Replace TestCLIGetKubeconfig with TestCLIGetKubeconfigStaticToken.

It now tests both the deprecated `pinniped get-kubeconfig` and the new `pinniped get kubeconfig --static-token` flows. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-14 18:42:02 -06:00 · 2020-12-14 18:42:02 -06:00 · b6edc3dc08
commit b6edc3dc08
parent fe4e2d620d
1 changed files with 67 additions and 42 deletions
--- a/test/integration/cli_test.go
+++ b/test/integration/cli_test.go
@ -32,7 +32,7 @@ import (
 	"go.pinniped.dev/test/library/browsertest"
 )
-func TestCLIGetKubeconfig(t *testing.T) {
+func TestCLIGetKubeconfigStaticToken(t *testing.T) {
 	env := library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable)
 	// Create a test webhook configuration to use with the CLI.
@ -44,32 +44,68 @@ func TestCLIGetKubeconfig(t *testing.T) {
 	// Build pinniped CLI.
 	pinnipedExe := buildPinnipedCLI(t)
-	// Run pinniped CLI to get kubeconfig.
+	for _, tt := range []struct {
-	kubeConfigYAML := runPinnipedCLIGetKubeconfig(t, pinnipedExe, env.TestUser.Token, env.ConciergeNamespace, "webhook", authenticator.Name)
+		name         string
 		args         []string
 		expectStderr string
 	}{
 		{
 			name: "deprecated command",
 			args: []string{
 				"get-kubeconfig",
 				"--token", env.TestUser.Token,
 				"--pinniped-namespace", env.ConciergeNamespace,
 				"--authenticator-type", "webhook",
 				"--authenticator-name", authenticator.Name,
 			},
 			expectStderr: "Command \"get-kubeconfig\" is deprecated, Please use `pinniped get kubeconfig` instead.\n",
 		},
 		{
 			name: "newer command, but still using static parameters",
 			args: []string{
 				"get", "kubeconfig",
 				"--static-token", env.TestUser.Token,
 				"--concierge-namespace", env.ConciergeNamespace,
 				"--concierge-authenticator-type", "webhook",
 				"--concierge-authenticator-name", authenticator.Name,
 			},
 		},
 	} {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			stdout, stderr := runPinnipedCLI(t, pinnipedExe, tt.args...)
 			require.Equal(t, tt.expectStderr, stderr)
-	// In addition to the client-go based testing below, also try the kubeconfig
+			// Even the deprecated command should now generate a kubeconfig with the new "pinniped login static" command.
-	// with kubectl to validate that it works.
+			restConfig := library.NewRestConfigFromKubeconfig(t, stdout)
-	adminClient := library.NewClientset(t)
+			require.NotNil(t, restConfig.ExecProvider)
-	t.Run(
+			require.Equal(t, []string{"login", "static"}, restConfig.ExecProvider.Args[:2])
 		"access as user with kubectl",
 		library.AccessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.ConciergeNamespace),
 	)
 	for _, group := range env.TestUser.ExpectedGroups {
 		group := group
 		t.Run(
 			"access as group "+group+" with kubectl",
 			library.AccessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.ConciergeNamespace),
 		)
 	}
-	// Create Kubernetes client with kubeconfig from pinniped CLI.
+			// In addition to the client-go based testing below, also try the kubeconfig
-	kubeClient := library.NewClientsetForKubeConfig(t, kubeConfigYAML)
+			// with kubectl to validate that it works.
 			adminClient := library.NewClientset(t)
 			t.Run(
 				"access as user with kubectl",
 				library.AccessAsUserWithKubectlTest(ctx, adminClient, stdout, env.TestUser.ExpectedUsername, env.ConciergeNamespace),
 			)
 			for _, group := range env.TestUser.ExpectedGroups {
 				group := group
 				t.Run(
 					"access as group "+group+" with kubectl",
 					library.AccessAsGroupWithKubectlTest(ctx, adminClient, stdout, group, env.ConciergeNamespace),
 				)
 			}
-	// Validate that we can auth to the API via our user.
+			// Create Kubernetes client with kubeconfig from pinniped CLI.
-	t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
+			kubeClient := library.NewClientsetForKubeConfig(t, stdout)
-	for _, group := range env.TestUser.ExpectedGroups {
+
-		group := group
+			// Validate that we can auth to the API via our user.
-		t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient))
+			t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
 			for _, group := range env.TestUser.ExpectedGroups {
 				group := group
 				t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient))
 			}
 		})
 	}
 }
@ -92,25 +128,14 @@ func buildPinnipedCLI(t *testing.T) string {
 	return pinnipedExe
 }
-func runPinnipedCLIGetKubeconfig(t *testing.T, pinnipedExe, token, namespaceName, authenticatorType, authenticatorName string) string {
+func runPinnipedCLI(t *testing.T, pinnipedExe string, args ...string) (string, string) {
 	t.Helper()
-
+	var stdout, stderr bytes.Buffer
-	output, err := exec.Command(
+	cmd := exec.Command(pinnipedExe, args...)
-		pinnipedExe,
+	cmd.Stdout = &stdout
-		"get-kubeconfig",
+	cmd.Stderr = &stderr
-		"--token", token,
+	require.NoErrorf(t, cmd.Run(), "stderr:\n%s\n\nstdout:\n%s\n\n", stderr.String(), stdout.String())
-		"--pinniped-namespace", namespaceName,
+	return stdout.String(), stderr.String()
 		"--authenticator-type", authenticatorType,
 		"--authenticator-name", authenticatorName,
 	).Output()
 	// Log stderr if there is a problem.
 	var exitErr *exec.ExitError
 	if errors.As(err, &exitErr) {
 		t.Logf("stderr:\n%s\n", string(exitErr.Stderr))
 	}
 	require.NoError(t, err, string(output))
 	return string(output)
 }
 func TestCLILoginOIDC(t *testing.T) {