mdedetrich commented on code in PR #546:
URL: https://github.com/apache/pekko-management/pull/546#discussion_r2537788857
##########
lease-kubernetes/src/test/scala/org/apache/pekko/coordination/lease/kubernetes/KubernetesApiSpec.scala:
##########
@@ -269,6 +275,87 @@ class KubernetesApiSpec
underTest.removeLease(lease).failed.futureValue.getMessage shouldEqual
s"Timed out removing lease [$lease]. It is not known if the remove
happened. Is the API server up?"
}
- }
+ "not cache token so it can be rotated" in {
+ val path = File.createTempFile("kubernetes-api-spec", null)
+ path.deleteOnExit()
+
+ val newSettings = new KubernetesSettings(
+ "",
+ path.getAbsolutePath,
+ "localhost",
+ wireMockServer.port(),
+ namespace = Some("lease"),
+ "",
+ apiServerRequestTimeout = 1.second,
+ secure = false)
+
+ val tokenTest = new KubernetesApiImpl(system, newSettings)
+
+ val firstTokenValue = "first"
+ val secondTokenValue = "second"
+
+ Files.write(path.toPath, firstTokenValue.getBytes)
+ tokenTest.apiToken().futureValue shouldEqual firstTokenValue
+ Files.write(path.toPath, secondTokenValue.getBytes)
+ tokenTest.apiToken().futureValue shouldEqual secondTokenValue
+ }
+
+ "retry on 401 to handle token timeout" in {
+ val newSettings = new KubernetesSettings(
+ "",
+ "",
+ "localhost",
+ wireMockServer.port(),
+ namespace = Some("lease"),
+ "",
+ apiServerRequestTimeout = 1.second,
+ secure = false)
+
+ val toFail = new AtomicBoolean(true)
+ val retryUnauthorized = new KubernetesApiImpl(system, newSettings) {
+ // avoid touching slow CI filesystem
+ override protected def readConfigVarFromFilesystem(path: String, name:
String): Future[Option[String]] =
+ Future.successful(None)
+
+ override def makeRawRequest(request: HttpRequest):
Future[HttpResponse] =
+ if (toFail.getAndSet(false))
+ Future.successful(HttpResponse(
+ StatusCodes.Unauthorized
+ ))
+ else
+ Future.successful(HttpResponse(
+ StatusCodes.NotFound
+ ))
+ }
+
+ retryUnauthorized.getLeaseResource("").futureValue shouldEqual None
+ }
+
+ "eventually return unauthorized LeaseException when token rotation is not
happening" in {
+ val newSettings = new KubernetesSettings(
+ "",
+ "",
+ "localhost",
+ wireMockServer.port(),
+ namespace = Some("lease"),
+ "",
+ apiServerRequestTimeout = 1.second,
+ secure = false)
+
+ val retryUnauthorized = new KubernetesApiImpl(system, newSettings) {
+ // avoid touching slow CI filesystem
+ override protected def readConfigVarFromFilesystem(path: String, name:
String): Future[Option[String]] =
+ Future.successful(None)
+
+ override def makeRawRequest(request: HttpRequest):
Future[HttpResponse] =
+ Future.successful(HttpResponse(
+ StatusCodes.Unauthorized
+ ))
+ }
+
+ retryUnauthorized.getLeaseResource("").failed.futureValue shouldBe
an[LeaseException]
Review Comment:
This is handling that we hit
[this](https://github.com/apache/pekko-management/blob/25470d6a11c754adf44d8eddb3d14f89be0418e4/lease-kubernetes/src/main/scala/org/apache/pekko/coordination/lease/kubernetes/internal/AbstractKubernetesApiImpl.scala#L151-L158)
code path eventually if the retry is exceeded.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
