From d6a0dfa4976d5b064e4c2dd8df635aa0421cbbd6 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Tue, 9 Mar 2021 12:39:44 -0600
Subject: [PATCH] Add some debug logging when "pinniped get kubeconfig" fails
 to find a successful strategy.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 cmd/pinniped/cmd/kubeconfig.go      |  8 ++++++++
 cmd/pinniped/cmd/kubeconfig_test.go | 15 +++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go
index 1017eb5b..243bc30f 100644
--- a/cmd/pinniped/cmd/kubeconfig.go
+++ b/cmd/pinniped/cmd/kubeconfig.go
@@ -295,6 +295,14 @@ func discoverConciergeParams(credentialIssuer *configv1alpha1.CredentialIssuer,
 	// Autodiscover the --concierge-mode.
 	frontend, err := getConciergeFrontend(credentialIssuer, flags.concierge.mode)
 	if err != nil {
+		for _, strategy := range credentialIssuer.Status.Strategies {
+			log.Info("found CredentialIssuer strategy",
+				"type", strategy.Type,
+				"status", strategy.Status,
+				"reason", strategy.Reason,
+				"message", strategy.Message,
+			)
+		}
 		return err
 	}
 
diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go
index 3e84ca44..0c828038 100644
--- a/cmd/pinniped/cmd/kubeconfig_test.go
+++ b/cmd/pinniped/cmd/kubeconfig_test.go
@@ -324,16 +324,27 @@ func TestGetKubeconfig(t *testing.T) {
 			`),
 		},
 		{
-			name: "autodetect webhook authenticator, bad credential issuer with no status",
+			name: "autodetect webhook authenticator, bad credential issuer with only failing strategy",
 			args: []string{
 				"--kubeconfig", "./testdata/kubeconfig.yaml",
 			},
 			conciergeObjects: []runtime.Object{
-				&configv1alpha1.CredentialIssuer{ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"}},
+				&configv1alpha1.CredentialIssuer{
+					ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"},
+					Status: configv1alpha1.CredentialIssuerStatus{
+						Strategies: []configv1alpha1.CredentialIssuerStrategy{{
+							Type:    "SomeType",
+							Status:  configv1alpha1.ErrorStrategyStatus,
+							Reason:  "SomeReason",
+							Message: "Some message",
+						}},
+					},
+				},
 				&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
 			},
 			wantLogs: []string{
 				`"level"=0 "msg"="discovered CredentialIssuer"  "name"="test-credential-issuer"`,
+				`"level"=0 "msg"="found CredentialIssuer strategy"  "message"="Some message" "reason"="SomeReason" "status"="Error" "type"="SomeType"`,
 			},
 			wantError: true,
 			wantStderr: here.Doc(`