diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index 1017eb5b..243bc30f 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -295,6 +295,14 @@ func discoverConciergeParams(credentialIssuer *configv1alpha1.CredentialIssuer, // Autodiscover the --concierge-mode. frontend, err := getConciergeFrontend(credentialIssuer, flags.concierge.mode) if err != nil { + for _, strategy := range credentialIssuer.Status.Strategies { + log.Info("found CredentialIssuer strategy", + "type", strategy.Type, + "status", strategy.Status, + "reason", strategy.Reason, + "message", strategy.Message, + ) + } return err } diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go index 3e84ca44..0c828038 100644 --- a/cmd/pinniped/cmd/kubeconfig_test.go +++ b/cmd/pinniped/cmd/kubeconfig_test.go @@ -324,16 +324,27 @@ func TestGetKubeconfig(t *testing.T) { `), }, { - name: "autodetect webhook authenticator, bad credential issuer with no status", + name: "autodetect webhook authenticator, bad credential issuer with only failing strategy", args: []string{ "--kubeconfig", "./testdata/kubeconfig.yaml", }, conciergeObjects: []runtime.Object{ - &configv1alpha1.CredentialIssuer{ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"}}, + &configv1alpha1.CredentialIssuer{ + ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"}, + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{{ + Type: "SomeType", + Status: configv1alpha1.ErrorStrategyStatus, + Reason: "SomeReason", + Message: "Some message", + }}, + }, + }, &conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}}, }, wantLogs: []string{ `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `"level"=0 "msg"="found CredentialIssuer strategy" "message"="Some message" "reason"="SomeReason" "status"="Error" "type"="SomeType"`, }, wantError: true, wantStderr: here.Doc(`