fix golint failures of test/e2e/auth

Author: SataQiu

hack/.golint_failures

@@ -600,7 +600,6 @@ staging/src/k8s.io/sample-apiserver/pkg/registry/wardle/flunder
 staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller
 staging/src/k8s.io/sample-controller/pkg/apis/samplecontroller/v1alpha1
 test/e2e
-test/e2e/auth
 test/e2e/autoscaling
 test/e2e/chaosmonkey
 test/e2e/common

test/e2e/auth/audit.go

@@ -42,7 +42,7 @@ import (
 	imageutils "k8s.io/kubernetes/test/utils/image"
 
 	jsonpatch "github.com/evanphx/json-patch"
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 )
 
 var (
@@ -62,12 +62,12 @@ var (
 var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 	f := framework.NewDefaultFramework("audit")
 	var namespace string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		framework.SkipUnlessProviderIs("gce")
 		namespace = f.Namespace.Name
 	})
 
-	It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch pods.", func() {
 		pod := &apiv1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-pod",
@@ -201,7 +201,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
 
-	It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch deployments.", func() {
 		podLabels := map[string]string{"name": "audit-deployment-pod"}
 		d := e2edeploy.NewDeployment("audit-deployment", int32(1), podLabels, "redis", imageutils.GetE2EImage(imageutils.Redis), apps.RecreateDeploymentStrategyType)
 
@@ -328,7 +328,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
 
-	It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch configmaps.", func() {
 		configMap := &apiv1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-configmap",
@@ -461,7 +461,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
 
-	It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() {
+	ginkgo.It("should audit API calls to create, get, update, patch, delete, list, watch secrets.", func() {
 		secret := &apiv1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "audit-secret",
@@ -593,7 +593,7 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
 
-	It("should audit API calls to create and delete custom resource definition.", func() {
+	ginkgo.It("should audit API calls to create and delete custom resource definition.", func() {
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to load config")
 		apiExtensionClient, err := apiextensionclientset.NewForConfig(config)
@@ -654,12 +654,12 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 	})
 
 	// test authorizer annotations, RBAC is required.
-	It("should audit API calls to get a pod with unauthorized user.", func() {
+	ginkgo.It("should audit API calls to get a pod with unauthorized user.", func() {
 		if !auth.IsRBACEnabled(f.ClientSet.RbacV1beta1()) {
 			framework.Skipf("RBAC not enabled.")
 		}
 
-		By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
+		ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err)
 		config.Impersonate = restclient.ImpersonationConfig{
@@ -691,8 +691,8 @@ var _ = SIGDescribe("Advanced Audit [DisabledForLargeClusters][Flaky]", func() {
 		})
 	})
 
-	It("should list pods as impersonated user.", func() {
-		By("Creating a kubernetes client that impersonates an authorized user")
+	ginkgo.It("should list pods as impersonated user.", func() {
+		ginkgo.By("Creating a kubernetes client that impersonates an authorized user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err)
 		config.Impersonate = restclient.ImpersonationConfig{

test/e2e/auth/audit_dynamic.go

@@ -21,7 +21,7 @@ import (
 	"strings"
 	"time"
 
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 
 	auditregv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
 	apiv1 "k8s.io/api/core/v1"
@@ -44,10 +44,10 @@ import (
 var _ = SIGDescribe("[Feature:DynamicAudit]", func() {
 	f := framework.NewDefaultFramework("audit")
 
-	It("should dynamically audit API calls", func() {
+	ginkgo.It("should dynamically audit API calls", func() {
 		namespace := f.Namespace.Name
 
-		By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
+		ginkgo.By("Creating a kubernetes client that impersonates an unauthorized anonymous user")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to fetch config")
 

test/e2e/auth/certificates.go

@@ -31,13 +31,13 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	"k8s.io/kubernetes/test/utils"
 
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 )
 
 var _ = SIGDescribe("Certificates API", func() {
 	f := framework.NewDefaultFramework("certificates")
 
-	It("should support building a client with a CSR", func() {
+	ginkgo.It("should support building a client with a CSR", func() {
 		const commonName = "tester-csr"
 
 		pk, err := utils.NewPrivateKey()

test/e2e/auth/framework.go

@@ -18,6 +18,7 @@ package auth
 
 import "github.com/onsi/ginkgo"
 
+// SIGDescribe annotates the test with the SIG label.
 func SIGDescribe(text string, body func()) bool {
 	return ginkgo.Describe("[sig-auth] "+text, body)
 }

test/e2e/auth/metadata_concealment.go

@@ -23,16 +23,16 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	jobutil "k8s.io/kubernetes/test/e2e/framework/job"
 
-	. "github.com/onsi/ginkgo"
+	"github.com/onsi/ginkgo"
 	imageutil "k8s.io/kubernetes/test/utils/image"
 )
 
 var _ = SIGDescribe("Metadata Concealment", func() {
 	f := framework.NewDefaultFramework("metadata-concealment")
 
-	It("should run a check-metadata-concealment job to completion", func() {
+	ginkgo.It("should run a check-metadata-concealment job to completion", func() {
 		framework.SkipUnlessProviderIs("gce")
-		By("Creating a job")
+		ginkgo.By("Creating a job")
 		job := &batch.Job{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "check-metadata-concealment",
@@ -57,7 +57,7 @@ var _ = SIGDescribe("Metadata Concealment", func() {
 		job, err := jobutil.CreateJob(f.ClientSet, f.Namespace.Name, job)
 		framework.ExpectNoError(err, "failed to create job (%s:%s)", f.Namespace.Name, job.Name)
 
-		By("Ensuring job reaches completions")
+		ginkgo.By("Ensuring job reaches completions")
 		err = jobutil.WaitForJobComplete(f.ClientSet, f.Namespace.Name, job.Name, int32(1))
 		framework.ExpectNoError(err, "failed to ensure job completion (%s:%s)", f.Namespace.Name, job.Name)
 	})

test/e2e/auth/node_authn.go

@@ -25,21 +25,21 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	imageutils "k8s.io/kubernetes/test/utils/image"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/ginkgo"
+	"github.com/onsi/gomega"
 )
 
 var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 
 	f := framework.NewDefaultFramework("node-authn")
 	var ns string
 	var nodeIPs []string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		ns = f.Namespace.Name
 
 		nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
 		framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns)
-		Expect(len(nodeList.Items)).NotTo(BeZero())
+		gomega.Expect(len(nodeList.Items)).NotTo(gomega.BeZero())
 
 		pickedNode := nodeList.Items[0]
 		nodeIPs = framework.GetNodeAddresses(&pickedNode, v1.NodeExternalIP)
@@ -50,20 +50,20 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 		saName := "default"
 		sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
 		framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName)
-		Expect(len(sa.Secrets)).NotTo(BeZero())
+		gomega.Expect(len(sa.Secrets)).NotTo(gomega.BeZero())
 	})
 
-	It("The kubelet's main port 10250 should reject requests with no credentials", func() {
+	ginkgo.It("The kubelet's main port 10250 should reject requests with no credentials", func() {
 		pod := createNodeAuthTestPod(f)
 		for _, nodeIP := range nodeIPs {
 			// Anonymous authentication is disabled by default
 			result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort))
-			Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
+			gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
 		}
 	})
 
-	It("The kubelet can delegate ServiceAccount tokens to the API server", func() {
-		By("create a new ServiceAccount for authentication")
+	ginkgo.It("The kubelet can delegate ServiceAccount tokens to the API server", func() {
+		ginkgo.By("create a new ServiceAccount for authentication")
 		trueValue := true
 		newSA := &v1.ServiceAccount{
 			ObjectMeta: metav1.ObjectMeta{
@@ -84,7 +84,7 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
 					"%{http_code}",
 					"cat /var/run/secrets/kubernetes.io/serviceaccount/token",
 					nodeIP, ports.KubeletPort))
-			Expect(result).To(Or(Equal("401"), Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
+			gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
 		}
 	})
 })

test/e2e/auth/node_authz.go

@@ -30,13 +30,13 @@ import (
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
 	imageutils "k8s.io/kubernetes/test/utils/image"
 
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/ginkgo"
+	"github.com/onsi/gomega"
 )
 
 const (
-	NodesGroup     = "system:nodes"
-	NodeNamePrefix = "system:node:"
+	nodesGroup     = "system:nodes"
+	nodeNamePrefix = "system:node:"
 )
 
 var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
@@ -48,47 +48,47 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 	var asUser string
 	var defaultSaSecret string
 	var nodeName string
-	BeforeEach(func() {
+	ginkgo.BeforeEach(func() {
 		ns = f.Namespace.Name
 
 		nodeList, err := f.ClientSet.CoreV1().Nodes().List(metav1.ListOptions{})
 		framework.ExpectNoError(err, "failed to list nodes in namespace: %s", ns)
-		Expect(len(nodeList.Items)).NotTo(Equal(0))
+		gomega.Expect(len(nodeList.Items)).NotTo(gomega.Equal(0))
 		nodeName = nodeList.Items[0].Name
-		asUser = NodeNamePrefix + nodeName
+		asUser = nodeNamePrefix + nodeName
 		saName := "default"
 		sa, err := f.ClientSet.CoreV1().ServiceAccounts(ns).Get(saName, metav1.GetOptions{})
-		Expect(len(sa.Secrets)).NotTo(Equal(0))
+		gomega.Expect(len(sa.Secrets)).NotTo(gomega.Equal(0))
 		framework.ExpectNoError(err, "failed to retrieve service account (%s:%s)", ns, saName)
 		defaultSaSecret = sa.Secrets[0].Name
-		By("Creating a kubernetes client that impersonates a node")
+		ginkgo.By("Creating a kubernetes client that impersonates a node")
 		config, err := framework.LoadConfig()
 		framework.ExpectNoError(err, "failed to load kubernetes client config")
 		config.Impersonate = restclient.ImpersonationConfig{
 			UserName: asUser,
-			Groups:   []string{NodesGroup},
+			Groups:   []string{nodesGroup},
 		}
 		c, err = clientset.NewForConfig(config)
 		framework.ExpectNoError(err, "failed to create Clientset for the given config: %+v", *config)
 
 	})
-	It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
+	ginkgo.It("Getting a non-existent secret should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().Secrets(ns).Get("foo", metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 
-	It("Getting an existing secret should exit with the Forbidden error", func() {
+	ginkgo.It("Getting an existing secret should exit with the Forbidden error", func() {
 		_, err := c.CoreV1().Secrets(ns).Get(defaultSaSecret, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 
-	It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() {
+	ginkgo.It("Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error", func() {
 		_, err := c.CoreV1().ConfigMaps(ns).Get("foo", metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 
-	It("Getting an existing configmap should exit with the Forbidden error", func() {
-		By("Create a configmap for testing")
+	ginkgo.It("Getting an existing configmap should exit with the Forbidden error", func() {
+		ginkgo.By("Create a configmap for testing")
 		configmap := &v1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: ns,
@@ -101,11 +101,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().ConfigMaps(ns).Create(configmap)
 		framework.ExpectNoError(err, "failed to create configmap (%s:%s) %+v", ns, configmap.Name, *configmap)
 		_, err = c.CoreV1().ConfigMaps(ns).Get(configmap.Name, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 
-	It("Getting a secret for a workload the node has access to should succeed", func() {
-		By("Create a secret for testing")
+	ginkgo.It("Getting a secret for a workload the node has access to should succeed", func() {
+		ginkgo.By("Create a secret for testing")
 		secret := &v1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: ns,
@@ -118,11 +118,11 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err := f.ClientSet.CoreV1().Secrets(ns).Create(secret)
 		framework.ExpectNoError(err, "failed to create secret (%s:%s)", ns, secret.Name)
 
-		By("Node should not get the secret")
+		ginkgo.By("Node should not get the secret")
 		_, err = c.CoreV1().Secrets(ns).Get(secret.Name, metav1.GetOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 
-		By("Create a pod that use the secret")
+		ginkgo.By("Create a pod that use the secret")
 		pod := &v1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: "pause",
@@ -151,7 +151,7 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		_, err = f.ClientSet.CoreV1().Pods(ns).Create(pod)
 		framework.ExpectNoError(err, "failed to create pod (%s:%s)", ns, pod.Name)
 
-		By("The node should able to access the secret")
+		ginkgo.By("The node should able to access the secret")
 		itv := framework.Poll
 		dur := 1 * time.Minute
 		err = wait.Poll(itv, dur, func() (bool, error) {
@@ -165,22 +165,22 @@ var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
 		framework.ExpectNoError(err, "failed to get secret after trying every %v for %v (%s:%s)", itv, dur, ns, secret.Name)
 	})
 
-	It("A node shouldn't be able to create another node", func() {
+	ginkgo.It("A node shouldn't be able to create another node", func() {
 		node := &v1.Node{
 			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
 			TypeMeta: metav1.TypeMeta{
 				Kind:       "Node",
 				APIVersion: "v1",
 			},
 		}
-		By(fmt.Sprintf("Create node foo by user: %v", asUser))
+		ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser))
 		_, err := c.CoreV1().Nodes().Create(node)
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 
-	It("A node shouldn't be able to delete another node", func() {
-		By(fmt.Sprintf("Create node foo by user: %v", asUser))
+	ginkgo.It("A node shouldn't be able to delete another node", func() {
+		ginkgo.By(fmt.Sprintf("Create node foo by user: %v", asUser))
 		err := c.CoreV1().Nodes().Delete("foo", &metav1.DeleteOptions{})
-		Expect(apierrors.IsForbidden(err)).Should(Equal(true))
+		gomega.Expect(apierrors.IsForbidden(err)).Should(gomega.Equal(true))
 	})
 })