ContainerImage.Pinniped/internal/controller/authenticator/cachecleaner/cachecleaner_test.go

// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package cachecleaner

import (
	"context"
	"testing"

	"github.com/golang/mock/gomock"
	"github.com/stretchr/testify/require"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/runtime"

	authv1alpha "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
	pinnipedfake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake"
	pinnipedinformers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions"
	"go.pinniped.dev/internal/controller/authenticator/authncache"
	"go.pinniped.dev/internal/controllerlib"
	"go.pinniped.dev/internal/mocks/mocktokenauthenticatorcloser"
	"go.pinniped.dev/internal/testutil/testlogger"
)

func TestController(t *testing.T) {
	t.Parallel()

	testWebhookKey1 := authncache.Key{
		APIGroup: "authentication.concierge.pinniped.dev",
		Kind:     "WebhookAuthenticator",
		Name:     "test-webhook-name-one",
	}
	testWebhookKey2 := authncache.Key{
		APIGroup: "authentication.concierge.pinniped.dev",
		Kind:     "WebhookAuthenticator",
		Name:     "test-webhook-name-two",
	}
	testJWTAuthenticatorKey1 := authncache.Key{
		APIGroup: "authentication.concierge.pinniped.dev",
		Kind:     "JWTAuthenticator",
		Name:     "test-jwt-authenticator-name-one",
	}
	testJWTAuthenticatorKey2 := authncache.Key{
		APIGroup: "authentication.concierge.pinniped.dev",
		Kind:     "JWTAuthenticator",
		Name:     "test-jwt-authenticator-name-two",
	}
	testKeyUnknownType := authncache.Key{
		APIGroup: "authentication.concierge.pinniped.dev",
		Kind:     "SomeOtherAuthenticator",
		Name:     "test-name-one",
	}

	tests := []struct {
		name          string
		objects       []runtime.Object
		initialCache  func(t *testing.T, cache *authncache.Cache)
		wantErr       string
		wantLogs      []string
		wantCacheKeys []authncache.Key
	}{
		{
			name: "no change",
			initialCache: func(t *testing.T, cache *authncache.Cache) {
				cache.Store(testWebhookKey1, nil)
				cache.Store(testJWTAuthenticatorKey1, nil)
			},
			objects: []runtime.Object{
				&authv1alpha.WebhookAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testWebhookKey1.Name,
					},
				},
				&authv1alpha.JWTAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testJWTAuthenticatorKey1.Name,
					},
				},
			},
			wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1},
		},
		{
			name: "authenticators not yet added",
			objects: []runtime.Object{
				&authv1alpha.WebhookAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testWebhookKey1.Name,
					},
				},
				&authv1alpha.WebhookAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testWebhookKey2.Name,
					},
				},
				&authv1alpha.JWTAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testJWTAuthenticatorKey1.Name,
					},
				},
				&authv1alpha.JWTAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testJWTAuthenticatorKey2.Name,
					},
				},
			},
			wantCacheKeys: []authncache.Key{},
		},
		{
			name: "successful cleanup",
			initialCache: func(t *testing.T, cache *authncache.Cache) {
				cache.Store(testWebhookKey1, nil)
				cache.Store(testWebhookKey2, nil)
				cache.Store(testJWTAuthenticatorKey1, newClosableCacheValue(t, 0))
				cache.Store(testJWTAuthenticatorKey2, newClosableCacheValue(t, 1))
				cache.Store(testKeyUnknownType, nil)
			},
			objects: []runtime.Object{
				&authv1alpha.WebhookAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testWebhookKey1.Name,
					},
				},
				&authv1alpha.JWTAuthenticator{
					ObjectMeta: metav1.ObjectMeta{
						Name: testJWTAuthenticatorKey1.Name,
					},
				},
			},
			wantLogs: []string{
				`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`,
				`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`,
			},
			wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType},
		},
	}
	for _, tt := range tests {
		tt := tt
		t.Run(tt.name, func(t *testing.T) {
			// When we have t.Parallel() here, this test blocks pretty consistently...y tho?

			fakeClient := pinnipedfake.NewSimpleClientset(tt.objects...)
			informers := pinnipedinformers.NewSharedInformerFactory(fakeClient, 0)
			cache := authncache.New()
			if tt.initialCache != nil {
				tt.initialCache(t, cache)
			}
			testLog := testlogger.NewLegacy(t) //nolint:staticcheck  // old test with lots of log statements

			webhooks := informers.Authentication().V1alpha1().WebhookAuthenticators()
			jwtAuthenticators := informers.Authentication().V1alpha1().JWTAuthenticators()
			controller := New(cache, webhooks, jwtAuthenticators, testLog.Logger)

			ctx, cancel := context.WithCancel(context.Background())
			defer cancel()

			informers.Start(ctx.Done())
			informers.WaitForCacheSync(ctx.Done())
			controllerlib.TestRunSynchronously(t, controller)

			syncCtx := controllerlib.Context{
				Context: ctx,
				Key: controllerlib.Key{
					Name: "test-webhook-name-one",
				},
			}

			if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {
				require.EqualError(t, err, tt.wantErr)
			} else {
				require.NoError(t, err)
			}
			require.ElementsMatch(t, tt.wantLogs, testLog.Lines())
			require.ElementsMatch(t, tt.wantCacheKeys, cache.Keys())
		})
	}
}

func newClosableCacheValue(t *testing.T, wantCloses int) authncache.Value {
	ctrl := gomock.NewController(t)
	t.Cleanup(ctrl.Finish)
	tac := mocktokenauthenticatorcloser.NewMockTokenAuthenticatorCloser(ctrl)
	tac.EXPECT().Close().Times(wantCloses)
	return tac
}
Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 18:49:22 +00:00			`// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`// SPDX-License-Identifier: Apache-2.0`

			`package cachecleaner`

			`import (`
			`"context"`
			`"testing"`

Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`"github.com/golang/mock/gomock"`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`"github.com/stretchr/testify/require"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/runtime"`

Use new 'go.pinniped.dev/generated/latest' package. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-02-16 19:00:08 +00:00			`authv1alpha "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"`
			`pinnipedfake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake"`
			`pinnipedinformers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions"`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`"go.pinniped.dev/internal/controller/authenticator/authncache"`
			`"go.pinniped.dev/internal/controllerlib"`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`"go.pinniped.dev/internal/mocks/mocktokenauthenticatorcloser"`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`"go.pinniped.dev/internal/testutil/testlogger"`
			`)`

			`func TestController(t *testing.T) {`
			`t.Parallel()`

			`testWebhookKey1 := authncache.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`APIGroup: "authentication.concierge.pinniped.dev",`
			`Kind: "WebhookAuthenticator",`
			`Name: "test-webhook-name-one",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`
			`testWebhookKey2 := authncache.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`APIGroup: "authentication.concierge.pinniped.dev",`
			`Kind: "WebhookAuthenticator",`
			`Name: "test-webhook-name-two",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`
			`testJWTAuthenticatorKey1 := authncache.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`APIGroup: "authentication.concierge.pinniped.dev",`
			`Kind: "JWTAuthenticator",`
			`Name: "test-jwt-authenticator-name-one",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`
			`testJWTAuthenticatorKey2 := authncache.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`APIGroup: "authentication.concierge.pinniped.dev",`
			`Kind: "JWTAuthenticator",`
			`Name: "test-jwt-authenticator-name-two",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`
			`testKeyUnknownType := authncache.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`APIGroup: "authentication.concierge.pinniped.dev",`
			`Kind: "SomeOtherAuthenticator",`
			`Name: "test-name-one",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`

			`tests := []struct {`
			`name string`
			`objects []runtime.Object`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`initialCache func(t testing.T, cache authncache.Cache)`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`wantErr string`
			`wantLogs []string`
			`wantCacheKeys []authncache.Key`
			`}{`
			`{`
			`name: "no change",`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`initialCache: func(t testing.T, cache authncache.Cache) {`
			`cache.Store(testWebhookKey1, nil)`
			`cache.Store(testJWTAuthenticatorKey1, nil)`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`objects: []runtime.Object{`
			`&authv1alpha.WebhookAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testWebhookKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`&authv1alpha.JWTAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testJWTAuthenticatorKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`},`
			`wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1},`
			`},`
			`{`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`name: "authenticators not yet added",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`objects: []runtime.Object{`
			`&authv1alpha.WebhookAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testWebhookKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`&authv1alpha.WebhookAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testWebhookKey2.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`&authv1alpha.JWTAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testJWTAuthenticatorKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`&authv1alpha.JWTAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testJWTAuthenticatorKey2.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`},`
			`wantCacheKeys: []authncache.Key{},`
			`},`
			`{`
			`name: "successful cleanup",`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`initialCache: func(t testing.T, cache authncache.Cache) {`
			`cache.Store(testWebhookKey1, nil)`
			`cache.Store(testWebhookKey2, nil)`
			`cache.Store(testJWTAuthenticatorKey1, newClosableCacheValue(t, 0))`
			`cache.Store(testJWTAuthenticatorKey2, newClosableCacheValue(t, 1))`
			`cache.Store(testKeyUnknownType, nil)`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`objects: []runtime.Object{`
			`&authv1alpha.WebhookAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testWebhookKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`&authv1alpha.JWTAuthenticator{`
			`ObjectMeta: metav1.ObjectMeta{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: testJWTAuthenticatorKey1.Name,`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`},`
			`},`
			`wantLogs: []string{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-jwt-authenticator-name-two"} "kind"="JWTAuthenticator"`,
			`cachecleaner-controller "level"=0 "msg"="deleting authenticator from cache" "authenticator"={"name":"test-webhook-name-two"} "kind"="WebhookAuthenticator"`,
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`wantCacheKeys: []authncache.Key{testWebhookKey1, testJWTAuthenticatorKey1, testKeyUnknownType},`
			`},`
			`}`
			`for _, tt := range tests {`
			`tt := tt`
			`t.Run(tt.name, func(t *testing.T) {`
			`// When we have t.Parallel() here, this test blocks pretty consistently...y tho?`

			`fakeClient := pinnipedfake.NewSimpleClientset(tt.objects...)`
			`informers := pinnipedinformers.NewSharedInformerFactory(fakeClient, 0)`
Revert server side token credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 20:51:35 +00:00			`cache := authncache.New()`
Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`if tt.initialCache != nil {`
			`tt.initialCache(t, cache)`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`
Upgrade the linter and fix all new linter warnings Also fix some tests that were broken by bumping golang and dependencies in the previous commits. Note that in addition to changes made to satisfy the linter which do not impact the behavior of the code, this commit also adds ReadHeaderTimeout to all usages of http.Server to satisfy the linter (and because it seemed like a good suggestion). 2022-08-24 21:45:55 +00:00			`testLog := testlogger.NewLegacy(t) //nolint:staticcheck // old test with lots of log statements`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00
			`webhooks := informers.Authentication().V1alpha1().WebhookAuthenticators()`
			`jwtAuthenticators := informers.Authentication().V1alpha1().JWTAuthenticators()`
Update all deps to latest where possible, bump Kube deps to v0.23.1 Highlights from this dep bump: 1. Made a copy of the v0.4.0 github.com/go-logr/stdr implementation for use in tests. We must bump this dep as Kube code uses a newer version now. We would have to rewrite hundreds of test log assertions without this copy. 2. Use github.com/felixge/httpsnoop to undo the changes made by ory/fosite#636 for CLI based login flows. This is required for backwards compatibility with older versions of our CLI. A separate change after this will update the CLI to be more flexible (it is purposefully not part of this change to confirm that we did not break anything). For all browser login flows, we now redirect using http.StatusSeeOther instead of http.StatusFound. 3. Drop plog.RemoveKlogGlobalFlags as klog no longer mutates global process flags 4. Only bump github.com/ory/x to v0.0.297 instead of the latest v0.0.321 because v0.0.298+ pulls in a newer version of go.opentelemetry.io/otel/semconv which breaks k8s.io/apiserver. We should update k8s.io/apiserver to use the newer code. 5. Migrate all code from k8s.io/apimachinery/pkg/util/clock to k8s.io/utils/clock and k8s.io/utils/clock/testing 6. Delete testutil.NewDeleteOptionsRecorder and migrate to the new kubetesting.NewDeleteActionWithOptions 7. Updated ExpectedAuthorizeCodeSessionJSONFromFuzzing caused by fosite's new rotated_secrets OAuth client field. This new field is currently not relevant to us as we have no private clients. Signed-off-by: Monis Khan <mok@vmware.com> 2021-12-10 22:22:36 +00:00			`controller := New(cache, webhooks, jwtAuthenticators, testLog.Logger)`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00
All controller unit tests should not cancel context until test is over All controller unit tests were accidentally using a timeout context for the informers, instead of a cancel context which stays alive until each test is completely finished. There is no reason to risk unpredictable behavior of a timeout being reached during an individual test, even though with the previous 3 second timeout it could only be reached on a machine which is running orders of magnitude slower than usual, since each test usually runs in about 100-300 ms. Unfortunately, sometimes our CI workers might get that slow. This sparked a review of other usages of timeout contexts in other tests, and all of them were increased to a minimum value of 1 minute, under the rule of thumb that our tests will be more reliable on slow machines if they "pass fast and fail slow". 2021-03-05 01:25:43 +00:00			`ctx, cancel := context.WithCancel(context.Background())`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`defer cancel()`

			`informers.Start(ctx.Done())`
			`informers.WaitForCacheSync(ctx.Done())`
			`controllerlib.TestRunSynchronously(t, controller)`

			`syncCtx := controllerlib.Context{`
			`Context: ctx,`
			`Key: controllerlib.Key{`
authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com> 2021-02-09 23:16:22 +00:00			`Name: "test-webhook-name-one",`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`},`
			`}`

			`if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {`
			`require.EqualError(t, err, tt.wantErr)`
			`} else {`
			`require.NoError(t, err)`
			`}`
			`require.ElementsMatch(t, tt.wantLogs, testLog.Lines())`
			`require.ElementsMatch(t, tt.wantCacheKeys, cache.Keys())`
			`})`
			`}`
			`}`

Always close JWTAuthenticator underlying authenticator Otherwise we will leak goroutines. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 16:08:53 +00:00			`func newClosableCacheValue(t *testing.T, wantCloses int) authncache.Value {`
			`ctrl := gomock.NewController(t)`
			`t.Cleanup(ctrl.Finish)`
			`tac := mocktokenauthenticatorcloser.NewMockTokenAuthenticatorCloser(ctrl)`
			`tac.EXPECT().Close().Times(wantCloses)`
			`return tac`
Add JWTAuthenticator controller See https://github.com/vmware-tanzu/pinniped/issues/260 for UX bummer. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-12-08 01:39:51 +00:00			`}`