update

zhaohuabing · zhaohuabing · commit 253f7a13d62b · 2025-10-21T10:53:15.000+08:00
Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;
diff --git a/test/e2e/tests/oidc.go b/test/e2e/tests/oidc.go
@@ -54,14 +54,15 @@ var OIDCTest = suite.ConformanceTest{
 		})
 
 		t.Run("oidc bypass", func(t *testing.T) {
-			ns := "gateway-conformance-infra"
+			var (
+				ns          = "gateway-conformance-infra"
+				keycloakSel = map[string]string{"app": "keycloak"}
+				backendSel  = map[string]string{"app": "infra-backend-v1"}
+			)
 
 			podInitialized := corev1.PodCondition{Type: corev1.PodInitialized, Status: corev1.ConditionTrue}
 			// Wait for the keycloak pod to be configured with the test user and client
 			WaitForPods(t, suite.Client, ns, map[string]string{"job-name": "setup-keycloak"}, corev1.PodSucceeded, &podInitialized)
-			keycloakSel := map[string]string{"app": "keycloak"}
-			backendSel := map[string]string{"app": "infra-backend-v1"}
-
 			WaitForPods(t, suite.Client, ns, keycloakSel, corev1.PodRunning, &PodReady)
 			WaitForPods(t, suite.Client, ns, backendSel, corev1.PodRunning, &PodReady)
 
@@ -110,6 +111,16 @@ var OIDCTest = suite.ConformanceTest{
 				},
 			}
 
+			t.Cleanup(func() {
+				if t.Failed() {
+					// Log the status of the keycloak and backend pods for debugging purposes
+					// The 503 errors may be caused by the keycloak or backend pods being evicted for some reason
+					// https://github.com/envoyproxy/gateway/issues/7073
+					LogPodsStatus(t, suite.Client, ns, keycloakSel, "OIDC failure - keycloak state")
+					LogPodsStatus(t, suite.Client, ns, backendSel, "OIDC failure - backend state")
+				}
+			})
+
 			for i := range testCases {
 				tc := testCases[i]
 				t.Run(tc.GetTestCaseName(i), func(t *testing.T) {
@@ -133,13 +144,6 @@ func testOIDC(t *testing.T, suite *suite.ConformanceTestSuite, securityPolicyMan
 		backendSel  = map[string]string{"app": "infra-backend-v1"}
 	)
 
-	t.Cleanup(func() {
-		if t.Failed() {
-			LogPodsStatus(t, suite.Client, ns, keycloakSel, "OIDC failure - keycloak state")
-			LogPodsStatus(t, suite.Client, ns, backendSel, "OIDC failure - backend state")
-		}
-	})
-
 	podInitialized := corev1.PodCondition{Type: corev1.PodInitialized, Status: corev1.ConditionTrue}
 	// Wait for the keycloak pod to be configured with the test user and client
 	WaitForPods(t, suite.Client, ns, map[string]string{"job-name": "setup-keycloak"}, corev1.PodSucceeded, &podInitialized)
diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go
@@ -92,7 +92,8 @@ func LogPodsStatus(t *testing.T, cl client.Client, namespace string, selectors m
 	for i := range pods.Items {
 		p := &pods.Items[i]
 		var containerSummaries []string
-		for _, cs := range p.Status.ContainerStatuses {
+		for i := 0; i < len(p.Status.ContainerStatuses); i++ {
+			cs := p.Status.ContainerStatuses[i]
 			state := "unknown"
 			switch {
 			case cs.State.Waiting != nil:
@@ -111,64 +112,47 @@ func LogPodsStatus(t *testing.T, cl client.Client, namespace string, selectors m
 	}
 }
 
-// WaitForPods waits for the pods in the given namespace and with the given selector
-// to be in the given phase and condition.
 func WaitForPods(t *testing.T, cl client.Client, namespace string, selectors map[string]string, phase corev1.PodPhase, condition *corev1.PodCondition) {
 	if condition == nil {
 		t.Fatalf("condition cannot be nil")
 	}
 	tlog.Logf(t, "waiting for %s/[%s] to be %v...", namespace, selectors, phase)
 
-	timeout := time.After(defaultServiceStartupTimeout)
-	ticker := time.NewTicker(2 * time.Second)
-	defer ticker.Stop()
-
-	for {
+	require.Eventually(t, func() bool {
 		pods := &corev1.PodList{}
+
 		err := cl.List(context.Background(), pods, &client.ListOptions{
 			Namespace:     namespace,
 			LabelSelector: labels.SelectorFromSet(selectors),
 		})
-		if err == nil && len(pods.Items) > 0 {
-			success := true
-		checkPods:
-			for i := range pods.Items {
-				p := &pods.Items[i]
-				if p.Status.Phase != phase {
-					success = false
-					break
-				}
 
-				if p.Status.Conditions == nil {
-					success = false
-					break
-				}
+		if err != nil || len(pods.Items) == 0 {
+			return false
+		}
 
-				conditionMet := false
-				for _, c := range p.Status.Conditions {
-					if c.Type == condition.Type && c.Status == condition.Status {
-						conditionMet = true
-						continue checkPods
-					}
-				}
-				if !conditionMet {
-					success = false
-					break
-				}
+	checkPods:
+		for i := range pods.Items {
+			p := &pods.Items[i]
+			if p.Status.Phase != phase {
+				return false
 			}
 
-			if success {
-				return
+			if p.Status.Conditions == nil {
+				return false
 			}
-		}
 
-		select {
-		case <-timeout:
-			LogPodsStatus(t, cl, namespace, selectors, fmt.Sprintf("timed out waiting for pods to reach %s/%s", phase, condition.Type))
-			t.Fatalf("timed out waiting for pods in %s with selector %v to reach phase %s and condition %s", namespace, selectors, phase, condition.Type)
-		case <-ticker.C:
+			for _, c := range p.Status.Conditions {
+				if c.Type == condition.Type && c.Status == condition.Status {
+					continue checkPods // pod is ready, check next pod
+				}
+			}
+
+			tlog.Logf(t, "pod %s/%s status: %v", p.Namespace, p.Name, p.Status)
+			return false
 		}
-	}
+
+		return true
+	}, defaultServiceStartupTimeout, 2*time.Second)
 }
 
 // SecurityPolicyMustBeAccepted waits for the specified SecurityPolicy to be accepted.
