ContainerImage.Pinniped/test/integration/kube_api_discovery_test.go
Matt Moyer 0f25657a35
Rename WebhookIdentityProvider to WebhookAuthenticator.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00

146 lines
4.4 KiB
Go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package integration
import (
"testing"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"go.pinniped.dev/test/library"
)
func TestGetAPIResourceList(t *testing.T) {
library.SkipUnlessIntegration(t)
client := library.NewPinnipedClientset(t)
groups, resources, err := client.Discovery().ServerGroupsAndResources()
require.NoError(t, err)
tests := []struct {
group metav1.APIGroup
resourceByVersion map[string][]metav1.APIResource
}{
{
group: metav1.APIGroup{
Name: "login.concierge.pinniped.dev",
Versions: []metav1.GroupVersionForDiscovery{
{
GroupVersion: "login.concierge.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
PreferredVersion: metav1.GroupVersionForDiscovery{
GroupVersion: "login.concierge.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
resourceByVersion: map[string][]metav1.APIResource{
"login.concierge.pinniped.dev/v1alpha1": {
{
Name: "tokencredentialrequests",
Kind: "TokenCredentialRequest",
Verbs: []string{"create"},
Namespaced: true,
// This is currently an empty string in the response; maybe it should not be
// empty? Seems like no harm in keeping it like this for now, but feel free
// to update in the future if there is a compelling reason to do so.
SingularName: "",
},
},
},
},
{
group: metav1.APIGroup{
Name: "config.pinniped.dev",
Versions: []metav1.GroupVersionForDiscovery{
{
GroupVersion: "config.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
PreferredVersion: metav1.GroupVersionForDiscovery{
GroupVersion: "config.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
resourceByVersion: map[string][]metav1.APIResource{
"config.pinniped.dev/v1alpha1": {
{
Name: "credentialissuerconfigs",
SingularName: "credentialissuerconfig",
Namespaced: true,
Kind: "CredentialIssuerConfig",
Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
ShortNames: []string{"cic"},
},
{
Name: "oidcproviderconfigs",
SingularName: "oidcproviderconfig",
Namespaced: true,
Kind: "OIDCProviderConfig",
Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
ShortNames: []string{"opc"},
},
},
},
},
{
group: metav1.APIGroup{
Name: "authentication.concierge.pinniped.dev",
Versions: []metav1.GroupVersionForDiscovery{
{
GroupVersion: "authentication.concierge.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
PreferredVersion: metav1.GroupVersionForDiscovery{
GroupVersion: "authentication.concierge.pinniped.dev/v1alpha1",
Version: "v1alpha1",
},
},
resourceByVersion: map[string][]metav1.APIResource{
"authentication.concierge.pinniped.dev/v1alpha1": {
{
Name: "webhookauthenticators",
SingularName: "webhookauthenticator",
Namespaced: true,
Kind: "WebhookAuthenticator",
Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
Categories: []string{"all", "authenticator", "authenticators"},
},
},
},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.group.Name, func(t *testing.T) {
require.Contains(t, groups, &tt.group)
for groupVersion, expectedResources := range tt.resourceByVersion {
// Find the actual resource list and make a copy.
var actualResourceList *metav1.APIResourceList
for _, resource := range resources {
if resource.GroupVersion == groupVersion {
actualResourceList = resource.DeepCopy()
}
}
require.NotNilf(t, actualResourceList, "could not find groupVersion %s", groupVersion)
// Because its hard to predict the storage version hash (e.g. "t/+v41y+3e4="), we just don't
// worry about comparing that field.
for i := range actualResourceList.APIResources {
actualResourceList.APIResources[i].StorageVersionHash = ""
}
require.ElementsMatch(t, expectedResources, actualResourceList.APIResources, "unexpected API resources")
}
})
}
}