Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy

2021-03-04 12:38:00 -06:00 · 2021-03-04 12:38:00 -06:00 · 1734280a19
parent 9a0f75980d f99c186c55
commit 1734280a19
5 changed files with 54 additions and 27 deletions
--- a/go.mod
+++ b/go.mod
@ -36,7 +36,7 @@ require (
 	k8s.io/client-go v0.20.4
 	k8s.io/component-base v0.20.4
 	k8s.io/gengo v0.0.0-20201113003025-83324d819ded
-	k8s.io/klog/v2 v2.5.0
+	k8s.io/klog/v2 v2.6.0
 	k8s.io/kube-aggregator v0.20.4
 	k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd
 	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
--- a/go.sum
+++ b/go.sum
@ -1528,8 +1528,8 @@ k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.5.0 h1:8mOnjf1RmUPW6KRqQCfYSZq/K20Unmp3IhuZUhxl8KI=
-k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
+k8s.io/klog/v2 v2.6.0 h1:c1wFxejFMBkp/VxCdc6kYdgrBkC2gzmcl6afuJAkJyU=
+k8s.io/klog/v2 v2.6.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
 k8s.io/kube-aggregator v0.20.4 h1:j/SUwPy1eO+ud3XOUGmH18gISPyerqhXOoNRZDbv3fs=
 k8s.io/kube-aggregator v0.20.4/go.mod h1:0ixQ9De7KXyHteXizS6nVtrnKqGa4kiuxl9rEBsNccw=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd h1:sOHNzJIkytDF6qadMNKhhDRpc6ODik8lVC6nOur7B2c=
--- a/internal/oidc/discovery/discovery_handler.go
+++ b/internal/oidc/discovery/discovery_handler.go
@ -5,6 +5,7 @@
 package discovery

 import (
+	"bytes"
 	"encoding/json"
 	"net/http"

@ -40,14 +41,6 @@ type Metadata struct {

 // NewHandler returns an http.Handler that serves an OIDC discovery endpoint.
 func NewHandler(issuerURL string) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-
-		if r.Method != http.MethodGet {
-			http.Error(w, `Method not allowed (try GET)`, http.StatusMethodNotAllowed)
-			return
-		}
-
 	oidcConfig := Metadata{
 		Issuer:                            issuerURL,
 		AuthorizationEndpoint:             issuerURL + oidc.AuthorizationEndpointPath,
@ -60,8 +53,26 @@ func NewHandler(issuerURL string) http.Handler {
 		ScopesSupported:                   []string{"openid", "offline"},
 		ClaimsSupported:                   []string{"groups"},
 	}
-		if err := json.NewEncoder(w).Encode(&oidcConfig); err != nil {
+
+	var b bytes.Buffer
+	encodeErr := json.NewEncoder(&b).Encode(&oidcConfig)
+	encodedMetadata := b.Bytes()
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodGet {
+			http.Error(w, `Method not allowed (try GET)`, http.StatusMethodNotAllowed)
+			return
+		}
+
+		if encodeErr != nil {
+			http.Error(w, encodeErr.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		if _, err := w.Write(encodedMetadata); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 }
--- a/test/integration/category_test.go
+++ b/test/integration/category_test.go
@ -7,6 +7,7 @@ import (
 	"bytes"
 	"os/exec"
 	"testing"
+	"time"

 	"github.com/stretchr/testify/require"

@ -20,13 +21,21 @@ func TestGetPinnipedCategory(t *testing.T) {
 	t.Run("category, no special params", func(t *testing.T) {
 		var stdOut, stdErr bytes.Buffer

+		var err error
+		require.Eventuallyf(t, func() bool {
 			cmd := exec.Command("kubectl", "get", "pinniped", "-A")
 			cmd.Stdout = &stdOut
 			cmd.Stderr = &stdErr
-		err := cmd.Run()
-		require.NoError(t, err, stdErr.String(), stdOut.String())
+			err = cmd.Run()
+			return err == nil
+		},
+			60*time.Second,
+			1*time.Second,
+			"never ran 'kubectl get pinniped -A' successfully:\n%s\n\n%s",
+			stdErr.String(),
+			stdOut.String(),
+		)
 		require.Empty(t, stdErr.String())
-
 		require.NotContains(t, stdOut.String(), "MethodNotAllowed")
 		require.Contains(t, stdOut.String(), dotSuffix)
 	})
--- a/test/integration/kubeclient_test.go
+++ b/test/integration/kubeclient_test.go
@ -5,6 +5,7 @@ package integration

 import (
 	"context"
+	"fmt"
 	"testing"
 	"time"

@ -74,15 +75,18 @@ func TestKubeClientOwnerRef(t *testing.T) {
 		UID:        parentSecret.UID,
 	}

+	snorlaxAPIGroup := fmt.Sprintf("%s.snorlax.dev", library.RandHex(t, 8))
 	parentAPIService, err := regularAggregationClient.ApiregistrationV1().APIServices().Create(
 		ctx,
 		&apiregistrationv1.APIService{
 			ObjectMeta: metav1.ObjectMeta{
-				Name: "v1.snorlax.dev",
+				Name:        "v1." + snorlaxAPIGroup,
+				Labels:      map[string]string{"pinniped.dev/test": ""},
+				Annotations: map[string]string{"pinniped.dev/testName": t.Name()},
 			},
 			Spec: apiregistrationv1.APIServiceSpec{
 				Version:              "v1",
-				Group:                "snorlax.dev",
+				Group:                snorlaxAPIGroup,
 				GroupPriorityMinimum: 10_000,
 				VersionPriority:      500,
 			},
@ -184,16 +188,19 @@ func TestKubeClientOwnerRef(t *testing.T) {
 	})

 	// cluster scoped API service should be owned by the other one we created above
+	pandasAPIGroup := fmt.Sprintf("%s.pandas.dev", library.RandHex(t, 8))
 	apiService, err := ownerRefClient.Aggregation.ApiregistrationV1().APIServices().Create(
 		ctx,
 		&apiregistrationv1.APIService{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:            "v1.pandas.dev",
+				Name:            "v1." + pandasAPIGroup,
 				OwnerReferences: nil, // no owner refs set
+				Labels:          map[string]string{"pinniped.dev/test": ""},
+				Annotations:     map[string]string{"pinniped.dev/testName": t.Name()},
 			},
 			Spec: apiregistrationv1.APIServiceSpec{
 				Version:              "v1",
-				Group:                "pandas.dev",
+				Group:                pandasAPIGroup,
 				GroupPriorityMinimum: 10_000,
 				VersionPriority:      500,
 			},