ContainerImage.Pinniped/test/integration/category_test.go

// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package integration

import (
	"bytes"
	"os/exec"
	"testing"
	"time"

	"github.com/stretchr/testify/require"

	"go.pinniped.dev/test/library"
)

func TestGetPinnipedCategory(t *testing.T) {
	env := library.IntegrationEnv(t)
	dotSuffix := "." + env.APIGroupSuffix

	t.Run("category, no special params", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		var err error
		require.Eventuallyf(t, func() bool {
			cmd := exec.Command("kubectl", "get", "pinniped", "-A")
			cmd.Stdout = &stdOut
			cmd.Stderr = &stdErr
			err = cmd.Run()
			return err == nil
		},
			60*time.Second,
			1*time.Second,
			"never ran 'kubectl get pinniped -A' successfully:\n%s\n\n%s",
			stdErr.String(),
			stdOut.String(),
		)
		require.Empty(t, stdErr.String())
		require.NotContains(t, stdOut.String(), "MethodNotAllowed")
		require.Contains(t, stdOut.String(), dotSuffix)
	})

	t.Run("category, table params", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		cmd := exec.Command("kubectl", "get", "pinniped", "-A", "-o", "wide", "-v", "10")
		cmd.Stdout = &stdOut
		cmd.Stderr = &stdErr
		err := cmd.Run()
		require.NoError(t, err, stdErr.String(), stdOut.String())

		require.NotContains(t, stdOut.String(), "MethodNotAllowed")
		require.Contains(t, stdOut.String(), dotSuffix)

		require.Contains(t, stdErr.String(), `"kind":"Table"`)
		require.Contains(t, stdErr.String(), `"resourceVersion":"0"`)
		require.Contains(t, stdErr.String(), `/v1alpha1/tokencredentialrequests`)
		require.Contains(t, stdErr.String(), `/v1alpha1/whoamirequests`)
	})

	t.Run("list, no special params", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		//nolint: gosec  // input is part of test env
		cmd := exec.Command("kubectl", "get", "tokencredentialrequests.login.concierge"+dotSuffix, "-A")
		cmd.Stdout = &stdOut
		cmd.Stderr = &stdErr
		err := cmd.Run()
		require.NoError(t, err, stdErr.String(), stdOut.String())
		require.Empty(t, stdOut.String())

		require.NotContains(t, stdErr.String(), "MethodNotAllowed")
		require.Contains(t, stdErr.String(), `No resources found`)
	})

	t.Run("list, table params", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		//nolint: gosec  // input is part of test env
		cmd := exec.Command("kubectl", "get", "tokencredentialrequests.login.concierge"+dotSuffix, "-A", "-o", "wide", "-v", "10")
		cmd.Stdout = &stdOut
		cmd.Stderr = &stdErr
		err := cmd.Run()
		require.NoError(t, err, stdErr.String(), stdOut.String())
		require.Empty(t, stdOut.String())

		require.NotContains(t, stdErr.String(), "MethodNotAllowed")
		require.Contains(t, stdErr.String(), `"kind":"Table"`)
		require.Contains(t, stdErr.String(), `"resourceVersion":"0"`)
	})

	t.Run("raw request to see body, token cred", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		//nolint: gosec  // input is part of test env
		cmd := exec.Command("kubectl", "get", "--raw", "/apis/login.concierge"+dotSuffix+"/v1alpha1/tokencredentialrequests")
		cmd.Stdout = &stdOut
		cmd.Stderr = &stdErr
		err := cmd.Run()
		require.NoError(t, err, stdErr.String(), stdOut.String())
		require.Empty(t, stdErr.String())

		require.NotContains(t, stdOut.String(), "MethodNotAllowed")
		require.Contains(t, stdOut.String(), `{"kind":"TokenCredentialRequestList","apiVersion":"login.concierge`+
			dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`)
	})

	t.Run("raw request to see body, whoami", func(t *testing.T) {
		var stdOut, stdErr bytes.Buffer

		//nolint: gosec  // input is part of test env
		cmd := exec.Command("kubectl", "get", "--raw", "/apis/identity.concierge"+dotSuffix+"/v1alpha1/whoamirequests")
		cmd.Stdout = &stdOut
		cmd.Stderr = &stdErr
		err := cmd.Run()
		require.NoError(t, err, stdErr.String(), stdOut.String())
		require.Empty(t, stdErr.String())

		require.NotContains(t, stdOut.String(), "MethodNotAllowed")
		require.Contains(t, stdOut.String(), `{"kind":"WhoAmIRequestList","apiVersion":"identity.concierge`+
			dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`)
	})
}
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00			`// Copyright 2021 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`package integration`

			`import (`
			`"bytes"`
			`"os/exec"`
			`"testing"`
Make TestGetPinnipedCategory more resilient. If the test is run immediately after the Concierge is installed, the API server can still have broken discovery data and return an error on the first call. This commit adds a retry loop to attempt this first kubectl command for up to 60s before declaring failure. The subsequent tests should be covered by this as well since they are not run in parallel. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-02 20:17:27 +00:00			`"time"`
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00
			`"github.com/stretchr/testify/require"`

			`"go.pinniped.dev/test/library"`
			`)`

			`func TestGetPinnipedCategory(t *testing.T) {`
			`env := library.IntegrationEnv(t)`
			`dotSuffix := "." + env.APIGroupSuffix`

			`t.Run("category, no special params", func(t *testing.T) {`
			`var stdOut, stdErr bytes.Buffer`

Make TestGetPinnipedCategory more resilient. If the test is run immediately after the Concierge is installed, the API server can still have broken discovery data and return an error on the first call. This commit adds a retry loop to attempt this first kubectl command for up to 60s before declaring failure. The subsequent tests should be covered by this as well since they are not run in parallel. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-03-02 20:17:27 +00:00			`var err error`
			`require.Eventuallyf(t, func() bool {`
			`cmd := exec.Command("kubectl", "get", "pinniped", "-A")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err = cmd.Run()`
			`return err == nil`
			`},`
			`60*time.Second,`
			`1*time.Second,`
			`"never ran 'kubectl get pinniped -A' successfully:\n%s\n\n%s",`
			`stdErr.String(),`
			`stdOut.String(),`
			`)`
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00			`require.Empty(t, stdErr.String())`
			`require.NotContains(t, stdOut.String(), "MethodNotAllowed")`
			`require.Contains(t, stdOut.String(), dotSuffix)`
			`})`

			`t.Run("category, table params", func(t *testing.T) {`
			`var stdOut, stdErr bytes.Buffer`

			`cmd := exec.Command("kubectl", "get", "pinniped", "-A", "-o", "wide", "-v", "10")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err := cmd.Run()`
			`require.NoError(t, err, stdErr.String(), stdOut.String())`

			`require.NotContains(t, stdOut.String(), "MethodNotAllowed")`
			`require.Contains(t, stdOut.String(), dotSuffix)`

			require.Contains(t, stdErr.String(), `"kind":"Table"`)
			require.Contains(t, stdErr.String(), `"resourceVersion":"0"`)
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-19 18:21:10 +00:00			require.Contains(t, stdErr.String(), `/v1alpha1/tokencredentialrequests`)
			require.Contains(t, stdErr.String(), `/v1alpha1/whoamirequests`)
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00			`})`

			`t.Run("list, no special params", func(t *testing.T) {`
			`var stdOut, stdErr bytes.Buffer`

			`//nolint: gosec // input is part of test env`
			`cmd := exec.Command("kubectl", "get", "tokencredentialrequests.login.concierge"+dotSuffix, "-A")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err := cmd.Run()`
			`require.NoError(t, err, stdErr.String(), stdOut.String())`
			`require.Empty(t, stdOut.String())`

			`require.NotContains(t, stdErr.String(), "MethodNotAllowed")`
			require.Contains(t, stdErr.String(), `No resources found`)
			`})`

			`t.Run("list, table params", func(t *testing.T) {`
			`var stdOut, stdErr bytes.Buffer`

			`//nolint: gosec // input is part of test env`
			`cmd := exec.Command("kubectl", "get", "tokencredentialrequests.login.concierge"+dotSuffix, "-A", "-o", "wide", "-v", "10")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err := cmd.Run()`
			`require.NoError(t, err, stdErr.String(), stdOut.String())`
			`require.Empty(t, stdOut.String())`

			`require.NotContains(t, stdErr.String(), "MethodNotAllowed")`
			require.Contains(t, stdErr.String(), `"kind":"Table"`)
			require.Contains(t, stdErr.String(), `"resourceVersion":"0"`)
			`})`

Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-19 18:21:10 +00:00			`t.Run("raw request to see body, token cred", func(t *testing.T) {`
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00			`var stdOut, stdErr bytes.Buffer`

			`//nolint: gosec // input is part of test env`
			`cmd := exec.Command("kubectl", "get", "--raw", "/apis/login.concierge"+dotSuffix+"/v1alpha1/tokencredentialrequests")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err := cmd.Run()`
			`require.NoError(t, err, stdErr.String(), stdOut.String())`
			`require.Empty(t, stdErr.String())`

			`require.NotContains(t, stdOut.String(), "MethodNotAllowed")`
			require.Contains(t, stdOut.String(), `{"kind":"TokenCredentialRequestList","apiVersion":"login.concierge`+
			dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`)
			`})`
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-19 18:21:10 +00:00
			`t.Run("raw request to see body, whoami", func(t *testing.T) {`
			`var stdOut, stdErr bytes.Buffer`

			`//nolint: gosec // input is part of test env`
			`cmd := exec.Command("kubectl", "get", "--raw", "/apis/identity.concierge"+dotSuffix+"/v1alpha1/whoamirequests")`
			`cmd.Stdout = &stdOut`
			`cmd.Stderr = &stdErr`
			`err := cmd.Run()`
			`require.NoError(t, err, stdErr.String(), stdOut.String())`
			`require.Empty(t, stdErr.String())`

			`require.NotContains(t, stdOut.String(), "MethodNotAllowed")`
			require.Contains(t, stdOut.String(), `{"kind":"WhoAmIRequestList","apiVersion":"identity.concierge`+
			dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`)
			`})`
Add no-op list support to token credential request This allows us to keep all of our resources in the pinniped category while not having kubectl return errors for calls such as: kubectl get pinniped -A Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-05 15:55:19 +00:00			`}`