Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessAsGroupTest

func AccessAsGroupTest(
	ctx context.Context,
	testGroup string,
	clientUnderTest kubernetes.Interface,
) func(t *testing.T)

    AccessAsGroupTest runs a generic test in which a clientUnderTest with membership in group testGroup tries to auth to the kube API (i.e., list namespaces).

    Use this function if you want to simply validate that a user can auth to the kube API (via a group membership) after performing a Pinniped credential exchange.

    func AccessAsGroupWithKubectlTest

    func AccessAsGroupWithKubectlTest(
    	testKubeConfigYAML string,
    	testGroup string,
    	expectedNamespace string,
    ) func(t *testing.T)

    func AccessAsUserTest

    func AccessAsUserTest(
    	ctx context.Context,
    	testUsername string,
    	clientUnderTest kubernetes.Interface,
    ) func(t *testing.T)

      AccessAsUserTest runs a generic test in which a clientUnderTest operating with username testUsername tries to auth to the kube API (i.e., list namespaces).

      Use this function if you want to simply validate that a user can auth to the kube API after performing a Pinniped credential exchange.

      func AccessAsUserWithKubectlTest

      func AccessAsUserWithKubectlTest(
      	testKubeConfigYAML string,
      	testUsername string,
      	expectedNamespace string,
      ) func(t *testing.T)

      func AssertNoRestartsDuringTest

      func AssertNoRestartsDuringTest(t *testing.T, namespace, labelSelector string)

        NewRestartAssertion allows a caller to assert that there were no restarts for a Pod in the provided namespace with the provided labelSelector during the lifetime of a test.

        func CreateClientCredsSecret

        func CreateClientCredsSecret(t *testing.T, clientID string, clientSecret string) *corev1.Secret

        func CreateTestClusterRoleBinding

        func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding

        func CreateTestFederationDomain

        func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.FederationDomainStatusCondition) *configv1alpha1.FederationDomain

          CreateTestFederationDomain creates and returns a test FederationDomain in $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It generates a random, valid, issuer for the FederationDomain.

          If the provided issuer is not the empty string, then it will be used for the FederationDomain.Spec.Issuer field. Else, a random issuer will be generated.

          func CreateTestJWTAuthenticator

          func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alpha1.JWTAuthenticatorSpec) corev1.TypedLocalObjectReference

            CreateTestJWTAuthenticator creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.

            func CreateTestJWTAuthenticatorForCLIUpstream

            func CreateTestJWTAuthenticatorForCLIUpstream(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference

              CreateTestJWTAuthenticatorForCLIUpstream creates and returns a test JWTAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test JWT authenticator within the test namespace.

              CreateTestJWTAuthenticatorForCLIUpstream gets the OIDC issuer info from IntegrationEnv().CLITestUpstream.

              func CreateTestSecret

              func CreateTestSecret(t *testing.T, namespace string, baseName string, secretType corev1.SecretType, stringData map[string]string) *corev1.Secret

              func CreateTestWebhookAuthenticator

              func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.TypedLocalObjectReference

                CreateTestWebhookAuthenticator creates and returns a test WebhookAuthenticator in $PINNIPED_TEST_CONCIERGE_NAMESPACE, which will be automatically deleted at the end of the current test's lifetime. It returns a corev1.TypedLocalObjectReference which describes the test webhook authenticator within the test namespace.

                func DumpLogs

                func DumpLogs(t *testing.T, namespace string, labelSelector string)

                  DumpLogs is meant to be called in a `defer` to dump the logs of components in the cluster on a test failure.

                  func LookupIP

                  func LookupIP(ctx context.Context, hostname string) ([]net.IP, error)

                    LookupIP looks up the IP address of the provided hostname, preferring IPv4.

                    func MaskTokens

                    func MaskTokens(in string) string

                      MaskTokens makes a best-effort attempt to mask out things that look like secret tokens in test output. The goal is more to have readable test output than for any security reason.

                      func NewAggregatedClientset

                      func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface

                      func NewAnonymousConciergeClientset

                      func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface

                      func NewClientConfig

                      func NewClientConfig(t *testing.T) *rest.Config

                      func NewClientsetForKubeConfig

                      func NewClientsetForKubeConfig(t *testing.T, kubeConfig string) kubernetes.Interface

                      func NewClientsetWithCertAndKey

                      func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyData string) kubernetes.Interface

                      func NewConciergeClientset

                      func NewConciergeClientset(t *testing.T) conciergeclientset.Interface

                      func NewKubernetesClientset

                      func NewKubernetesClientset(t *testing.T) kubernetes.Interface

                      func NewLoggerReader

                      func NewLoggerReader(t *testing.T, name string, reader io.Reader) io.Reader

                        NewLoggerReader wraps an io.Reader to log its input and output. It also performs some heuristic token masking.

                        func NewRestConfigFromKubeconfig

                        func NewRestConfigFromKubeconfig(t *testing.T, kubeConfig string) *rest.Config

                        func NewSupervisorClientset

                        func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface

                        func PinnipedCLIPath

                        func PinnipedCLIPath(t *testing.T) string

                          PinnipedCLIPath returns the path to the Pinniped CLI binary, built on demand and cached between tests.

                          func RandHex

                          func RandHex(t *testing.T, numBytes int) string

                          func RequireEventuallyWithoutError

                          func RequireEventuallyWithoutError(
                          	t *testing.T,
                          	f func() (bool, error),
                          	waitFor time.Duration,
                          	tick time.Duration,
                          	msgAndArgs ...interface{},
                          )

                            RequireEventuallyWithoutError is a wrapper around require.Eventually() that allows the caller to return an error from the condition function. If the condition function returns an error at any point, the assertion will immediately fail.

                            func Sdump

                            func Sdump(a ...interface{}) string

                            func SkipUnlessIntegration

                            func SkipUnlessIntegration(t *testing.T)

                              SkipUnlessIntegration skips the current test if `-short` has been passed to `go test`.

                              Types

                              type Capability

                              type Capability string
                              const (
                              	ClusterSigningKeyIsAvailable Capability = "clusterSigningKeyIsAvailable"
                              )

                              type TestEnv

                              type TestEnv struct {
                              	ConciergeNamespace             string                               `json:"conciergeNamespace"`
                              	SupervisorNamespace            string                               `json:"supervisorNamespace"`
                              	ConciergeAppName               string                               `json:"conciergeAppName"`
                              	SupervisorAppName              string                               `json:"supervisorAppName"`
                              	SupervisorCustomLabels         map[string]string                    `json:"supervisorCustomLabels"`
                              	ConciergeCustomLabels          map[string]string                    `json:"conciergeCustomLabels"`
                              	Capabilities                   map[Capability]bool                  `json:"capabilities"`
                              	TestWebhook                    auth1alpha1.WebhookAuthenticatorSpec `json:"testWebhook"`
                              	SupervisorHTTPAddress          string                               `json:"supervisorHttpAddress"`
                              	SupervisorHTTPSAddress         string                               `json:"supervisorHttpsAddress"`
                              	SupervisorHTTPSIngressAddress  string                               `json:"supervisorHttpsIngressAddress"`
                              	SupervisorHTTPSIngressCABundle string                               `json:"supervisorHttpsIngressCABundle"`
                              	Proxy                          string                               `json:"proxy"`
                              	APIGroupSuffix                 string                               `json:"apiGroupSuffix"`
                              
                              	TestUser struct {
                              		Token            string   `json:"token"`
                              		ExpectedUsername string   `json:"expectedUsername"`
                              		ExpectedGroups   []string `json:"expectedGroups"`
                              	} `json:"testUser"`
                              
                              	CLITestUpstream        TestOIDCUpstream `json:"cliOIDCUpstream"`
                              	SupervisorTestUpstream TestOIDCUpstream `json:"supervisorOIDCUpstream"`
                              	// contains filtered or unexported fields
                              }

                                TestEnv captures all the external parameters consumed by our integration tests.

                                func IntegrationEnv

                                func IntegrationEnv(t *testing.T) *TestEnv

                                  IntegrationEnv gets the integration test environment from OS environment variables. This method also implies SkipUnlessIntegration().

                                  func (*TestEnv) HasCapability

                                  func (e *TestEnv) HasCapability(cap Capability) bool

                                  func (*TestEnv) ProxyEnv

                                  func (e *TestEnv) ProxyEnv() []string

                                    ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.

                                    func (*TestEnv) WithCapability

                                    func (e *TestEnv) WithCapability(cap Capability) *TestEnv

                                    func (*TestEnv) WithoutCapability

                                    func (e *TestEnv) WithoutCapability(cap Capability) *TestEnv

                                    type TestOIDCUpstream

                                    type TestOIDCUpstream struct {
                                    	Issuer           string   `json:"issuer"`
                                    	CABundle         string   `json:"caBundle"`
                                    	AdditionalScopes []string `json:"additionalScopes"`
                                    	UsernameClaim    string   `json:"usernameClaim"`
                                    	GroupsClaim      string   `json:"groupsClaim"`
                                    	ClientID         string   `json:"clientID"`
                                    	ClientSecret     string   `json:"clientSecret"`
                                    	CallbackURL      string   `json:"callback"`
                                    	Username         string   `json:"username"`
                                    	Password         string   `json:"password"`
                                    	ExpectedGroups   []string `json:"expectedGroups"`
                                    }

                                    Directories

                                    Path Synopsis
                                    Package browsertest provides integration test helpers for our browser-based tests.
                                    Package browsertest provides integration test helpers for our browser-based tests.