Merge pull request #6647 from wallrj/fix-e2e-with-k8s-1.29

Fix E2E test failure caused by hard coded group names which are no longer used in Kubernetes >=1.29
2024-01-17 12:42:36 +00:00 · 2024-01-17 12:42:36 +00:00 · 8f82135125
commit 8f82135125
parent 540d5b7b57 f333a69df1
1 changed files with 9 additions and 1 deletions
--- a/test/e2e/suite/certificaterequests/approval/userinfo.go
+++ b/test/e2e/suite/certificaterequests/approval/userinfo.go
@ -34,6 +34,7 @@ import (
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	clientset "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned"
 	"github.com/cert-manager/cert-manager/pkg/util"
+	"github.com/cert-manager/cert-manager/pkg/util/pki"
 	"github.com/cert-manager/cert-manager/test/unit/gen"
 )

@ -45,8 +46,15 @@ var _ = framework.CertManagerDescribe("UserInfo CertificateRequests", func() {
 	It("should appropriately create set UserInfo of CertificateRequests, and reject changes", func() {
 		var (
 			adminUsername = "kubernetes-admin"
-			adminGroups   = []string{"system:masters", "system:authenticated"}
 		)
+		// Kubeadm >= 1.29 changed the groups of the admin user from
+		// system:masters to kubeadm:cluster-admins, so instead of hard coding
+		// the group names we try and read them from the client certificate.
+		// https://github.com/kubernetes/kubeadm/issues/2414
+		cert, err := pki.DecodeX509CertificateBytes(f.KubeClientConfig.CertData)
+		Expect(err).NotTo(HaveOccurred())
+		adminGroups := append([]string{"system:authenticated"}, cert.Subject.Organization...)
+
 		csr, _, err := gen.CSR(x509.RSA)
 		Expect(err).NotTo(HaveOccurred())