test/library: try another cert rest config

We are getting these weird flakes in CI where the kube client that we
create with these helper functions doesn't work against the kube API.
The kube API tells us that we are unauthorized (401). Seems like something
is wrong with the keypair itself, but when I create a one-off kubeconfig
with the keypair, I get 200s from the API. Hmmm...I wonder what CI will
think of this change?

I also tried to align some naming in this package.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-08-24 11:01:37 -04:00
parent d4b184a7d5
commit ba2e2f509a
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413

View File

@ -35,7 +35,7 @@ func NewClientset(t *testing.T) kubernetes.Interface {
func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface { func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface {
t.Helper() t.Helper()
return newClientsetWithConfig(t, newAnonymousClientRestConfigWithCertAndKeyAdded(t, clientCertificateData, clientKeyData)) return newClientsetWithConfig(t, newClientConfigWithCertAndKey(t, clientCertificateData, clientKeyData))
} }
func NewPinnipedClientset(t *testing.T) pinnipedclientset.Interface { func NewPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
@ -47,7 +47,7 @@ func NewPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
func NewAnonymousPinnipedClientset(t *testing.T) pinnipedclientset.Interface { func NewAnonymousPinnipedClientset(t *testing.T) pinnipedclientset.Interface {
t.Helper() t.Helper()
return pinnipedclientset.NewForConfigOrDie(newAnonymousClientRestConfig(t)) return pinnipedclientset.NewForConfigOrDie(newAnonymousClientConfig(t))
} }
func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface { func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface {
@ -78,7 +78,7 @@ func newClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interf
// Ensures that we are not accidentally picking up any authentication info from the kube config file. // Ensures that we are not accidentally picking up any authentication info from the kube config file.
// E.g. If your kube config were pointing at an Azure cluster, it would have both certs and a token, // E.g. If your kube config were pointing at an Azure cluster, it would have both certs and a token,
// and we don't want our tests to accidentally pick up that token. // and we don't want our tests to accidentally pick up that token.
func newAnonymousClientRestConfig(t *testing.T) *rest.Config { func newAnonymousClientConfig(t *testing.T) *rest.Config {
t.Helper() t.Helper()
realConfig := NewClientConfig(t) realConfig := NewClientConfig(t)
@ -110,11 +110,38 @@ func newAnonymousClientRestConfig(t *testing.T) *rest.Config {
} }
// Starting with an anonymous client config, add a cert and key to use for authentication in the API server. // Starting with an anonymous client config, add a cert and key to use for authentication in the API server.
func newAnonymousClientRestConfigWithCertAndKeyAdded(t *testing.T, clientCertificateData, clientKeyData string) *rest.Config { func newClientConfigWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) *rest.Config {
t.Helper() t.Helper()
config := newAnonymousClientRestConfig(t) realConfig := NewClientConfig(t)
config.CertData = []byte(clientCertificateData)
config.KeyData = []byte(clientKeyData) out, err := ioutil.TempFile("", "pinniped-cert-and-key-kubeconfig-test-*")
return config require.NoError(t, err)
defer os.Remove(out.Name())
certAndKeyConfig := clientcmdapi.NewConfig()
certAndKeyConfig.Clusters["cert-and-key-cluster"] = &clientcmdapi.Cluster{
Server: realConfig.Host,
CertificateAuthorityData: realConfig.CAData,
}
certAndKeyConfig.AuthInfos["cert-and-key-auth-info"] = &clientcmdapi.AuthInfo{
ClientCertificateData: []byte(clientCertificateData),
ClientKeyData: []byte(clientKeyData),
}
certAndKeyConfig.Contexts["cert-and-key"] = &clientcmdapi.Context{
Cluster: "cert-and-key-cluster",
AuthInfo: "cert-and-key-auth-info",
}
certAndKeyConfig.CurrentContext = "cert-and-key"
data, err := clientcmd.Write(*certAndKeyConfig)
require.NoError(t, err)
_, err = out.Write(data)
require.NoError(t, err)
restConfig, err := clientcmd.BuildConfigFromFlags("", out.Name())
require.NoError(t, err)
return restConfig
} }