djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid using global logger in login.go

Browse Source
This commit is contained in:
Margo Crawford 2021-04-28 09:34:42 -07:00
parent 5f3eab2538
commit 90b2854032
4 changed files with 71 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/pinniped/cmd/login_oidc.go
View File

@ -134,6 +134,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
// Initialize the login handler. // Initialize the login handler.
opts := []oidcclient.Option{ opts := []oidcclient.Option{
oidcclient.WithContext(cmd.Context()), oidcclient.WithContext(cmd.Context()),
oidcclient.WithLogger(*pLogger),
oidcclient.WithScopes(flags.scopes), oidcclient.WithScopes(flags.scopes),
oidcclient.WithSessionCache(sessionCache), oidcclient.WithSessionCache(sessionCache),
} }

8
cmd/pinniped/cmd/login_oidc_test.go
View File

@ -145,7 +145,7 @@ func TestLoginOIDCCommand(t *testing.T) {
"--issuer", "test-issuer", "--issuer", "test-issuer",
}, },
loginErr: fmt.Errorf("some login error"), loginErr: fmt.Errorf("some login error"),
wantOptionsCount: 3, wantOptionsCount: 4,
wantError: true, wantError: true,
wantStderr: here.Doc(` wantStderr: here.Doc(`
Error: could not complete Pinniped login: some login error Error: could not complete Pinniped login: some login error
@ -162,7 +162,7 @@ func TestLoginOIDCCommand(t *testing.T) {
"--concierge-endpoint", "https://127.0.0.1:1234/", "--concierge-endpoint", "https://127.0.0.1:1234/",
}, },
conciergeErr: fmt.Errorf("some concierge error"), conciergeErr: fmt.Errorf("some concierge error"),
wantOptionsCount: 3, wantOptionsCount: 4,
wantError: true, wantError: true,
wantStderr: here.Doc(` wantStderr: here.Doc(`
Error: could not complete Concierge credential exchange: some concierge error Error: could not complete Concierge credential exchange: some concierge error
@ -175,7 +175,7 @@ func TestLoginOIDCCommand(t *testing.T) {
"--issuer", "test-issuer", "--issuer", "test-issuer",
}, },
env: map[string]string{"PINNIPED_DEBUG": "true"}, env: map[string]string{"PINNIPED_DEBUG": "true"},
wantOptionsCount: 3, wantOptionsCount: 4,
wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"expirationTimestamp":"3020-10-12T13:14:15Z","token":"test-id-token"}}` + "\n", wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"expirationTimestamp":"3020-10-12T13:14:15Z","token":"test-id-token"}}` + "\n",
wantLogs: []string{ wantLogs: []string{
"\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"", "\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"",
@ -203,7 +203,7 @@ func TestLoginOIDCCommand(t *testing.T) {
"--credential-cache", testutil.TempDir(t) + "/credentials.yaml", "--credential-cache", testutil.TempDir(t) + "/credentials.yaml",
}, },
env: map[string]string{"PINNIPED_DEBUG": "true"}, env: map[string]string{"PINNIPED_DEBUG": "true"},
wantOptionsCount: 7, wantOptionsCount: 8,
wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"token":"exchanged-token"}}` + "\n", wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"token":"exchanged-token"}}` + "\n",
wantLogs: []string{ wantLogs: []string{
"\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"", "\"level\"=0 \"msg\"=\"Pinniped login: Performing OIDC login\" \"client id\"=\"test-client-id\" \"issuer\"=\"test-issuer\"",

18
pkg/oidcclient/login.go
View File

@ -50,6 +50,7 @@ const (
type handlerState struct { type handlerState struct {
// Basic parameters. // Basic parameters.
ctx context.Context ctx context.Context
logger plog.PLogger
issuer string issuer string
clientID string clientID string
scopes []string scopes []string
@ -98,6 +99,15 @@ func WithContext(ctx context.Context) Option {
} }
} }
// WithLogger specifies a PLogger to use with the login.
// If not specified this will default to a new logger.
func WithLogger(logger plog.PLogger) Option {
return func(h *handlerState) error {
h.logger = logger
return nil
}
}
// WithListenPort specifies a TCP listen port on localhost, which will be used for the redirect_uri and to handle the // WithListenPort specifies a TCP listen port on localhost, which will be used for the redirect_uri and to handle the
// authorization code callback. By default, a random high port will be chosen which requires the authorization server // authorization code callback. By default, a random high port will be chosen which requires the authorization server
// to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252: // to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252:
@ -261,7 +271,7 @@ func (h *handlerState) baseLogin() (*oidctypes.Token, error) {
// If the ID token is still valid for a bit, return it immediately and skip the rest of the flow. // If the ID token is still valid for a bit, return it immediately and skip the rest of the flow.
cached := h.cache.GetToken(cacheKey) cached := h.cache.GetToken(cacheKey)
if cached != nil && cached.IDToken != nil && time.Until(cached.IDToken.Expiry.Time) > minIDTokenValidity { if cached != nil && cached.IDToken != nil && time.Until(cached.IDToken.Expiry.Time) > minIDTokenValidity {
plog.Debug("Pinniped: Found unexpired cached token") h.logger.Debug("Found unexpired cached token.")
return cached, nil return cached, nil
} }
@ -329,7 +339,7 @@ func (h *handlerState) initOIDCDiscovery() error {
return nil return nil
} }
plog.Debug("Pinniped: Performing OIDC discovery", "issuer", h.issuer) h.logger.Debug("Performing OIDC discovery", "issuer", h.issuer)
var err error var err error
h.provider, err = oidc.NewProvider(h.ctx, h.issuer) h.provider, err = oidc.NewProvider(h.ctx, h.issuer)
if err != nil { if err != nil {
@ -346,7 +356,7 @@ func (h *handlerState) initOIDCDiscovery() error {
} }
func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidctypes.Token, error) { func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidctypes.Token, error) {
plog.Debug("Pinniped: Performing RFC8693 token exchange", "requested audience", h.requestedAudience) h.logger.Debug("Performing RFC8693 token exchange", "requestedAudience", h.requestedAudience)
// Perform OIDC discovery. This may have already been performed if there was not a cached base token. // Perform OIDC discovery. This may have already been performed if there was not a cached base token.
if err := h.initOIDCDiscovery(); err != nil { if err := h.initOIDCDiscovery(); err != nil {
return nil, err return nil, err
@ -417,7 +427,7 @@ func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidcty
} }
func (h *handlerState) handleRefresh(ctx context.Context, refreshToken *oidctypes.RefreshToken) (*oidctypes.Token, error) { func (h *handlerState) handleRefresh(ctx context.Context, refreshToken *oidctypes.RefreshToken) (*oidctypes.Token, error) {
plog.Debug("refreshing cached token") h.logger.Debug("Refreshing cached token.")
refreshSource := h.oauth2Config.TokenSource(ctx, &oauth2.Token{RefreshToken: refreshToken.Token}) refreshSource := h.oauth2Config.TokenSource(ctx, &oauth2.Token{RefreshToken: refreshToken.Token})
refreshed, err := refreshSource.Token() refreshed, err := refreshSource.Token()

102
pkg/oidcclient/login_test.go
View File

@ -273,7 +273,7 @@ func TestLogin(t *testing.T) {
return WithSessionCache(cache)(h) return WithSessionCache(cache)(h)
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"test-issuer\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"test-issuer\""},
wantErr: `could not perform OIDC discovery for "test-issuer": Get "test-issuer/.well-known/openid-configuration": unsupported protocol scheme ""`, wantErr: `could not perform OIDC discovery for "test-issuer": Get "test-issuer/.well-known/openid-configuration": unsupported protocol scheme ""`,
}, },
{ {
@ -295,7 +295,7 @@ func TestLogin(t *testing.T) {
return WithSessionCache(cache)(h) return WithSessionCache(cache)(h)
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\""},
wantToken: &testToken, wantToken: &testToken,
}, },
{ {
@ -304,7 +304,7 @@ func TestLogin(t *testing.T) {
return func(h *handlerState) error { return nil } return func(h *handlerState) error { return nil }
}, },
issuer: errorServer.URL, issuer: errorServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""},
wantErr: fmt.Sprintf("could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL), wantErr: fmt.Sprintf("could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL),
}, },
{ {
@ -344,8 +344,8 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"",
"\"level\"=0 \"msg\"=\"refreshing cached token\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""},
wantToken: &testToken, wantToken: &testToken,
}, },
{ {
@ -378,8 +378,8 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"",
"\"level\"=0 \"msg\"=\"refreshing cached token\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""},
wantErr: "some validation error", wantErr: "some validation error",
}, },
{ {
@ -406,8 +406,8 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"",
"\"level\"=0 \"msg\"=\"refreshing cached token\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\""},
// Expect this to fall through to the authorization code flow, so it fails here. // Expect this to fall through to the authorization code flow, so it fails here.
wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address", wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address",
}, },
@ -420,7 +420,7 @@ func TestLogin(t *testing.T) {
} }
}, },
issuer: successServer.URL, issuer: successServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address", wantErr: "could not open callback listener: listen tcp: address invalid-listen-address: missing port in address",
}, },
{ {
@ -431,7 +431,7 @@ func TestLogin(t *testing.T) {
}) })
}, },
issuer: successServer.URL, issuer: successServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: "could not open browser: some browser open error", wantErr: "could not open browser: some browser open error",
}, },
{ {
@ -449,7 +449,7 @@ func TestLogin(t *testing.T) {
} }
}, },
issuer: successServer.URL, issuer: successServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: "timed out waiting for token callback: context canceled", wantErr: "timed out waiting for token callback: context canceled",
}, },
{ {
@ -466,7 +466,7 @@ func TestLogin(t *testing.T) {
} }
}, },
issuer: successServer.URL, issuer: successServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: "error handling callback: some callback error", wantErr: "error handling callback: some callback error",
}, },
{ {
@ -527,7 +527,7 @@ func TestLogin(t *testing.T) {
} }
}, },
issuer: successServer.URL, issuer: successServer.URL,
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantToken: &testToken, wantToken: &testToken,
}, },
{ {
@ -551,9 +551,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"cluster-1234\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"cluster-1234\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + errorServer.URL + "\""},
wantErr: fmt.Sprintf("failed to exchange token: could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL), wantErr: fmt.Sprintf("failed to exchange token: could not perform OIDC discovery for %q: 500 Internal Server Error: some discovery error\n", errorServer.URL),
}, },
{ {
@ -577,9 +577,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"cluster-1234\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"cluster-1234\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + brokenTokenURLServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + brokenTokenURLServer.URL + "\""},
wantErr: `failed to exchange token: could not build RFC8693 request: parse "%": invalid URL escape "%"`, wantErr: `failed to exchange token: could not build RFC8693 request: parse "%": invalid URL escape "%"`,
}, },
{ {
@ -603,9 +603,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-http-response\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-http-response\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: fmt.Sprintf(`failed to exchange token: Post "%s/token": failed to parse Location header "%%": parse "%%": invalid URL escape "%%"`, successServer.URL), wantErr: fmt.Sprintf(`failed to exchange token: Post "%s/token": failed to parse Location header "%%": parse "%%": invalid URL escape "%%"`, successServer.URL),
}, },
{ {
@ -629,9 +629,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-http-400\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-http-400\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: unexpected HTTP response status 400`, wantErr: `failed to exchange token: unexpected HTTP response status 400`,
}, },
{ {
@ -655,9 +655,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-content-type\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-content-type\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: failed to decode content-type header: mime: invalid media parameter`, wantErr: `failed to exchange token: failed to decode content-type header: mime: invalid media parameter`,
}, },
{ {
@ -681,9 +681,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-wrong-content-type\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-wrong-content-type\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: unexpected HTTP response content type "invalid"`, wantErr: `failed to exchange token: unexpected HTTP response content type "invalid"`,
}, },
{ {
@ -707,9 +707,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-json\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-json\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: failed to decode response: unexpected EOF`, wantErr: `failed to exchange token: failed to decode response: unexpected EOF`,
}, },
{ {
@ -733,9 +733,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-tokentype\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-tokentype\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: got unexpected token_type "invalid"`, wantErr: `failed to exchange token: got unexpected token_type "invalid"`,
}, },
{ {
@ -759,9 +759,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-issuedtokentype\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-issuedtokentype\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: got unexpected issued_token_type "invalid"`, wantErr: `failed to exchange token: got unexpected issued_token_type "invalid"`,
}, },
{ {
@ -785,9 +785,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience-produce-invalid-jwt\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience-produce-invalid-jwt\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantErr: `failed to exchange token: received invalid JWT: oidc: malformed jwt: square/go-jose: compact JWS format must have three parts`, wantErr: `failed to exchange token: received invalid JWT: oidc: malformed jwt: square/go-jose: compact JWS format must have three parts`,
}, },
{ {
@ -817,9 +817,9 @@ func TestLogin(t *testing.T) {
return nil return nil
} }
}, },
wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped: Found unexpired cached token\"", wantLogs: []string{"\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Found unexpired cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""}, "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\""},
wantToken: &testExchangedToken, wantToken: &testExchangedToken,
}, },
{ {
@ -868,9 +868,9 @@ func TestLogin(t *testing.T) {
} }
}, },
wantLogs: []string{ wantLogs: []string{
"\"level\"=0 \"msg\"=\"Pinniped: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing OIDC discovery\" \"issuer\"=\"" + successServer.URL + "\"",
"\"level\"=0 \"msg\"=\"refreshing cached token\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Refreshing cached token.\"",
"\"level\"=0 \"msg\"=\"Pinniped: Performing RFC8693 token exchange\" \"requested audience\"=\"test-audience\"", "\"level\"=0 \"msg\"=\"Pinniped Test Prefix: Performing RFC8693 token exchange\" \"requestedAudience\"=\"test-audience\"",
}, },
wantToken: &testExchangedToken, wantToken: &testExchangedToken,
}, },
@ -881,6 +881,7 @@ func TestLogin(t *testing.T) {
err := plog.ValidateAndSetLogLevelGlobally(plog.LevelDebug) err := plog.ValidateAndSetLogLevelGlobally(plog.LevelDebug)
require.NoError(t, err) require.NoError(t, err)
testLogger := testlogger.New(t) testLogger := testlogger.New(t)
pLogger := plog.New("Pinniped Test Prefix: ")
klog.SetLogger(testLogger) klog.SetLogger(testLogger)
tok, err := Login(tt.issuer, tt.clientID, tok, err := Login(tt.issuer, tt.clientID,
@ -888,6 +889,7 @@ func TestLogin(t *testing.T) {
WithListenPort(0), WithListenPort(0),
WithScopes([]string{"test-scope"}), WithScopes([]string{"test-scope"}),
tt.opt(t), tt.opt(t),
WithLogger(pLogger),
) )
require.Equal(t, tt.wantLogs, testLogger.Lines()) require.Equal(t, tt.wantLogs, testLogger.Lines())
if tt.wantErr != "" { if tt.wantErr != "" {