test/library: try another cert rest config

We are getting these weird flakes in CI where the kube client that we create with these helper functions doesn't work against the kube API. The kube API tells us that we are unauthorized (401). Seems like something is wrong with the keypair itself, but when I create a one-off kubeconfig with the keypair, I get 200s from the API. Hmmm...I wonder what CI will think of this change? I also tried to align some naming in this package. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-24 11:01:37 -04:00 · 2020-08-24 11:01:37 -04:00 · ba2e2f509a
parent d4b184a7d5
commit ba2e2f509a
1 changed files with 35 additions and 8 deletions
--- a/test/library/client.go
+++ b/test/library/client.go
@ -35,7 +35,7 @@ func NewClientset(t *testing.T) kubernetes.Interface {
 func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface {
 	t.Helper()

-	return newClientsetWithConfig(t, newAnonymousClientRestConfigWithCertAndKeyAdded(t, clientCertificateData, clientKeyData))
+	return newClientsetWithConfig(t, newClientConfigWithCertAndKey(t, clientCertificateData, clientKeyData))
 }

 func NewPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
@ -47,7 +47,7 @@ func NewPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
 func NewAnonymousPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
 	t.Helper()

-	return pinnipedclientset.NewForConfigOrDie(newAnonymousClientRestConfig(t))
+	return pinnipedclientset.NewForConfigOrDie(newAnonymousClientConfig(t))
 }

 func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface {
@ -78,7 +78,7 @@ func newClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interf
 // Ensures that we are not accidentally picking up any authentication info from the kube config file.
 // E.g. If your kube config were pointing at an Azure cluster, it would have both certs and a token,
 // and we don't want our tests to accidentally pick up that token.
-func newAnonymousClientRestConfig(t *testing.T) *rest.Config {
+func newAnonymousClientConfig(t *testing.T) *rest.Config {
 	t.Helper()

 	realConfig := NewClientConfig(t)
@ -110,11 +110,38 @@ func newAnonymousClientRestConfig(t *testing.T) *rest.Config {
 }

 // Starting with an anonymous client config, add a cert and key to use for authentication in the API server.
-func newAnonymousClientRestConfigWithCertAndKeyAdded(t *testing.T, clientCertificateData, clientKeyData string) *rest.Config {
+func newClientConfigWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) *rest.Config {
 	t.Helper()

-	config := newAnonymousClientRestConfig(t)
-	config.CertData = []byte(clientCertificateData)
-	config.KeyData = []byte(clientKeyData)
-	return config
+	realConfig := NewClientConfig(t)
+
+	out, err := ioutil.TempFile("", "pinniped-cert-and-key-kubeconfig-test-*")
+	require.NoError(t, err)
+	defer os.Remove(out.Name())
+
+	certAndKeyConfig := clientcmdapi.NewConfig()
+	certAndKeyConfig.Clusters["cert-and-key-cluster"] = &clientcmdapi.Cluster{
+		Server:                   realConfig.Host,
+		CertificateAuthorityData: realConfig.CAData,
+	}
+	certAndKeyConfig.AuthInfos["cert-and-key-auth-info"] = &clientcmdapi.AuthInfo{
+		ClientCertificateData: []byte(clientCertificateData),
+		ClientKeyData:         []byte(clientKeyData),
+	}
+	certAndKeyConfig.Contexts["cert-and-key"] = &clientcmdapi.Context{
+		Cluster:  "cert-and-key-cluster",
+		AuthInfo: "cert-and-key-auth-info",
+	}
+	certAndKeyConfig.CurrentContext = "cert-and-key"
+
+	data, err := clientcmd.Write(*certAndKeyConfig)
+	require.NoError(t, err)
+
+	_, err = out.Write(data)
+	require.NoError(t, err)
+
+	restConfig, err := clientcmd.BuildConfigFromFlags("", out.Name())
+	require.NoError(t, err)
+
+	return restConfig
 }