e2e: unify subtests to be compatible with Goland

Author: sttts

test/e2e/apibinding/maximalpermissionpolicy_authorizer_test.go

@@ -75,13 +75,10 @@ func TestMaximalPermissionPolicyAuthorizerSystemGroupProtection(t *testing.T) {
 		test func(t *testing.T)
 	}
 
-	for _, test := range []Test{
+	for _, testCase := range []Test{
 		{
 			name: "APIBinding resources",
 			test: func(t *testing.T) {
-				t.Helper()
-				t.Parallel()
-
 				t.Logf("Creating a WorkspaceType as user-1")
 				userKcpClusterClient, err := kcpclientset.NewForConfig(framework.StaticTokenUserConfig("user-1", server.BaseConfig(t)))
 				require.NoError(t, err, "failed to construct kcp cluster client for user-1")
@@ -110,9 +107,6 @@ func TestMaximalPermissionPolicyAuthorizerSystemGroupProtection(t *testing.T) {
 		{
 			name: "System CRDs",
 			test: func(t *testing.T) {
-				t.Helper()
-				t.Parallel()
-
 				t.Logf("Creating a APIExport as user-1")
 				userKcpClusterClient, err := kcpclientset.NewForConfig(framework.StaticTokenUserConfig("user-1", server.BaseConfig(t)))
 				require.NoError(t, err, "failed to construct kcp cluster client for user-1")
@@ -139,7 +133,11 @@ func TestMaximalPermissionPolicyAuthorizerSystemGroupProtection(t *testing.T) {
 			},
 		},
 	} {
-		t.Run(test.name, test.test)
+		test := testCase
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+			test.test(t)
+		})
 	}
 }
 

test/e2e/authorizer/authorizer_test.go

@@ -30,7 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	authorizationv1 "k8s.io/api/authorization/v1"
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -106,22 +106,25 @@ func TestAuthorizer(t *testing.T) {
 		return err == nil
 	}, 2*wait.ForeverTestTimeout, 100*time.Millisecond)
 
-	tests := map[string]func(t *testing.T){
-		"as org member, workspace admin user-1 can access everything": func(t *testing.T) {
+	testCases := []struct {
+		name string
+		run  func(t *testing.T)
+	}{
+		{"as org member, workspace admin user-1 can access everything", func(t *testing.T) {
 			_, err := user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
 			require.NoError(t, err)
-			_, err = user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().Namespaces().Create(ctx, &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
+			_, err = user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
 			require.NoError(t, err)
-			_, err = user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().ConfigMaps("test").Create(ctx, &v1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
+			_, err = user1KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().ConfigMaps("test").Create(ctx, &corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
 			require.NoError(t, err)
-		},
-		"with org access, workspace1 non-admin user-2 can access according to local policy": func(t *testing.T) {
-			_, err := user2KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().Namespaces().Create(ctx, &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
+		}},
+		{"with org access, workspace1 non-admin user-2 can access according to local policy", func(t *testing.T) {
+			_, err := user2KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, metav1.CreateOptions{})
 			require.Errorf(t, err, "user-2 should not be able to create namespace in %s", org1.Join("workspace1"))
 			_, err = user2KubeClusterClient.Cluster(org1.Join("workspace1")).CoreV1().Secrets("default").List(ctx, metav1.ListOptions{})
 			require.NoErrorf(t, err, "user-2 should be able to list secrets in %s as defined in the local policy", org1.Join("workspace1"))
-		},
-		"with org access, workspace1 non-admin user-2 can access /healthz, /livez, /readyz etc": func(t *testing.T) {
+		}},
+		{"with org access, workspace1 non-admin user-2 can access /healthz, /livez, /readyz etc", func(t *testing.T) {
 			cl := user2KubeClusterClient.RESTClient()
 			requestPath := org1.RequestPath()
 			{
@@ -141,24 +144,24 @@ func TestAuthorizer(t *testing.T) {
 				version := new(apimachineryversion.Info)
 				require.NoError(t, json.Unmarshal(respBytes, version))
 			}
-		},
-		"without org access, org1 workspace1 admin user-1 cannot access org2, not even discovery": func(t *testing.T) {
+		}},
+		{"without org access, org1 workspace1 admin user-1 cannot access org2, not even discovery", func(t *testing.T) {
 			_, err := user1KubeClusterClient.Cluster(org2.Join("workspace1")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
 			require.Errorf(t, err, "user-1 should not be able to list configmaps in a different org (%s)", org2.Join("workspace1"))
 			_, err = user1KubeDiscoveryClient.Cluster(org2.Join("workspace1")).ServerResourcesForGroupVersion("rbac.authorization.k8s.io/v1") // can't be core because that always returns nil
 			require.Errorf(t, err, "user-1 should not be able to list server resources in a different org (%s)", org2.Join("workspace1"))
-		},
-		"as org member, workspace1 admin user-1 cannot access workspace2, not even discovery": func(t *testing.T) {
+		}},
+		{"as org member, workspace1 admin user-1 cannot access workspace2, not even discovery", func(t *testing.T) {
 			_, err := user1KubeClusterClient.Cluster(org1.Join("workspace2")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
 			require.Errorf(t, err, "user-1 should not be able to list configmaps in a different workspace (%s)", org1.Join("workspace2"))
 			_, err = user1KubeDiscoveryClient.Cluster(org2.Join("workspace1")).ServerResourcesForGroupVersion("rbac.authorization.k8s.io/v1") // can't be core because that always returns nil
 			require.Errorf(t, err, "user-1 should not be able to list server resources in a different workspace (%s)", org1.Join("workspace2"))
-		},
-		"with org access, workspace2 admin user-2 can access workspace2": func(t *testing.T) {
+		}},
+		{"with org access, workspace2 admin user-2 can access workspace2", func(t *testing.T) {
 			_, err := user2KubeClusterClient.Cluster(org1.Join("workspace2")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
 			require.NoError(t, err, "user-2 should be able to list configmaps in workspace2 (%s)", org1.Join("workspace2"))
-		},
-		"cluster admins can use wildcard clusters, non-cluster admin cannot": func(t *testing.T) {
+		}},
+		{"cluster admins can use wildcard clusters, non-cluster admin cannot", func(t *testing.T) {
 			// create client talking directly to root shard to test wildcard requests
 			rootKubeClusterClient, err := kcpkubernetesclientset.NewForConfig(rootShardCfg)
 			require.NoError(t, err)
@@ -169,8 +172,8 @@ func TestAuthorizer(t *testing.T) {
 			require.NoError(t, err)
 			_, err = user1RootKubeClusterClient.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
 			require.Error(t, err, "Only cluster admins can use all clusters at once")
-		},
-		"with system:admin permissions, workspace2 non-admin user-3 can list Namespaces with a bootstrap ClusterRole": func(t *testing.T) {
+		}},
+		{"with system:admin permissions, workspace2 non-admin user-3 can list Namespaces with a bootstrap ClusterRole", func(t *testing.T) {
 			// get workspace2 shard and create a client to tweak the local bootstrap policy
 			shardKubeClusterClient, err := kcpkubernetesclientset.NewForConfig(rootShardCfg)
 			require.NoError(t, err)
@@ -223,8 +226,8 @@ func TestAuthorizer(t *testing.T) {
 				}
 				return true
 			}, wait.ForeverTestTimeout, time.Millisecond*100, "User-3 should now be able to list Namespaces in %s", org1.Join("workspace2"))
-		},
-		"without org access, a deep SAR with user-1 against org2 succeeds even without org access for user-1": func(t *testing.T) {
+		}},
+		{"without org access, a deep SAR with user-1 against org2 succeeds even without org access for user-1", func(t *testing.T) {
 			t.Logf("try to list ConfigMap as user-1 in %q without access, should fail", org2.Join("workspace1"))
 			_, err := user1KubeClusterClient.Cluster(org2.Join("workspace1")).CoreV1().ConfigMaps("default").List(ctx, metav1.ListOptions{})
 			require.Errorf(t, err, "user-1 should not be able to list configmaps in %q", org2.Join("workspace1"))
@@ -254,15 +257,14 @@ func TestAuthorizer(t *testing.T) {
 			resp, err = deepSARClient.Cluster(org2.Join("workspace1")).AuthorizationV1().SubjectAccessReviews().Create(ctx, sar, metav1.CreateOptions{})
 			require.NoError(t, err)
 			require.Truef(t, resp.Status.Allowed, "SAR should answer hypothetically that user-1 could list configmaps in %q if it had access", org2.Join("workspace1"))
-		},
+		}},
 	}
 
-	for tcName, tcFunc := range tests {
-		tcName := tcName
-		tcFunc := tcFunc
-		t.Run(tcName, func(t *testing.T) {
+	for i := range testCases {
+		testCase := testCases[i]
+		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
-			tcFunc(t)
+			testCase.run(t)
 		})
 	}
 }

test/e2e/authorizer/serviceaccounts_test.go

@@ -153,8 +153,10 @@ func TestServiceAccounts(t *testing.T) {
 	}
 	for i, ttc := range testCases {
 		i := i
+		ttc := ttc
 		t.Run(ttc.name, func(t *testing.T) {
 			t.Parallel()
+
 			saRestConfig := framework.ConfigWithToken(ttc.token(t), server.BaseConfig(t))
 			saKubeClusterClient, err := kcpkubernetesclientset.NewForConfig(saRestConfig)
 			require.NoError(t, err)

test/e2e/authorizer/workspace_test.go

@@ -140,8 +140,8 @@ func TestWorkspaces(t *testing.T) {
 		},
 	}
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 

test/e2e/homeworkspaces/home_workspaces_test.go

@@ -86,8 +86,8 @@ func TestUserHomeWorkspaces(t *testing.T) {
 		},
 	}
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 			tokenAuthFile := framework.WriteTokenAuthFile(t)

test/e2e/reconciler/cluster/controller_test.go

@@ -166,8 +166,8 @@ func TestClusterController(t *testing.T) {
 	source := framework.SharedKcpServer(t)
 	orgPath, _ := framework.NewOrganizationFixture(t, source, framework.TODO_WithoutMultiShardSupport())
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 

test/e2e/reconciler/namespace/controller_test.go

@@ -250,8 +250,8 @@ func TestNamespaceScheduler(t *testing.T) {
 	server := framework.SharedKcpServer(t)
 	orgPath, _ := framework.NewOrganizationFixture(t, server, framework.TODO_WithoutMultiShardSupport())
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()

test/e2e/reconciler/shard/controller_test.go

@@ -51,8 +51,8 @@ func TestWorkspaceShardController(t *testing.T) {
 
 	sharedServer := framework.SharedKcpServer(t)
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 

test/e2e/reconciler/workspace/controller_test.go

@@ -153,8 +153,8 @@ func TestWorkspaceController(t *testing.T) {
 
 	sharedServer := framework.SharedKcpServer(t)
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 

test/e2e/reconciler/workspacedeletion/controller_test.go

@@ -281,8 +281,8 @@ func TestWorkspaceDeletion(t *testing.T) {
 
 	sharedServer := framework.SharedKcpServer(t)
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 

test/e2e/virtual/syncer/virtualworkspace_test.go

@@ -1553,8 +1553,8 @@ func TestSyncerVirtualWorkspace(t *testing.T) {
 		},
 	}
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 
@@ -1904,8 +1904,8 @@ func TestUpsyncerVirtualWorkspace(t *testing.T) {
 		},
 	}
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()
 			framework.Suite(t, "transparent-multi-cluster")

test/e2e/workspacetype/controller_test.go

@@ -326,8 +326,8 @@ func TestWorkspaceTypes(t *testing.T) {
 
 	server := framework.SharedKcpServer(t)
 
-	for i := range testCases {
-		testCase := testCases[i]
+	for _, testCase := range testCases {
+		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			t.Parallel()