djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace TestCLIGetKubeconfig with TestCLIGetKubeconfigStaticToken. 

It now tests both the deprecated `pinniped get-kubeconfig` and the new `pinniped get kubeconfig --static-token` flows.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-12-14 18:42:02 -06:00
parent fe4e2d620d
commit b6edc3dc08
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 67 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
test/integration/cli_test.go
View File

@ -32,7 +32,7 @@ import (
"go.pinniped.dev/test/library/browsertest" "go.pinniped.dev/test/library/browsertest"
) )
func TestCLIGetKubeconfig(t *testing.T) { func TestCLIGetKubeconfigStaticToken(t *testing.T) {
env := library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable) env := library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable)
// Create a test webhook configuration to use with the CLI. // Create a test webhook configuration to use with the CLI.
@ -44,26 +44,60 @@ func TestCLIGetKubeconfig(t *testing.T) {
// Build pinniped CLI. // Build pinniped CLI.
pinnipedExe := buildPinnipedCLI(t) pinnipedExe := buildPinnipedCLI(t)
// Run pinniped CLI to get kubeconfig. for _, tt := range []struct {
kubeConfigYAML := runPinnipedCLIGetKubeconfig(t, pinnipedExe, env.TestUser.Token, env.ConciergeNamespace, "webhook", authenticator.Name) name string
args []string
expectStderr string
}{
{
name: "deprecated command",
args: []string{
"get-kubeconfig",
"--token", env.TestUser.Token,
"--pinniped-namespace", env.ConciergeNamespace,
"--authenticator-type", "webhook",
"--authenticator-name", authenticator.Name,
},
expectStderr: "Command \"get-kubeconfig\" is deprecated, Please use `pinniped get kubeconfig` instead.\n",
},
{
name: "newer command, but still using static parameters",
args: []string{
"get", "kubeconfig",
"--static-token", env.TestUser.Token,
"--concierge-namespace", env.ConciergeNamespace,
"--concierge-authenticator-type", "webhook",
"--concierge-authenticator-name", authenticator.Name,
},
},
} {
tt := tt
t.Run(tt.name, func(t *testing.T) {
stdout, stderr := runPinnipedCLI(t, pinnipedExe, tt.args...)
require.Equal(t, tt.expectStderr, stderr)
// Even the deprecated command should now generate a kubeconfig with the new "pinniped login static" command.
restConfig := library.NewRestConfigFromKubeconfig(t, stdout)
require.NotNil(t, restConfig.ExecProvider)
require.Equal(t, []string{"login", "static"}, restConfig.ExecProvider.Args[:2])
// In addition to the client-go based testing below, also try the kubeconfig // In addition to the client-go based testing below, also try the kubeconfig
// with kubectl to validate that it works. // with kubectl to validate that it works.
adminClient := library.NewClientset(t) adminClient := library.NewClientset(t)
t.Run( t.Run(
"access as user with kubectl", "access as user with kubectl",
library.AccessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.ConciergeNamespace), library.AccessAsUserWithKubectlTest(ctx, adminClient, stdout, env.TestUser.ExpectedUsername, env.ConciergeNamespace),
) )
for _, group := range env.TestUser.ExpectedGroups { for _, group := range env.TestUser.ExpectedGroups {
group := group group := group
t.Run( t.Run(
"access as group "+group+" with kubectl", "access as group "+group+" with kubectl",
library.AccessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.ConciergeNamespace), library.AccessAsGroupWithKubectlTest(ctx, adminClient, stdout, group, env.ConciergeNamespace),
) )
} }
// Create Kubernetes client with kubeconfig from pinniped CLI. // Create Kubernetes client with kubeconfig from pinniped CLI.
kubeClient := library.NewClientsetForKubeConfig(t, kubeConfigYAML) kubeClient := library.NewClientsetForKubeConfig(t, stdout)
// Validate that we can auth to the API via our user. // Validate that we can auth to the API via our user.
t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient)) t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
@ -71,6 +105,8 @@ func TestCLIGetKubeconfig(t *testing.T) {
group := group group := group
t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient)) t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient))
} }
})
}
} }
func buildPinnipedCLI(t *testing.T) string { func buildPinnipedCLI(t *testing.T) string {
@ -92,25 +128,14 @@ func buildPinnipedCLI(t *testing.T) string {
return pinnipedExe return pinnipedExe
} }
func runPinnipedCLIGetKubeconfig(t *testing.T, pinnipedExe, token, namespaceName, authenticatorType, authenticatorName string) string { func runPinnipedCLI(t *testing.T, pinnipedExe string, args ...string) (string, string) {
t.Helper() t.Helper()
var stdout, stderr bytes.Buffer
output, err := exec.Command( cmd := exec.Command(pinnipedExe, args...)
pinnipedExe, cmd.Stdout = &stdout
"get-kubeconfig", cmd.Stderr = &stderr
"--token", token, require.NoErrorf(t, cmd.Run(), "stderr:\n%s\n\nstdout:\n%s\n\n", stderr.String(), stdout.String())
"--pinniped-namespace", namespaceName, return stdout.String(), stderr.String()
"--authenticator-type", authenticatorType,
"--authenticator-name", authenticatorName,
).Output()
// Log stderr if there is a problem.
var exitErr *exec.ExitError
if errors.As(err, &exitErr) {
t.Logf("stderr:\n%s\n", string(exitErr.Stderr))
}
require.NoError(t, err, string(output))
return string(output)
} }
func TestCLILoginOIDC(t *testing.T) { func TestCLILoginOIDC(t *testing.T) {