourceData .CertKeyPairs [i ]})
186194 }
187195
@@ -269,11 +277,11 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
269277 if len (newTLSRegistry .CertKeyPairs ) > 0 || len (newTLSRegistry .CertificateAuthorityBundles ) > 0 {
270278 registryString , err := json .MarshalIndent (newTLSRegistry , "" , " " )
271279 if err != nil {
272- //g.Fail("Failed to marshal registry %#v: %v", newTLSRegistry, err)
280+ // g.Fail("Failed to marshal registry %#v: %v", newTLSRegistry, err)
273281 testresult .Flakef ("Failed to marshal registry %#v: %v" , newTLSRegistry , err )
274282 }
275283 // TODO: uncomment when test no longer fails and enhancement is merged
276- //g.Fail(fmt.Sprintf("Unregistered TLS certificates:\n%s", registryString))
284+ // g.Fail(fmt.Sprintf("Unregistered TLS certificates:\n%s", registryString))
277285 testresult .Flakef ("Unregistered TLS certificates found:\n %s\n See tls/ownership/README.md in origin repo" , registryString )
278286 }
279287 })
@@ -285,7 +293,7 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
285293
286294 if len (messages ) > 0 {
287295 // TODO: uncomment when test no longer fails and enhancement is merged
288- //g.Fail(strings.Join(messages, "\n"))
296+ // g.Fail(strings.Join(messages, "\n"))
289297 testresult .Flakef ("%s" , strings .Join (messages , "\n " ))
290298 }
291299 })
@@ -323,7 +331,6 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g
323331 testresult .Flakef ("Errors found: %s" , utilerrors .NewAggregate (errs ).Error ())
324332 }
325333 })
326-
327334})
328335
329336func fetchOnDiskCertificates (ctx context.Context , kubeClient kubernetes.Interface , podRESTConfig * rest.Config , nodeList []* corev1.Node , testPullSpec string ) (* certgraphapi.PKIList , error ) {
@@ -480,3 +487,21 @@ func isCertKeyPairFromIgnoredNamespace(cert certgraphapi.CertKeyPair, ignoredNam
480487 }
481488 return false
482489}
490+
491+ func filterReadyNodes (nodes []* corev1.Node ) (ready []* corev1.Node , notReady []string ) {
492+ for _ , n := range nodes {
493+ isReady := false
494+ for _ , c := range n .Status .Conditions {
495+ if c .Type == corev1 .NodeReady && c .Status == corev1 .ConditionTrue {
496+ isReady = true
497+ break
498+ }
499+ }
500+ if isReady {
501+ ready = append (ready , n )
502+ } else {
503+ notReady = append (notReady , n .Name )
504+ }
505+ }
506+ return ready , notReady
507+ }
0 commit comments