djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
60034b39a3
ContainerImage.Pinniped/internal/concierge/server/server_test.go

320 lines
14 KiB
Go
Raw Normal View History

Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
Save 2 lines by using inline-style comments for Copyright Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 14:19:51 +00:00
// SPDX-License-Identifier: Apache-2.0
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
Change the name of the placeholder-name CLI to placeholder-name-server Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 20:32:14 +00:00
package server
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
import (
"bytes"
Add initial CA code. Signed-off-by: Matt Moyer <moyerm@vmware.com> Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-13 19:30:16 +00:00
"context"
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
"reflect"
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
"strings"
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
"testing"
Initial aggregated API server (#15) Add initial aggregated API server (squashed from a bunch of commits). Signed-off-by: Andrew Keesler <akeesler@vmware.com> Signed-off-by: Aram Price <pricear@vmware.com> Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-23 15:05:21 +00:00
"github.com/google/go-cmp/cmp"
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
"github.com/spf13/cobra"
Add initial CA code. Signed-off-by: Matt Moyer <moyerm@vmware.com> Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-13 19:30:16 +00:00
"github.com/stretchr/testify/require"
Use server scheme to handle credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 20:51:38 +00:00
corev1 "k8s.io/api/core/v1"
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity"
identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1"
Use new 'go.pinniped.dev/generated/latest' package. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 19:00:08 +00:00
loginapi "go.pinniped.dev/generated/latest/apis/concierge/login"
loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
)
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
const knownGoodUsage = `
Rename pinniped-server -> pinniped-concierge Do we like this? We don't know yet. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 18:59:03 +00:00
pinniped-concierge provides a generic API for mapping an external
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
credential from somewhere to an internal credential to be used for
authenticating to the Kubernetes API.
Usage:
Rename pinniped-server -> pinniped-concierge Do we like this? We don't know yet. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 18:59:03 +00:00
pinniped-concierge [flags]
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
Flags:
Remove global klog --log-flush-frequency flag Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-10 13:48:42 +00:00
-c, --config string path to configuration file (default "pinniped.yaml")
--downward-api-path string path to Downward API volume mount (default "/etc/podinfo")
-h, --help help for pinniped-concierge
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
`
func TestCommand(t *testing.T) {
tests := []struct {
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
name string
args []string
wantErr string
wantStdout string
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
}{
{
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
name: "NoArgsSucceeds",
args: []string{},
},
{
name: "Usage",
args: []string{"-h"},
wantStdout: knownGoodUsage,
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
},
{
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
name: "OneArgFails",
args: []string{"tuna"},
Rename pinniped-server -> pinniped-concierge Do we like this? We don't know yet. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 18:59:03 +00:00
wantErr: `unknown command "tuna" for "pinniped-concierge"`,
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
},
{
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
name: "ShortConfigFlagSucceeds",
args: []string{"-c", "some/path/to/config.yaml"},
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
},
{
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
name: "LongConfigFlagSucceeds",
args: []string{"--config", "some/path/to/config.yaml"},
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
},
{
name: "OneArgWithConfigFlagFails",
args: []string{
"--config", "some/path/to/config.yaml",
"tuna",
},
Rename pinniped-server -> pinniped-concierge Do we like this? We don't know yet. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 18:59:03 +00:00
wantErr: `unknown command "tuna" for "pinniped-concierge"`,
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
},
}
Add initial CA code. Signed-off-by: Matt Moyer <moyerm@vmware.com> Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-13 19:30:16 +00:00
for _, test := range tests {
test := test
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
t.Run(test.name, func(t *testing.T) {
stdout := bytes.NewBuffer([]byte{})
stderr := bytes.NewBuffer([]byte{})
Initial aggregated API server (#15) Add initial aggregated API server (squashed from a bunch of commits). Signed-off-by: Andrew Keesler <akeesler@vmware.com> Signed-off-by: Aram Price <pricear@vmware.com> Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-23 15:05:21 +00:00
a := New(context.Background(), test.args, stdout, stderr)
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
a.cmd.RunE = func(cmd *cobra.Command, args []string) error {
Add initial CA code. Signed-off-by: Matt Moyer <moyerm@vmware.com> Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-13 19:30:16 +00:00
return nil
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
}
err := a.Run()
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
if test.wantErr != "" {
require.EqualError(t, err, test.wantErr)
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
} else {
Refactor app.go and wire in autoregistration. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-16 19:24:30 +00:00
require.NoError(t, err)
}
if test.wantStdout != "" {
Initial aggregated API server (#15) Add initial aggregated API server (squashed from a bunch of commits). Signed-off-by: Andrew Keesler <akeesler@vmware.com> Signed-off-by: Aram Price <pricear@vmware.com> Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-23 15:05:21 +00:00
require.Equal(t, strings.TrimSpace(test.wantStdout), strings.TrimSpace(stdout.String()), cmp.Diff(test.wantStdout, stdout.String()))
Add -c/--config flag Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-08 17:06:44 +00:00
}
})
}
}
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
func Test_getAggregatedAPIServerScheme(t *testing.T) {
// the standard group
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularLoginGV := schema.GroupVersion{
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Group: "login.concierge.pinniped.dev",
Version: "v1alpha1",
}
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularLoginGVInternal := schema.GroupVersion{
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Group: "login.concierge.pinniped.dev",
Version: runtime.APIVersionInternal,
}
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularIdentityGV := schema.GroupVersion{
Group: "identity.concierge.pinniped.dev",
Version: "v1alpha1",
}
regularIdentityGVInternal := schema.GroupVersion{
Group: "identity.concierge.pinniped.dev",
Version: runtime.APIVersionInternal,
}
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
// the canonical other group
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherLoginGV := schema.GroupVersion{
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Group: "login.concierge.walrus.tld",
Version: "v1alpha1",
}
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherLoginGVInternal := schema.GroupVersion{
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Group: "login.concierge.walrus.tld",
Version: runtime.APIVersionInternal,
}
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherIdentityGV := schema.GroupVersion{
Group: "identity.concierge.walrus.tld",
Version: "v1alpha1",
}
otherIdentityGVInternal := schema.GroupVersion{
Group: "identity.concierge.walrus.tld",
Version: runtime.APIVersionInternal,
}
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
// kube's core internal
internalGV := schema.GroupVersion{
Group: "",
Version: runtime.APIVersionInternal,
}
tests := []struct {
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
name string
apiGroupSuffix string
want map[schema.GroupVersionKind]reflect.Type
wantLoginGroupVersion schema.GroupVersion
wantIdentityGroupVersion schema.GroupVersion
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
}{
{
Use server scheme to handle credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 20:51:38 +00:00
name: "regular api group",
apiGroupSuffix: "pinniped.dev",
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
want: map[schema.GroupVersionKind]reflect.Type{
// all the types that are in the aggregated API group
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularLoginGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(),
regularLoginGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularLoginGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(),
regularLoginGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularIdentityGV.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequest{}).Elem(),
regularIdentityGV.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequestList{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
regularIdentityGVInternal.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityapi.WhoAmIRequest{}).Elem(),
regularIdentityGVInternal.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityapi.WhoAmIRequestList{}).Elem(),
regularLoginGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
regularLoginGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
regularLoginGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
regularLoginGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
regularLoginGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
regularLoginGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
regularLoginGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
regularLoginGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
regularIdentityGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
regularIdentityGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
regularIdentityGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
regularIdentityGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
regularIdentityGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
regularIdentityGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
regularIdentityGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
regularIdentityGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
regularLoginGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
regularIdentityGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
// the types below this line do not really matter to us because they are in the core group
internalGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
metav1.Unversioned.WithKind("APIGroup"): reflect.TypeOf(&metav1.APIGroup{}).Elem(),
metav1.Unversioned.WithKind("APIGroupList"): reflect.TypeOf(&metav1.APIGroupList{}).Elem(),
metav1.Unversioned.WithKind("APIResourceList"): reflect.TypeOf(&metav1.APIResourceList{}).Elem(),
metav1.Unversioned.WithKind("APIVersions"): reflect.TypeOf(&metav1.APIVersions{}).Elem(),
metav1.Unversioned.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
metav1.Unversioned.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
metav1.Unversioned.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
metav1.Unversioned.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
metav1.Unversioned.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
metav1.Unversioned.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
metav1.Unversioned.WithKind("Status"): reflect.TypeOf(&metav1.Status{}).Elem(),
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
},
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
wantLoginGroupVersion: regularLoginGV,
wantIdentityGroupVersion: regularIdentityGV,
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
},
{
Use server scheme to handle credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 20:51:38 +00:00
name: "other api group",
apiGroupSuffix: "walrus.tld",
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
want: map[schema.GroupVersionKind]reflect.Type{
// all the types that are in the aggregated API group
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherLoginGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(),
otherLoginGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(),
otherLoginGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(),
otherLoginGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(),
otherIdentityGV.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequest{}).Elem(),
otherIdentityGV.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequestList{}).Elem(),
otherIdentityGVInternal.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityapi.WhoAmIRequest{}).Elem(),
otherIdentityGVInternal.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityapi.WhoAmIRequestList{}).Elem(),
otherLoginGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
otherLoginGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
otherLoginGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
otherLoginGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
otherLoginGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
otherLoginGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
otherLoginGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
otherLoginGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherIdentityGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
otherIdentityGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
otherIdentityGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
otherIdentityGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
otherIdentityGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
otherIdentityGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
otherIdentityGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
otherIdentityGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherLoginGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
otherIdentityGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
// the types below this line do not really matter to us because they are in the core group
internalGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
metav1.Unversioned.WithKind("APIGroup"): reflect.TypeOf(&metav1.APIGroup{}).Elem(),
metav1.Unversioned.WithKind("APIGroupList"): reflect.TypeOf(&metav1.APIGroupList{}).Elem(),
metav1.Unversioned.WithKind("APIResourceList"): reflect.TypeOf(&metav1.APIResourceList{}).Elem(),
metav1.Unversioned.WithKind("APIVersions"): reflect.TypeOf(&metav1.APIVersions{}).Elem(),
metav1.Unversioned.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
metav1.Unversioned.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
metav1.Unversioned.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
metav1.Unversioned.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
metav1.Unversioned.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
metav1.Unversioned.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
metav1.Unversioned.WithKind("Status"): reflect.TypeOf(&metav1.Status{}).Elem(),
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
},
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
wantLoginGroupVersion: otherLoginGV,
wantIdentityGroupVersion: otherIdentityGV,
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
scheme, loginGV, identityGV := getAggregatedAPIServerScheme(tt.apiGroupSuffix)
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
require.Equal(t, tt.want, scheme.AllKnownTypes())
Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 18:21:10 +00:00
require.Equal(t, tt.wantLoginGroupVersion, loginGV)
require.Equal(t, tt.wantIdentityGroupVersion, identityGV)
Use server scheme to handle credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 20:51:38 +00:00
// make a credential request like a client would send
authenticationConciergeAPIGroup := "authentication.concierge." + tt.apiGroupSuffix
credentialRequest := &loginv1alpha1.TokenCredentialRequest{
Spec: loginv1alpha1.TokenCredentialRequestSpec{
Authenticator: corev1.TypedLocalObjectReference{
APIGroup: &authenticationConciergeAPIGroup,
},
},
}
// run defaulting on it
scheme.Default(credentialRequest)
// make sure the group is restored if needed
require.Equal(t, "authentication.concierge.pinniped.dev", *credentialRequest.Spec.Authenticator.APIGroup)
// make a credential request in the standard group
defaultAuthenticationConciergeAPIGroup := "authentication.concierge.pinniped.dev"
defaultCredentialRequest := &loginv1alpha1.TokenCredentialRequest{
Spec: loginv1alpha1.TokenCredentialRequestSpec{
Authenticator: corev1.TypedLocalObjectReference{
APIGroup: &defaultAuthenticationConciergeAPIGroup,
},
},
}
// run defaulting on it
scheme.Default(defaultCredentialRequest)
if tt.apiGroupSuffix == "pinniped.dev" { // when using the standard group, this should just work
require.Equal(t, "authentication.concierge.pinniped.dev", *defaultCredentialRequest.Spec.Authenticator.APIGroup)
} else { // when using any other group, this should always be a cache miss
require.True(t, strings.HasPrefix(*defaultCredentialRequest.Spec.Authenticator.APIGroup, "_INVALID_API_GROUP_2"))
}
Avoid double registering types in server scheme This makes sure that if our clients ever send types with the wrong group, the server will refuse to decode it. Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-03 14:21:36 +00:00
})
}
}
Reference in New Issue Copy Permalink