diff --git a/go.mod b/go.mod index ad383d1f..3e92f2af 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( k8s.io/klog/v2 v2.100.1 k8s.io/kube-aggregator v0.27.4 k8s.io/kube-openapi v0.0.0-20230718181711-3c0fae5ee9fd - k8s.io/utils v0.0.0-20230711102312-30195339c3c7 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/yaml v1.3.0 ) diff --git a/go.sum b/go.sum index 14bf9fbf..07407736 100644 --- a/go.sum +++ b/go.sum @@ -1044,8 +1044,8 @@ k8s.io/kube-aggregator v0.27.4 h1:WdK9iiBr32G8bWfpUEFVQl70RZO2dU19ZAktUXL5JFc= k8s.io/kube-aggregator v0.27.4/go.mod h1:+eG83gkAyh0uilQEAOgheeQW4hr+PkyV+5O1nLGsjlM= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc= -k8s.io/utils v0.0.0-20230711102312-30195339c3c7/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/internal/concierge/impersonator/impersonator_test.go b/internal/concierge/impersonator/impersonator_test.go index 5a8b8a10..e4480e61 100644 --- a/internal/concierge/impersonator/impersonator_test.go +++ b/internal/concierge/impersonator/impersonator_test.go @@ -43,7 +43,7 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd/api" featuregatetesting "k8s.io/component-base/featuregate/testing" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" "go.pinniped.dev/internal/certauthority" @@ -988,7 +988,7 @@ func TestImpersonator(t *testing.T) { &loginv1alpha1.TokenCredentialRequest{ Spec: loginv1alpha1.TokenCredentialRequestSpec{ Authenticator: corev1.TypedLocalObjectReference{ - APIGroup: pointer.String("anything.pinniped.dev"), + APIGroup: ptr.To("anything.pinniped.dev"), }, }, }, metav1.CreateOptions{}) diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index c0881a05..bcaf6cdd 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -11,7 +11,7 @@ import ( "os" "strings" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" "go.pinniped.dev/internal/constable" @@ -93,39 +93,39 @@ func FromPath(ctx context.Context, path string) (*Config, error) { func maybeSetAPIDefaults(apiConfig *APIConfigSpec) { if apiConfig.ServingCertificateConfig.DurationSeconds == nil { - apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64(aboutAYear) + apiConfig.ServingCertificateConfig.DurationSeconds = ptr.To[int64](aboutAYear) } if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil { - apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64(about9Months) + apiConfig.ServingCertificateConfig.RenewBeforeSeconds = ptr.To[int64](about9Months) } } func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix) + *apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix) } } func maybeSetAggregatedAPIServerPortDefaults(port **int64) { if *port == nil { - *port = pointer.Int64(aggregatedAPIServerPortDefault) + *port = ptr.To[int64](aggregatedAPIServerPortDefault) } } func maybeSetImpersonationProxyServerPortDefaults(port **int64) { if *port == nil { - *port = pointer.Int64(impersonationProxyPortDefault) + *port = ptr.To[int64](impersonationProxyPortDefault) } } func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) { if cfg.NamePrefix == nil { - cfg.NamePrefix = pointer.String("pinniped-kube-cert-agent-") + cfg.NamePrefix = ptr.To("pinniped-kube-cert-agent-") } if cfg.Image == nil { - cfg.Image = pointer.String("debian:latest") + cfg.Image = ptr.To("debian:latest") } } diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index 4e627321..fda72af8 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package concierge @@ -9,7 +9,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/plog" @@ -59,17 +59,17 @@ func TestFromPath(t *testing.T) { `), wantConfig: &Config{ DiscoveryInfo: DiscoveryInfoSpec{ - URL: pointer.String("https://some.discovery/url"), + URL: ptr.To("https://some.discovery/url"), }, APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ - DurationSeconds: pointer.Int64(3600), - RenewBeforeSeconds: pointer.Int64(2400), + DurationSeconds: ptr.To[int64](3600), + RenewBeforeSeconds: ptr.To[int64](2400), }, }, - APIGroupSuffix: pointer.String("some.suffix.com"), - AggregatedAPIServerPort: pointer.Int64(12345), - ImpersonationProxyServerPort: pointer.Int64(4242), + APIGroupSuffix: ptr.To("some.suffix.com"), + AggregatedAPIServerPort: ptr.To[int64](12345), + ImpersonationProxyServerPort: ptr.To[int64](4242), NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", @@ -86,8 +86,8 @@ func TestFromPath(t *testing.T) { "myLabelKey2": "myLabelValue2", }, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), - Image: pointer.String("kube-cert-agent-image"), + NamePrefix: ptr.To("kube-cert-agent-name-prefix-"), + Image: ptr.To("kube-cert-agent-image"), ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, }, LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), @@ -135,17 +135,17 @@ func TestFromPath(t *testing.T) { `), wantConfig: &Config{ DiscoveryInfo: DiscoveryInfoSpec{ - URL: pointer.String("https://some.discovery/url"), + URL: ptr.To("https://some.discovery/url"), }, APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ - DurationSeconds: pointer.Int64(3600), - RenewBeforeSeconds: pointer.Int64(2400), + DurationSeconds: ptr.To[int64](3600), + RenewBeforeSeconds: ptr.To[int64](2400), }, }, - APIGroupSuffix: pointer.String("some.suffix.com"), - AggregatedAPIServerPort: pointer.Int64(12345), - ImpersonationProxyServerPort: pointer.Int64(4242), + APIGroupSuffix: ptr.To("some.suffix.com"), + AggregatedAPIServerPort: ptr.To[int64](12345), + ImpersonationProxyServerPort: ptr.To[int64](4242), NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", @@ -162,8 +162,8 @@ func TestFromPath(t *testing.T) { "myLabelKey2": "myLabelValue2", }, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), - Image: pointer.String("kube-cert-agent-image"), + NamePrefix: ptr.To("kube-cert-agent-name-prefix-"), + Image: ptr.To("kube-cert-agent-image"), ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, }, Log: plog.LogSpec{ @@ -212,17 +212,17 @@ func TestFromPath(t *testing.T) { `), wantConfig: &Config{ DiscoveryInfo: DiscoveryInfoSpec{ - URL: pointer.String("https://some.discovery/url"), + URL: ptr.To("https://some.discovery/url"), }, APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ - DurationSeconds: pointer.Int64(3600), - RenewBeforeSeconds: pointer.Int64(2400), + DurationSeconds: ptr.To[int64](3600), + RenewBeforeSeconds: ptr.To[int64](2400), }, }, - APIGroupSuffix: pointer.String("some.suffix.com"), - AggregatedAPIServerPort: pointer.Int64(12345), - ImpersonationProxyServerPort: pointer.Int64(4242), + APIGroupSuffix: ptr.To("some.suffix.com"), + AggregatedAPIServerPort: ptr.To[int64](12345), + ImpersonationProxyServerPort: ptr.To[int64](4242), NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", @@ -239,8 +239,8 @@ func TestFromPath(t *testing.T) { "myLabelKey2": "myLabelValue2", }, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: pointer.String("kube-cert-agent-name-prefix-"), - Image: pointer.String("kube-cert-agent-image"), + NamePrefix: ptr.To("kube-cert-agent-name-prefix-"), + Image: ptr.To("kube-cert-agent-image"), ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, }, LogLevel: func(level plog.LogLevel) *plog.LogLevel { return &level }(plog.LevelDebug), @@ -289,13 +289,13 @@ func TestFromPath(t *testing.T) { DiscoveryInfo: DiscoveryInfoSpec{ URL: nil, }, - APIGroupSuffix: pointer.String("pinniped.dev"), - AggregatedAPIServerPort: pointer.Int64(10250), - ImpersonationProxyServerPort: pointer.Int64(8444), + APIGroupSuffix: ptr.To("pinniped.dev"), + AggregatedAPIServerPort: ptr.To[int64](10250), + ImpersonationProxyServerPort: ptr.To[int64](8444), APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ - DurationSeconds: pointer.Int64(60 * 60 * 24 * 365), // about a year - RenewBeforeSeconds: pointer.Int64(60 * 60 * 24 * 30 * 9), // about 9 months + DurationSeconds: ptr.To[int64](60 * 60 * 24 * 365), // about a year + RenewBeforeSeconds: ptr.To[int64](60 * 60 * 24 * 30 * 9), // about 9 months }, }, NamesConfig: NamesConfigSpec{ @@ -311,8 +311,8 @@ func TestFromPath(t *testing.T) { }, Labels: map[string]string{}, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: pointer.String("pinniped-kube-cert-agent-"), - Image: pointer.String("debian:latest"), + NamePrefix: ptr.To("pinniped-kube-cert-agent-"), + Image: ptr.To("debian:latest"), }, }, }, diff --git a/internal/config/supervisor/config.go b/internal/config/supervisor/config.go index de7af9c1..36be3fb5 100644 --- a/internal/config/supervisor/config.go +++ b/internal/config/supervisor/config.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package supervisor contains functionality to load/store Config's from/to @@ -12,7 +12,7 @@ import ( "os" "strings" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" "go.pinniped.dev/internal/constable" @@ -109,7 +109,7 @@ func maybeSetEndpointDefault(endpoint **Endpoint, defaultEndpoint Endpoint) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = pointer.String(groupsuffix.PinnipedDefaultSuffix) + *apiGroupSuffix = ptr.To(groupsuffix.PinnipedDefaultSuffix) } } @@ -119,7 +119,7 @@ func validateAPIGroupSuffix(apiGroupSuffix string) error { func maybeSetAggregatedAPIServerPortDefaults(port **int64) { if *port == nil { - *port = pointer.Int64(aggregatedAPIServerPortDefault) + *port = ptr.To[int64](aggregatedAPIServerPortDefault) } } diff --git a/internal/config/supervisor/config_test.go b/internal/config/supervisor/config_test.go index 08a78990..a90f662d 100644 --- a/internal/config/supervisor/config_test.go +++ b/internal/config/supervisor/config_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package supervisor @@ -10,7 +10,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/plog" @@ -45,7 +45,7 @@ func TestFromPath(t *testing.T) { aggregatedAPIServerPort: 12345 `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("some.suffix.com"), + APIGroupSuffix: ptr.To("some.suffix.com"), Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", @@ -68,7 +68,7 @@ func TestFromPath(t *testing.T) { Log: plog.LogSpec{ Level: plog.LevelTrace, }, - AggregatedAPIServerPort: pointer.Int64(12345), + AggregatedAPIServerPort: ptr.To[int64](12345), }, }, { @@ -95,7 +95,7 @@ func TestFromPath(t *testing.T) { aggregatedAPIServerPort: 12345 `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("some.suffix.com"), + APIGroupSuffix: ptr.To("some.suffix.com"), Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", @@ -118,7 +118,7 @@ func TestFromPath(t *testing.T) { Level: plog.LevelInfo, Format: plog.FormatText, }, - AggregatedAPIServerPort: pointer.Int64(12345), + AggregatedAPIServerPort: ptr.To[int64](12345), }, }, { @@ -145,7 +145,7 @@ func TestFromPath(t *testing.T) { format: text `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("some.suffix.com"), + APIGroupSuffix: ptr.To("some.suffix.com"), Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", @@ -169,7 +169,7 @@ func TestFromPath(t *testing.T) { Level: plog.LevelTrace, Format: plog.FormatText, }, - AggregatedAPIServerPort: pointer.Int64(10250), + AggregatedAPIServerPort: ptr.To[int64](10250), }, }, { @@ -192,7 +192,7 @@ func TestFromPath(t *testing.T) { defaultTLSCertificateSecret: my-secret-name `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("pinniped.dev"), + APIGroupSuffix: ptr.To("pinniped.dev"), Labels: map[string]string{}, NamesConfig: NamesConfigSpec{ DefaultTLSCertificateSecret: "my-secret-name", @@ -207,7 +207,7 @@ func TestFromPath(t *testing.T) { }, }, AllowExternalHTTP: false, - AggregatedAPIServerPort: pointer.Int64(10250), + AggregatedAPIServerPort: ptr.To[int64](10250), }, }, { @@ -322,7 +322,7 @@ func TestFromPath(t *testing.T) { insecureAcceptExternalUnencryptedHttpRequests: true `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("pinniped.dev"), + APIGroupSuffix: ptr.To("pinniped.dev"), Labels: map[string]string{}, NamesConfig: NamesConfigSpec{ DefaultTLSCertificateSecret: "my-secret-name", @@ -338,7 +338,7 @@ func TestFromPath(t *testing.T) { }, }, AllowExternalHTTP: true, - AggregatedAPIServerPort: pointer.Int64(10250), + AggregatedAPIServerPort: ptr.To[int64](10250), }, }, { @@ -354,7 +354,7 @@ func TestFromPath(t *testing.T) { insecureAcceptExternalUnencryptedHttpRequests: "true" `), wantConfig: &Config{ - APIGroupSuffix: pointer.String("pinniped.dev"), + APIGroupSuffix: ptr.To("pinniped.dev"), Labels: map[string]string{}, NamesConfig: NamesConfigSpec{ DefaultTLSCertificateSecret: "my-secret-name", @@ -370,7 +370,7 @@ func TestFromPath(t *testing.T) { }, }, AllowExternalHTTP: true, - AggregatedAPIServerPort: pointer.Int64(10250), + AggregatedAPIServerPort: ptr.To[int64](10250), }, }, { diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index 61fba4e7..30faa3b5 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -29,7 +29,7 @@ import ( "k8s.io/client-go/tools/clientcmd" "k8s.io/klog/v2" "k8s.io/utils/clock" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" configv1alpha1informers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/config/v1alpha1" @@ -521,14 +521,14 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) * Labels: c.cfg.Labels, }, Spec: appsv1.DeploymentSpec{ - Replicas: pointer.Int32(1), + Replicas: ptr.To[int32](1), Selector: metav1.SetAsLabelSelector(c.cfg.agentPodSelectorLabels()), Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: c.cfg.agentPodLabels(), }, Spec: corev1.PodSpec{ - TerminationGracePeriodSeconds: pointer.Int64(0), + TerminationGracePeriodSeconds: ptr.To[int64](0), ImagePullSecrets: imagePullSecrets, Containers: []corev1.Container{ { @@ -557,15 +557,15 @@ func (c *agentController) newAgentDeployment(controllerManagerPod *corev1.Pod) * Volumes: controllerManagerPod.Spec.Volumes, RestartPolicy: corev1.RestartPolicyAlways, NodeSelector: controllerManagerPod.Spec.NodeSelector, - AutomountServiceAccountToken: pointer.Bool(false), + AutomountServiceAccountToken: ptr.To(false), ServiceAccountName: c.cfg.ServiceAccountName, NodeName: controllerManagerPod.Spec.NodeName, Tolerations: controllerManagerPod.Spec.Tolerations, // We need to run the agent pod as root since the file permissions // on the cluster keypair usually restricts access to only root. SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(0), - RunAsGroup: pointer.Int64(0), + RunAsUser: ptr.To[int64](0), + RunAsGroup: ptr.To[int64](0), }, HostNetwork: controllerManagerPod.Spec.HostNetwork, }, diff --git a/internal/controller/kubecertagent/kubecertagent_test.go b/internal/controller/kubecertagent/kubecertagent_test.go index 66250c46..4ef713da 100644 --- a/internal/controller/kubecertagent/kubecertagent_test.go +++ b/internal/controller/kubecertagent/kubecertagent_test.go @@ -27,7 +27,7 @@ import ( kubefake "k8s.io/client-go/kubernetes/fake" coretesting "k8s.io/client-go/testing" clocktesting "k8s.io/utils/clock/testing" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" conciergefake "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake" @@ -95,7 +95,7 @@ func TestAgentController(t *testing.T) { Labels: map[string]string{"extralabel": "labelvalue", "app": "anything"}, }, Spec: appsv1.DeploymentSpec{ - Replicas: pointer.Int32(1), + Replicas: ptr.To[int32](1), Selector: metav1.SetAsLabelSelector(map[string]string{ "kube-cert-agent.pinniped.dev": "v3", }), @@ -133,12 +133,12 @@ func TestAgentController(t *testing.T) { ImagePullPolicy: corev1.PullIfNotPresent, }}, RestartPolicy: corev1.RestartPolicyAlways, - TerminationGracePeriodSeconds: pointer.Int64(0), + TerminationGracePeriodSeconds: ptr.To[int64](0), ServiceAccountName: "test-service-account-name", - AutomountServiceAccountToken: pointer.Bool(false), + AutomountServiceAccountToken: ptr.To(false), SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(0), - RunAsGroup: pointer.Int64(0), + RunAsUser: ptr.To[int64](0), + RunAsGroup: ptr.To[int64](0), }, ImagePullSecrets: []corev1.LocalObjectReference{{ Name: "pinniped-image-pull-secret", @@ -992,7 +992,7 @@ func TestAgentController(t *testing.T) { healthyAgentPod, validClusterInfoConfigMap, }, - discoveryURLOverride: pointer.String("https://overridden-server.example.com/some/path"), + discoveryURLOverride: ptr.To("https://overridden-server.example.com/some/path"), mocks: mockExecSucceeds, wantDistinctErrors: []string{""}, wantAgentDeployment: healthyAgentDeployment, diff --git a/internal/leaderelection/leaderelection_test.go b/internal/leaderelection/leaderelection_test.go index 088ff2b4..33a69ec7 100644 --- a/internal/leaderelection/leaderelection_test.go +++ b/internal/leaderelection/leaderelection_test.go @@ -16,7 +16,7 @@ import ( kubefake "k8s.io/client-go/kubernetes/fake" kubetesting "k8s.io/client-go/testing" "k8s.io/client-go/tools/leaderelection" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // see test/integration/leaderelection_test.go for the bulk of the testing related to this code @@ -31,7 +31,7 @@ func Test_releaseLock_Update(t *testing.T) { f: func(t *testing.T, internalClient *kubefake.Clientset, isLeader *isLeaderTracker, cancel context.CancelFunc) { internalClient.PrependReactor("update", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { lease := action.(kubetesting.UpdateAction).GetObject().(*coordinationv1.Lease) - if len(pointer.StringDeref(lease.Spec.HolderIdentity, "")) == 0 { + if len(ptr.Deref(lease.Spec.HolderIdentity, "")) == 0 { require.False(t, isLeader.canWrite(), "client must release in-memory leader status before Kube API call") } return true, nil, errors.New("cannot renew") diff --git a/internal/oidc/auth/auth_handler_test.go b/internal/oidc/auth/auth_handler_test.go index 577bb59d..d2c8e262 100644 --- a/internal/oidc/auth/auth_handler_test.go +++ b/internal/oidc/auth/auth_handler_test.go @@ -25,7 +25,7 @@ import ( "k8s.io/apiserver/pkg/authentication/user" "k8s.io/client-go/kubernetes/fake" v1 "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake" "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/typed/config/v1alpha1" @@ -695,8 +695,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -725,8 +725,8 @@ func TestAuthorizationEndpoint(t *testing.T) { Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -756,8 +756,8 @@ func TestAuthorizationEndpoint(t *testing.T) { Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -779,8 +779,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -800,8 +800,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -991,8 +991,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: "/some/path", contentType: formContentType, body: encodeQuery(happyGetRequestQueryMap), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -1015,8 +1015,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: "/some/path", contentType: formContentType, body: encodeQuery(happyGetRequestQueryMap), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -1038,8 +1038,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: "/some/path", contentType: formContentType, body: encodeQuery(happyGetRequestQueryMap), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -1194,8 +1194,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client }), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -1218,8 +1218,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client }), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid\+username\+groups&state=` + happyState, @@ -1258,8 +1258,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -1280,8 +1280,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(1*time.Hour))).WithUserInfoURL().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -1313,8 +1313,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithUserInfoURL().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -1335,8 +1335,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusBadGateway, wantContentType: htmlContentType, wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", @@ -1346,8 +1346,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&erroringUpstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusBadGateway, wantContentType: htmlContentType, wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", @@ -1362,8 +1362,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String("wrong-password"), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To("wrong-password"), wantPasswordGrantCall: &expectedPasswordGrant{ performedByUpstreamName: oidcPasswordGrantUpstreamName, args: &oidctestutil.PasswordCredentialsGrantAndValidateTokensArgs{ @@ -1380,8 +1380,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String("wrong-password"), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To("wrong-password"), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -1392,8 +1392,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String("wrong-password"), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To("wrong-password"), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -1404,8 +1404,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String("wrong-username"), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To("wrong-username"), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -1416,8 +1416,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String("wrong-username"), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To("wrong-username"), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -1429,7 +1429,7 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, path: happyGetRequestPath, customUsernameHeader: nil, // do not send header - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), @@ -1441,7 +1441,7 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, path: happyGetRequestPath, customUsernameHeader: nil, // do not send header - customPasswordHeader: pointer.String(happyLDAPPassword), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), @@ -1453,7 +1453,7 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, path: happyGetRequestPath, customUsernameHeader: nil, // do not send header - customPasswordHeader: pointer.String(happyLDAPPassword), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), @@ -1464,7 +1464,7 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), + customUsernameHeader: ptr.To(happyLDAPUsername), customPasswordHeader: nil, // do not send header wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1476,7 +1476,7 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(happyLDAPUsername), + customUsernameHeader: ptr.To(happyLDAPUsername), customPasswordHeader: nil, // do not send header wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1488,8 +1488,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1501,8 +1501,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithAccessToken(oidcUpstreamAccessToken, metav1.NewTime(time.Now().Add(9*time.Hour))).WithoutUserInfoURL().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1514,8 +1514,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithEmptyAccessToken().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1527,8 +1527,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithoutAccessToken().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1540,8 +1540,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithoutRefreshToken().WithEmptyAccessToken().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1553,8 +1553,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().WithEmptyRefreshToken().WithoutAccessToken().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1566,7 +1566,7 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), + customUsernameHeader: ptr.To(oidcUpstreamUsername), customPasswordHeader: nil, // do not send header wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -1578,8 +1578,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(upstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithPasswordGrantDisallowedHintErrorQuery), @@ -1591,8 +1591,8 @@ func TestAuthorizationEndpoint(t *testing.T) { kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), @@ -1604,8 +1604,8 @@ func TestAuthorizationEndpoint(t *testing.T) { kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), @@ -1617,8 +1617,8 @@ func TestAuthorizationEndpoint(t *testing.T) { kubeResources: addFullyCapableDynamicClientAndSecretToKubeResources, method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"client_id": dynamicClientID, "scope": testutil.AllDynamicClientScopesSpaceSep}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithUsernamePasswordHeadersDisallowedHintErrorQuery), @@ -1666,8 +1666,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", }), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusBadRequest, wantContentType: jsonContentType, wantBodyJSON: fositeInvalidRedirectURIErrorBody, @@ -1679,8 +1679,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", }), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusBadRequest, wantContentType: jsonContentType, wantBodyJSON: fositeInvalidRedirectURIErrorBody, @@ -1692,8 +1692,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", }), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusBadRequest, wantContentType: jsonContentType, wantBodyJSON: fositeInvalidRedirectURIErrorBody, @@ -1717,8 +1717,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"client_id": "invalid-client"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusUnauthorized, wantContentType: jsonContentType, wantBodyJSON: fositeInvalidClientErrorBody, @@ -1781,8 +1781,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), @@ -1793,8 +1793,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), @@ -1830,8 +1830,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": "unsupported"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeUnsupportedResponseTypeErrorQuery), @@ -1898,8 +1898,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid profile email tuna"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), @@ -1939,8 +1939,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), @@ -1951,8 +1951,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), @@ -1994,8 +1994,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), @@ -2006,8 +2006,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), @@ -2039,8 +2039,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithActiveDirectory(&upstreamActiveDirectoryIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"response_type": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingResponseTypeErrorQuery), @@ -2086,8 +2086,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"client_id": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusUnauthorized, wantContentType: jsonContentType, wantBodyJSON: fositeInvalidClientErrorBody, @@ -2137,8 +2137,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2151,8 +2151,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery), @@ -2195,8 +2195,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2209,8 +2209,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery), @@ -2253,8 +2253,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2267,8 +2267,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), @@ -2311,8 +2311,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2325,8 +2325,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), @@ -2375,8 +2375,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2391,8 +2391,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery), @@ -2446,8 +2446,8 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, // The following prompt value is illegal when openid is requested, but note that openid is not requested. path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2469,8 +2469,8 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, // The following prompt value is illegal when openid is requested, but note that openid is not requested. path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=username\+groups&state=` + happyState, // username and groups scopes were not requested, but are granted anyway for backwards compatibility @@ -2492,8 +2492,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2518,8 +2518,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2545,8 +2545,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2573,8 +2573,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2600,8 +2600,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2618,8 +2618,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2633,8 +2633,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2658,8 +2658,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2683,8 +2683,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2707,8 +2707,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2722,8 +2722,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: htmlContentType, @@ -2746,8 +2746,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2761,8 +2761,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2776,8 +2776,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2791,8 +2791,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2806,8 +2806,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2821,8 +2821,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2836,8 +2836,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2851,8 +2851,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2866,8 +2866,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2881,8 +2881,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2896,8 +2896,8 @@ func TestAuthorizationEndpoint(t *testing.T) { ), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantPasswordGrantCall: happyUpstreamPasswordGrantMockExpectation, wantStatus: http.StatusFound, wantContentType: jsonContentType, @@ -2940,8 +2940,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithOIDC(passwordGrantUpstreamOIDCIdentityProviderBuilder().Build()), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), - customUsernameHeader: pointer.String(oidcUpstreamUsername), - customPasswordHeader: pointer.String(oidcUpstreamPassword), + customUsernameHeader: ptr.To(oidcUpstreamUsername), + customPasswordHeader: ptr.To(oidcUpstreamPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), @@ -2952,8 +2952,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idps: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), - customUsernameHeader: pointer.String(happyLDAPUsername), - customPasswordHeader: pointer.String(happyLDAPPassword), + customUsernameHeader: ptr.To(happyLDAPUsername), + customPasswordHeader: ptr.To(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: jsonContentType, wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), diff --git a/internal/registry/credentialrequest/rest_test.go b/internal/registry/credentialrequest/rest_test.go index 8b60e182..3ad72844 100644 --- a/internal/registry/credentialrequest/rest_test.go +++ b/internal/registry/credentialrequest/rest_test.go @@ -22,7 +22,7 @@ import ( genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/klog/v2" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" loginapi "go.pinniped.dev/generated/latest/apis/concierge/login" "go.pinniped.dev/internal/issuer" @@ -387,7 +387,7 @@ func requireSuccessfulResponseWithAuthenticationFailureMessage(t *testing.T, err require.Equal(t, response, &loginapi.TokenCredentialRequest{ Status: loginapi.TokenCredentialRequestStatus{ Credential: nil, - Message: pointer.String("authentication failed"), + Message: ptr.To("authentication failed"), }, }) } diff --git a/test/integration/concierge_credentialrequest_test.go b/test/integration/concierge_credentialrequest_test.go index 20a118dc..d0eca9a9 100644 --- a/test/integration/concierge_credentialrequest_test.go +++ b/test/integration/concierge_credentialrequest_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -15,7 +15,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" @@ -151,7 +151,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic require.Empty(t, response.Spec) require.Nil(t, response.Status.Credential) - require.Equal(t, pointer.String("authentication failed"), response.Status.Message) + require.Equal(t, ptr.To("authentication failed"), response.Status.Message) } // TCRs are non-mutating and safe to run in parallel with serial tests, see main_test.go. diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index e59fcac7..f1d2c1d1 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -59,7 +59,7 @@ import ( "k8s.io/client-go/util/certificate/csr" "k8s.io/client-go/util/keyutil" "k8s.io/client-go/util/retry" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" @@ -1370,7 +1370,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl tkr, err := impersonationProxyAnonymousClient.PinnipedConcierge.LoginV1alpha1().TokenCredentialRequests(). Create(ctx, &loginv1alpha1.TokenCredentialRequest{ Spec: loginv1alpha1.TokenCredentialRequestSpec{ - Authenticator: corev1.TypedLocalObjectReference{APIGroup: pointer.String("anything.pinniped.dev")}, + Authenticator: corev1.TypedLocalObjectReference{APIGroup: ptr.To("anything.pinniped.dev")}, }, }, metav1.CreateOptions{}) require.True(t, k8serrors.IsInvalid(err), testlib.Sdump(err)) diff --git a/test/integration/concierge_kubecertagent_test.go b/test/integration/concierge_kubecertagent_test.go index d97c5d3d..5afc51ba 100644 --- a/test/integration/concierge_kubecertagent_test.go +++ b/test/integration/concierge_kubecertagent_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -14,7 +14,7 @@ import ( k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" conciergev1alpha "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" "go.pinniped.dev/test/testlib" @@ -132,7 +132,7 @@ func TestLegacyPodCleaner_Parallel(t *testing.T) { t.Cleanup(func() { ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) defer cancel() - err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)}) + err := kubeClient.CoreV1().Pods(pod.Namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{GracePeriodSeconds: ptr.To[int64](0)}) if !k8serrors.IsNotFound(err) { require.NoError(t, err, "failed to clean up fake legacy agent pod") } diff --git a/test/integration/leaderelection_test.go b/test/integration/leaderelection_test.go index 4148c0fa..66d15d3b 100644 --- a/test/integration/leaderelection_test.go +++ b/test/integration/leaderelection_test.go @@ -19,7 +19,7 @@ import ( "k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/util/retry" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "go.pinniped.dev/internal/downward" "go.pinniped.dev/internal/kubeclient" @@ -205,7 +205,7 @@ func waitForIdentity(ctx context.Context, t *testing.T, namespace *corev1.Namesp } out = lease t.Logf("lease %s/%s - current leader identity: %s, valid leader identities: %s", - namespace.Name, leaseName, pointer.StringDeref(lease.Spec.HolderIdentity, ""), identities.List()) + namespace.Name, leaseName, ptr.Deref(lease.Spec.HolderIdentity, ""), identities.List()) return lease.Spec.HolderIdentity != nil && identities.Has(*lease.Spec.HolderIdentity), nil }, 10*time.Minute, 10*time.Second) @@ -276,7 +276,7 @@ func forceTransition(ctx context.Context, t *testing.T, namespace *corev1.Namesp startTime = *startLease.Spec.AcquireTime startLease = startLease.DeepCopy() - startLease.Spec.HolderIdentity = pointer.String("some-other-client-" + rand.String(5)) + startLease.Spec.HolderIdentity = ptr.To("some-other-client-" + rand.String(5)) _, err := pickCurrentLeaderClient(ctx, t, namespace, leaseName, clients). Kubernetes.CoordinationV1().Leases(namespace.Name).Update(ctx, startLease, metav1.UpdateOptions{}) diff --git a/test/testlib/client.go b/test/testlib/client.go index 2f3a8bbc..06756ce1 100644 --- a/test/testlib/client.go +++ b/test/testlib/client.go @@ -25,7 +25,7 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" @@ -614,8 +614,8 @@ func RestrictiveSecurityContext() *corev1.SecurityContext { Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - RunAsNonRoot: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsNonRoot: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, } }