diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 27c6b22b..d52b71d8 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -134,6 +134,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin // Initialize the login handler. opts := []oidcclient.Option{ oidcclient.WithContext(cmd.Context()), + oidcclient.WithLogger(*pLogger), oidcclient.WithScopes(flags.scopes), oidcclient.WithSessionCache(sessionCache), } diff --git a/cmd/pinniped/cmd/login_oidc_test.go b/cmd/pinniped/cmd/login_oidc_test.go index 559d2c36..68dc18d7 100644 --- a/cmd/pinniped/cmd/login_oidc_test.go +++ b/cmd/pinniped/cmd/login_oidc_test.go @@ -145,7 +145,7 @@ func TestLoginOIDCCommand(t *testing.T) { "--issuer", "test-issuer", }, loginErr: fmt.Errorf("some login error"), - wantOptionsCount: 3, + wantOptionsCount: 4, wantError: true, wantStderr: here.Doc(` Error: could not complete Pinniped login: some login error @@ -162,7 +162,7 @@ func TestLoginOIDCCommand(t *testing.T) { "--concierge-endpoint", "https://127.0.0.1:1234/", }, conciergeErr: fmt.Errorf("some concierge error"), - wantOptionsCount: 3, + wantOptionsCount: 4, wantError: true, wantStderr: here.Doc(` Error: could not complete Concierge credential exchange: some concierge error @@ -175,7 +175,7 @@ func TestLoginOIDCCommand(t *testing.T) { "--issuer", "test-issuer", }, env: map[string]string{"PINNIPED_DEBUG": "true"}, - wantOptionsCount: 3, + wantOptionsCount: 4, wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"expirationTimestamp":"3020-10-12T13:14:15Z","token":"test-id-token"}}` + "\n", wantLogs: []string{ "\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"", @@ -203,7 +203,7 @@ func TestLoginOIDCCommand(t *testing.T) { "--credential-cache", testutil.TempDir(t) + "/credentials.yaml", }, env: map[string]string{"PINNIPED_DEBUG": "true"}, - wantOptionsCount: 7, + wantOptionsCount: 8, wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"token":"exchanged-token"}}` + "\n", wantLogs: []string{ "\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"", diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index 4d753944..d606dec7 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -50,6 +50,7 @@ const ( type handlerState struct { // Basic parameters. ctx context.Context + logger plog.PLogger issuer string clientID string scopes []string @@ -98,6 +99,15 @@ func WithContext(ctx context.Context) Option { } } +// WithLogger specifies a PLogger to use with the login. +// If not specified this will default to a new logger. +func WithLogger(logger plog.PLogger) Option { + return func(h *handlerState) error { + h.logger = logger + return nil + } +} + // WithListenPort specifies a TCP listen port on localhost, which will be used for the redirect_uri and to handle the // authorization code callback. By default, a random high port will be chosen which requires the authorization server // to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252: @@ -261,7 +271,7 @@ func (h *handlerState) baseLogin() (*oidctypes.Token, error) { // If the ID token is still valid for a bit, return it immediately and skip the rest of the flow. cached := h.cache.GetToken(cacheKey) if cached != nil && cached.IDToken != nil && time.Until(cached.IDToken.Expiry.Time) > minIDTokenValidity { - plog.Debug("Pinniped: Found unexpired cached token") + h.logger.Debug("Found unexpired cached token.") return cached, nil } @@ -329,7 +339,7 @@ func (h *handlerState) initOIDCDiscovery() error { return nil } - plog.Debug("Pinniped: Performing OIDC discovery", "issuer", h.issuer) + h.logger.Debug("Performing OIDC discovery", "issuer", h.issuer) var err error h.provider, err = oidc.NewProvider(h.ctx, h.issuer) if err != nil { @@ -346,7 +356,7 @@ func (h *handlerState) initOIDCDiscovery() error { } func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidctypes.Token, error) { - plog.Debug("Pinniped: Performing RFC8693 token exchange", "requested audience", h.requestedAudience) + h.logger.Debug("Performing RFC8693 token exchange", "requestedAudience", h.requestedAudience) // Perform OIDC discovery. This may have already been performed if there was not a cached base token. if err := h.initOIDCDiscovery(); err != nil { return nil, err @@ -417,7 +427,7 @@ func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidcty } func (h *handlerState) handleRefresh(ctx context.Context, refreshToken *oidctypes.RefreshToken) (*oidctypes.Token, error) { - plog.Debug("refreshing cached token") + h.logger.Debug("Refreshing cached token.") refreshSource := h.oauth2Config.TokenSource(ctx, &oauth2.Token{RefreshToken: refreshToken.Token}) refreshed, err := refreshSource.Token() diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go index f1f5f6cf..89d25e84 100644 --- a/pkg/oidcclient/login_test.go +++ b/pkg/oidcclient/login_test.go @@ -273,7 +273,7 @@ func TestLogin(t *testing.T) { return WithSessionCache(cache)(h) } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"test-issuer\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"test-issuer\""}, wantErr: `could not perform OIDC discovery for "test-issuer": Get "test-issuer/.well-known/openid-configuration": unsupported protocol scheme ""`, }, { @@ -295,7 +295,7 @@ func TestLogin(t *testing.T) { return WithSessionCache(cache)(h) } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\""}, wantToken: &testToken, }, { @@ -304,7 +304,7 @@ func TestLogin(t *testing.T) { return func(h *handlerState) error { return nil } }, issuer: errorServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, wantErr: fmt.Sprintf("could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL), }, { @@ -344,8 +344,8 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", - "\"level\"=0 \"msg\"=\"refreshing cached token\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""}, wantToken: &testToken, }, { @@ -378,8 +378,8 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", - "\"level\"=0 \"msg\"=\"refreshing cached token\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""}, wantErr: "some validation error", }, { @@ -406,8 +406,8 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", - "\"level\"=0 \"msg\"=\"refreshing cached token\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""}, // Expect this to fall through to the authorization code flow, so it fails here. wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address", }, @@ -420,7 +420,7 @@ func TestLogin(t *testing.T) { } }, issuer: successServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address", }, { @@ -431,7 +431,7 @@ func TestLogin(t *testing.T) { }) }, issuer: successServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: "could not open browser: some browser open error", }, { @@ -449,7 +449,7 @@ func TestLogin(t *testing.T) { } }, issuer: successServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: "timed out waiting for token callback: context canceled", }, { @@ -466,7 +466,7 @@ func TestLogin(t *testing.T) { } }, issuer: successServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: "error handling callback: some callback error", }, { @@ -527,7 +527,7 @@ func TestLogin(t *testing.T) { } }, issuer: successServer.URL, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantToken: &testToken, }, { @@ -551,9 +551,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"cluster-1234\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"cluster-1234\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, wantErr: fmt.Sprintf("failed to exchange token: could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL), }, { @@ -577,9 +577,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"cluster-1234\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + brokenTokenURLServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"cluster-1234\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + brokenTokenURLServer.URL + "\""}, wantErr: `failed to exchange token: could not build RFC8693 request: parse "%": invalid URL escape "%"`, }, { @@ -603,9 +603,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-http-response\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-http-response\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: fmt.Sprintf(`failed to exchange token: Post "%s/token": failed to parse Location header "%%": parse "%%": invalid URL escape "%%"`, successServer.URL), }, { @@ -629,9 +629,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-http-400\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-http-400\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: unexpected HTTP response status 400`, }, { @@ -655,9 +655,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-content-type\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-content-type\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: failed to decode content-type header: mime: invalid media parameter`, }, { @@ -681,9 +681,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-wrong-content-type\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-wrong-content-type\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: unexpected HTTP response content type "invalid"`, }, { @@ -707,9 +707,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-json\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-json\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: failed to decode response: unexpected EOF`, }, { @@ -733,9 +733,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-tokentype\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-tokentype\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: got unexpected token_type "invalid"`, }, { @@ -759,9 +759,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-issuedtokentype\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-issuedtokentype\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: got unexpected issued_token_type "invalid"`, }, { @@ -785,9 +785,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-jwt\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-jwt\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantErr: `failed to exchange token: received invalid JWT: oidc: malformed jwt: square/go-jose: compact JWS format must have three parts`, }, { @@ -817,9 +817,9 @@ func TestLogin(t *testing.T) { return nil } }, - wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, + wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantToken: &testExchangedToken, }, { @@ -868,9 +868,9 @@ func TestLogin(t *testing.T) { } }, wantLogs: []string{ - "\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", - "\"level\"=0 \"msg\"=\"refreshing cached token\"", - "\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\"", + "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience\"", }, wantToken: &testExchangedToken, }, @@ -881,6 +881,7 @@ func TestLogin(t *testing.T) { err := plog.ValidateAndSetLogLevelGlobally(plog.LevelDebug) require.NoError(t, err) testLogger := testlogger.New(t) + pLogger := plog.New("Pinniped Test Prefix: ") klog.SetLogger(testLogger) tok, err := Login(tt.issuer, tt.clientID, @@ -888,6 +889,7 @@ func TestLogin(t *testing.T) { WithListenPort(0), WithScopes([]string{"test-scope"}), tt.opt(t), + WithLogger(pLogger), ) require.Equal(t, tt.wantLogs, testLogger.Lines()) if tt.wantErr != "" {