Add some debug logging when "pinniped get kubeconfig" fails to find a successful strategy.

Signed-off-by: Matt Moyer <moyerm@vmware.com>

cmd/pinniped/cmd/kubeconfig.go

@@ -295,6 +295,14 @@ func discoverConciergeParams(credentialIssuer *configv1alpha1.CredentialIssuer,
 	// Autodiscover the --concierge-mode.
 	frontend, err := getConciergeFrontend(credentialIssuer, flags.concierge.mode)
 	if err != nil {
+		for _, strategy := range credentialIssuer.Status.Strategies {
+			log.Info("found CredentialIssuer strategy",
+				"type", strategy.Type,
+				"status", strategy.Status,
+				"reason", strategy.Reason,
+				"message", strategy.Message,
+			)
+		}
 		return err
 	}
 

cmd/pinniped/cmd/kubeconfig_test.go

@@ -324,16 +324,27 @@ func TestGetKubeconfig(t *testing.T) {
 			`),
 		},
 		{
-			name: "autodetect webhook authenticator, bad credential issuer with no status",
+			name: "autodetect webhook authenticator, bad credential issuer with only failing strategy",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
 			},
 			conciergeObjects: []runtime.Object{
-				&configv1alpha1.CredentialIssuer{ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"}},
+				&configv1alpha1.CredentialIssuer{
+					ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"},
+					Status: configv1alpha1.CredentialIssuerStatus{
+						Strategies: []configv1alpha1.CredentialIssuerStrategy{{
+							Type:    "SomeType",
+							Status:  configv1alpha1.ErrorStrategyStatus,
+							Reason:  "SomeReason",
+							Message: "Some message",
+						}},
+					},
+				},
 				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantLogs: []string{
 				`"level"=0 "msg"="discovered CredentialIssuer"  "name"="test-credential-issuer"`,
+				`"level"=0 "msg"="found CredentialIssuer strategy"  "message"="Some message" "reason"="SomeReason" "status"="Error" "type"="SomeType"`,
 			},
 			wantError: true,
 			wantStderr: here.Doc(`