Add more logging to test-webhook's endpoint
- Also correct the webhook url setting in prepare-for-integration-tests.sh - Change the bcrypt count to 10, because 16 is way too slow on old laptops Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
parent
b506ac5823
commit
56be4a6761
@ -111,20 +111,24 @@ func (w *webhook) ServeHTTP(rsp http.ResponseWriter, req *http.Request) {
|
|||||||
defer req.Body.Close()
|
defer req.Body.Close()
|
||||||
|
|
||||||
if req.URL.Path != "/authenticate" {
|
if req.URL.Path != "/authenticate" {
|
||||||
|
klog.InfoS("received request path other than /authenticate", "path", req.URL.Path)
|
||||||
rsp.WriteHeader(http.StatusNotFound)
|
rsp.WriteHeader(http.StatusNotFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if req.Method != http.MethodPost {
|
if req.Method != http.MethodPost {
|
||||||
|
klog.InfoS("received request method other than post", "method", req.Method)
|
||||||
rsp.WriteHeader(http.StatusMethodNotAllowed)
|
rsp.WriteHeader(http.StatusMethodNotAllowed)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !contains(req.Header.Values("Content-Type"), "application/json") {
|
if !contains(req.Header.Values("Content-Type"), "application/json") {
|
||||||
|
klog.InfoS("wrong content type", "Content-Type", req.Header.Values("Content-Type"))
|
||||||
rsp.WriteHeader(http.StatusUnsupportedMediaType)
|
rsp.WriteHeader(http.StatusUnsupportedMediaType)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !contains(req.Header.Values("Accept"), "application/json") {
|
if !contains(req.Header.Values("Accept"), "application/json") {
|
||||||
|
klog.InfoS("wrong accept type", "Accept", req.Header.Values("Accept"))
|
||||||
rsp.WriteHeader(http.StatusUnsupportedMediaType)
|
rsp.WriteHeader(http.StatusUnsupportedMediaType)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -138,6 +142,7 @@ func (w *webhook) ServeHTTP(rsp http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
tokenSegments := strings.SplitN(body.Spec.Token, ":", 2)
|
tokenSegments := strings.SplitN(body.Spec.Token, ":", 2)
|
||||||
if len(tokenSegments) != 2 {
|
if len(tokenSegments) != 2 {
|
||||||
|
klog.InfoS("bad token format in request")
|
||||||
rsp.WriteHeader(http.StatusBadRequest)
|
rsp.WriteHeader(http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -153,6 +158,7 @@ func (w *webhook) ServeHTTP(rsp http.ResponseWriter, req *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if notFound {
|
if notFound {
|
||||||
|
klog.InfoS("user not found")
|
||||||
respondWithUnauthenticated(rsp)
|
respondWithUnauthenticated(rsp)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -162,6 +168,7 @@ func (w *webhook) ServeHTTP(rsp http.ResponseWriter, req *http.Request) {
|
|||||||
[]byte(password),
|
[]byte(password),
|
||||||
) == nil
|
) == nil
|
||||||
if !passwordMatches {
|
if !passwordMatches {
|
||||||
|
klog.InfoS("invalid password in request")
|
||||||
respondWithUnauthenticated(rsp)
|
respondWithUnauthenticated(rsp)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -179,6 +186,7 @@ func (w *webhook) ServeHTTP(rsp http.ResponseWriter, req *http.Request) {
|
|||||||
trimLeadingAndTrailingWhitespace(groups)
|
trimLeadingAndTrailingWhitespace(groups)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
klog.InfoS("successful authentication")
|
||||||
respondWithAuthenticated(rsp, secret.ObjectMeta.Name, string(secret.UID), groups)
|
respondWithAuthenticated(rsp, secret.ObjectMeta.Name, string(secret.UID), groups)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ who belongs to the groups `group1` and `group2`, use:
|
|||||||
kubectl create secret generic ryan \
|
kubectl create secret generic ryan \
|
||||||
--namespace test-webhook \
|
--namespace test-webhook \
|
||||||
--from-literal=groups=group1,group2 \
|
--from-literal=groups=group1,group2 \
|
||||||
--from-literal=passwordHash=$(htpasswd -nbBC 16 x password123 | sed -e "s/^x://")
|
--from-literal=passwordHash=$(htpasswd -nbBC 10 x password123 | sed -e "s/^x://")
|
||||||
```
|
```
|
||||||
|
|
||||||
### Get the `test-webhook` App's Auto-Generated Certificate Authority Bundle
|
### Get the `test-webhook` App's Auto-Generated Certificate Authority Bundle
|
||||||
|
@ -44,9 +44,9 @@ function log_note() {
|
|||||||
GREEN='\033[0;32m'
|
GREEN='\033[0;32m'
|
||||||
NC='\033[0m'
|
NC='\033[0m'
|
||||||
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
||||||
echo -e " ${GREEN}:)${NC} Note: $*"
|
echo -e "${GREEN}$*${NC}"
|
||||||
else
|
else
|
||||||
echo " :) Note: $*"
|
echo "$*"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -54,9 +54,9 @@ function log_warning() {
|
|||||||
YELLOW='\033[0;33m'
|
YELLOW='\033[0;33m'
|
||||||
NC='\033[0m'
|
NC='\033[0m'
|
||||||
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
||||||
echo -e " ${YELLOW}:/${NC} Warning: $*"
|
echo -e "😒${YELLOW} Warning: $* ${NC}"
|
||||||
else
|
else
|
||||||
echo " :/ Warning: $*"
|
echo ":/ Warning: $*"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -64,9 +64,9 @@ function log_error() {
|
|||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
NC='\033[0m'
|
NC='\033[0m'
|
||||||
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
if [[ $COLORTERM =~ ^(truecolor|24bit)$ ]]; then
|
||||||
echo -e " ${RED}:(${NC} Error: $*"
|
echo -e "🙁${RED} Error: $* ${NC}"
|
||||||
else
|
else
|
||||||
echo " :( Error: $*"
|
echo ":( Error: $*"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -235,21 +235,21 @@ else
|
|||||||
|
|
||||||
log_note "Creating test user 'test-username'..."
|
log_note "Creating test user 'test-username'..."
|
||||||
test_username="test-username"
|
test_username="test-username"
|
||||||
|
# TODO AUTO-GENERATE PASSWORD
|
||||||
test_password="test-password"
|
test_password="test-password"
|
||||||
test_groups="test-group-0,test-group-1"
|
test_groups="test-group-0,test-group-1"
|
||||||
kubectl create secret generic "$test_username" \
|
kubectl create secret generic "$test_username" \
|
||||||
--namespace test-webhook \
|
--namespace test-webhook \
|
||||||
--from-literal=groups="$test_groups" \
|
--from-literal=groups="$test_groups" \
|
||||||
--from-literal=passwordHash=$(htpasswd -nbBC 16 x "$test_password" | sed -e "s/^x://") \
|
--from-literal=passwordHash="$(htpasswd -nbBC 10 x "$test_password" | sed -e "s/^x://")" \
|
||||||
--dry-run=client \
|
--dry-run=client \
|
||||||
--output yaml \
|
--output yaml \
|
||||||
| kubectl apply -f -
|
| kubectl apply -f -
|
||||||
|
|
||||||
app_name="pinniped"
|
app_name="pinniped"
|
||||||
namespace="integration"
|
namespace="integration"
|
||||||
webhook_url="test-webhook.test-webhook.svc"
|
webhook_url="https://test-webhook.test-webhook.svc/authenticate"
|
||||||
webhook_ca_bundle="$(kubectl get secret api-serving-cert --namespace test-webhook \
|
webhook_ca_bundle="$(kubectl get secret api-serving-cert --namespace test-webhook -o 'jsonpath={.data.caCertificate}')"
|
||||||
-o jsonpath={.data.caCertificate})"
|
|
||||||
discovery_url="$(TERM=dumb kubectl cluster-info | awk '/Kubernetes master/ {print $NF}')"
|
discovery_url="$(TERM=dumb kubectl cluster-info | awk '/Kubernetes master/ {print $NF}')"
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -295,6 +295,8 @@ PINNIPED_CLUSTER_CAPABILITY_YAML_EOF
|
|||||||
export PINNIPED_CLUSTER_CAPABILITY_YAML
|
export PINNIPED_CLUSTER_CAPABILITY_YAML
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
goland_vars=$(grep -v '^#' /tmp/integration-test-env | grep -E '^export .+=' | sed 's/export //g' | tr '\n' ';')
|
||||||
|
|
||||||
log_note "Done!"
|
log_note "Done!"
|
||||||
log_note
|
log_note
|
||||||
log_note "Ready to run integration tests. For example, you could run all tests using the following commands..."
|
log_note "Ready to run integration tests. For example, you could run all tests using the following commands..."
|
||||||
@ -303,9 +305,7 @@ EOF
|
|||||||
log_note ' (cd test && go test -count 1 ./...)'
|
log_note ' (cd test && go test -count 1 ./...)'
|
||||||
log_note
|
log_note
|
||||||
log_note '"Environment" setting for GoLand run configurations:'
|
log_note '"Environment" setting for GoLand run configurations:'
|
||||||
log_note -n ' '
|
log_note " ${goland_vars}PINNIPED_CLUSTER_CAPABILITY_FILE=${kind_capabilities_file}"
|
||||||
goland_vars=$(grep -v '^#' /tmp/integration-test-env | grep -E '^export .+=' | sed 's/export //g' | tr '\n' ';')
|
|
||||||
log_note "${goland_vars}PINNIPED_CLUSTER_CAPABILITY_FILE=${kind_capabilities_file}"
|
|
||||||
log_note
|
log_note
|
||||||
log_note
|
log_note
|
||||||
log_note "You can run this script again to deploy local production code changes while you are working."
|
log_note "You can run this script again to deploy local production code changes while you are working."
|
||||||
|
Loading…
Reference in New Issue
Block a user