debug this test

Signed-off-by: ravjot07 <ravu2004@gmail.com>

Author: ravjot07

test/e2e/kmeshctl_test.go

@@ -2,130 +2,128 @@
 // +build integ
 
 /*
-End-to-End Test for kmeshctl authz Commands in Kmesh.
-
-This test performs the following steps:
-1. Automatically retrieves a running Kmesh Daemon pod from the "kmesh-system" namespace.
-2. Waits for the pod to become ready.
-3. Enables authorization offloading using "kmeshctl authz enable <pod>".
-4. Verifies the status using "kmeshctl authz status <pod>" (expecting enabled output).
-5. Disables authorization using "kmeshctl authz disable <pod>".
-6. Verifies the status again (expecting disabled output).
-
-This test ensures that the authz commands work correctly on a live cluster.
-*/
+ * Copyright The Kmesh Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 package kmesh
 
 import (
 	"fmt"
+	"os/exec"
 	"strings"
 	"testing"
 	"time"
 
+	"istio.io/istio/pkg/test"
 	"istio.io/istio/pkg/test/framework"
 	"istio.io/istio/pkg/test/shell"
 	"istio.io/istio/pkg/test/util/retry"
 )
 
-// getKmeshPod retrieves the name of a running Kmesh daemon pod in the kmesh-system namespace.
-// It uses kubectl with a jsonpath query to return the first pod with label "app=kmesh".
-func getKmeshPod() (string, error) {
-	out, err := shell.Execute(true, "kubectl get pods -n kmesh-system -l app=kmesh -o jsonpath='{.items[0].metadata.name}'")
+// kmeshctlWrapper provides a minimal wrapper to invoke kmeshctl authz commands.
+type kmeshctlWrapper struct{}
+
+// NewKmeshctl creates and returns a new instance of kmeshctlWrapper.
+func NewKmeshctl() *kmeshctlWrapper {
+	return &kmeshctlWrapper{}
+}
+
+// Authz executes "kmeshctl authz <subcmd>" and returns its output as a lowercase string.
+func (k *kmeshctlWrapper) Authz(subcmd string) (string, error) {
+	cmd := exec.Command("kmeshctl", "authz", subcmd)
+	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return "", fmt.Errorf("failed to get kmesh pod: %v", err)
+		return "", fmt.Errorf("command 'kmeshctl authz %s' failed: %v, output: %s", subcmd, err, string(output))
 	}
-	podName := strings.Trim(out, "'")
-	if podName == "" {
-		return "", fmt.Errorf("no kmesh pod found")
-	}
-	return podName, nil
+	return strings.ToLower(strings.TrimSpace(string(output))), nil
 }
 
-// runKmeshCtl builds and executes a kmeshctl authz command with the provided arguments.
-// It returns the command output (stdout) or an error.
-func runKmeshCtl(pod string, args ...string) (string, error) {
-	// Construct the command string, e.g., "kmeshctl authz enable <pod>"
-	cmd := "kmeshctl authz " + strings.Join(args, " ") + " " + pod
-	return shell.Execute(true, cmd)
+// AuthzOrFatal executes the command and fails the test immediately if there is an error.
+func (k *kmeshctlWrapper) AuthzOrFatal(t test.Failer, subcmd string) string {
+	out, err := k.Authz(subcmd)
+	if err != nil {
+		t.Fatal("failed to execute kmeshctl authz", subcmd, ":", err)
+	}
+	return out
 }
 
-func TestKmeshctlAuthz(t *testing.T) {
+// Global instance of kmeshctl wrapper.
+var kmeshctl = NewKmeshctl()
+
+// TestKmeshctlAuthzCommands performs the following operations:
+//   - Enable authz on a Kmesh daemon pod
+//   - Check that authz is enabled
+//   - Disable authz
+//   - Verify that authz is disabled
+func TestKmeshctlAuthzCommands(t *testing.T) {
 	framework.NewTest(t).Run(func(t framework.TestContext) {
-		var pod string
-		var err error
-
-		// --- Pod Detection and Readiness ---
-		// Retry until we can fetch a Kmesh daemon pod from the kmesh-system namespace.
-		err = retry.Until(func() bool {
-			pod, err = getKmeshPod()
-			if err != nil {
-				t.Logf("Retrying getKmeshPod: %v", err)
-				return false
-			}
-			// Additionally, use kubectl wait to ensure the pod is Ready.
-			_, err = shell.Execute(true, "kubectl wait pod -n kmesh-system -l app=kmesh --for=condition=Ready --timeout=60s")
-			if err != nil {
-				t.Logf("Pod not yet ready: %v", err)
-				return false
-			}
-			t.Logf("Found ready Kmesh pod: %s", pod)
-			return true
-		}, retry.Timeout(90*time.Second), retry.Delay(3*time.Second))
+		// Automatically retrieve a running Kmesh daemon pod in the kmesh-system namespace.
+		podName, err := shell.Execute(true, "kubectl get pods -n kmesh-system -l app=kmesh -o jsonpath='{.items[0].metadata.name}'")
 		if err != nil {
-			t.Fatalf("Failed to retrieve a ready Kmesh pod: %v", err)
+			t.Fatalf("failed to get Kmesh daemon pod: %v", err)
+		}
+		podName = strings.TrimSpace(podName)
+		if podName == "" {
+			t.Fatal("no Kmesh daemon pod found in the kmesh-system namespace")
 		}
+		t.Logf("Found Kmesh daemon pod: %s", podName)
 
-		// --- Enable Authz ---
-		t.Log("Enabling authz on the Kmesh pod...")
-		enableOut, err := runKmeshCtl(pod, "enable")
+		// Wait until the pod is ready.
+		_, err = shell.Execute(true, "kubectl wait pod -n kmesh-system -l app=kmesh --for=condition=Ready --timeout=60s")
 		if err != nil {
-			t.Fatalf("Failed to enable authz: %v", err)
+			t.Fatalf("Kmesh daemon pod %s did not become ready: %v", podName, err)
 		}
-		t.Logf("Authz enable output: %s", enableOut)
-		// Expect the output to indicate authz is enabled (case-insensitive check for "true" or "enabled").
-		if !strings.Contains(strings.ToLower(enableOut), "true") && !strings.Contains(strings.ToLower(enableOut), "enabled") {
-			t.Fatalf("Unexpected output from enable command: %s", enableOut)
+
+		// Enable authz.
+		t.Log("Enabling authz...")
+		enableOut := kmeshctl.AuthzOrFatal(t, fmt.Sprintf("%s enable", podName))
+		t.Logf("Output from enable command: %s", enableOut)
+		if !strings.Contains(enableOut, "enabled") && !strings.Contains(enableOut, "true") {
+			t.Fatalf("Unexpected output when enabling authz: %s", enableOut)
 		}
 
-		// --- Verify Authz Enabled ---
-		// Allow a brief wait for the daemon to update its status.
+		// Wait for the state change to propagate.
 		time.Sleep(2 * time.Second)
-		t.Log("Verifying authz status (expected to be enabled)...")
-		statusOut, err := runKmeshCtl(pod, "status")
-		if err != nil {
-			t.Fatalf("Failed to get authz status: %v", err)
-		}
-		t.Logf("Authz status output after enable: %s", statusOut)
-		if !strings.Contains(strings.ToLower(statusOut), "true") && !strings.Contains(strings.ToLower(statusOut), "enabled") {
-			t.Fatalf("Authz status is not enabled as expected: %s", statusOut)
-		}
 
-		// --- Disable Authz ---
-		t.Log("Disabling authz on the Kmesh pod...")
-		disableOut, err := runKmeshCtl(pod, "disable")
-		if err != nil {
-			t.Fatalf("Failed to disable authz: %v", err)
+		// Check authz status: it should indicate enabled.
+		t.Log("Verifying authz is enabled...")
+		statusOut := kmeshctl.AuthzOrFatal(t, fmt.Sprintf("%s status", podName))
+		t.Logf("Status output after enabling: %s", statusOut)
+		if !strings.Contains(statusOut, "enabled") && !strings.Contains(statusOut, "true") {
+			t.Fatalf("Authz status does not indicate enabled: %s", statusOut)
 		}
-		t.Logf("Authz disable output: %s", disableOut)
-		// Expect the disable output to indicate authz is disabled (look for "false" or "disabled").
-		if !strings.Contains(strings.ToLower(disableOut), "false") && !strings.Contains(strings.ToLower(disableOut), "disabled") {
-			t.Fatalf("Unexpected output from disable command: %s", disableOut)
+
+		// Disable authz.
+		t.Log("Disabling authz...")
+		disableOut := kmeshctl.AuthzOrFatal(t, fmt.Sprintf("%s disable", podName))
+		t.Logf("Output from disable command: %s", disableOut)
+		if !strings.Contains(disableOut, "disabled") && !strings.Contains(disableOut, "false") {
+			t.Fatalf("Unexpected output when disabling authz: %s", disableOut)
 		}
 
-		// --- Verify Authz Disabled ---
-		// Wait again briefly before checking status.
+		// Wait again for the state to propagate.
 		time.Sleep(2 * time.Second)
-		t.Log("Verifying authz status (expected to be disabled)...")
-		statusOut, err = runKmeshCtl(pod, "status")
-		if err != nil {
-			t.Fatalf("Failed to get authz status after disable: %v", err)
-		}
-		t.Logf("Authz status output after disable: %s", statusOut)
-		if !strings.Contains(strings.ToLower(statusOut), "false") && !strings.Contains(strings.ToLower(statusOut), "disabled") {
-			t.Fatalf("Authz status is not disabled as expected: %s", statusOut)
+
+		// Verify authz status: it should indicate disabled.
+		t.Log("Verifying authz is disabled...")
+		statusOut = kmeshctl.AuthzOrFatal(t, fmt.Sprintf("%s status", podName))
+		t.Logf("Status output after disabling: %s", statusOut)
+		if !strings.Contains(statusOut, "disabled") && !strings.Contains(statusOut, "false") {
+			t.Fatalf("Authz status does not indicate disabled: %s", statusOut)
 		}
 
-		t.Log("kmeshctl authz commands test passed successfully.")
+		t.Log("kmeshctl authz commands test passed.")
 	})
 }