djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test/library: use client-go anonymous rest config helper

Browse Source 
I saw this helper function the other day and wondered if we could use it.
It does indeed look like it does what we want, because when I run this code,
I get `...User "system:anonymous" cannot get resource...`.

  c := library.NewAnonymousPinnipedClientset(t)
  _, err := c.
    ConfigV1alpha1().
    CredentialIssuerConfigs("integration").
    Get(context.Background(), "pinniped-config", metav1.GetOptions{})
  t.Log(err)

I also ran a similar test using this new helper in the context of
library.NewClientsetWithCertAndKey(). Seemed to get us what we want.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-09-28 08:57:47 -04:00
parent efe420b737
commit 38e26d7a49
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
1 changed files with 1 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
test/library/client.go
View File

@ -16,7 +16,6 @@ import (
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1"
@ -98,38 +97,10 @@ func newClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interf
} }
// Returns a rest.Config without any user authentication info. // Returns a rest.Config without any user authentication info.
// Ensures that we are not accidentally picking up any authentication info from the kube config file.
// E.g. If your kube config were pointing at an Azure cluster, it would have both certs and a token,
// and we don't want our tests to accidentally pick up that token.
func newAnonymousClientRestConfig(t *testing.T) *rest.Config { func newAnonymousClientRestConfig(t *testing.T) *rest.Config {
t.Helper() t.Helper()
realConfig := NewClientConfig(t) return rest.AnonymousClientConfig(NewClientConfig(t))
out, err := ioutil.TempFile("", "pinniped-anonymous-kubeconfig-test-*")
require.NoError(t, err)
defer os.Remove(out.Name())
anonConfig := clientcmdapi.NewConfig()
anonConfig.Clusters["anonymous-cluster"] = &clientcmdapi.Cluster{
Server: realConfig.Host,
CertificateAuthorityData: realConfig.CAData,
}
anonConfig.Contexts["anonymous"] = &clientcmdapi.Context{
Cluster: "anonymous-cluster",
}
anonConfig.CurrentContext = "anonymous"
data, err := clientcmd.Write(*anonConfig)
require.NoError(t, err)
_, err = out.Write(data)
require.NoError(t, err)
restConfig, err := clientcmd.BuildConfigFromFlags("", out.Name())
require.NoError(t, err)
return restConfig
} }
// Starting with an anonymous client config, add a cert and key to use for authentication in the API server. // Starting with an anonymous client config, add a cert and key to use for authentication in the API server.