2021-02-03 14:21:36 +00:00
|
|
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
2020-09-16 14:19:51 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2020-07-08 17:06:44 +00:00
|
|
|
|
2020-07-27 20:32:14 +00:00
|
|
|
package server
|
2020-07-08 17:06:44 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
2020-07-13 19:30:16 +00:00
|
|
|
"context"
|
2021-02-03 14:21:36 +00:00
|
|
|
"reflect"
|
2020-07-16 19:24:30 +00:00
|
|
|
"strings"
|
2020-07-08 17:06:44 +00:00
|
|
|
"testing"
|
|
|
|
|
|
2020-07-23 15:05:21 +00:00
|
|
|
"github.com/google/go-cmp/cmp"
|
2020-07-16 19:24:30 +00:00
|
|
|
"github.com/spf13/cobra"
|
2020-07-13 19:30:16 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2021-02-03 14:21:36 +00:00
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
|
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
|
|
|
|
|
|
|
|
loginapi "go.pinniped.dev/generated/1.20/apis/concierge/login"
|
|
|
|
|
loginv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1"
|
2020-07-08 17:06:44 +00:00
|
|
|
)
|
|
|
|
|
|
2020-07-16 19:24:30 +00:00
|
|
|
const knownGoodUsage = `
|
2020-10-06 18:59:03 +00:00
|
|
|
pinniped-concierge provides a generic API for mapping an external
|
2020-07-16 19:24:30 +00:00
|
|
|
credential from somewhere to an internal credential to be used for
|
|
|
|
|
authenticating to the Kubernetes API.
|
|
|
|
|
|
|
|
|
|
Usage:
|
2020-10-06 18:59:03 +00:00
|
|
|
pinniped-concierge [flags]
|
2020-07-08 17:06:44 +00:00
|
|
|
|
|
|
|
|
Flags:
|
2020-11-10 13:48:42 +00:00
|
|
|
-c, --config string path to configuration file (default "pinniped.yaml")
|
|
|
|
|
--downward-api-path string path to Downward API volume mount (default "/etc/podinfo")
|
|
|
|
|
-h, --help help for pinniped-concierge
|
2020-07-08 17:06:44 +00:00
|
|
|
`
|
|
|
|
|
|
|
|
|
|
func TestCommand(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
2020-07-16 19:24:30 +00:00
|
|
|
name string
|
|
|
|
|
args []string
|
|
|
|
|
wantErr string
|
|
|
|
|
wantStdout string
|
2020-07-08 17:06:44 +00:00
|
|
|
}{
|
|
|
|
|
{
|
2020-07-16 19:24:30 +00:00
|
|
|
name: "NoArgsSucceeds",
|
|
|
|
|
args: []string{},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "Usage",
|
|
|
|
|
args: []string{"-h"},
|
|
|
|
|
wantStdout: knownGoodUsage,
|
2020-07-08 17:06:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
2020-07-16 19:24:30 +00:00
|
|
|
name: "OneArgFails",
|
|
|
|
|
args: []string{"tuna"},
|
2020-10-06 18:59:03 +00:00
|
|
|
wantErr: `unknown command "tuna" for "pinniped-concierge"`,
|
2020-07-08 17:06:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
2020-07-16 19:24:30 +00:00
|
|
|
name: "ShortConfigFlagSucceeds",
|
|
|
|
|
args: []string{"-c", "some/path/to/config.yaml"},
|
2020-07-08 17:06:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
2020-07-16 19:24:30 +00:00
|
|
|
name: "LongConfigFlagSucceeds",
|
|
|
|
|
args: []string{"--config", "some/path/to/config.yaml"},
|
2020-07-08 17:06:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "OneArgWithConfigFlagFails",
|
|
|
|
|
args: []string{
|
|
|
|
|
"--config", "some/path/to/config.yaml",
|
|
|
|
|
"tuna",
|
|
|
|
|
},
|
2020-10-06 18:59:03 +00:00
|
|
|
wantErr: `unknown command "tuna" for "pinniped-concierge"`,
|
2020-07-08 17:06:44 +00:00
|
|
|
},
|
|
|
|
|
}
|
2020-07-13 19:30:16 +00:00
|
|
|
for _, test := range tests {
|
|
|
|
|
test := test
|
2020-07-08 17:06:44 +00:00
|
|
|
t.Run(test.name, func(t *testing.T) {
|
|
|
|
|
stdout := bytes.NewBuffer([]byte{})
|
|
|
|
|
stderr := bytes.NewBuffer([]byte{})
|
|
|
|
|
|
2020-07-23 15:05:21 +00:00
|
|
|
a := New(context.Background(), test.args, stdout, stderr)
|
2020-07-16 19:24:30 +00:00
|
|
|
a.cmd.RunE = func(cmd *cobra.Command, args []string) error {
|
2020-07-13 19:30:16 +00:00
|
|
|
return nil
|
2020-07-08 17:06:44 +00:00
|
|
|
}
|
|
|
|
|
err := a.Run()
|
2020-07-16 19:24:30 +00:00
|
|
|
if test.wantErr != "" {
|
|
|
|
|
require.EqualError(t, err, test.wantErr)
|
2020-07-08 17:06:44 +00:00
|
|
|
} else {
|
2020-07-16 19:24:30 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
}
|
|
|
|
|
if test.wantStdout != "" {
|
2020-07-23 15:05:21 +00:00
|
|
|
require.Equal(t, strings.TrimSpace(test.wantStdout), strings.TrimSpace(stdout.String()), cmp.Diff(test.wantStdout, stdout.String()))
|
2020-07-08 17:06:44 +00:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-02-03 14:21:36 +00:00
|
|
|
|
|
|
|
|
func Test_getAggregatedAPIServerScheme(t *testing.T) {
|
|
|
|
|
// the standard group
|
|
|
|
|
regularGV := schema.GroupVersion{
|
|
|
|
|
Group: "login.concierge.pinniped.dev",
|
|
|
|
|
Version: "v1alpha1",
|
|
|
|
|
}
|
|
|
|
|
regularGVInternal := schema.GroupVersion{
|
|
|
|
|
Group: "login.concierge.pinniped.dev",
|
|
|
|
|
Version: runtime.APIVersionInternal,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// the canonical other group
|
|
|
|
|
otherGV := schema.GroupVersion{
|
|
|
|
|
Group: "login.concierge.walrus.tld",
|
|
|
|
|
Version: "v1alpha1",
|
|
|
|
|
}
|
|
|
|
|
otherGVInternal := schema.GroupVersion{
|
|
|
|
|
Group: "login.concierge.walrus.tld",
|
|
|
|
|
Version: runtime.APIVersionInternal,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// kube's core internal
|
|
|
|
|
internalGV := schema.GroupVersion{
|
|
|
|
|
Group: "",
|
|
|
|
|
Version: runtime.APIVersionInternal,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
apiGroup string
|
|
|
|
|
want map[schema.GroupVersionKind]reflect.Type
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "regular api group",
|
|
|
|
|
apiGroup: "login.concierge.pinniped.dev",
|
|
|
|
|
want: map[schema.GroupVersionKind]reflect.Type{
|
|
|
|
|
// all the types that are in the aggregated API group
|
|
|
|
|
|
|
|
|
|
regularGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(),
|
|
|
|
|
regularGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(),
|
|
|
|
|
|
|
|
|
|
regularGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(),
|
|
|
|
|
regularGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(),
|
|
|
|
|
|
|
|
|
|
regularGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
|
|
|
|
|
regularGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
regularGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
// the types below this line do not really matter to us because they are in the core group
|
|
|
|
|
|
|
|
|
|
internalGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
metav1.Unversioned.WithKind("APIGroup"): reflect.TypeOf(&metav1.APIGroup{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIGroupList"): reflect.TypeOf(&metav1.APIGroupList{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIResourceList"): reflect.TypeOf(&metav1.APIResourceList{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIVersions"): reflect.TypeOf(&metav1.APIVersions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("Status"): reflect.TypeOf(&metav1.Status{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "other api group",
|
|
|
|
|
apiGroup: "login.concierge.walrus.tld",
|
|
|
|
|
want: map[schema.GroupVersionKind]reflect.Type{
|
|
|
|
|
// all the types that are in the aggregated API group
|
|
|
|
|
|
|
|
|
|
otherGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(),
|
|
|
|
|
otherGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(),
|
|
|
|
|
|
|
|
|
|
otherGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(),
|
|
|
|
|
otherGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(),
|
|
|
|
|
|
|
|
|
|
otherGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
|
|
|
|
|
otherGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
otherGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
// the types below this line do not really matter to us because they are in the core group
|
|
|
|
|
|
|
|
|
|
internalGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(),
|
|
|
|
|
|
|
|
|
|
metav1.Unversioned.WithKind("APIGroup"): reflect.TypeOf(&metav1.APIGroup{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIGroupList"): reflect.TypeOf(&metav1.APIGroupList{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIResourceList"): reflect.TypeOf(&metav1.APIResourceList{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("APIVersions"): reflect.TypeOf(&metav1.APIVersions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("Status"): reflect.TypeOf(&metav1.Status{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
|
|
|
|
|
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
scheme := getAggregatedAPIServerScheme(tt.apiGroup)
|
|
|
|
|
require.Equal(t, tt.want, scheme.AllKnownTypes())
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
